|
Oct 08, 2024
|
|
|
|
2023-2024 College Catalog [ARCHIVED CATALOG]
|
CIS 247 - Ethical Hacking I 3 Credits, 4 Contact Hours 2 lecture periods 2 lab periods
Skills necessary to plan and scope an assessment, understand legal and compliance requirements, perform vulnerability scanning and penetration testing, analyze data, and effectively report and communicate results.
Prerequisite(s): CIS 119 , CIS 137 , and CIS 225 Gen-Ed: Meets AGEC Options requirement; Meets CTE - Options requirement
Course Learning Outcomes
- Analyze results from a vulnerability scan.
- Assess known vulnerabilities across multiple technologies such as network devices, wireless, applications and operating systems.
- Compare ethical penetration testing and unethical hacking.
- Perform penetration testing on a simple network.
Outline:
- Planning and Scoping
- Understanding the target audience
- Rules of engagement and disclaimers
- Communications escalation
- Legal
- Contracts
- SOW
- NDA
- MSA
- Written authorization
- Types of assessments
- Red Team
- Compliance-based
- Goal based
- Target Selection
- On-site vs off-site
- Social engineering
- Strategies
- Black box
- White box
- Gray box
- Information Gathering and Vulnerability Identification
- Information gathering
- Scanning and enumeration
- Packet inspection
- Fingerprinting
- Eavesdropping
- Decompiling and debugging
- Open Source Intelligence (OSINT)
- Perform scans
- Types of scans
- Discovery
- Full
- Stealth
- Compliance
- Application scanning
- Consideration
- Bandwidth
- Execution time
- Business impact
- Leveraging Information
- Map vulnerabilities to potential exploits
- Techniques to execute attack
- Exploit chaining
- Social engineering
- Password attacks
- Credential brute force
- Rainbow tables
- Dictionary attacks
- Attacks and Exploits
- Social engineering attacks
- Spear phishing
- Impersonation
- USB drop
- Network based vulnerabilities
- Man in the middle
- DoS
- DNS exploits
- SMB, SMTP, SNMP, FTP exploits
- Pass the hash
- Wireless and RF vulnerabilities
- RFID cloning
- Bluejacking
- Deauthentication attacks
- Credential harvesting
- Application vulnerabilities
- Injections
- Cross site scripting
- Cookie manipulation
- Directory traversal
- Default/weak credentials
- Session hijacking
- Local host vulnerabilities
- OS Vulnerabilities
- Privilege escalation
- Physical device security
- Sandbox escape
- Post exploitation
- Lateral movement
- Persistence
- Exfiltration
- Covering your tracks
- Penetration Testing Tools
- Scanning
- Credential harvesting
- OSINT
- Wireless
- Web Proxies
- Frameworks
- Reporting and Communication
- Report writing and handling
- Post engagement cleanup
- Follow-up actions/retesting
- Attestation of findings
- Recommend mitigation techniques for discovered vulnerabilities
Effective Term: Fall 2023
|
|