Oct 08, 2024  
2023-2024 College Catalog 
    
2023-2024 College Catalog [ARCHIVED CATALOG]

CIS 247 - Ethical Hacking I

3 Credits, 4 Contact Hours
2 lecture periods 2 lab periods

Skills necessary to plan and scope an assessment, understand legal and compliance requirements, perform vulnerability scanning and penetration testing, analyze data, and effectively report and communicate results.

Prerequisite(s):  CIS 119 CIS 137 , and CIS 225  
Gen-Ed: Meets AGEC Options requirement; Meets CTE - Options requirement



Button linking to AZ Transfer course equivalency guide    button image Prior Learning and link to PLA webpage

Course Learning Outcomes
  1. Analyze results from a vulnerability scan.
  2. Assess known vulnerabilities across multiple technologies such as network devices, wireless, applications and operating systems.
  3. Compare ethical penetration testing and unethical hacking.
  4. Perform penetration testing on a simple network.

Outline:
  1. Planning and Scoping
    1. Understanding the target audience
    2. Rules of engagement and disclaimers
    3. Communications escalation
    4. Legal
      1. Contracts
        1. SOW
        2. NDA
        3. MSA
      2. Written authorization
    5. Types of assessments
      1. Red Team
      2. Compliance-based
      3. Goal based
    6. Target Selection
      1. On-site vs off-site
      2. Social engineering
    7. Strategies
      1. Black box
      2. White box
      3. Gray box
  2. Information Gathering and Vulnerability Identification
    1. Information gathering
      1. Scanning and enumeration
      2. Packet inspection
      3. Fingerprinting
      4. Eavesdropping
      5. Decompiling and debugging
      6. Open Source Intelligence (OSINT)
    2. Perform scans
      1. Types of scans
        1. Discovery
        2. Full
        3. Stealth
        4. Compliance
      2. Application scanning
      3. Consideration
        1. Bandwidth
        2. Execution time
        3. Business impact
    3. Leveraging Information
      1. Map vulnerabilities to potential exploits
      2. Techniques to execute attack
        1. Exploit chaining
        2. Social engineering
        3. Password attacks
          1. Credential brute force
          2. Rainbow tables
          3. Dictionary attacks
  3. Attacks and Exploits
    1. Social engineering attacks
      1. Spear phishing
      2. Impersonation
      3. USB drop
    2. Network based vulnerabilities
      1. Man in the middle
      2. DoS
      3. DNS exploits
      4. SMB, SMTP, SNMP, FTP exploits
      5. Pass the hash
    3. Wireless and RF vulnerabilities
      1. RFID cloning
      2. Bluejacking
      3. Deauthentication attacks
      4. Credential harvesting
    4. Application vulnerabilities
      1. Injections
      2. Cross site scripting
      3. Cookie manipulation
      4. Directory traversal
      5. Default/weak credentials
      6. Session hijacking
    5. Local host vulnerabilities
      1. OS Vulnerabilities
      2. Privilege escalation
      3. Physical device security
      4. Sandbox escape
    6. Post exploitation
      1. Lateral movement
      2. Persistence
      3. Exfiltration
      4. Covering your tracks
  4. Penetration Testing Tools
    1. Scanning
    2. Credential harvesting
    3. OSINT
    4. Wireless
    5. Web Proxies
    6. Frameworks
  5. Reporting and Communication
    1. Report writing and handling
    2. Post engagement cleanup
    3. Follow-up actions/retesting
    4. Attestation of findings
    5. Recommend mitigation techniques for discovered vulnerabilities


Effective Term:
Fall 2023