UCIS 247 - Ethical Hacking I

Skills necessary to plan and scope an assessment, understand legal and compliance requirements, perform vulnerability scanning and penetration testing, analyze data, and effectively report and communicate results.

Recommendation:

The following recommendation is for the Cybersecurity Marketable Skills Achievement noncredit pathway for which this course is a part of:

To succeed in this 32-week course series, students should have the following prerequisite knowledge and skills:

Familiarity with Operating Systems: Experience using Windows and Linux systems, including file navigation and command-line utilities.
Networking Fundamentals: An understanding of networking concepts such as IP addresses, subnets, firewalls, and protocols like TCP/IP, HTTP, and DNS.
IT Security Awareness: Awareness of cybersecurity principles, including understanding common threats (e.g., phishing, malware) and basic protection strategies.

While prior certifications (e.g., CompTIA IT Fundamentals or CompTIA A+ or Network+) or coursework are not mandatory, they are highly recommended for students lacking direct IT experience. This is not an entry level IT pathway. The program is designed for IT professional upskilling.

Course Learning Outcomes:

Analyze results from a vulnerability scan.
Assess known vulnerabilities across multiple technologies such as network devices, wireless, applications and operating systems.
Compare ethical penetration testing and unethical hacking.
Perform penetration testing on a simple network.

Outline:

Planning and Scoping
- Understanding the target audience
- Rules of engagement and disclaimers
- Communications escalation
- Legal
  - Contracts
    - SOW
    - NDA
    - MSA
  - Written authorization
- Types of assessments
  - Red Team
  - Compliance-based
  - Goal based
- Target Selection
  - On-site vs off-site
  - Social engineering
- Strategies
  - Black box
  - White box
  - Gray box
Information Gathering and Vulnerability Identification
- Information gathering
  - Scanning and enumeration
  - Packet inspection
  - Fingerprinting
  - Eavesdropping
  - Decompiling and debugging
  - Open Source Intelligence (OSINT)
- Perform scans
  - Types of scans
    - Discovery
    - Full
    - Stealth
    - Compliance
  - Application scanning
  - Consideration
    - Bandwidth
    - Execution time
    - Business impact
- Leveraging Information
  - Map vulnerabilities to potential exploits
  - Techniques to execute attack
    - Exploit chaining
    - Social engineering
    - Password attacks
      - Credential brute force
      - Rainbow tables
      - Dictionary attacks
Attacks and Exploits
- Social engineering attacks
  - Spear phishing
  - Impersonation
  - USB drop
- Network based vulnerabilities
  - Man in the middle
  - DoS
  - DNS exploits
  - SMB, SMTP, SNMP, FTP exploits
  - Pass the hash
- Wireless and RF vulnerabilities
  - RFID cloning
  - Bluejacking
  - Deauthentication attacks
  - Credential harvesting
- Application vulnerabilities
  - Injections
  - Cross site scripting
  - Cookie manipulation
  - Directory traversal
  - Default/weak credentials
  - Session hijacking
- Local host vulnerabilities
  - OS Vulnerabilities
  - Privilege escalation
  - Physical device security
  - Sandbox escape
- Post exploitation
  - Lateral movement
  - Persistence
  - Exfiltration
  - Covering your tracks
Penetration Testing Tools
- Scanning
- Credential harvesting
- OSINT
- Wireless
- Web Proxies
- Frameworks
Reporting and Communication
- Report writing and handling
- Post engagement cleanup
- Follow-up actions/retesting
- Attestation of findings
- Recommend mitigation techniques for discovered vulnerabilities