Dec 02, 2021  
2021-2022 College Catalog 
    
2021-2022 College Catalog
Add to Portfolio (opens a new window)

CIS 247 - Ethical Hacking

3 Credits, 4 Contact Hours
2 lecture periods 2 lab periods

Skills necessary to plan and scope an assessment, understand legal and compliance requirements, perform vulnerability scanning and penetration testing, analyze data, and effectively report and communicate results.

Prerequisite(s): CIS 137  
Information: This course may help in preparation for the CompTIA PenTest+ examination.
  button image Prior Learning and link to PLA webpage



Course Learning Outcomes
1.          Analyze results from a vulnerability scan.

2.         Assess known vulnerabilities across multiple technologies such as network devices, wireless, applications and operating systems.

3.          Compare ethical penetration testing and unethical hacking.


Outline:
  1. Planning and Scoping
    1. Understanding the target audience
    2. Rules of engagement and disclaimers
    3. Communications escalation
    4. Legal
      1. Contracts
        1. SOW
        2. NDA
        3. MSA
      2. Written authorization
    5. Types of assessments
      1. Red Team
      2. Compliance-based
      3. Goal based
    6. Target Selection
      1. On-site vs off-site
      2. Social engineering
    7. Strategies
      1. Black box
      2. White box
      3. Gray box
  2. Information Gathering and Vulnerability Identification
    1. Information gathering
      1. Scanning and enumeration
      2. Packet inspection
      3. Fingerprinting
      4. Eavesdropping
      5. Decompiling and debugging
      6. Open Source Intelligence (OSINT)
    2. Perform scans
      1. Types of scans
        1. Discovery
        2. Full
        3. Stealth
        4. Compliance
      2. Application scanning
      3. Consideration
        1. Bandwidth
        2. Execution time
        3. Business impact
    3. Leveraging Information
      1. Map vulnerabilities to potential exploits
      2. Techniques to execute attack
        1. Exploit chaining
        2. Social engineering
        3. Password attacks
          1. Credential brute force
          2. Rainbow tables
          3. Dictionary attacks
  3. Attacks and Exploits
    1. Social engineering attacks
      1. Spear phishing
      2. Impersonation
      3. USB drop
    2. Network based vulnerabilities
      1. Man in the middle
      2. DoS
      3. DNS exploits
      4. SMB, SMTP, SNMP, FTP exploits
      5. Pass the hash
    3. Wireless and RF vulnerabilities
      1. RFID cloning
      2. Bluejacking
      3. Deauthentication attacks
      4. Credential harvesting
    4. Application vulnerabilities
      1. Injections
      2. Cross site scripting
      3. Cookie manipulation
      4. Directory traversal
      5. Default/weak credentials
      6. Session hijacking
    5. Local host vulnerabilities
      1. OS Vulnerabilities
      2. Privilege escalation
      3. Physical device security
      4. Sandbox escape
    6. Post exploitation
      1. Lateral movement
      2. Persistence
      3. Exfiltration
      4. Covering your tracks
  4. Penetration Testing Tools
    1. Scanning
    2. Credential harvesting
    3. OSINT
    4. Wireless
    5. Web Proxies
    6. Frameworks
  5. Reporting and Communication
    1. Report writing and handling
    2. Post engagement cleanup
    3. Follow-up actions/retesting
    4. Attestation of findings
    5. Recommend mitigation techniques for discovered vulnerabilities


Effective Term:
Full Academic Year 2021/22



Add to Portfolio (opens a new window)