04-720   Ethical Hacking

Location: Africa

Units: 12

Semester Offered: Fall, Spring

Course description

This course will introduce students to professional penetration testing by teaching offensive security tactics, along with the appropriate methodologies and responsibilities it takes to ethically attack systems. The course will also cover basic defensive security concepts and tools that can be used to mitigate such attacks. The majority of time will be spent in hands-on labs performing reconnaissance, discovering vulnerabilities, developing exploits, and carefully penetrating targets in a virtual environment. Students will also work on building basic defenses in a similar environment.

Learning objectives

At the conclusion of this course, students will be able to:

  • Identify the various methodologies of assessing vulnerabilities
  • Describe basic DNS operations and how to gather valuable information from it
  • Understand how to identify software vulnerabilities
  • Understand how attackers leverage client-side attacks to bypass firewalls
  • Describe attacks against weak passwords
  • Describe web application attacks
  • Understand defensive security concepts used to mitigate attacks
  • Identify various sources of data that contain indicators of compromise
  • Describe the concept of cyber threat intelligence

Outcomes

Students will learn how to conduct vulnerability assessments and penetration testing using open- source tools. These tools lower barriers of entry in underserved markets, by providing cost effective alternatives to licensed proprietary cybersecurity solutions.

Content details

  • DNS Enumeration
  • Networking Basics
  • Network Scanning
  • Vulnerability Scanning
  • Popping Shells
  • Metasploit Framework
  • Client-side Exploits
  • Traffic Redirection
  • Password Attacks
  • Web Application Attacks
  • Cyber Kill Chain
  • Cyber Attack Lifecycle
  • MITRE ATT&CK
  • Security Monitoring
  • Security Onion
  • Threat Intelligence

Syllabus

https://canvas.cmu.edu/courses/41966/modules/items/5853166 

Prerequisites

18-631 Introduction to Information Security

Faculty

Edwin Kairu