Podcast
Questions and Answers
What is the module code for the course "Ethical Hacking and Penetration Testing"?
What is the module code for the course "Ethical Hacking and Penetration Testing"?
COMP40741
Which of the following topics are covered in the "Information Gathering and Footprinting" section of the module?
Which of the following topics are covered in the "Information Gathering and Footprinting" section of the module?
Which of the following are considered to be "offensive" security strategies?
Which of the following are considered to be "offensive" security strategies?
What are the three types of penetration tests?
What are the three types of penetration tests?
Signup and view all the answers
In a black-box penetration test, the client provides no information prior to the start of testing.
In a black-box penetration test, the client provides no information prior to the start of testing.
Signup and view all the answers
In a white-box penetration test, the client provides partial details of the target system.
In a white-box penetration test, the client provides partial details of the target system.
Signup and view all the answers
In a grey-box penetration test, the client provides full and complete details of the target system.
In a grey-box penetration test, the client provides full and complete details of the target system.
Signup and view all the answers
Penetration testing is a legal and authorized attempt to locate and exploit computer systems to make them more secure.
Penetration testing is a legal and authorized attempt to locate and exploit computer systems to make them more secure.
Signup and view all the answers
What is the name given to the process of notifying a company or organization about a security vulnerability?
What is the name given to the process of notifying a company or organization about a security vulnerability?
Signup and view all the answers
What is the purpose of the "Pre-engagement" phase in ethical hacking?
What is the purpose of the "Pre-engagement" phase in ethical hacking?
Signup and view all the answers
Which of the following is a common issue associated with conducting penetration testing on cloud services?
Which of the following is a common issue associated with conducting penetration testing on cloud services?
Signup and view all the answers
Signup and view all the answers
Study Notes
Ethical Hacking and Penetration Testing Lecture 1
- Module Overview: COMP40741
- Module Leader: Dr. Nemitari Ajienka
- Senior Lecturer, Certified Security Testing Associate (7Safe, GCHQ Accredited)
- Email: [email protected]
- Office: Mary Ann Evans Building (MAE) 329 (moving to MAE 307)
- Phone: +44 (0) 115 848 8306
- Module Team: Dr. Kwame Assa-Agyei
- Lecturer
- Email: [email protected]
- Module Content is available on NOW
- Module overview, aims, content, delivery methods, schedule, indicative reading, learning outcomes, and assessment
Module Aims
- Equip students with knowledge, skills, and ethical considerations.
- Identify and address vulnerabilities in computer systems.
- Develop a comprehensive understanding of ethical hacking and penetration testing methodologies.
- Introduce principles, methodologies, and tools.
- Develop practical skills in identifying and exploiting vulnerabilities.
- Assess ethical and legal considerations.
- Understand risk assessment and mitigation.
Learning Outcomes
- Knowledge and Understanding:
- Demonstrate understanding of penetration testing methodologies.
- Demonstrate understanding of ethical hacking principles and methodologies.
- Evaluate legal and ethical implications of penetration testing.
- Identify, analyze, and assess vulnerabilities and threats in computer systems.
- Skills, Qualities and Attributes:
- Apply penetration testing techniques to identify and exploit vulnerabilities.
- Develop effective strategies for securing computer systems and networks.
- Communicate security findings and recommendations through comprehensive reports.
- Demonstrate critical thinking in risk assessment and mitigation.
Assessment
- Online in-class test (Individual, 30%): Time-constrained test assessing understanding of theoretical aspects of penetration testing, ethical hacking, and legal/ethical considerations.
- Report (Individual, 70%): Written report based on a hands-on penetration testing project. Students demonstrate ability to identify and exploit vulnerabilities, identify and mitigate risks, provide actionable recommendations, and communicate findings.
Provisional Module Content
- Weeks 1-3: Introduction to Ethical Hacking and Pentesting, Overview of penetration testing methodologies, Information Gathering and Footprinting, Scanning and Enumeration.
- Weeks 4-5: Vulnerability Assessment, Common vulnerabilities and exposures (CVE), Threat modeling techniques.
- Weeks 6-8: Exploitation Techniques and tools, Exploitation techniques, Password Cracking, Post-exploitation strategies and privilege escalation.
- Week 9: Legal and Ethical considerations in penetration testing, Reporting and documentation standards, Risk Assessment and Mitigation.
- Week 10: Social engineering techniques/tactics, Support Sessions.
Resources/Reference Texts
- Graham, D.G. (2021). Ethical hacking: a hands-on introduction.
- Oriyano, S-P. (2017). Penetration testing essentials.
- Khawaja, G. (2021). Kali Linux penetration testing bible.
- Sabih, Z. (2018). Learn ethical hacking from scratch.
- Baloch, R. (2015). Ethical Hacking and Penetration Testing Guide.
Web-Based Resources & Tools
- Immersive Labs (registration required)
- Digital Cyber Academy (registration required)
- VMWare/VirtualBox
- Kali Linux
- Metasploitable
- Seedubuntu
- Ubuntu
Introduction to Ethical Hacking and Penetration Testing
- Defensive vs. Offensive strategies.
- Definition of "hacker" (historical and modern)
- Describing different types of hackers (e.g., Black Hats, Grey Hats, White Hats, Crackers, Script Kiddies)
- Hacker motivations (e.g., profit, challenge, espionage)
- Power assurance
- Anger (retaliatory)-
- Sadistic
- Importance of legal and ethical hacking
- Permission is necessary for vulnerability testing
- Ethical Considerations (permission, privacy)
- Responsibility
- Disclosure of vulnerabilities
Penetration Testing Framework (ethical hacking)
- Planning/Pre-engagement
- Execution (Information Gathering, Target Scanning, Vulnerability Assessment, Exploitation of Weaknesses, Privilege Escalation, Retaining Access, Covering Tracks)
- Post-execution and reporting
Types of Penetration Testing
- Network/Infrastructure
- Database
- Web
- Wireless
- Social Engineering
- Physical
Types of Penetration Tests
- Black-box
- White-box
- Grey-box
Pre-engagement
- Conversation with client to define scope.
- Different levels of tests (simple, single physical or IP address, web app, full simulation)
- Importance of written permission for testing.
- Key topics for planning stage (scope, documentation, rules of engagement, third-party issues, past threats and vulnerabilities, security appliance interference, validation of ranges)
Questions
- Specific questions for network, web, wireless, and physical (detailed, see slides)
- Questions for Social Engineering (does the client have a list of email/phone #, etc)
Module Specification
-
Specific information will be available in Learning Room on NOW (module overview and aims, module content, delivery methods and schedule, indicative reading, learning outcomes, and assessment).
-
Week 1-3, 4-5, 6-8, 9, and 10 covering topics of the course
Scope Creep
- Scope Creep definition
- Reasons for scope creep
- Avoiding scope creep
Studying That Suits You
Use AI to generate personalized quizzes and flashcards to suit your learning preferences.
Related Documents
Description
This quiz covers the first lecture of the Ethical Hacking and Penetration Testing module (COMP40741). It provides insights into the aims, content, delivery methods, and assessment of the course, along with key concepts in ethical hacking. Prepare to explore methodologies and tools essential for identifying vulnerabilities in computer systems.
