Guía docente de Ethical Hacking (MQ2/56/1/9)

Contents: Ethical hacking methodologies and procedures, basics of pentesting, tools for pentesting, exploitation techniques and post-exploitation methods. The purpose is to develop student abilities to understand and participate in an ethical hacking procedure, to use state-of-the-art tools in ethical hacking evaluations and to design the requirements for new ethical hacking procedures and tools. 

Recommendations: If AI tools are used to develop the tasks included in this course, students must adopt an ethical and responsible approach to their use. The recommendations contained in the document "Recommendations for the Use of Artificial Intelligence in the UGR", published at this location

https://ceprud.ugr.es/formacion-tic/inteligencia-artificial/recomendaciones-ia#contenido0

should be followed.

Learning outcomes of the programme considered in this course: 

• LO1.3. Analyzes collected information to identify vulnerabilities and potential for exploitation.
• LO1.4. Identifies and assesses the capabilities and activities of cybersecurity criminals or foreign intelligence entities.
• LO2.1. Executes collection using appropriate strategies and within the priorities established through the collection management process
• LO7.2. Develops and writes/codes new (or modifies existing) computer applications, software, or specialized utility programs following software assurance best practices.
• LO7.3. Develops and conducts tests of systems to evaluate compliance with specifications and cybersecurity requirements by applying principles and methods for cost-effective planning.
• LO8.1. Communicates conclusions, and the knowledge and rationale underpinning these, to specialist and non-specialist audiences clearly and unambiguously.

Learning outcomes specific for this course unit: 

• Students will know and understand the fundamentals of ethical hacking
• Students will use and apply common pentesting tools
• Students will create and design a pentesting toolkit
• Students will evaluate tools and procedures related to ethical hacking methodologies

1. Introduction to ethical hacking

• Context of ethical hacking
• Professional exercise
• Global cycle of ethical hacking

2. Footprinting techniques

• Basic footprinting concepts
• OSSINT sources
• Tools for footprinting

3. Fingerprinting techniques

• Concept of fingerprinting
• Scanning techniques
• Vulnerability assessment
• Tools for fingerprinting

4. Exploitation

• Hiding the movements
• Exploiting memory bugs
• Password attacks
• Client-side attacks
• Web attacks
• Database attacks
• Building trojans and malware
• Bypassing antivirus
• Tools for exploitation

5. Postexploitation

• Context of postexploitation
• Meterpreter
• Powershell postexploitation
• Hiding and persistence
   

6. Documentation

• The process of documentation
• Collaboration tools
   

As the methodology implies clases that interlaces theoretical and practical contents, the list of practical contents is the same as the topics listed above in the theoretical programme part. 

• Georgia Weidman: Penetration Testing. A Hands-On Introduction to Hacking. 2014. No Starch Press. 
• M. Gregg: Certified Ethical Hacker (CEH) Cert Guide. 2014. Sybex Inc., U.S

• Jon Erickson: Hacking: The Art of Exploitation, 2nd Edition. 2008. No Starch Press

Arqus Virtual Campus: https://virtualcampus.arqus-alliance.eu

Article 18 of the Evaluation and Grading Regulations for Students at the University of Granada establishes that the ordinary call will preferably be based on the student’s continuous assessment, except for those who have been granted the right to a final single assessment. Below are the evaluation tools, grading criteria, and their percentage weight in the final grade:

The final grade for the course will be the sum of the grades for the theoretical component and the practical component. To officially pass the course, the following conditions must be met:

• The grade for the theoretical component must be equal to or greater than 15% of its maximum score, that is, at least 0.6 out of 4 points. 
• The overall grade must be equal to or greater than 5 out of 10 points.

Article 19 of the Evaluation and Grading Regulations for Students at the University of Granada states that students who have not passed the course during the ordinary examination session will have access to an extraordinary examination session. All students may participate in this session, regardless of whether or not they have followed a process of continuous assessment.

Thus, students who have not participated in continuous assessment will have the opportunity to obtain 100% of the final grade by completing an exam and/or a project.

In the extraordinary session, students will retain the grades obtained in the ordinary session for the practical component, unless they notify the professor at least one week before the examination date. In such cases, they will take an additional exam covering the corresponding part. The theoretical component will be assessed through an in-person written exam.

Under the regulatory framework described in Article 8 of the Evaluation and Grading Regulations for Students at the University of Granada, and for students who opt for the single final assessment, this evaluation modality will consist of all the tests that the professor deems appropriate in a single written exam session, covering theoretical and practical content. The goal is to ensure that the student has acquired all the general and specific competencies associated with the course.

The office and tutoring hours can be found on Gabriel Maciá’s profile.

Información de interés para estudiantado con discapacidad y/o Necesidades Específicas de Apoyo Educativo (NEAE): Gestión de servicios y apoyos (https://ve.ugr.es/servicios/atencion-social/estudiantes-con-discapacidad).

• Kali Linux and the set of tools for Kali. 
• VirtualBox