Guía docente de Ethical Hacking (MQ2/56/1/9)
Máster
Módulo
Rama
Centro Responsable del título
Semestre
Créditos
Tipo
Tipo de enseñanza
Profesorado
- Gabriel Maciá Fernández
Horario de Tutorías
Gabriel Maciá Fernández
EmailBreve descripción de contenidos (Según memoria de verificación del Máster)
Contents: Ethical hacking methodologies and procedures, basics of pentesting, tools for pentesting, exploitation techniques and post-exploitation methods. The purpose is to develop student abilities to understand and participate in an ethical hacking procedure, to use state-of-the-art tools in ethical hacking evaluations and to design the requirements for new ethical hacking procedures and tools.
Prerrequisitos y/o Recomendaciones
Recommendations: If AI tools are used to develop the tasks included in this course, students must adopt an ethical and responsible approach to their use. The recommendations contained in the document "Recommendations for the Use of Artificial Intelligence in the UGR", published at this location
https://ceprud.ugr.es/formacion-tic/inteligencia-artificial/recomendaciones-ia#contenido0
should be followed.
Competencias
Competencias Básicas
- CB6. Poseer y comprender conocimientos que aporten una base u oportunidad de ser originales en desarrollo y/o aplicación de ideas, a menudo en un contexto de investigación.
- CB7. Que los estudiantes sepan aplicar los conocimientos adquiridos y su capacidad de resolución de problemas en entornos nuevos o poco conocidos dentro de contextos más amplios (o multidisciplinares) relacionados con su área de estudio.
- CB8. Que los estudiantes sean capaces de integrar conocimientos y enfrentarse a la complejidad de formular juicios a partir de una información que, siendo incompleta o limitada, incluya reflexiones sobre las responsabilidades sociales y éticas vinculadas a la aplicación de sus conocimientos y juicios.
- CB9. Que los estudiantes sepan comunicar sus conclusiones y los conocimientos y razones últimas que las sustentan a públicos especializados y no especializados de un modo claro y sin ambigüedades.
- CB10. Que los estudiantes posean las habilidades de aprendizaje que les permitan continuar estudiando de un modo que habrá de ser en gran medida autodirigido o autónomo.
Resultados de aprendizaje (Objetivos)
Learning outcomes of the programme considered in this course:
- LO1.3. Analyzes collected information to identify vulnerabilities and potential for exploitation.
- LO1.4. Identifies and assesses the capabilities and activities of cybersecurity criminals or foreign intelligence entities.
- LO2.1. Executes collection using appropriate strategies and within the priorities established through the collection management process
- LO7.2. Develops and writes/codes new (or modifies existing) computer applications, software, or specialized utility programs following software assurance best practices.
- LO7.3. Develops and conducts tests of systems to evaluate compliance with specifications and cybersecurity requirements by applying principles and methods for cost-effective planning.
- LO8.1. Communicates conclusions, and the knowledge and rationale underpinning these, to specialist and non-specialist audiences clearly and unambiguously.
Learning outcomes specific for this course unit:
- Students will know and understand the fundamentals of ethical hacking
- Students will use and apply common pentesting tools
- Students will create and design a pentesting toolkit
- Students will evaluate tools and procedures related to ethical hacking methodologies
Programa de contenidos Teóricos y Prácticos
Teórico
1. Introduction to ethical hacking
- Context of ethical hacking
- Professional exercise
- Global cycle of ethical hacking
2. Footprinting techniques
- Basic footprinting concepts
- OSSINT sources
- Tools for footprinting
3. Fingerprinting techniques
- Concept of fingerprinting
- Scanning techniques
- Vulnerability assessment
- Tools for fingerprinting
4. Exploitation
- Hiding the movements
- Exploiting memory bugs
- Password attacks
- Client-side attacks
- Web attacks
- Database attacks
- Building trojans and malware
- Bypassing antivirus
- Tools for exploitation
5. Postexploitation
- Context of postexploitation
- Meterpreter
- Powershell postexploitation
- Hiding and persistence
6. Documentation
- The process of documentation
- Collaboration tools
Práctico
As the methodology implies clases that interlaces theoretical and practical contents, the list of practical contents is the same as the topics listed above in the theoretical programme part.
Bibliografía
Bibliografía fundamental
- Georgia Weidman: Penetration Testing. A Hands-On Introduction to Hacking. 2014. No Starch Press.
- M. Gregg: Certified Ethical Hacker (CEH) Cert Guide. 2014. Sybex Inc., U.S
Bibliografía complementaria
- Jon Erickson: Hacking: The Art of Exploitation, 2nd Edition. 2008. No Starch Press
Enlaces recomendados
Arqus Virtual Campus: https://virtualcampus.arqus-alliance.eu
Metodología docente
Evaluación (instrumentos de evaluación, criterios de evaluación y porcentaje sobre la calificación final.)
Evaluación Ordinaria
Article 18 of the Evaluation and Grading Regulations for Students at the University of Granada establishes that the ordinary call will preferably be based on the student’s continuous assessment, except for those who have been granted the right to a final single assessment. Below are the evaluation tools, grading criteria, and their percentage weight in the final grade:
Part | Weight | Description |
---|---|---|
Theory | 40% | The evaluation of the theoretical component will be carried out through a written exam. It will be conducted at the end of the course and will cover all the topics addressed throughout the semester. |
Practical | 50% | The practical sessions will be evaluated through a follow-up test on the activities carried out during the sessions, problems/exercises proposed and submitted by students or oral presentations using slides. |
Attendance | 10% | It is strongly recommended to attend both theoretical and practical sessions though it is not mandatory. Those students who attend all sessions will get a maximum score in this part which is 1 out 10 points. |
The final grade for the course will be the sum of the grades for the theoretical component and the practical component. To officially pass the course, the following conditions must be met:
- The grade for the theoretical component must be equal to or greater than 15% of its maximum score, that is, at least 0.6 out of 4 points.
- The overall grade must be equal to or greater than 5 out of 10 points.
Evaluación Extraordinaria
Article 19 of the Evaluation and Grading Regulations for Students at the University of Granada states that students who have not passed the course during the ordinary examination session will have access to an extraordinary examination session. All students may participate in this session, regardless of whether or not they have followed a process of continuous assessment.
Thus, students who have not participated in continuous assessment will have the opportunity to obtain 100% of the final grade by completing an exam and/or a project.
In the extraordinary session, students will retain the grades obtained in the ordinary session for the practical component, unless they notify the professor at least one week before the examination date. In such cases, they will take an additional exam covering the corresponding part. The theoretical component will be assessed through an in-person written exam.
Evaluación única final
Under the regulatory framework described in Article 8 of the Evaluation and Grading Regulations for Students at the University of Granada, and for students who opt for the single final assessment, this evaluation modality will consist of all the tests that the professor deems appropriate in a single written exam session, covering theoretical and practical content. The goal is to ensure that the student has acquired all the general and specific competencies associated with the course.
Información adicional
The office and tutoring hours can be found on Gabriel Maciá’s profile.
Información de interés para estudiantado con discapacidad y/o Necesidades Específicas de Apoyo Educativo (NEAE): Gestión de servicios y apoyos (https://ve.ugr.es/servicios/atencion-social/estudiantes-con-discapacidad).
Software Libre
- Kali Linux and the set of tools for Kali.
- VirtualBox