IY3S601B - Ethical Hacking 15 Jul 2020 - 31 Aug 2027 | Version 1

Associated Module Information

Module Code: IY3S601B
Module Title: Ethical Hacking
Faculty: Faculty of Computing, Engineering and Science
Faculty Group: Computing and Mathematics
Faculty Sub Group: Cyber Security
Module Leader: Ahmed Elmesiry, Ian Fitzell
Module Team: Arun Kumar
First Intended Intake: AUG 2020 Final Year of Intake:
Date Closed:
Credit Value: 20 Credit Level: 6
Language: English
Percentage of Module Taught in Welsh: 0
Equivalent Module:
HECOS codes: 100376 - computer and information security
HECOS Code Weighting: 100

Document Version Information

Version 1
Valid From 15 Jul 2020
Valid To 31 Aug 2027

Module Aims

To provide detailed technical knowledge of the advanced tools and techniques associated with vulnerability discovery and penetration testing (e.g., blue team/red team).

Content Summary

Root kits (e.g., Windows, UNIX)

Malware analysis

Fuzzing
- Network TCP/IP
- Application
- Authentication

Reverse Engineering
- COFF/PE and ELF Formats
- Static and Dynamic Analysis
- Simulation and debugging

Vulnerability Development for Unix and Windows
- Shellcode
- Heap/Stack overflows
- Integer smashing
- Exception creation overflows
- Tools and frameworks (e.g., Metasploit and Nessus/Open-VAS)

Chained exploits
- Scripting (e.g., Python and Ruby)

Security analysis of embedded systems (e.g. firmware, JTAG) and Internet of Things (IoT)

Basics of Social Engineering

Learning and Teaching Methods

Activity Type Hours
Lecture 24
Practical classes and workshops 48
Independent Study 56
Directed Study 72
Total Hours Selected 200

Learning Outcomes

# Learning Outcome
LO1 To understand the requirements of the delivery of a penetration testing service (e.g., blue team/red team).
LO2 To manage the creation and delivery of a penetration testing service.

Module Requisites

N/A

Assessment Criteria

Assessment Category Assessment Type Description Duration Word Count Weight (%) Best of? Pass Mark
Set Exercise - Time Constrained (EX) Classroom Test Time Constrained (EX) 1 A report that will critically evaluate topics surrounding ethically hacking computer systems 120 2400 40 No 40
Written Assignment (CW) Practical Written Work 1 A practical ethical hacking exercise and report with research elements including a critical evaluation 0 3600 60 No 40

Assessment Matrix

Assessment Type Learning Outcomes
LO1 LO2
Classroom Test Time Constrained (EX) 1
Practical Written Work 1

Reading List

Books:

Anley C., Heasman J., Lindner F., Richarte G. , (2007), The Shellcoder's Handbook: Discovering and Exploiting Security Holes (Paperback), Wiley

Davis, M., Bodmer, S., and LeMasters, A. (2016), HACKING EXPOSED MALWARE AND ROOTKITS: Malware and Rootkits Secrets and Solutions (Paperback), McGraw-Hill, Inc.

Dhanjani, N., Rios, B., and Hardin, B., (2009), Hacking: The Next Generation [Paperback], O'Reilly Media

Dowd, M., McDonald J., and Schuh, J., (2006), The Art of Software Security Assessment: Identifying and Preventing Software Vulnerabilities, Addison-Wesley Professional

Ligh, M., Richard, M., Adair, S., and Hartstein, B., (2010), Malware Analyst's Cookbook and DVD: Tools and Techniques for Fighting Malicious Code [Paperback], Wiley

Mcclure, S., Scambray, J., Kurtz G., (2012) Hacking Exposed, Sixth Edition: Network Security Secrets& Solutions: Network Security Secrets and Solutions . McGraw-Hill

Seitz J., (2009) Gray Hat Python: Python Programming for Hackers and Reverse Engineers (Paperback), NO STARCH PRESS

Sutton M., Greene, A., and Amini, P., (2007) Fuzzing: Brute Force Vulnerability Discovery, Addison-Wesley Professional

Whitaker, A., Evans, K. and Voth, J. B., (2009), Chained Exploits: Advanced Hacking Attacks from Start to Finish, Addison-Wesley Professional

Journals:

IEEE Security and Privacy

Computers & Security, Elsevier Ltd.

IEEE Transactions on Information Forensics and Security

Journal of Cyber Security Technology, Taylor & Francis

Information Security Journal: A Global Perspective, Taylor & Francis