INSE 435 Hacker Tools and Techniques
Discover the history of hacking and understand the difference between ethical and black-hat hacking in this course. Examine how attackers target networks and the methods they use including footprinting, port scanning, enumeration, malware, sniffers, denial of service, and social engineering. The course provides concepts in incident response, defensive technologies and common approaches to defense. Concepts are reinforced through hands-on labs.
Prerequisite
All Technology Core courses
Washington Technology University
Syllabus
INSE 435 : Hacker Tools and Techniques
5 Credits
Approved: 3/10/2021 9:39:48 PM
Course Description
Discover the history of hacking and understand the difference between ethical and black-hat hacking in this course. Examine how attackers target networks and the methods they use including footprinting, port scanning, enumeration, malware, sniffers, denial of service, and social engineering. The course provides concepts in incident response, defensive technologies and common approaches to defense. Concepts are reinforced through hands-on labs.
Course Required Resources
- Textbook: Oriyano & Solomon. Hacker Techniques, Tools, and Incident Handling, Third Edition, Burlington, MA: Jones & Bartlett, 2018.
- Course supplements: Weidman. Penetration Testing – A Hands-on Introduction to Hacking. No Starch Press, 2014 (available in Books 24x7)
Course Outcomes
Explain the history and current state of hacking and penetration testing, including ethical and legal implications.
Identify common information-gathering tools and techniques.
Perform system hacking, and web and database attacks.
Analyze vulnerabilities exploited by hackers.
Identify common types of malware and the threats they pose.
Perform network traffic analysis and sniffing by using appropriate tools.
Perform incident handling by using appropriate methods.
Identify security controls and defensive technologies.
Course Keywords
Ethical hacking, Ethical laws, Exploitation, Hacker, Penetration testing, Kali Linux, Footprinting, Information gathering, Fingerprinting, Nmap, TCP/IP, Botnet, DoS, DDoS, Network sniffing, Network traffic analysis, Wireshark, Session hijacking, Enumeration, Password cracking, Privilege escalation, Rainbow table, Rootkit, Backdoors, Ps tools, System hacking, Buffer overflow, Cross-site scripting (XSS) attack, Database attack, SQL injection, Trojan, Virus, Worm, Adware, Covert channel, Malware, Ransomware, 802.11, Wi-Fi, WLAN, WPA, WPA2, WEP, Bluejacking, Bluesnarfing, Bluetooth, Social engineering, BCP, BIA, DRP, Forensics, Incident response plan, Incident response process, Defense in depth, Demilitarized zone (DMZ), Firewall, Honeynet, Honeypot, IDS, IPS, Security control
Assignment Summary
Project – Hands-on Labs with Tools and Techniques for Ethical Hacking
In this project students will finish five labs selected from Jones&Bartlett Virtual Security Cloud Labs. The Virtual Security Cloud Labs allow students gain valuable hands-on experience with professional-grade tools and techniques as students work through the guided lab exercises provided in the on-screen lab manual. The use of virtualization enables students to perform all the tasks in a live environment without putting personal device at risk.
Lab#1: Assessing and Securing Systems on a Wide Area Network (WAN)
In this lab, you will follow a scenario in which a systems administrator for the securelabsondemand.com network has reported odd behavior on four servers that support legacy applications. You will first conduct internal penetration tests (vulnerability scans) on each system to assess its vulnerabilities, then practice securing vulnerable systems by removing viruses, configuring firewalls, and closing vulnerable open ports.
Lab#3: Data Gathering and Footprinting on a Targeted Web Site
In this lab, you will identify a target organization with an Internet website and perform data gathering and footprinting for the site using Internet search tools.
Lab#4: Using Ethical Hacking Techniques to Exploit a Vulnerable Workstation
In this lab, you will perform all five phases of ethical hacking: reconnaissance (using Zenmap GUI for Nmap), scanning (using Nessus), enumeration (exploring the vulnerabilities identified by Nessus), compromise (attack and exploit the known vulnerabilities using the Metasploit Framework application), and conduct post-attack activities by recommending specific countermeasures for remediating the vulnerabilities and eliminating the possible exploits.
Lab#8: Auditing a Wireless Network and Planning for a Secure WLAN Implementation
In this lab, you will explore the Aircrack-ng suite, a set of wireless LAN (WLAN) auditing tools, which can be used to compromise WLAN security implementations. You will watch a video that demonstrates the use of these tools in cracking passwords on a WLAN. This video shows how an unencrypted WPA (WiFi Protected Access) key can be recovered from a weakly protected WLAN. You will be able to use the information from this lab to craft a WLAN security implementation plan that will mitigate any weaknesses and security threats commonly found in a WLAN implementation. In the Applied Learning section of the lab, you will use Aircrack-ng to identify a WPA key from a server in the virtual environment.
Lab#10: Securing the Network with an Intrusion Detection System (IDS)
In this lab, you will configure Snort, an open source intrusion prevention and detection system, on a virtual machine and a web-based IDS monitoring tool called Snorby. You also will use the Nessus scanning tool to scan the virtual machine to test the Snort configuration and see exactly what circumstances trigger an IDS alert.
Students are required to complete Section 1 and Section 2 then submit the deliverables as one zip file, for each lab. After the hands-on part, students are required to finish a lab assessment quiz to check their understanding of the lab contents.
Instructor Determined Assignments, Collaboration and Participation (attendance and online activities)
The instructor will evaluate participation in the course and in online discussions. The instructor may also include other assignments. The instructor-determined assignments and discussions will be distributed and evaluated such that the total point value reflects the weighting given in the rubrics. The instructor will provide the grading criteria, rubrics, and directions for completing these assignments.
Mid Term Exam
Students should be prepared to answer a variety of types of questions pertinent to the concepts covered in or suggested by the course materials, assignments and activities. The instructor may provide additional information about the content, style, and grading criteria of this exam. The test will cover all concepts covered since the first day of class.
Final Exam
Students should be prepared to answer a variety of types of questions pertinent to the concepts covered in or suggested by the course materials, assignments and activities. The instructor may provide additional information about the content, style, and grading criteria of this exam. The exam will be limited to concepts covered since the mid-term.