A course is the basic teaching unit, it's design as a medium for a student to acquire comprehensive knowledge and skills indispensable in the given field. A course guarantor is responsible for the factual content of the course.
For each course, there is a department responsible for the course organisation. A person responsible for timetabling for a given department sets a time schedule of teaching and for each class, s/he assigns an instructor and/or an examiner.
Expected time consumption of the course is expressed by a course attribute extent of teaching. For example, extent = 2 +2 indicates two teaching hours of lectures and two teaching hours of seminar (lab) per week.
At the end of each semester, the course instructor has to evaluate the extent to which a student has acquired the expected knowledge and skills. The type of this evaluation is indicated by the attribute completion. So, a course can be completed by just an assessment ('pouze zápočet'), by a graded assessment ('klasifikovaný zápočet'), or by just an examination ('pouze zkouška') or by an assessment and examination ('zápočet a zkouška') .
The difficulty of a given course is evaluated by the amount of ECTS credits.
The course is in session (cf. teaching is going on) during a semester. Each course is offered either in the winter ('zimní') or summer ('letní') semester of an academic year. Exceptionally, a course might be offered in both semesters.
The subject matter of a course is described in various texts.
BIK-EHA.21 Ethical Hacking Extent of teaching: 14KP+4KC Instructor: Dostál J., Kiezler T., Kolárik M. Completion: Z,ZK Department: 18106 Credits: 5 Semester: L Annotation:
The course gives a professional and academic introduction to computer and information security using the ethical hacking approach, which enables improved defence thanks to adopting an attacker mindset when discovering vulnerabilities, hands-on experience with different attacks, facilitates linking theory and practice in significant areas of one's digital literacy, and can therefore be utilized by (future) security professionals, (informed) decision-makers, (savvy) users and developers alike.
Lecture syllabus:
Disclaimer: In spite of the fact that we'll try to fit our sessions' continuity with a typical sequence of steps in a penetration test (pentest-standard.org), the content of the course and the order of its sections /teaching blocks might be subject to change based on pace, level of proficiency, and other requirements of the course group.
1. INTRODUCTION & PREREQUISITES: Introduction to Computer & Information Security; Introduction to Ethical Hacking & Penetration Testing; Law & Ethics of Offensive Security; Computer Science & Computer Fundamentals; Communication Protocols; Networking Technologies; Web Technologies; Introduction to Kali Linux; Introduction to Linux Command Line; Introduction to Python Programming 2. FOOTPRINTING, INTELLIGENCE GATHERING & THREAT MODELING: Active & Passive Reconnaissance; Physical Security; Social Engineering; Network Analysis; Intrusion Detection, Firewalls & Antiviruses 3. Software, Database, Wireless, Web Application, OS & Mobile Security; Architecture & Security of Popular Operating Systems: Linux, Windows, OS X, Android, iOS, Chrome OS, BSD; Viruses, Worms, Rootkits, Trojans, Backdoors, Bots, Ransomware, Spyware, Adware & Other Malware; Host Attacks, Network Attacks, Spoofing, Denial of Service (Part 01) 4. VULNERABILITY ANALYSIS, EXPLOITATION, POST EXPLOITATION: Active & Passive Attacks; Software, Database, Wireless, Web Application, OS & Mobile Security; Architecture & Security of Popular Operating Systems: Linux, Windows, OS X, Android, iOS, Chrome OS, BSD; Viruses, Worms, Rootkits, Trojans, Backdoors, Bots, Ransomware, Spyware, Adware & Other Malware; Host Attacks, Network Attacks, Spoofing, Denial of Service (Part 02) 5. VULNERABILITY ANALYSIS, EXPLOITATION, POST EXPLOITATION: Active & Passive Attacks; Software, Database, Wireless, Web Application, OS & Mobile Security; Architecture & Security of Popular Operating Systems: Linux, Windows, OS X, Android, iOS, Chrome OS, BSD; Viruses, Worms, Rootkits, Trojans, Backdoors, Bots, Ransomware, Spyware, Adware & Other Malware; Host Attacks, Network Attacks, Spoofing, Denial of Service (Part 03) 6. VULNERABILITY ANALYSIS, EXPLOITATION, POST EXPLOITATION: Active & Passive Attacks; Software, Database, Wireless, Web Application, OS & Mobile Security; Architecture & Security of Popular Operating Systems: Linux, Windows, OS X, Android, iOS, Chrome OS, BSD; Viruses, Worms, Rootkits, Trojans, Backdoors, Bots, Ransomware, Spyware, Adware & Other Malware; Host Attacks, Network Attacks, Spoofing, Denial of Service (Part 04) 7. VULNERABILITY ANALYSIS, EXPLOITATION, POST EXPLOITATION: Applied Cryptography, Password Cracking; Black Box & White Box Testing; Source Code Auditing, Fuzzing; Digital & Computer Forensics; Steganography 8. VULNERABILITY ANALYSIS, EXPLOITATION, POST EXPLOITATION: Hardware Security, Firmware, Booting; Malware Analysis, C/C++, Assembly; Debugging, Disassembly, Reverse Engineering 9. REPORTING & MEASURES, BUSINESS, MACRO & MICRO-LEVEL CYBERSECURITY: Writing a Penetration Testing Report; Disaster Recovery, Incident Response; Standards (and Their Shortcomings), Regulatory Compliance, Security Policies, Security Management and Security Metrics; History of Computer Security, Milestones and Famous Hacks, Attacks & Malware, Economics of Cybercrime, Cyberwarfare, Critical Infrastructure Security, Privacy & Surveillance 10. APPLICATIONS & GETTING OUT OF YOUR COMFORT ZONE: Cloud Computing Security; Peer-to-Peer Network Security; Programming Languages Security; Embedded Device & Internet of Things Security; Augmented Reality & Virtual Reality Security; Point of Sale Security; E-commerce Payment Systems Security; Cryptocurrencies Security Deep Web & Dark Web; Hacking Satellites; Hacking Cars, Drones, Planes, Trains, ...; Hacking Washing Machines, Fridges, ...; Quantum Computing; Artificial Intelligence; Big Data; Bioengineering & Biohacking; 3D Printing; Game Hacking; GPU malware; (...) 11. COURSE REVIEW & FINAL PROJECT CONSULTATION: research around the infrastructure of an organization and possible attack vectors (background and theory); vulnerability analysis and exploitation (analyses, assessment, documentation, methodology, tools used, program code, raw data); suggested measures (technical as well as regulatory /policies); executive summary, presentation, answers to questions 12. RESERVE: very likely needed because of guest lectures /workshops /trips 'into the field' /holidays /... Seminar syllabus:
Lectures are intertwined with exercises /tutorials.Literature:
1. Kennedy D., O'gorman D., Kearns D. : Metasploit: The Penetration Tester's Guide. No Starch Press, 2011. ISBN 978-1593272883. 2. Weidman G. : Penetration Testing: A Hands-On Introduction to Hacking. No Starch Press, 2014. ISBN 978-1593275648. 3. Messier R. : Learning Kali Linux: Security Testing, Penetration Testing & Ethical Hacking. O0Reilly, 2018. ISBN 978-1492028697. 4. Messier R. : CEH v10 Certified Ethical Hacker Study Guide. Sybex, 2019. ISBN 978-1119533191. Requirements:
Please see slides 08 to 13 of bit.ly/ethhacking.
Informace o předmětu a výukové materiály naleznete na https://courses.fit.cvut.cz/BI-EHA/ The course is also part of the following Study plans:
Study Plan Study Branch/Specialization Role Recommended semester BIK-SPOL.21 Unspecified Branch/Specialisation of Study VO 4 BIK-SI.21 Software Engineering 2021 (in Czech) V 4 BIK-PS.21 Computer Networks and Internet 2021 (in Czech) V 4 BIK-IB.21 Information Security 2021 (in Czech) PS 4 BIK-PS.21 Computer Networks and Internet 2021 (in Czech) PV 6 BIK-PV.21 Computer Systems and Virtualization 2021 (in Czech) V 4
Page updated 25. 4. 2024, semester: Z,L/2023-4, Z/2019-20, Z/2024-5, L/2022-3, Z/2020-1, Z,L/2021-2, L/2020-1, Z/2022-3, L/2019-20, Send comments to the content presented here to Administrator of study plans Design and implementation: J. Novák, I. Halaška