695.643.81 - Introduction to Ethical Hacking

Cybersecurity
Fall 2024

Description

This course exposes students to the world of ethical computer hacking by discussing foundational concepts, frameworks, approaches and methods for how systems, assets/devices and networks that can be penetration tested (pen-tested) and assessed for vulnerabilities (i.e., exploited). Adversary motives, behaviors, and ideologies, as well as the history of hacking is explained to better be informed of the evolution of this practice. The Offensive Cyber Kill chain stages and steps, hacking phases, OSI model applicability to hacking, comprehensive discussion of Tactics, Techniques and Procedures (TTP’s) and an overview of what Indicators of Compromises (IOC’s) are is discussed. Fundamental protocol manipulation methods & weakness concepts are taught in order to gain a better appreciation of network/system vulnerabilities, how easily they can be exploited, and to reinforce the knowledge basis of applying Defensive Cyber Operations strategies. The class looks at fundamental hacking approaches through practical exposure via hands-on assignments, lab activities, discussions, & quizzes. The course goal is to learn fundamental principles of reconnaissance, collection, scanning, weaponization, delivery, implant, escalation, pivoting, lateral movement, persistence, command and control (C2) and exploitations that penetration testers use to inform ISSO’s, CSSP’s & mission/system owners of their network/asset/system weaknesses. Course topics include; Ideology/Motives/Behaviors, Penetration Testing Foundations, Ethical Hacking concepts, TTP’s & IOC’s understood, Cryptography and PKI, Web Exploitation, Mobile Devices & DNS attacks, Scanning & Reconnaissance, Network Exploitation, Information Gathering & Social Engineering, Wi-Fi Exploitation, Rootkits, OS Security, Buffer Overflows, Race Conditions, TOC/TOU, and Post Exploitation (escalate/pivot).

Expanded Course Description

This course exposes students to the world of ethical computer hacking by discussing foundational concepts, frameworks, and theoretical knowledge that will provide a richer understanding of how and why vulnerable hosts/systems are attacked to motivate and better apply defensive tactics, techniques, and solutions. The class looks at fundamental hacking approaches through practical exposure via hands-on assignments, discussions, and two quizzes. For lab assignments, students are expected to use a computer that will remain air-gapped/off all networks while they complete the deliverable. The course goal is to learn fundamental principles of reconnaissance, scanning, escalation, pivoting, and exploitation that can be leveraged to defend computing infrastructures, networks, and systems. Students will primarily use virtual machines in labs. Course topics include; Ideology/Motives, Penetration Testing, Cryptography and PKI, Web Exploitation, Mobile Devices, Scanning & Reconnaissance, Network Exploitation, Information Gathering & Social Engineering, Wi-Fi Exploitation, Rootkits, OS Security, Buffer Overflows, Race Conditions, and Post Exploitation (escalate/pivot).

Prerequisites

Instructor

Default placeholder image. No profile image found for Jason Crossland.

Jason Crossland

jason.crossland@jhuapl.edu

Course Structure

The course materials are divided into modules, which are accessed by clicking Modules in the Canvas menu. A module will have several sections including the overview, content, readings, discussions, videos, and assignments/lab activities. You are encouraged to preview all sections of the module before starting. Modules run for a period of seven (7) days (Tues.-Weds.), the Professor will communicate any exceptions to this. I will primarily use the Announcement section, as well as your JHU EP email to communicate class particulars. You should regularly check the these items for any updates.

Course Topics

Course topics include: Ideology/Motives, Penetration Testing, Cryptography and PKI, Web Exploitation, Mobile Devices, Scanning & Reconnaissance, Network Exploitation, Information Gathering & Social Engineering, Wi-Fi Exploitation, Rootkits, OS Security, Buffer Overflows, Race Conditions, and Post Exploitation (escalate/pivot).

Course Goals

To learn foundational principles of reconnaissance, scanning, and exploitation that can be leveraged to defend computing infrastructures, networks, and systems from advanced persistent threats and hackers. Additionally, to understand the value, importance, and reason for why ethical hacking exists and how a penetration testing report and executive summary can assist an ISSO, mission/system owner.

Course Learning Outcomes (CLOs)

Textbooks

Other Materials & Online Resources

Other on-line journals, frameworks, and literature best practices will be provided to you.

Required Software

The labs will be completed using Seeds Security Lab’s Virtual Machines via their pre-built Ubuntu 16.04 VM’s and files.

Student Coursework Requirements

It is expected that each module will take approximately 15-18 hours per week to complete. Here is a rough breakdown:

A few of the lectures were recorded earlier in the year. The posted slides have been updated to resolve any issues.

The course assessment will be based on four main basic components discussed below; Overall Deliverables, Penetration Test Report, Participation, and Discussion Forum.

Overall Deliverables (50% of Final Grade Calculation)

The overall deliverables will encompass a combination of assignments, lab activities, and quizzes which will provide a theoretical and technical understanding of the material. A mix of problem types that involve all
aspects of ethical hacking will be the focus ranging from 1.) Wi-Fi and Mobile device attacks 1.) open reconnaissance, 2.) scanning and exploiting vulnerabilities 3.) pivoting and escalation methods, 4.) implementing web and network attacks, 5.) exploring cryptography and PKI exploits, 6.) understanding buffer overflows, rootkits, and race conditions, 7.) developing OS Security exploits, 8.) using Social-Engineer Toolkit (SET) in Kali Linux, and 9.) understanding the importance penetration reports and executive summaries provide to cyber security professionals.

There will be roughly thirteen (13) lab activities, two (2) quizzes and three (3) assignments to be completed. Virtual Machines will be used to complete all labs with the majority of them utilizing Ubuntu Version 20.04. All labs will come with detailed instructions, helpful hints, and any applicable files needed to complete the lab. The lab activities should be submitted as either a pdf or word document with your name and enough detail that the instructor can easily determine which question you are answering or which capability you are demonstrating. The question must be repeated, in full, before answering the question. Many of the hands-on lab activities will require the capture of screenshots to demonstrate you have achieved the goal. You should annotate the screenshots with enough detail to clearly show you know what it represents. While not turned in as part of the lab activity, detailed notes will help you recall exactly what you did when you need to use that material in writing the final penetration test and executive summary report.

The assignment should be submitted as either a pdf or word document with your name and enough detail that the instructor can easily determine which question you are answering. The question must be repeated, in full, before answering the question. All assignments will come with detailed instructions.

Think of your lab activity and homework submission as a stand-alone document that someone not enrolled in the course or who has not read the assignment could still read and follow. In other words, discuss the context, summarize the goal, and present your results. A typical assignment and lab activity will be worth 100 points.

There will be a quiz in Module 9 and a quiz in Module 14. First quiz will cover content material from modules 2 through 8, with the second focusing on modules 9 through 14. Both will have roughly 40 questions containing a variety of multiple choice, True and False, and short answer.

The ability to communicate with both security engineers and executive decision makers is a critical aspect of penetration testing. As a result, writing is expected to meet graduate-level English and scholarship standards.

Gross negligence of graduate-level English standards will be taken into consideration. The purpose of the overall deliverables is to give the students the opportunity to demonstrate and apply their understanding of the course concepts.

Lab activities, assignments, and quizzes are due at the end of Day 7, Tuesday @ 1159pm EST, of the module unless otherwise specified. Late submissions will be reduced by five (5) points for each day late (no exceptions without prior coordination with the instructor).

Penetration Test Report (17% of Final Grade Calculation)

In order to be useful, penetration-testing results must be communicated effectively to both security engineers, program managers, and senior decision makers who may not understand or care about the technical details. The written penetration testing report will be graded accordingly - for technical content, the ability to convey/explain the report’s value added, clarity, logic flow, readability, and grammar/spelling.

The Penetration Testing Execution Standard, which you will use for this report is a relatively robust standard, but it is still evolving. In this course, we will not be able to duplicate all aspects of a penetration test, so you will need to tailor the report accordingly. This is an important exercise, because a typical real-world penetration test will only include some aspects of the standard, and the report will necessarily have to be tailored. That means points will be deducted if you include sections that don’t make sense or omit sections that should have been included. Think of this as a term paper as it is due at the end of the course (end of Module 14).

The final penetration test and executive summary report will include activities you did in Modules 3 through 13, omitting Module 9. The Penetration test report will cover the objectives and end-state goals of the lab activities performed, tools/software used, and results obtained.

One caution: The report consists of a Technical Report and Executive Summary. The term Executive Summary does not mean a summary of the technical report. Think of it as a separate document providing the kind of risk information that decision makers need in order to make investment decisions regarding placement of security mitigations/mechanisms, where to apply resources and prioritization of security controls. The Executive Summary should be a complete report to executives.

Refer to the Penetration Testing Report Instructions document for more information.

Discussion Forum (17% of Final Grade Calculation)

Each student is responsible for carefully reading all assigned material, watching the video lectures, and being prepared for discussions with other students. Students will be graded on their responses based on the four criteria’s listed below:

  1. Concise critical thinking/reasoning 25%
  2. Generates learning and engagement among classmates 25%
  3. Demonstrates knowledge of content and applicability to professional practice 25%
  4. Timeliness and mechanics 25%

Discussion forums for each module will be available on Wednesday (Day 1). Students must post an initial response to the question no later than Saturday (Day 4). Posting at least one (1) meaningful response to
another student(s) post, that adds value and enrichment to the discussion is required to receive full points. (i.e., Timeliness and mechanics). All posts must be completed by Day 7 (Tuesday @ 1159pm EST).

Participation: Lab Forum/Q&A (16% of Final Grade Calculation)

Along with the discussion forums, students will also be assessed by participating in Q&A dialogues between your classmates. Posting lessons learned and problem-solving steps for the lab activities within the Q&A section of Canvas serves as a method to learn from each other about issues encountered, actions taken, and applying critical thinking to the topics discussed. The instructor will be monitoring the Q&A participation posts and providing insights as well. For modules that require the completion of a lab activity, students are required to make one (1) post that helps other fellow classmates by discussing their lessons learned, trouble-shooting steps, and/or asking a question about the topic. Modules that require assignments and/or quizzes, students should also provide insights/questions on the topic as well.

Grading Policy

Assignments are due according to the dates posted in your Canvas course site. You may check these due dates in the Course Contents under each Assignment, Lab Activity, or Discussion Forum. Students are
responsible for contacting the instructor if circumstances occur which requires additional time to be granted for completing the deliverable(s).

You are responsible for reading the assigned material, listening to the lectures, and completing the weekly deliverables. It is highly encouraged to read all assigned material, listen to the lectures and office hours, and
review all power points prior to starting the assignments, lab activities, and quizzes.

We generally do not directly grade spelling and grammar. However, egregious violations of the rules of the English language will be noted without comment. Consistently poor performance in either spelling or grammar is taken as an indication of poor written communication ability that may detract from your grade.

A grade of A indicates achievement of consistent excellence and distinction throughout the course—that is, conspicuous excellence in all aspects of assignments, lab activities, and discussion in every week.

A grade of B indicates work that meets all course requirements on a level appropriate for graduate academic work. These criteria apply to both undergraduates and graduate students taking the course.

EP uses a +/- grading system (see “Grading System”, Graduate Programs catalog, p. 10). You should contact your Program Chair for guidance on the breakdown used by your program.

Score RangeLetter Grade
100-98= A+
97-94= A
93-90= A−
89-87= B+
86-83= B
82-80= B−
79-77= C+
76-73= C
72-70= C−
69-67= D+
66-63= D
<63= F

Academic Policies

Deadlines for Adding, Dropping and Withdrawing from Courses

Students may add a course up to one week after the start of the term for that particular course. Students may drop courses according to the drop deadlines outlined in the EP academic calendar (https://ep.jhu.edu/student-services/academic-calendar/). Between the 6th week of the class and prior to the final withdrawal deadline, a student may withdraw from a course with a W on their academic record. A record of the course will remain on the academic record with a W appearing in the grade column to indicate that the student registered and withdrew from the course.

Academic Misconduct Policy

All students are required to read, know, and comply with the Johns Hopkins University Krieger School of Arts and Sciences (KSAS) / Whiting School of Engineering (WSE) Procedures for Handling Allegations of Misconduct by Full-Time and Part-Time Graduate Students.

This policy prohibits academic misconduct, including but not limited to the following: cheating or facilitating cheating; plagiarism; reuse of assignments; unauthorized collaboration; alteration of graded assignments; and unfair competition. Course materials (old assignments, texts, or examinations, etc.) should not be shared unless authorized by the course instructor. Any questions related to this policy should be directed to EP’s academic integrity officer at ep-academic-integrity@jhu.edu.

Students with Disabilities - Accommodations and Accessibility

Johns Hopkins University values diversity and inclusion. We are committed to providing welcoming, equitable, and accessible educational experiences for all students. Students with disabilities (including those with psychological conditions, medical conditions and temporary disabilities) can request accommodations for this course by providing an Accommodation Letter issued by Student Disability Services (SDS). Please request accommodations for this course as early as possible to provide time for effective communication and arrangements.

For further information or to start the process of requesting accommodations, please contact Student Disability Services at Engineering for Professionals, ep-disability-svcs@jhu.edu.

Student Conduct Code

The fundamental purpose of the JHU regulation of student conduct is to promote and to protect the health, safety, welfare, property, and rights of all members of the University community as well as to promote the orderly operation of the University and to safeguard its property and facilities. As members of the University community, students accept certain responsibilities which support the educational mission and create an environment in which all students are afforded the same opportunity to succeed academically. 

For a full description of the code please visit the following website: https://studentaffairs.jhu.edu/policies-guidelines/student-code/

Classroom Climate

JHU is committed to creating a classroom environment that values the diversity of experiences and perspectives that all students bring. Everyone has the right to be treated with dignity and respect. Fostering an inclusive climate is important. Research and experience show that students who interact with peers who are different from themselves learn new things and experience tangible educational outcomes. At no time in this learning process should someone be singled out or treated unequally on the basis of any seen or unseen part of their identity. 
 
If you have concerns in this course about harassment, discrimination, or any unequal treatment, or if you seek accommodations or resources, please reach out to the course instructor directly. Reporting will never impact your course grade. You may also share concerns with your program chair, the Assistant Dean for Diversity and Inclusion, or the Office of Institutional Equity. In handling reports, people will protect your privacy as much as possible, but faculty and staff are required to officially report information for some cases (e.g. sexual harassment).

Course Auditing

When a student enrolls in an EP course with “audit” status, the student must reach an understanding with the instructor as to what is required to earn the “audit.” If the student does not meet those expectations, the instructor must notify the EP Registration Team [EP-Registration@exchange.johnshopkins.edu] in order for the student to be retroactively dropped or withdrawn from the course (depending on when the "audit" was requested and in accordance with EP registration deadlines). All lecture content will remain accessible to auditing students, but access to all other course material is left to the discretion of the instructor.