CIS247 — Ethical Hacking I
4 , 3 lecture periods 2 lab periods Skills necessary to plan and scope an assessment, understand legal and compliance requirements, perform vulnerability scanning and penetration testing, analyze data, and effectively report and communicate results. Assess known vulnerabilities across multiple technologies such as network devices, wireless, applications and operating systems. Compare ethical penetration testing and unethical hacking. Perform penetration testing on a simple network. Outline: Planning and Scoping Understanding the target audience Rules of engagement and disclaimers Communications escalation Legal Contracts SOW NDA MSA Written authorization Types of assessments Red Team Compliance-based Goal based Target Selection On-site vs off-site Social engineering Strategies Black box White box Gray box Information Gathering and Vulnerability Identification Information gathering Scanning and enumeration Packet inspection Fingerprinting Eavesdropping Decompiling and debugging Open Source Intelligence (OSINT) Perform scans Types of scans Discovery Full Stealth Compliance Application scanning Consideration Bandwidth Execution time Business impact Leveraging Information Map vulnerabilities to potential exploits Techniques to execute attack Exploit chaining Social engineering Password attacks Credential brute force Rainbow tables Dictionary attacks Attacks and Exploits Social engineering attacks Spear phishing Impersonation USB drop Network based vulnerabilities Man in the middl
Prerequisites: CIS119, CIS137, CIS225