Ethical Hacking (DAT505)
This course covers the fundamental concepts of ethical hacking and penetration testing. The course will provide a strong foundation for students pursuing ethical hacking careers. The course covers footprinting and reconnaissance, scanning and enumeration, social engineering, denial of service attacks, and web application attacks. The course also covers cryptography, viruses and worms, and honeypots. Students will use Hack the Box or similar vulnerable machines to test their skills.
Course description for study year 2025-2026. Please note that changes may occur.
Course code
DAT505
Version
1
Credits (ECTS)
5
Semester tution start
Autumn
Number of semesters
1
Exam semester
Autumn
Language of instruction
English
Content
Ethical hacking (or penetration testing) is the practice of testing a computer system, network or application to find security vulnerabilities that an attacker could exploit. This course will teach you the basics of ethical hacking and penetration testing. You will learn about footprinting and reconnaissance, scanning and enumeration, social engineering, denial of service attacks, and web application attacks. You will also learn about cryptography, viruses and worms, and honeypots. You will use vulnerable machines (such as Hack the Box) to test your skills. By the end of this course, you will be able to conduct a basic ethical hacking and penetration testing engagement.
Learning outcome
Knowledge
The course will give you a good understanding of the key concepts and vocabulary in Cyber Security, including attack vectors, possible threats, and their purpose.
The students will understand the fundamental principles for defending against cyber attacks and the most critical defense techniques. By the end of this course, students will be able to:
-
Understand the basics of ethical hacking and penetration testing.
-
Using open-source intelligence, hacker forums, and exposed passwords, perform footprinting and reconnaissance.
-
Perform scanning and enumeration using Nmap and Metasploit framework.
-
Perform social engineering using theHarvester to collect victim organization’s emails, find login pages with Recon-Ng, and inject backdoors.
-
Perform denial-of-service attacks with spoofing, smurf, reflection and packet amplification methods.
-
Perform web application attacks using sqlmap, CSRF, and XSS attacks.
-
Understand cryptography
Skills
By the end of this course, students will be able to:
-
Use hacking tools and techniques like Nmap, Metasploit, hping3, social engineering toolkit, Recon-Ng
-
How to design malicious remote access trojans using msfvenom
-
Understand the network packet manipulation techniques to bypass the firewalls
-
How to perform buffer overflows on real-world applications
-
How to evade the antivirus software
Required prerequisite knowledge
Recommended prerequisites
To follow this course the student should have basic knowledge in computer systems, databases, networks and programming.
Exam
Form of assessment | Weight | Duration | Marks | Aid |
---|---|---|---|---|
Written exam | 1/1 | 3 Hours | Letter grades | None permitted |
Digital exam.
Coursework requirements
4 assignments must be approved for the student to access the exam. The assignments will be carried out individually.
Course teacher(s)
Course coordinator:
Ferhat Özgur CatakHead of Department:
Tom RyenMethod of work
2 hours lectures and 2 hours guided lab each week over 10 weeks.