To properly secure any organization's information infrastructure and assets, a periodic assessment of its security posture at various levels of the organization is essential. One key area is the direct assessment of vulnerabilities in the IT infrastructure, systems and applications, followed by targeting and exploitation of the same. This course covers the theoretical bases for cyber threats and vulnerabilities, and delves into selection and application of penetration testing methodologies ranging from reconnaissance to the exploitation of vulnerabilities by probing infrastructure, services and applications. The course places a strong emphasis on the use of these methodologies to demonstrate, document, report on, and provide a clear roadmap for remediation of exposed security issues.
- Theoretical Learning Outcomes: o Understand applicable theories connecting cybersecurity to human behavior. o Critique the purpose and goals of vulnerability assessments and penetration testing. o Interpret and differentiate cyber threats and exploits in a penetration testing context. o Describe and distinguish key phases of ethical hacking: reconnaissance, scanning, gaining access, maintaining access, and covering the tracks.
- Practical Learning Outcomes: o Perform protocol analysis using packet captures and analysis data using a sniffer (e.g. Wireshark). o Investigate and uncover network devices, operating systems, ports, and services (e.g. Nmap). o Discover network security issues using an intrusion detection tool (e.g. Snort). Implement and leverage penetration testing suite of applications (e.g. Metasploit) to:
- o Recognize information targets across operating systems and services. o Implement scripts and tools to assist in penetration testing. o Deploy and test exploits targeting operating systems and services. o Conduct remote and client side attacks. o Identify and exploit various vulnerabilities in web applications. o Deploy tunneling techniques to bypass firewalls.
- Apply testing methodologies using tools such as Wireshark, Nmap, Snort, Metasploit and related applications and platforms.