Universidad de Jaén

Menú local

Syllabus 2020-21 - 77212008 - Ethical Hacking (Hacking ético)

Caption
  • Level 1: Tutorial support sessions, materials and exams in this language
  • Level 2: Tutorial support sessions, materials, exams and seminars in this language
  • Level 3: Tutorial support sessions, materials, exams, seminars and regular lectures in this language
DEGREE: Máster Univ. en Seguridad informática (77212008)
FACULTY: SCHOOL OF ENGINEERING OF JAÉN
DEGREE: Doble Máster en Ingeniería informática y Seguridad informática (77612008)
FACULTY: SCHOOL OF ENGINEERING OF JAÉN
DEGREE: Máster en Ingeniería informática (74013007)
FACULTY: SCHOOL OF ENGINEERING OF JAÉN
ACADEMIC YEAR: 2020-21
COURSE: Ethical Hacking
SYLLABUS
1. COURSE BASIC INFORMATION
NAME: Ethical Hacking
CODE: 77212008 (*) ACADEMIC YEAR: 2020-21
LANGUAGE: English LEVEL: 2
ECTS CREDITS: 4.0 YEAR: 1 SEMESTER: PC
2. LECTURER BASIC INFORMATION
NAME: GARCÍA CUMBRERAS, MIGUEL ÁNGEL
DEPARTMENT: U118 - INFORMÁTICA
FIELD OF STUDY: 570 - LENGUAJES Y SISTEMAS INFORMÁTICOS
OFFICE NO.: A3 - 112 E-MAIL: magc@ujaen.es P: 953212420
WEBSITE: http://blogs.ujaen.es/magc/
ORCID: https://orcid.org/0000-0003-1867-9587
LANGUAGE: - LEVEL: 2
3. CONTENT DESCRIPTION

  1. Introduction
    Ethical Hacking and Essential Terminology
    Security elements
    Hacker Phases
    Types of hackers
    Types of Safety Test
  2. Obtaining information
    Pre-attack: Footprinting and scanning
    Methodology for obtaining information
    Google hacking
    Whois
    Nslookup
    Traceroute
    Thread Tools
  3. Scanning
    Ping
    Ping sweeps
    Port scanning techniques
    Types of scans
    Nmap and other tools
  4. Vulnerabilities
    What is enumeration?
    Null sessions and countermeasures
    Nessus
    Active directory
  5. System Hacking
    Entry into systems: tests, dictionary
    Password sniffing
    Types of password attacks
    Crack of passwords
    Keyloggers
    Escalation of privileges
    DoS Attacks
    Erasing of footprints
    Anonymous navigation
  6. Web Attacks
  7. Metasploit
  8. Exploitation

4. COURSE DESCRIPTION AND TEACHING METHODOLOGY

Theory: exposition of theoretical concepts. 

Practices: practical implementation of the techniques studied in theory classes. Delivery of internships at established dates.

Students with special educational needs should contact the Student Attention Service (Servicio de Atención y Ayudas al Estudiante) in order to receive the appropriate academic support

5. ASSESSMENT METHODOLOGY

Attendance and participation (measured by the teacher's follow-up grades) which is 20% of the final grade:

  • Parts of signatures of attendance to practices
    Participation in the debates
    Participation in work on different topics

Theoretical concepts:

Measured by examination conducted through the virtual teaching platform, which accounts for 30% of the final grade (CB6, CB7 and CB10 Competences; Results RB6, RB7, RB7b, RB7c, RB10, RE08MSE and RG1mSEGI).

Practical concepts:

Measured by the delivery of practices during the duration of the course, which represents 50% of the final grade (Competences E8MSEGI, CTI3, CTI4 and CB7; Results RE08MSE, RG1mSEGI, RT3 and RT4).

In order to address the CT3 transversal competence, the different work opportunities within their future specialization will be discussed with the students within the scope of the discipline that develops the subject.

In order to address the transversal competence CT4, the collaborative and team work developed by the students will be evaluated, with a positive weighting, and with the corresponding percentage within the activity/type of evaluation that is framed.

Those who have not passed the practical part will not be able to pass the subject.

In accordance with the provisions of art. 13 of the Regulations on Academic Regime and Student Assessment of the University of Jaén, the evaluation of the subject will be global.

6. BOOKLIST
MAIN BOOKLIST:
  • Hacking Etico 101 : cómo hackear profesionalmente en 21 días o menos! : comprendiendo la mente del h. Edition: [2ª ed.] (actualizada a Kali 2.0). Author: Astudillo, Karina B. Publisher: [United States ] : CreateSpace, [2016]  (Library)
  • Seguridad informática : hacking Ético : conocer el ataque para una mejor defensa. Edition: 3ª ed. Author: -. Publisher: Cornellá de Llobregat : ENI, 2015  (Library)
ADDITIONAL BOOKLIST:
  • Hacking web technologies. Edition: -. Author: -. Publisher: Madrid : ZeroXword computing, 2016  (Library)
  • SQL Injection. Edition: [3ª ed. rev. y amp.]. Author: Rando González, Enrique. Publisher: Madrid : OxWord, 2016  (Library)
  • Hacking y forensic : desarrolle sus propias herramientas en Python. Edition: -. Author: Ebel, Franck. Publisher: Cornellá de Llobregat : Eni, 2016  (Library)
  • Hacking and penetration testing with low power devices [Recurso electrónico]. Edition: 1st ed. Author: Polstra, Philip. Publisher: Waltham, MA : Syngress, c2015  (Library)
  • Hacking with Kali [Recurso electrónico] : practical penetration testing techniques. Edition: 1st ed. Author: Broad, James. Publisher: Waltham, MA : Syngress, 2014  (Library)
7. VIRTUAL / CLASSROOM TEACHING SCENARIO

1) TEACHING METHODOLOGY AND TRAINING ACTIVITIES.

A1 - Large group exhibition classes. In 100% attendance mode (*). Class to all students of the group in the assigned schedule and classroom.

A2 - Classes in small groups. In attendance mode at 100% (*). Class to all the students of the group in the schedule and classroom assigned.

(*) The Centre may establish a different percentage of attendance depending on the number of students and the capacity of the classroom/laboratory in accordance with health measures.

2) EVALUATION SYSTEM

The system and assessment instruments will be the same as for the face-to-face modality, replacing the face-to-face tests in the case of groups with remote shifts in the rotation with similar tests developed through the use of the online teaching platform or others that the University of Jaén allows or enables, provided that the student's identification is guaranteed.

3) RESOURCES.

Video-conference systems available in the spaces provided for teaching will be used, as well as the digital platforms available at the University of Jaén.

It is expressly forbidden to record, retransmit or reproduce the speech, image, voice and teaching explanations by any means in the face-to-face or non face-to-face synchronous activities without the explicit permission of the teaching staff who teach the activity.

8. VIRTUAL TEACHING SCENARIO

1) TEACHING METHODOLOGY AND TRAINING ACTIVITIES.

The teaching activities, when these cannot be carried out in person, will be done through synchronous and/or asynchronous activities carried out through the distance education platforms and tools (videoconference and virtual teaching) provided by the University of Jaén.

2) EVALUATION SYSTEM.

The evaluation system and instruments will be the same as for the face-to-face mode, replacing the face-to-face tests with similar tests developed through the use of the online teaching platform or others that the University allows or enables, provided that the student's identification is guaranteed.

3) RESOURCES.

Video-conference systems available in the spaces that are enabled for teaching will be used, as well as the digital platforms available at the University of Jaén.

It is expressly forbidden to record, retransmit or reproduce your speech, image, voice and lecture explanations by any means in the face-to-face or non face-to-face synchronous activities without the explicit permission of the teaching staff who teach the activity.

DATA PROTECTION CLAUSE (on line exams)

Institution in charge of data processing: Universidad de Jaén, Campus Las Lagunillas, s/n, 23071 Jaén

Data Protection Delegate: dpo@ujaen.es

Purpose: In accordance with the Universities Law and other national and regional regulations in force, carrying out exams and assessment tests corresponding to the courses students are registered in. In order to avoid frauds while sitting the exam, the exam will be answered using a videoconference system, being able the academic staff of the University of Jaén to compare and contrast the image of the person who is answering the exam with the student's photographic files. Likewise, in order to provide the exam with evidential content for revisions or claims, in accordance with current regulation frameworks, the exam will be recorded and stored.

Legitimacy: compliance with legal obligations (Universities Law) and other national and regional regulations currently in force.

Addressees: service providers who are the owners of the platforms where the exams are carried out and with whom the University of Jaén has signed the corresponding data access contracts.

Storage periods: those established in current in force regulations. In the specific case of exam videoconference recordings, not before the examination records and transcripts are closed or the exam can still be reviewed or challenged.

Rights: you can exercise your right of access, amendment, cancellation, opposition, suppression, limitation and portability by sending a letter to the postal or electronic address indicated above. In the event that you consider that your rights have been violated, you may submit a complaint to the Andalusian Council for Transparency and Data Protection www.ctpdandalucia.es

CLASS RECORDING CLAUSE PERSONAL DATA PROTECTION

Person in charge: Universidad de Jaén, Paraje Las Lagunillas, s/n; Tel.953 212121; www.ujaen.es

Data protection delegate (DPO): TELEFÓNICA, S.A.U. ; Email: dpo@ujaen.es

Procedure aim: To manage proper recordings of teaching sessions with the aim of facilitating learning process under a multimodal and/or online teaching

Period for record storage: Images will be kept during legal term according to regulations in force

Legitimacy: Data will be managed according to legal regulations (Organic Law 6/2001, December 21, on Universities) and given consent provided by selecting corresponding box in legal admission documents

Data recipients (transfers or assignments): Any person allowed to get access to every teaching modality

Rights: You may exercise your rights of access, rectification, cancellation, portability, limitation of processing, deletion or, where appropriate, opposition. To exercise these rights, you must submit a written request to the Information, Registration and Electronic Administration Service of the University of Jaen at the address above, or by e-mail to the address above. You must specify which of these rights you are requesting to be satisfied and, at the same time, you must attach a photocopy of your ID card or equivalent identification document. In case you act through a representative, legal or voluntary, you must also provide a document that proves this representation and identification. Likewise, if you consider that your right to personal data protection has been violated, you may file a complaint with the Andalusian Data Protection and Transparency Council www.ctpdandalucia.es