Universidad de Jaén

Menú local

Syllabus 2022-23 - 77212008 - Ethical Hacking (Hacking ético)

Caption
  • Level 1: Tutorial support sessions, materials and exams in this language
  • Level 2: Tutorial support sessions, materials, exams and seminars in this language
  • Level 3: Tutorial support sessions, materials, exams, seminars and regular lectures in this language
DEGREE: Máster Univ. en Seguridad informática (77212008)
FACULTY: SCHOOL OF ENGINEERING OF JAÉN
DEGREE: Doble Máster en Ingeniería informática y Seguridad informática (77612008)
FACULTY: SCHOOL OF ENGINEERING OF JAÉN
DEGREE: Máster en Ingeniería informática (74013007)
FACULTY: SCHOOL OF ENGINEERING OF JAÉN
ACADEMIC YEAR: 2022-23
COURSE: Ethical Hacking
SYLLABUS
1. COURSE BASIC INFORMATION
NAME: Ethical Hacking
CODE: 77212008 (*) ACADEMIC YEAR: 2022-23
LANGUAGE: English LEVEL: 1
ECTS CREDITS: 4.0 YEAR: 1 SEMESTER: PC
2. LECTURER BASIC INFORMATION
NAME: GARCÍA CUMBRERAS, MIGUEL ÁNGEL
DEPARTMENT: U118 - INFORMÁTICA
FIELD OF STUDY: 570 - LENGUAJES Y SISTEMAS INFORMÁTICOS
OFFICE NO.: A3 - 112 E-MAIL: magc@ujaen.es P: 953212420
WEBSITE: http://blogs.ujaen.es/magc/
ORCID: https://orcid.org/0000-0003-1867-9587
LANGUAGE: - LEVEL: 1
3. CONTENT DESCRIPTION

THEORETICAL CONTENT

Unit 1: Introduction and concepts

  • Presentation and introduction
  • Systems auditing: white box and black box tests
  • Red team, blue team and purple team
  • Phases of a cyber attack: Cyber kill chain
  • Attack techniques, tactics and procedures: MITRE ATT&CK

Unit 2: Information gathering and vulnerability scanning

  • Information gathering: footprinting and reconnaissance
  • Enumeration: Scanning of systems, services and vulnerabilities.
  • Interception of communications: sniffing
  • Malware

Unit 3: Exploitation of vulnerabilities

  • Exploitation of vulnerabilities
  • Privilege escalation
  • Lateral movements
  • Social engineering
  • Reverse engineering

 

PRACTICAL CONTENT

The practical contents are paired with the theoretical ones, so that each week there will be activities related to each topic.

Activities Unit 1: Search for information on related concepts as well as evaluation forums and competition for these topics.

Activities Unit 2: Search and selection of objectives to be analyzed for information collection and system scanning. Application of techniques and tools for information collection.

Activities Unit 3: Vulnerability exploitation tests in a controlled environment. Design of a social engineering test. Case study of hacking a web application.

4. COURSE DESCRIPTION AND TEACHING METHODOLOGY

Theory: exposition of theoretical concepts. 

Practices: practical implementation of the techniques studied in theory classes. 

Students with special educational needs should contact the Student Attention Service (Servicio de Atención y Ayudas al Estudiante) in order to receive the appropriate academic support

5. ASSESSMENT METHODOLOGY

Attendance and participation (measured by the teacher's follow-up grades) which is 10% of the final grade:

  • Parts of signatures of attendance to practices
    Participation in the debates
    Participation in work on different topics

Theoretical concepts:

Measured by partial tests and a final exaem (conducted through the virtual teaching platform), which accounts for 40% of the final grade (CB6, CB7 and CB10 Competences; Results RB6, RB7, RB7b, RB7c, RB10, RE08MSE and RG1mSEGI).

Practical concepts:

Measured by the delivery of practices during the duration of the course, which represents 50% of the final grade (Competences E8MSEGI, CTI3, CTI4 and CB7; Results RE08MSE, RG1mSEGI, RT3 and RT4).

In order to address the CT3 transversal competence, the different work opportunities within their future specialization will be discussed with the students within the scope of the discipline that develops the subject.

In order to address the transversal competence CT4, the collaborative and team work developed by the students will be evaluated, with a positive weighting, and with the corresponding percentage within the activity/type of evaluation that is framed.

In accordance with the provisions of art. 13 of the Regulations on Academic Regime and Student Assessment of the University of Jaén, the evaluation of the subject will be global.

6. BOOKLIST
MAIN BOOKLIST:
  • Hacking Etico 101 : cómo hackear profesionalmente en 21 días o menos! : comprendiendo la mente del h. Edition: [2ª ed.] (actualizada a Kali 2.0). Author: Astudillo, Karina B. Publisher: [United States ] : CreateSpace, [2016]  (Library)
  • Seguridad informática : hacking Ético : conocer el ataque para una mejor defensa. Edition: 3ª ed. Author: -. Publisher: Cornellá de Llobregat : ENI, 2015  (Library)
ADDITIONAL BOOKLIST:
  • Hacking web technologies. Edition: -. Author: -. Publisher: Madrid : ZeroXword computing, 2016  (Library)
  • SQL Injection. Edition: [3ª ed. rev. y amp.]. Author: Rando González, Enrique. Publisher: Madrid : OxWord, 2016  (Library)
  • Hacking y forensic : desarrolle sus propias herramientas en Python. Edition: -. Author: Ebel, Franck. Publisher: Cornellá de Llobregat : Eni, 2016  (Library)
  • Hacking and penetration testing with low power devices [Recurso electrónico]. Edition: 1st ed. Author: Polstra, Philip. Publisher: Waltham, MA : Syngress, c2015  (Library)
  • Hacking with Kali [Recurso electrónico] : practical penetration testing techniques. Edition: 1st ed. Author: Broad, James. Publisher: Waltham, MA : Syngress, 2014  (Library)
8. VIRTUAL / CLASSROOM TEACHING SCENARIO

1) TEACHING METHODOLOGY AND TRAINING ACTIVITIES.

A1 - Large group exhibition classes. In 100% attendance mode (*). Class to all students of the group in the assigned schedule and classroom.

A2 - Classes in small groups. In attendance mode at 100% (*). Class to all the students of the group in the schedule and classroom assigned.

(*) The Centre may establish a different percentage of attendance depending on the number of students and the capacity of the classroom/laboratory in accordance with health measures.

2) EVALUATION SYSTEM

The system and assessment instruments will be the same as for the face-to-face modality, replacing the face-to-face tests in the case of groups with remote shifts in the rotation with similar tests developed through the use of the online teaching platform or others that the University of Jaén allows or enables, provided that the student's identification is guaranteed.

3) RESOURCES.

Video-conference systems available in the spaces provided for teaching will be used, as well as the digital platforms available at the University of Jaén.

It is expressly forbidden to record, retransmit or reproduce the speech, image, voice and teaching explanations by any means in the face-to-face or non face-to-face synchronous activities without the explicit permission of the teaching staff who teach the activity.

9. VIRTUAL TEACHING SCENARIO

1) TEACHING METHODOLOGY AND TRAINING ACTIVITIES.

The teaching activities, when these cannot be carried out in person, will be done through synchronous and/or asynchronous activities carried out through the distance education platforms and tools (videoconference and virtual teaching) provided by the University of Jaén.

2) EVALUATION SYSTEM.

The evaluation system and instruments will be the same as for the face-to-face mode, replacing the face-to-face tests with similar tests developed through the use of the online teaching platform or others that the University allows or enables, provided that the student's identification is guaranteed.

3) RESOURCES.

Video-conference systems available in the spaces that are enabled for teaching will be used, as well as the digital platforms available at the University of Jaén.

It is expressly forbidden to record, retransmit or reproduce your speech, image, voice and lecture explanations by any means in the face-to-face or non face-to-face synchronous activities without the explicit permission of the teaching staff who teach the activity.

DATA PROTECTION CLAUSE (on line exams)

Institution in charge of data processing: Universidad de Jaén, Campus Las Lagunillas, s/n, 23071 Jaén

Data Protection Delegate: dpo@ujaen.es

Purpose: In accordance with the Universities Law and other national and regional regulations in force, carrying out exams and assessment tests corresponding to the courses students are registered in. In order to avoid frauds while sitting the exam, the exam will be answered using a videoconference system, being able the academic staff of the University of Jaén to compare and contrast the image of the person who is answering the exam with the student's photographic files. Likewise, in order to provide the exam with evidential content for revisions or claims, in accordance with current regulation frameworks, the exam will be recorded and stored.

Legitimacy: compliance with legal obligations (Universities Law) and other national and regional regulations currently in force.

Addressees: service providers who are the owners of the platforms where the exams are carried out and with whom the University of Jaén has signed the corresponding data access contracts.

Storage periods: those established in current in force regulations. In the specific case of exam videoconference recordings, not before the examination records and transcripts are closed or the exam can still be reviewed or challenged.

Rights: you can exercise your right of access, amendment, cancellation, opposition, suppression, limitation and portability by sending a letter to the postal or electronic address indicated above. In the event that you consider that your rights have been violated, you may submit a complaint to the Andalusian Council for Transparency and Data Protection www.ctpdandalucia.es

CLASS RECORDING CLAUSE PERSONAL DATA PROTECTION

Person in charge: Universidad de Jaén, Paraje Las Lagunillas, s/n; Tel.953 212121; www.ujaen.es

Data protection delegate (DPO): TELEFÓNICA, S.A.U. ; Email: dpo@ujaen.es

Procedure aim: To manage proper recordings of teaching sessions with the aim of facilitating learning process under a multimodal and/or online teaching

Period for record storage: Images will be kept during legal term according to regulations in force

Legitimacy: Data will be managed according to legal regulations (Organic Law 6/2001, December 21, on Universities) and given consent provided by selecting corresponding box in legal admission documents

Data recipients (transfers or assignments): Any person allowed to get access to every teaching modality

Rights: You may exercise your rights of access, rectification, cancellation, portability, limitation of processing, deletion or, where appropriate, opposition. To exercise these rights, you must submit a written request to the Information, Registration and Electronic Administration Service of the University of Jaen at the address above, or by e-mail to the address above. You must specify which of these rights you are requesting to be satisfied and, at the same time, you must attach a photocopy of your ID card or equivalent identification document. In case you act through a representative, legal or voluntary, you must also provide a document that proves this representation and identification. Likewise, if you consider that your right to personal data protection has been violated, you may file a complaint with the Andalusian Data Protection and Transparency Council www.ctpdandalucia.es