CIS*6540 - Advanced Penetration Testing and Exploit Development

Course Description

This course provides practical knowledge on ethical hacking. Students learn about common security issues and various tools to discover and exploit these issues. Students learn how to plan, execute, and document a penetration test, and how to develop customized exploits to penetrate a target platform.

Learning Outcomes

Upon successful completion of this course, students will have demonstrated the ability to:

1. Develop a rigorous penetration testing report by:
   1. Conducting structured discovery of security vulnerabilities in networks and web services;
   2. Conducting effective penetration tests given known threats towards networks and web services;
   3. Detecting software vulnerabilities and developing proof of concept exploits to demonstrate those; and
   4. Proposing concrete methods to fix discovered security vulnerabilities;
2. Integrate ethics, regulations, and best practices relating to penetration testing and exploit development activities; and
3. Work collaboratively in teams to conduct research and communicate rational and reasoned arguments using appropriate methods.

Course Topics

• Introduction, Penetration Testing Standards, Legal and Ethical Issues
• Host and Network Scanning Techniques
• Exploiting Software Vulnerabilities
• Defeating OS and Complier Specific Defences
• Attacks on User Authentication
• Social Engineering and Wireless Networks
• Exploiting Web Applications
• Countermeasures, Fuzz Testing
• Patch Exploitatiion, Exploitation Frameworks

Assessment