Course Overview
An ethical hacker is simply a hacker who breaks into a computer network to test its security instead of the with the malicious or criminal intent traditionally associated with hacking. At a high level, this is a hacking course. This course will teach you offensive tools and techniques that will enable you to break into computer network and system. The difference is that this course will teach you these techniques with the purpose of helping to better understand these attack vectors to build more defensible systems. Ethical hacking is also commonly use synonymously with Penetration Testing (pen test) which is the practice of testing and penetrating (compromising) a computer network or system to find and fix the vulnerabilities that a malicious attacker would exploit.
In terms of implementation, this course is primarily a guided journey through Offensive Security's Penetration Testing with Kali Linux (PWK) course and is split into 3 blocks. The first block focuses on the provided material and exercises that lay the foundation for a successful pen test. In this block, you will learn how to conduct information gathering (scanning), vulnerability analysis, exploitation (i.e. buffer overflows and command injection) and post-exploitation (i.e. privilege escalation, password attacks, and pivoting). The second block is then an open ended dive into the immersive PWK public lab with over 70 machines for the user to compromise. The final block consist of one of two options depending on the ability of the student. Overall, this block's purpose is to demonstrate master of these skills and the ability to apply the offensive skills you learned to improve defensive systems.
This course is run very much like a team based competition. There is a scoreboard that tracks each student's and team's progress throughout the materials. This course is also honestly taught using the Thayer method and at a graduate level. You will use the provide materials to teach yourself each of the concepts, and class is only discussion to go deeper into the topics and answer questions. The material is also very hard. Offensive's Securities moto is Try Harder. The course work is the basic foundation - you will need to do independent research outside of the provided course material to get through more than a handful of the public lab machines.
Overall, this course is an extremely rewarding course if you are a mature enough learner to handle open ended assignments without complete instruction. The enrollment in the course includes an opportunity to earn the OSCP certification. Space is very limited so please contact me as soon as possible if you are interested.
Grading
This course is out of a total of 2500 points with the break down as follows:
| Event | Due Date | Points |
|---|---|---|
| PWK Exercise Block (60%) | ||
| PWK Exercises | 11 JAN - 02 MAR | 1000 |
| PWK Exercises WPR | 06 MAR | 400 |
| CDX Write-up | 20 MAR | 100 |
| PWK Public Lab Block (40%) | ||
| Lab Recon and Vulnerability Analysis | 28 MAR | 125 |
| Lab Solves and Write-ups | 03 APR - 11 MAY | 625 |
| PWK Lab Solves Presentation | 18 APR - 02 MAY | 125 |
| PenTest Competition | 05 MAY | 125 |
| Total | 2500 | |
PWK Block (60% of Overall Grade)
Return to Grade Chart
PWK Exercises (1000 Points)
Each student will earn complete the assigned PWK exercises as listed on the lessons page. You will submit a pdf with screenshots (proof of work) that you completed each exercise to your student folder located at \\usmasvddeecs\eecs\Cadet\Courses\CS\CS485\AY172\Students. There are 45 assigned exercises worth 20 points each for a total of 880 points. The remaining points will be earned through bonus points. Two bonus points will be awarded for each first complete submission of each exercise. Fifteen bonus points will also be awarded to the team with the highest average completion percentage at the end of each week (0000 Monday Morning). You will lose three points (15% of the exercise) for each exercises turned in after the assigned due date.
NOTE TO STUDENTS: Bonus points as well as late points are awarded based on the timestamp of the submission to your share folder. Modifying your submission may change the award of bonus points.
PWK WPR (Exam) (400 Points)
There will be a WPR on the concepts learned from the PWK pdf (Chapters 1-16). These will be multiple choice or fill-in-the-blank questions that force you to demonstrate a complete understanding of the materials. This WPR will be open notes, computer and internet with no live-chatting or forum postings allowed.
CDX Write-up (75 Points)
As a team of 3, you will be conducting a network recon and vulnerability analysis of the CDX network. You will be provided external network access to this network via a wireless router in TH212. Using this router, your goal is to map the CDX network and identify as many services as possible. This network is hardened so many traditional network mapping techniques might not work. Your final report should include as detailed a network diagram as possible including services per machine. In this report, feel free to make intelligent assumptions on the purpose of devices based on gathered information. Using the output of your vulnerability scans, write a brief paragraph about your way forward to attempt to exploit each machine.
Public Lab Block (40% of Overall Grade)
Return to Grade Chart
Lab Recon and Vulnerability Analysis (125 Points)
This assignment is a measuring stick to ensure you are making progress on the public lab machines. The overall purpose of this assignment is to give you some perspective on the lab machines and help generate a future plan of attack. I DO NOT simply want the output from OpenVAS or any other vulnerability scanner. Instead, I want your assessment on the way to exploit each machine based on the output of your vulnerability scanner. This assignment will consist of two parts. In part 1, you will create a table with an entry per machine that includes the IP, device fingerprint (OS), open ports, purpose/role, and your initial exploitation vector as well as any other pertinent information you choose to include. This table will be rank ordered based from easiest to hardest to exploit based on your investigation and reading of your vulnerability scan. As example entry would look like:
| Rank | IP | Fingerprint | Ports | Purpose/role | Initial Vector |
|---|---|---|---|---|---|
| 1 | 10.11.1.13 | Microsoft ISS WS v5.1 | 80, 21, 3389 | FTP/Web Server | Use anonymous FTP access and bad write privileges to write exploit (shell) code on the server |
In part 2, you to go into greater detail on five machines of your choosing and write a minimum of two paragraphs per machine about the vulnerability identified, exactly why it makes the system vulnerable, how it can be exploited, and the exploit that you found (or that you intend to write) to exploit this vulnerability.
Lab Solves and Write-ups (625 Points)
This exercise is very similar to the intitial PWK exercises but, instead of exercise proof-of-works, you will need to exploit and do a write-up (tutorial style report) on your successful exploit of each machine. You are required to exploit twenty (20) machines and will receive up to 30 points per machine (15 per proof.txt and 15 points per writeup.) You will receive 5 bonus points for each first blood on a machine. Your time for first blood will be based on the submission of the proof.txt. All documents will be named after the last octet of the IP with leading zeros so 013.txt for 10.11.1.13's proof.txt and 005.pdf for 10.11.1.5's write-up. You can also lose your first blood points on final grading if you do not also have a sufficiently detailed write-up. In addition, you can also earn 3 bonus points for each alternative exploit vector per machine and 5 bonus points per machine compromised over the required twenty.
Lab Presentation (125 Points)
You will now pick my your favorite (most challenging) box with instructor approval and do a formal presentation on these machines from recon to exploitation to post exploitation. The select machine need to be more complicated, multi-step exploits and not simply an exploit-to-shell machine.
PenTest Competition (125 points)
There will be a final competition where you each get to demonstrate your skills in a live competition. This competition will be held at 1630 on Friday, 05 MAY in the ECR and will be a fast-paced demonstration of the skills learned in this course. This competition will be held live with the entire department invited to both watch and ask questions as you compromise vulnerable machines in a similar format to this video.
Return to Grade Chart
Required Books
Pre-requisites:
Knowledge:
- Basic Networking
- Understanding of OSI Model
- Understanding of Layer 3 and 4 interactions (ip addr vs. port)
- Understanding of Roles of Services (DNS, SSH, Web, etc.)
- Linux and Windows Familiarity
- Intermediate Command Line Familiarity
- Basic Account Administration
- File Permissions
- Interact with Services
- Familiarity with BASH scripting
- Python scripting
- Understand (can read) other languages (html, SQL, C)
- Basic understanding of Assembly / Machine Code
Coures:
- CS301 or IT300
- CS384 or IT384
- CS484 or IT350 (co-requisite)
- CS380 (co-requisite)
- By Interview Only