PTCCS344 Ethical Hacking Syllabus:
PTCCS344 Ethical Hacking Syllabus – Anna University Part time Regulation 2023
COURSE OBJECTIVES:
To understand the basics of computer based vulnerabilities.
To explore different foot printing, reconnaissance and scanning methods.
To expose the enumeration and vulnerability analysis methods.
To understand hacking options available in Web and wireless applications.
To explore the options for network protection.
To practice tools to perform ethical hacking to expose the vulnerabilities.
UNIT I INTRODUCTION
Ethical Hacking Overview – Role of Security and Penetration Testers .- Penetration-Testing Methodologies- Laws of the Land – Overview of TCP/IP- The Application Layer – The Transport Layer – The Internet Layer – IP Addressing .- Network and Computer Attacks – Malware – Protecting Against Malware Attacks.- Intruder Attacks – Addressing Physical Security
UNIT II FOOT PRINTING, RECONNAISSANCE AND SCANNING NETWORKS
Footprinting Concepts – Footprinting through Search Engines, Web Services, Social Networking Sites, Website, Email – Competitive Intelligence – Footprinting through Social Engineering – Footprinting Tools – Network Scanning Concepts – Port-Scanning Tools – Scanning Techniques – Scanning Beyond IDS and Firewall
UNIT III ENUMERATION AND VULNERABILITY ANALYSIS
Enumeration Concepts – NetBIOS Enumeration – SNMP, LDAP, NTP, SMTP and DNS Enumeration – Vulnerability Assessment Concepts – Desktop and Server OS Vulnerabilities – Windows OS Vulnerabilities – Tools for Identifying Vulnerabilities in Windows- Linux OS Vulnerabilities- Vulnerabilities of Embedded Oss
UNIT IV SYSTEM HACKING
Hacking Web Servers – Web Application Components- Vulnerabilities – Tools for Web Attackers and Security Testers Hacking Wireless Networks – Components of a Wireless Network – WardrivingWireless Hacking – Tools of the Trade
UNIT V NETWORK PROTECTION SYSTEMS
Access Control Lists. – Cisco Adaptive Security Appliance Firewall – Configuration and Risk Analysis Tools for Firewalls and Routers – Intrusion Detection and Prevention Systems – Network-Based and Host-Based IDSs and IPSs – Web Filtering – Security Incident Response Teams – Honeypots.
30 PERIODS
PRACTICAL EXERCISES: 30 PERIODS
1. Install Kali or Backtrack Linux / Metasploitable/ Windows XP
2. Practice the basics of reconnaissance.
3. Using FOCA / SearchDiggity tools, extract metadata and expanding the target list.
4. Aggregates information from public databases using online free tools like Paterva’s Maltego.
5. Information gathering using tools like Robtex.
6. Scan the target using tools like Nessus.
7. View and capture network traffic using Wireshark.
8. Automate dig for vulnerabilities and match exploits using Armitage
COURSE OUTCOMES:
At the end of this course, the students will be able:
CO1: To express knowledge on basics of computer based vulnerabilities
CO2: To gain understanding on different foot printing, reconnaissance and scanning methods.
CO3: To demonstrate the enumeration and vulnerability analysis methods
CO4: To gain knowledge on hacking options available in Web and wireless applications.
CO5: To acquire knowledge on the options for network protection.
CO6: To use tools to perform ethical hacking to expose the vulnerabilities.
TOTAL:60 PERIODS
TEXTBOOKS
1. Michael T. Simpson, Kent Backman, and James E. Corley, Hands-On Ethical Hacking and Network Defense, Course Technology, Delmar Cengage Learning, 2010.
2. The Basics of Hacking and Penetration Testing – Patrick Engebretson, SYNGRESS, Elsevier, 2013.
3. The Web Application Hacker’s Handbook: Finding and Exploiting Security Flaws, Dafydd Stuttard and Marcus Pinto, 2011.
REFERENCES
1. Black Hat Python: Python Programming for Hackers and Pentesters, Justin Seitz , 2014.