Intrusion Attemtp is not a replacement for traditional education, it is rather meant to be a supplementary tool educators can use to support existing curriculum on the topics of attack & defense and adversary thinking, such as penetration testing and red teaming. An example of such a course is the joint course taught at the Norwegian University of Science and Technology (NTNU) called Incident Response, Ethical Hacking and Penetration Testing a.k.a. IMT3004.
The Ethical Hacking part of the IMT3004 course vision is to server a course that provides bachelor students with the technical and theoretical knowledge they need to start a carrier as competent junior service providers in the field of vulnerability assessment, penetration testing and red teaming. Consequently, the course should also server as a stepping stone for those interested in pursuing industry renowned certification such as CEH, OSCP and CPTE.
This is realized by teachings students how to utilize the skills and knowledge they have received during the first two years of their study program (IT-Operations and Information Security, a.k.a BITSEC), augmented of course with additional technical and theoretical knowledge (both offensive and defensive) taught at the IMT3004 course, to plan, emulate and evaluate intrusion attempts perform by malicious actors.
Intrusion Attempt has been developed with such type of courses in mind.
The table below highlights the course objectives of the Ethical Hacking part of the IMT3004 couirse that Intrusion Attempt tries to support:
Please note that the course is constantly under constant revision to make sure that the content is always relevant.
Assumed student knowledge:
…..
Unity 1 of the course provides students with an introductory course into the field…..
| Unity 1: | Introduction to the penetration testing field | |||||||||
| Objectives | The student understands what Ethical Hacking is about and where penetration testing fits within | |||||||||
| The student can differentiate between vulnerability assessment, penetration testing and red teaming | ||||||||||
| The student knows the six (6) stages of penetration testing and can identify different actions that take place within those stages | ||||||||||
| The student can actively participate in a conversation about why standards are important for the penetration testing field and how they contribute to it | ||||||||||
| The student is familiar with the Penetration Testing Standard (PTES) and how it aligns with the well known six (6) stages of pentesting | ||||||||||
| The student understands the concept behind the Cyber Kill Chain (CKC), the Unified Kill Chain (UKC), its advantages and disadvantages | ||||||||||
| The student understands the concept behind Mitre’s ATT&CK knowledge base, what it is about and how to use it (with the help of the instructor) to enrich a penetration testing attack | ||||||||||
| The student is familiar with the ethical implications and dilemma's that are part of the field |
Unity 2 covers topics related to reconnaissance…..
| Unity 2: | Reconnaissance - Footprinting | |||||||||
| Objectives | The student knows the importance of the reconnaissance phase, the type of information that can be gathered, the sources from where such information can be obtained and some of the most common tools used during this phase | |||||||||
| The student is familiar with Google Dorks and IoT search engines and why they are used in penetration testing engagements. | ||||||||||
| The student knows how to use Shodan to find vulnerable targets | ||||||||||
| The student understands how (well known) data breaches can be used by pentesters an attackers alike |
Unity 3 covers topics related to Scanning, Fingerprinting and Enumeration…..
| Unity 3: | Port Scanning, Fingerprinting and Enumeration | |||||
| Objectives | The student knows the difference between port scanning, fingerprinting and enumeration | |||||
| The student knows the most common tools used to do ports scanning | ||||||
| The student understands the concepts behind port scanning, why it is done and the different port states that Nmap recognizes | ||||||
| The student understands the different techniques that Nmap uses and is capable of applying those concepts to scan for hosts, find open ports and utilize the Nmap Script Engine to run Nmap scripts against targets | ||||||
| The student knows what fingerprinting is about and understand the most common techniques used to identify operating systems. Moreover, the student is familiar with some of the most common tools used for this purpose | ||||||
| The student knows what enumeration is about and some of the most common techniques used to accomplish that goal | ||||||
| The student is able to describe and implement different strategies that could facilitate scanning an IPv6 network |
Unity 4 covers topics related to vulnerability theory…..
| Unit 4: | Gaining access/Exploitation and password attacks | ||||||||||||
| Objectives | The student knows the difference between vulnerabilities, payloads and exploits | ||||||||||||
| The student is familiar with the most common vulnerability standards, can distinguish them apart, know how they are utilized by various penetration testing tools and can use them to obtain meaningful vulnerability/weakness related information (e.g. the impact they can have on a IS assets) | |||||||||||||
| The student knows about the existence of vulnerability databases and can use them to find vulnerability related information | |||||||||||||
| The student knows how to perform a vulnerability scanning with Nessus and OpenVas and is capable of interpreting the results obtained | |||||||||||||
| The students knows how the Metasploit framework can be utilize in combination with other offensive tools to perform a penetration testing assignment | |||||||||||||
| The student is familiar with the most common password attacks and how (dynamic) salting works | |||||||||||||
| The student understands the LM and the NT hashing algorithm | |||||||||||||
| The students is familiar with the LAN Manager, NTML and Kerberos authentication protocol | |||||||||||||
| The student is aware of Window’s dominance as a desktop OS in corporate environments | |||||||||||||
| The student knows what Active Directory is and the benefits it provides to system administrators and organizations | |||||||||||||
| The student is familiar with basic Windows AD terminology and Windows specific security concepts | |||||||||||||
| The student can apply the concepts taught during the course to provide valuable information to the client and is able to communicate those findings accordingly | |||||||||||||
| The student understands how directory listing, command execution, URL manipulation, failed open authentication scheme, XSS, CSRF, session hijacking works. |
Course final project
The course is concluded with a work group project assignment where students are allowed to put into practice the most important concepts taught during the course by perform a penetration testing assignment for a fictive small startup….mention the forensic part as well