Skip to content

Module Description

The universities "official" documentation, and description for the module is below.

Module Overview

This module introduces students to the concepts of different types of network and computer attack vectors. Currently standard tools, techniques and frameworks will be explored while building a good understanding of underlying concepts through ground-up development and exploration. The process of conducting a professional penetration test will be studied.

Learning Outcomes

The intended learning outcomes are that on this module the student should be able to:

  1. Describe and demonstrate the aspects of penetration testing and vulnerability assessment relating to technical implementation, common practices, legality and ethics
  2. Identify, describe and compare a range of different types of digital security threat and indicate how they are exploited and mitigated
  3. Use appropriate tools to discover the structure of a network and the characteristics of the devices connected to it

So what does this mean?

In this module we will look at the more offensive side of Ethical Hacking, and look at how we can perform a security assessment of a system.

This means we get to do the "fun stuff", assessing systems for vulnerabilities, then exploiting them. As the web is a common attack vector, we will have a focus on identifying and exploiting flaws in web technologies.

There's going to be quite a lot of theory, looking at why these things happen, the common coding mistakes, and the protocol problems that cause them. Don't worry that its all going to be theory. There is also lots of practical parts too.

When it comes to practical work, we will use some well known tools (for example NMap) to help discover potential issues, then build our own exploits for the problems we find.

What no Metasploit?

It might surprise you that we are not going to use that many of the well known "hacking tools".

Things like Metasploit are great (and super relevant for work), but getting the best out of tools means you need to have some understanding of what they are doing.
Rather than teach you how to use "off the shelf" exploits, the module aims to give you an understanding of why the issue happens. This includes a surprising amount of theory and manual work.

I feel that this is a much better approah that just teaching you the steps for a specific vuln. Being able to hack CVE-2018-1133 is pretty cool, but if all you have learnt is how to follow the steps for that specific issue, by the time 20191 comes around, your skills are already out of date.

Understanding the hacking process and being the people who find these issues, and write the Metasploit modules is going to be much better for you in the long run.

Summary

In this section we have covered the Module definition and the main learning outcomes. This should give you some idea of what to expect during the course of the module.

If you have any questions, we will have time for a Q&A in the online lecture session.

  1. Yes 2019 is intentional. Even if I teach you how to hack a specific vuln from 2021, by the time you finish Uni, you are out of date. 

Back to top