Module Guide

Aims and Summary

This module introduces students to the concepts of different types of network and computer attack vectors. Currently standard tools, techniques and frameworks will be explored while building a good understanding of underlying concepts through ground-up development and exploration. The process of conducting a professional penetration test will be studied.

Learning Outcomes

The intended learning outcomes are that, on this module, the student should be able to:

Describe and demonstrate the aspects of penetration testing and vulnerability assessment relating to technical implementation, common practices, legality and ethics
Identify, describe and compare a range of different types of digital security threat and indicate how they are exploited and mitigated
Use appropriate tools to discover the structure of a network and the characteristics of the devices connected to it

TOPICS

A rough guide to the weekly topics is below:

Week	Topic	Description
1	Introduction	Introduction to Module, reminder about Linux
2	Reconnaissance	Passive Reconnaissance, Network Reconnaissance
3	Recon / Privilege-Esc	Active Reconnaissance, Basic Privilege Escalation
4	Web Exploits	Introduction to Web Technologies, and the OWSAP top 10
5	Web	Explore the OWASP top 10, including XSS, Injection, File Uploads, RCE, etc.
6	Web	Continue Web
7	Web	Continue Web
8	Web	Continue Web
9	Binary Exploitation	Introduction to Buffer Overflows
10	Binary Exploitation	More advanced Buffer overflows
11	Law and Ethics
12	Revision	(And Skills Test)
13	Revision	(And Skills Test)

Assessment

This module is assessed through 100% coursework.

To pass the module you must get a score of 40% or greater.

Note

These dates are currently just the start of the week they are handed in, When the timetable gets sorted, I will update with the actual date.

Element	Description	Mark	Hand-in Date
1	Phase Test	20%	Week 4 (8/2/2021)
2	Pen-Test Report	40%	Week 8 (⅓/2021)
3	Practical Pen-Test	40%	Week 12 (5/4/2021)