Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Fall 2022 - Spring 2023 | Division of Academic Affairs

Ethical Hacking

INST 408C

Course description:

Hacking is everywhere. Hacks can be anything from ways to make one’s life easier (“life hacks”) to malicious attacks on networks. The common thread in these hacks is that they involve generating non-obvious solutions to problems or using systems in ways that the designers did not intend. Ethical hacking, then, is using ethical judgment to bound what you can do rather than conforming to the limits of the system.

In this class, you will do small group projects to apply particular concepts in creative and flexible ways. The instructor must approve all hacks before they are executed. The structure of these group projects will follow agile methods, with sprints that occur over a period of approximately two weeks. Groups will be reassigned at the end of each sprint. This structure means that it is vital that you attend each class and participate in your group discussions. When time allows, the end of each class will be set aside for quick group standups. At the end of the semester, there will be a demo day in which students will present the best hacks they have executed.

Despite the similarity of the names, this class will not directly prepare you for the Certified Ethical Hacker exam, which is a penetration testing certification. Some of the concepts we will cover in class are on that exam, however, and some of the skills you learn in class will make it easier for you to prepare for the exam if you choose to.

Learning objectives

Upon completion of this course, students should be able to:

  1. Plan and execute a non-obvious solution to a problem (“a hack”)

  2. Distinguish among hacking, malicious hacking, and ethical hacking

  3. Generate a list of ethical concerns that could arise from a proposed hack

  4. Use an Agile structure to perform group tasks

  5. Perform the steps of a basic penetration test

  6. Explain how a given network operates as a sociotechnical system

Grade composition

15% Online discussion

I will assign discussion questions and short assignments to be completed online. For discussion questions, you are expected to answer the question and provide a response to another student’s answer.

15% In-class participation
I expect you to come to class and participate in discussions.

20% Group participation and contribution

You will work on your projects in groups, and those groups will change with each new project assignment. You will evaluate your peers’ performance and they will evaluate your performance.

30% Sprint hacks

Evaluation of hacks produced during sprints will come from three sources: The instructor, the class, and the other members of your team. Your team will present your hack or documentation of your hack to the class at the end of each sprint.

10% Demo day hacks
Each person will be involved in the presentation of at least one hack at the demo day.

10% Final exam

The final exam for this course will be a structured demonstration of the concepts you have learned over the course of the semester. It will be due at the time of the scheduled final exam.

Academic Integrity and Ethical Conduct

The general policy of this course on academic integrity will follow the UMD Honor Code. For specific assignments, however, alternative requirements may apply as noted in the assignment.

Any hack performed for this class must not break the law, hurt another human being, or damage a system that you do not own. The ethical concerns for any hack you propose are as important and the technical or sociotechnical execution.

Proposed course schedule

Week Topic

  1. 1  Ethics and hacking

  2. 2  Hacking as creativity

  3. 3  Command line tools

  4. 4  History of hacking

  5. 5  Hacking information search

  6. 6  Malicious hacking

  7. 7  Computer networks

  8. 8  Security threats

  9. 9  Network scanning

  10. 10  Sociotechnical networks

  11. 11  Vulnerability research

  12. 12  Hacking for social good

  13. 13  Penetration testing

  14. 14  Student-chosen topics

  15. 15  Student-chosen topics

final Demo day

Activities Discussion 1 Sprint 1 Sprint 1 Discussion 2 Sprint 2 Sprint 2 Discussion 3 Sprint 3 Sprint 3 Discussion 4 Sprint 4 Sprint 4 Discussion 5 Sprint 5 Sprint 5