ITACS 5212: Advanced Penetration Testing

Exams

We will have 3 multiple choice question exams. The first one will cover MetaSploit and will comprise 15% of your final grade. The second exam will cover Web Application Hacking Techniques and will comprise 15% of your final grade. The third exam will cover wireless security and include some comprehensive questions from earlier tests and is weighted 20% of your final grade.

There will be both a midterm exam final exam for this course. Both exams will be comprised of short-answer and/or longer open-ended questions. Check the schedule for dates.

A missed exam can only be made up in the case of documented and verifiable extreme emergency situations.

Schedule

Week	Topic	Quiz/Test
1 Full	Course Introduction, Introduction to the Metasploit Framework including Basics, Intelligence Gathering, Vulnerability Scanning, and Exploitation
2 1 hr	Meterpreter, Avoiding Detection, Client Side Attacks, and Auxiliary Modules	Quiz
3 1 hr	Social Engineering Toolkit, SQL Injection, Karmetasploit, Building Modules in Metasploit, and Creating Exploits	Quiz
4 1 hr	Porting Exploits, Scripting, and Simulating Penetration Testing Ettercap	Quiz
5 Full	Test 1, Introduction to OWASP’s WebGoat application	Test 1
6 Independent Study	Unvalidated Parameters, Broken Access Control, and Broken Authentication	Quiz Analysis Report: Learnings from Metasploit run against a publically available VM the student chooses
7 1 hr	Cross Site Scripting, Injection Flaws, Error Handling, and Insecure Storage	Quiz
8 1 hr	Denial of Service, Configuration Management, and Web Services	Quiz
9 1 hr	Ajax Security and an Introduction to the WebGoat Challenge Wireshark	Quiz
10 1 hr	Test 2, Introduction to Wireless Security	Test 2
11 Full	Wireless Recon, WEP, and WPA2	Quiz Analysis Report: Learnings from the WebGoat Challenge
12 1 hr	WPA2 Enterprise, Wireless beyond WiFi	Quiz
13 Full	Cain and Able	Quiz
14 Full	Review of all topics and wrap up discussion	Test 3