The Ethical Hacking, course provides students with a hands-on introduction to the basics of penetration testing/hacking techniques necessary to perform a white-hat, ethical hacking. The training immerses each student into a hand-on interactive environment where they will learn how to scan, test, hack, and secure information systems. The training course is conducted by a live, experienced instructor and provides the students practical exercises in the skills needed to test and protect today's sensitive networks and data security systems. Students will begin by understanding the five phases of hacking and will then be introduced to various tools and methods for conducting "white hat" system/network penetrations. Through exposure to the types of methodologies and tools used by hackers, students obtain the skills needed to provide real evidence of weaknesses and real assurance that current controls are working properly. The students will obtain the ability to quantitatively assess and measure threats to information assets; and discover where an organization is most vulnerable to hacking. In addition, students will receive in-depth instruction on the ethics of "white hat" hacking. The goal of this course is to help the student master a repeatable, documentable penetration testing methodology that can be used in an ethical penetration testing or "white hat" hacking situation.
Introduction to White Hat Hacking; Definition of white hat hacking and penetration testing; Laws and Ethics of white hat hacking; White Hat Hacking Fundamentals; Fundamentals of Information System Security; Developing the White Hat Hacking Plan; The 5 Phases of Hacking: Reconnaissance, Scanning, Getting Access, Maintaining Access, and Covering Tracks;Reconnaissance/Footprinting; What is Reconnaissance?; Business and Social Intelligence (Social Engineering); Tools and Methodologies for Executing Reconnaissance; Reconnaissance Exercise Scanning;Types of Scanning; Scanning Tools and Methodologies; Scanning Exercise Getting Access; Basic Structure of Penetration Testing: Server, Client,Network, Web Application; Penetration Test Exercise;Types of Attacks: Password Cracking,Denial of Service, Buffer Overflow, Trojans and Backdoors, OS-Specific Attacks, Session Hijacking, Wireless Hacking, Steganography; Attack Exercise;Maintaining Access; Why Maintain Access; Tools and Methodologies for Maintaining Access; Maintaining Access Exercise;Covering Tracks; Why Cover Tracks?; Covering Track Tools; Covering Track Exercise;Using the Results of White Hat Hacking;Protecting Systems and Networks;CAPSTONE Exercise
The materials within this course focus on the Knowledge Skills and Abilities (KSAs) identified within the Specialty Areas listed below. Click to view Specialty Area details within the interactive National Cybersecurity Workforce Framework.
If you would like to provide feedback for this course, please e-mail the NICCS SO at NICCS@hq.dhs.gov.