- When: Oct 31 – Dec 21 2017. This is a 3-credit, semester-length course that is scheduled at an accelerated pace of 8 weeks.
- Where: This is an on-line only course. Materials are available via Blackboard. Students must have a high-quality (high speed) connection to the Internet to access virtual machines in the cloud.
- Instructor: Dr. Parviz Kermani
- Enroll now
- This class can be applied towards the Information Security Certificate or as an outside elective for the CS MS degree.
Prerequisite: COMPSCI 460 or COMPSCI 660 or CICS 597C or instructor permission.
- To learn the core techniques of penetration testing from an ethical perspective, and to gain hands-on experience with these techniques.
- To learn and gain hands-on experience with the core defenses against each technique.
- To learn how to apply these skills as a professional in information security.
This class trains students to detect and analyze weaknesses and vulnerabilities in target systems as a method of assessing the security of a system. Such techniques have various names, including Penetration Testing and Ethical Hacking. We focus on tools and techniques that an attacker would employ but from the perspective of an ethical system administrator. Topics include tools and techniques for penetration testing and attacks, information gathering, social engineering, and defenses. Specific topics include malware, denial of service attacks, SQL injection, buffer overflow, session hijacking, and system hacking, network sniffing and scans, wireless encryption weaknesses and other WiFi issues, IDS/rewall evasion, metasploit tools, physical security, and setting up honeypots.
Assignments will include practical experience setting up defenses and launching attacks on real systems. The systems will be on a private network - students in the class cannot attack systems own by others. The class and its assignments will often involve group work. There will also be readings and in-class discussion, and written assignments will include creating write-ups of attacks and defenses performed on systems. Students will also participate in a lively (online) class discussion. Students will be asked to express an opinion on many topics and challenge the instructor's views and analyses.
Text: "Penetration Testing", A Hands-On Introduction to Hacking by Georgia Weidman. June 2014, 528 pp.
Expectations: The core of the course will be based on hands-on labs exercises started with the help of the instructor but completed largely on the student's own time. Class materials, videos, and online discussions will be devoted to explaining details of the lab and of the fundamental techniques. Some assignments will be based on group work among students. Each assignment will state a distinct number of points; the final assignment grade is based on the percentage of all points assigned during the course.
Grading: Overall grading from the course will be based on assignments and participation in online discussion. This class does not have exams.
Planned Schedule of Units
This is a 3-credit class that moves at an accelerated pace. Instead of a semester-length schedule of 26 classes at 75 minutes each, this course is paced at 8 weeks: 16 classes at 120-minutes each. For each attack or strategy listed below, the corresponding defense will also be covered. Each week's unit and possible assignment follows. Note that this class is under development and the exact syllabus of topics will not be finalized until October.
1. System administration. Windows and Unix systems overview.
Assignment topics: Allocating, installing, and launching virtual machines in the cloud. Starting, configuring,
and stoping services. Installing patches. Recovering from backup.
2. Network Reconnaissance. Using search engines and social networking sites, WHOIS and DNS records. Port
scans. Network mapping, system identication (nmap).
Assignment topics: Running network scanners and reconnaissance tools. Using Recon-NG. Using Shodan.
Other tools: DMitry, Sparta, Netdiscover, Zenmap.
Assignment topics: Using netcat for transfer and scanning. Rootkit installation and detection. Denial of
service attacks (SYN oods, Smurf attacks, etc).
4. Privilege escalation through network attacks II. Session hijacking. Trojans, backdoors, and rootkits.
Administration of privilege via users or roles.
Assignment topics: Windows AV bypass with Veil-Evasion. Keyloggers.
5. Local privilege escalation. Password Security. Testing and rainbow tables. SQL injection. Buffer overflow.
Assignment topics: SQL injection. Metasploit, PSEXEC, PTH-winex. Linux passwords
6. Network monitoring: Man-in-the-middle attacks. WiFi security and defense.
Assignment topics: wireshark, Xplico, Metasploit tools, Arpspoof, Urlsnarf. SSL Strip.
7. File Systems. Samba scanners. File encryption.
Assignment topics: recovering deleted files; recovery of slack data; unauthorized connections to remote file
systems; file encryption backdoors.
8. Covering your tracks and Miscellaneous topics. Altering log files and histories. Hidden files and kernel
modications. Tor and VPNs. Physical security. Honeypots
Assignment topics: File metadata re-writing with Metasploit. Lock picking. Setting up a honeypot.
Inclusive Discussion. In this course, each voice in the classroom has something of value to contribute. Please take care to respect the different experiences, beliefs and values expressed by students and staff involved in this course. I support the commitment of the UMass Amherst College of Information and Computer Sciences to diversity, and welcome individuals of all ages, backgrounds, citizenships, disability, sex, education, ethnicities, family statuses, genders, gender identities, geographical locations, languages, military experience, political views, races, religions, sexual orientations, socioeconomic statuses, and work experiences.
Plagiarism. As a condition of continued enrollment in this course, you agree to submit all assignments to the Turnitin and/or My Drop Box services for textual comparison or originality review for the detection of possible plagiarism. All submitted assignments will be included in the UMass Amherst dedicated databases of assignments at Turnitin and/or My Drop Box. These databases of assignments will be used solely for the purpose of detecting possible plagiarism during the grading process and during this term and in the future. Students who do not submit their papers electronically to the selected service will be required to submit copies of the cover page and first cited page of each source listed in the bibliography with the final paper in order to receive a grade on the assignment.
Accommodation Statement. The University of Massachusetts Amherst is committed to providing an equal educational opportunity for all students. If you have a documented physical, psychological, or learning disability on file with Disability Services (DS), you may be eligible for reasonable academic accommodations to help you succeed in this course. If you have a documented disability that requires an accommodation, please notify me within the first two weeks of the semester so that we may make appropriate arrangements.
Academic Honesty Statement. Since the integrity of the academic enterprise of any institution of higher education requires honesty in scholarship and research, academic honesty is required of all students at the University of Massachusetts Amherst. Academic dishonesty is prohibited in all programs of the University. Academic dishonesty includes but is not limited to: cheating, fabrication, plagiarism, and facilitating dishonesty. Appropriate sanctions may be imposed on any student who has committed an act of academic dishonesty. Instructors should take reasonable steps to address academic misconduct. Any person who has reason to believe that a student has committed academic dishonesty should bring such information to the attention of the appropriate course instructor as soon as possible. Instances of academic dishonesty not related to a specic course should be brought to the attention of the appropriate department Head or Chair. Since students are expected to be familiar with this policy and the commonly accepted standards of academic integrity, ignorance of such standards is not normally sucient evidence of lack of intent