BC4291 Ethical Hacking Syllabus:

BC4291 Ethical Hacking Syllabus – Anna University PG Syllabus Regulation 2021

COURSE OBJECTIVES:

 To understand and analyze security threats & countermeasures related to ethical hacking.
 To learn the different levels of vulnerabilities at a system level.
 To gain knowledge on the different hacking methods for web services and session hijacking.
 To understand the hacking mechanisms on how a wireless network is hacked.

UNIT I ETHICAL HACKING OVERVIEW & VULNERABILITIES

Understanding the importance of security, Concept of ethical hacking and essential Terminologies Threat, Attack, Vulnerabilities, Target of Evaluation, Exploit. Phases involved in hacking

UNIT II FOOTPRINTING & PORT SCANNING

Foot printing – Introduction to foot printing, Understanding the information gathering methodology of the hackers, Tools used for the reconnaissance phase, Port Scanning – Introduction, using port scanning tools, ping sweeps, Scripting Enumeration-Introduction, Enumerating windows OS & Linux OS

UNIT III SYSTEM HACKING

Aspect of remote password guessing, Role of eavesdropping ,Various methods of password cracking, Keystroke Loggers, Understanding Sniffers ,Comprehending Active and Passive Sniffing, ARP Spoofing and Redirection, DNS and IP Sniffing, HTTPS Sniffing.

UNIT IV HACKING WEB SERVICES & SESSION HIJACKING

Web application vulnerabilities, application coding errors, SQL injection into Back-end Databases, cross-site scripting, cross-site request forging, authentication bypass, web services and related flaws, protective http headers. Understanding Session Hijacking, Phases involved in Session Hijacking, Types of Session Hijacking, Session Hijacking Tools

UNIT V HACKING WIRELESS NETWORKS

Introduction to 802.11, Role of WEP, Cracking WEP Keys, Sniffing Traffic, Wireless DOS attacks, WLAN Scanners, WLAN Sniffers, Hacking Tools, Securing Wireless Network

TOTAL:45 PERIODS

LIST OF EXPERIMENTS:

1. Study of Guessing username and passwords using Hydra
2. Experiment on Recovering password Hashes
3. Implementation to crack Linux passwords
4. Experiments on SQL injections
5. Analysis of WEP flaws
6. Experiments on Wireless DoS Attacks
7. Implementation of Buffer Overflow Prevention
8. Prevention against Cross Site Scripting Attacks
9. Experiments on Metasploit Framework
10. Implementation to identify web vulnerabilities
11. Wireshark: Experiment to monitor live network capturing packets and analyzing over the live network
12. LOIC: DoS attack using LOIC
13. FTK: Bit level forensic analysis of evidential image and reporting the same.
14. Darkcomet : Develop a malware using Remote Access Tool Dark comet to take a remote access over network
15. HTTrack: Website mirroring using Httrack and hosting on a local network.
16. XSS: Inject a client side script to a web application
17. Email tracker pro: Email analysis involving header check, tracing the route. Also perform a check on a spam mail and non-spam mail

TOTAL:30 PERIODS

COURSE OUTCOMES:

CO1: Understand vulnerabilities, mechanisms to identify vulnerabilities/threats/attacks
CO2: Use tools to identify vulnerable entry points
CO3: Identify vulnerabilities using sniffers at different layers
CO4: Handle web application vulnerabilities
CO5: Identify attacks in wireless networks

TOTAL :45+30=75 PERIODS

REFERENCES

1. Kimberly Graves, “Certified Ethical Hacker”, Wiley India Pvt Ltd, 2010
2. Michael T. Simpson, “Hands-on Ethical Hacking & Network Defense”, Course Technology, 2010
3. RajatKhare, “Network Security and Ethical Hacking”, Luniver Press, 2006
4. Ramachandran V, “BackTrack 5 Wireless Penetration Testing Beginner’s Guide (3rd ed.).” Packt Publishing, 2011
5. Thomas Mathew, “Ethical Hacking”, OSB publishers, 2003
6. Matthew Hickey, Jennifer Arcuri, “Hands on Hacking: Become an Expert at Next Gen Penetration Testing and Purple Teaming”, 1st Edition, Wiley, 2020.
7. Jon Ericson, Hacking: The Art of Exploitation, 2nd Edition, NoStarch Press, 2008.