Ethical Hacking

  • Ending: Examination
  • Range: 0P + 2C
  • Semester: summer
  • Faculty of Economic Informatics

Teachers

Included in study programs

Faculty of Economic Informatics

Economic Informatics

Teaching results

Upon completion of the course, students will acquire the knowledge, skills, and competencies necessary to identify, test, and mitigate security threats in IT systems. The acquired knowledge will enable them to effectively analyze vulnerabilities and propose adequate mitigation measures. These capabilities contribute to achieving the study program objectives in the field of cybersecurity.
After successful completion of the course, students should acquire:
Knowledge
A. Understand the principles of cybersecurity and ethical hacking.
B. Be familiar with the legal and ethical aspects of security testing.
Skills
C. Use tools for reconnaissance and vulnerability analysis.
D. Set up and configure a testing environment using virtual machines.
E. Identify and exploit vulnerabilities in a controlled environment.
Competentness
F. Design measures to improve cybersecurity.
G. Integrate knowledge from law, technology, and ethics to assess and enhance the security of information systems.
H. Independently analyze security threats and propose appropriate solutions in line with legislation and ethical standards.

Indicative content

1. Introduction to Ethical Hacking – definition, legal aspects, ethical boundaries
2. Basics of network and system security
3. Setting up a testing environment
4. Information gathering and network scanning
5. Web application testing
6. Exploitation and privilege escalation
7. Social engineering and phishing
8. Security and attack prevention
9. Penetration testing
10. Security of IoT and mobile devices
11. Incident response and forensic analysis
12. Real-world attack simulation and defense
13. Final assessment and discussion on cybersecurity developments

Support literature

1. EC-Council. (2019). CEH v10 Study Guide. EC-Council Press.
2. Offensive Security. (2020). Kali Linux Revealed: Mastering the Penetration TestingDistribution. Offensive Security.
3. OWASP Foundation. (2023). OWASP Top 10: The Ten Most Critical Web Application Security Risks. OWASP.
4. Hack The Box. (n.d.). Cybersecurity Training Platform. Hack The Box. Retrieved from https://www.hackthebox.com
5. TryHackMe. (n.d.). Cybersecurity Learning Paths. TryHackMe. Retrieved from https://www.tryhackme.com
6. Mačák, M. (2021). Etický hacking a kybernetická bezpečnosť. Grada Publishing.
7. Jirásek, J. (2019). Praktická příručka hackingu a kybernetické bezpečnosti. Computer Press.

Syllabus

1. Introduction to Ethical Hacking – Definitions, Legal Framework, Ethical Boundaries • Introduction to the course, importance of ethical hacking. • Legal frameworks (e.g., GDPR, national cybersecurity law), ethical standards. • Hacker ethics and responsible disclosure. • Discussion: the line between ethical and unethical hacking. 2. Fundamentals of Network and System Security • Network architecture, OSI model, communication protocols. • Principles of authentication, authorization, and auditing. • Common vulnerabilities in systems and services. • Practical: configuring a firewall and system security policies. 3. Setting Up the Testing Environment • Virtualization tools (VirtualBox, VMware, Proxmox). • Installing Kali Linux, Metasploitable, DVWA. • Network configuration and environment isolation. • Creating snapshots, documenting configurations. 4. Information Gathering and Network Scanning • Passive vs. active reconnaissance. • Whois, nslookup, dig, Shodan usage. • Tools: Nmap, Netcat, Wireshark – demonstrations and hands-on labs. • Identifying open ports and running services. 5. Web Application Testing • Common vulnerabilities: XSS, SQL injection, CSRF, RFI/LFI. • Tools: OWASP ZAP, Burp Suite. • Working with DVWA and bWAPP test platforms. • Interpreting results and suggesting mitigations. 6. Exploitation and Privilege Escalation • Exploiting vulnerabilities (Metasploit, exploit-db). • Obtaining shell access, maintaining persistence. • Local vs. remote privilege escalation. • Bypassing antivirus detection mechanisms. 7. Social Engineering and Phishing • Techniques: pretexting, baiting, impersonation. • Crafting phishing emails and fake login pages (SET toolkit). • Protection against human-centric attacks. • Ethics of simulated social engineering. 8. Securing Systems and Mitigating Attacks • Hardening systems, patching, encryption best practices. • Using IDS/IPS, honeypots, antivirus and monitoring tools. • Log analysis and incident detection. • Exercise: designing a multi-layered security strategy. 9. Penetration Testing • Pentest phases: planning, execution, reporting. • Black box, grey box, and white box testing types. • Writing a penetration testing report. • Group exercise: simulated pentest of a target. 10. Security of IoT and Mobile Devices • Specific risks in IoT (limited resources, weak updates). • Mobile OS vulnerabilities (Android, iOS). • Hands-on: IoT sniffing, rooting, and jailbreaking. • Implications for corporate environments. 11. Cyber Incident Response and Forensic Analysis • Incident response lifecycle and documentation. • Digital forensics: evidence acquisition, chain of custody. • Tools: Autopsy, Volatility, FTK Imager. • Case study: analyzing a compromised machine. 12. Simulation of Real-World Attack and Defense • Red team vs. Blue team exercises. • Planning attacks, implementing defense strategies. • Activity logging, defense efficiency evaluation. • Reflection: lessons learned and gaps identified. 13. Final Assessment and Emerging Trends in Cybersecurity • Final presentations and practical demonstrations. • Discussion: trends such as AI in cybersecurity, Zero Trust, and quantum cryptography. • Analysis of ethical dilemmas in real-world cybersecurity. • Self-evaluation and further learning paths.

Requirements to complete the course

Continuous solution of tasks during exercises 50%, 51% of this obligation is required for the exam.
The final task verifies the achieved level of practical competences.
Final exam - written form, 50% (passing the exam means obtaining at least 51% of the exam evaluation) The theoretical part verifies the achieved level of theoretical competence results.

Student workload

3 credits x 26 hours= 78 hours
Seminar participation: 26 hours
Preparation for seminars: 13 hours
Project preparation: 13 hours
Preparation for the final exam: 26 hours

Language whose command is required to complete the course

Slovak

Date of approval: 19.03.2025

Date of the latest change: 06.11.2025