Course Approval Form

For approval of new courses and deletions or modifications to an existing course.

Course Approval Form

More information is located on page 2.

Action Requested:

Course Level:

X Create new course Delete existing course Modify existing course (check all that apply) Title Prereq/coreq

College/School: Submitted by: Subject Code:

Credits Schedule Type

Repeat Status Restrictions

VSE (Volgenau School of Engineering) Robert Osgood CFRS

Number:

Undergraduate X Graduate Grade Type

Department: Ext: 3-5443

ECE Email:

Effective Term:

767

X

(Do not list multiple codes or numbers. Each course proposal must have a separate form.)

Title:

Fall Spring Summer

[email protected]

Year

2013

Current Banner (30 characters max including spaces) New Penetration Testing in CFRS

Credits: (check one)

3

Fixed Variable

X to

X

Repeat Status:(check

Not Repeatable (NR) Repeatable within degree (RD) Repeatable within term (RT)

one)

Grade Mode:(check

X

one)

Regular (A, B, C, etc.) Satisfactory/No Credit Special (A, B C, etc. +IP)

X X

Schedule Type Code(s): (check all that apply)

Prerequisite(s): CFRS 660, CFRS 663

Lecture (LEC) Lab (LAB) Recitation (RCT) Internship (INT)

Total repeatable credits allowed: Independent Study (IND) Seminar (SEM) Studio (STU)

Corequisite(s):

Special Instructions:(detailed description of modification, add restrictions for major, college, or degree; cross-listed courses; hard-coding; etc.)

Catalog Copy for NEW Courses Only (Consult University Catalog for models) Description (No more than 60 words, use verb phrases and present tense)

Notes (List additional information for the course)

Presents the concepts, tools, and techniques used for penetration testing, vulnerability exploitation, assessment, reporting, and forensics; teaches multiple attack vectors as well as the defensive measures protecting against such attacks; focuses heavily on post attack forensics allowing for a complete picture of the attack process.

Course will consist of exercises conducted in a lab environment with concurrent lectures (combined total of 3 credits for lab and lecture exercises).

Indicate number of contact hours: When Offered: (check all that apply)

X

Hours of Lecture or Seminar per week: Fall Summer X Spring

3

Hours of Lab or Studio:

Approval Signatures Andre Manitius

10/18/13

Department Approval

Date

College/School Approval

Date

If this course includes subject matter currently dealt with by any other units, the originating department must circulate this proposal for review by those units and obtain the necessary signatures prior to submission. Failure to do so will delay action on this proposal.

Unit Name

Unit Approval Name

Unit Approver’s Signature

Date

For Graduate Courses Only Graduate Council Member

Provost Office

Graduate Council Approval Date

For Registrar Office’s Use Only:Banner_____________________________Catalog________________________________

revised 10/7/09

SCHOOL PROPOSAL TO THE GRADUATE COUNCIL BY THE VOLGENAU SCHOOL OF ENGINEERING 1.

CATALOG DESCRIPTION (a) CFRS 767 Penetration Testing in CFRS (Computer Forensics) (b) Prerequisites: CRFS 660, 663 (c) Catalog Description: Presents the concepts, tools, and techniques used for penetration testing, vulnerability exploitation, assessment, reporting, and forensics; teaches multiple attack vectors as well as the defensive measures protecting against such attacks; focuses heavily on post attack forensics allowing for a complete picture of the attack process.

2.

JUSTIFICATION (a) Course Objectives: This course will present students with the basic tools, concepts, and techniques used to perform an ethical penetration testing, report on findings as well as understand the forensic process used after an attack has occurred. This class will extensively use hands on exercises as well as incorporate the ethical aspects of penetration testing. (b) Course Necessity: The course builds upon the introductory concepts to network forensics laid out in CFRS 660 Network Forensics and CFRS 663 Operations of Intrusion Detection for Forensics; and, is an essential step in understanding the full cycle of post mortem forensics. Additionally, with hand on labs, students can see the before phase of systems and then the after effects of an attack to more fully grasp the forensic process. Additionally, by addressing this topic as a separate course, the Computer Forensics program differentiates itself from other graduate programs that do not offer this course. (b) Relationship to Existing Courses: As noted above, this course builds on the courses CFRS 660 Network Forensics and CFRS 663 Operations of Intrusion Detection for Forensics. Both of these courses currently contain teaching modules that skim the surface of this topic in an attempt to whet the appetites of students. These brief introductions are a lead-in to this new course, which is not duplicative of any other course within the Computer Forensics Program.

3.

APPROVAL HISTORY ECE Department

Date: October 18th, 2013

4.

SCHEDULING The course will be offered every fall and spring semester, starting fall 2013 and every regular semester thereafter.

5.

PROPOSED INSTRUCTORS Robert Osgood, Tahir Khan, and other suitably qualified faculty

6.

COURSE OUTLINE (a) Overview Week 1 Course Overview/Administrative Items; Web Overview Overview of course presented, syllabus reviewed, administrative items discussed. Topic of discussion will be general background/overviewof the Web and web based applications. Week 2 Penetration Testing Ethics / Planning Phase Students will be taught the ethics involved in the penetration test life cycle, including truth in reporting and other ethical concerns. Topics of discussion will include the planning, scoping and authorization of penetration testing. Identification of targets within the scope of penetration testing, the scope of testing, as well as other considerations Week 3 Passive Reconnaissance /Active Reconnaissance Students will learn the use of multiple commercial and open-source tools to help in the reconnaissance phase as well as other software and methodologies used. Tools such as Nmap, Scapy, hping3, Nessus, OpenVASwill be used.

Week 4 Identifying resources and services / Vulnerability Identification Students will learn to interpret the results of the reconnaissance phase as well as versioning and identification of various services running on each port. Student will learn additionalprobing techniques to further identify resources that warrant further investigation.

Week 5 Identifying weaknesses and attack points Students will learn to identify the port, protocols, services, and resources that are susceptible to an attack. Students will learn to prioritize the order of attacks for maximum success. Week 6 .Bypassing Firewalls and Routers and IDS Students will learn various techniques to bypass network devices such as firewalls, IDS devices, and Web application firewalls Techniques such as encoding, double encoding, spaces, and payload splitting will be demonstrated in hands on labs Week 7 Exploitation Building upon Week 5 students will learn which vectors are most successful and to exploit various web services. Hands on labs will cover various approaches such as buffer overflows, padding attacks, and parameter tampering Week 8 Mid-Term Exam Mid-Term Exam will be given. Week 9 Bypassing Web Applications Students will learn various approaches to bypassing web applications. Students will utilize various open source tools to perform the actions. Approaches such as brute forcing, header modification, man-in-the-middle attacks, and session hijacking will be examined. Tools such as Burp suite and THC-Hydra will be demonstrated. Week 10 Bypassing Web Applications via SQL Injection Students will learn the basics of SQL Injection to bypass web applications. In addition to common SQL injection attack vectors, students will be taught more advanced methods such as cookie modification, user agent tampering, and second order SQL injection. Week 11 Compromising the OS Students will learn various techniques to compromise the host operation system via privilege escalation and user password cracking Week 12 Maintaining Persistence Students will learn multiple approaches to maintaining persistence on the compromised host. Backdoor webpages, reverse shells, and account addition will be demonstrated. Week 13 Pivoting and Exfiltration Students will learn how to access other systems from the initial compromised host. Students will utilize the skills taught in class during weeks three through five to obtain deeper access into the network. Students will also learn various approaches to exfiltration of data. Students will perform hands on labs that utilize techniques such as ICMP tunneling and SMTP relaying as well as more traditional methods. Weeks14 Identification of a compromise Students will learn how to run various tools to parse logs from web servers, windows event logs, and syslogs, to see the after effects of a compromise. Students will utilize their forensic knowledge to piece together post-attack incident. Students will also learn how to proactively monitor logs to detect an incident as it occurs. Week 15 Final Project Final projects will be presented.

(b) Required Reading and Reference Material Required Text: Title: Author:

The Basics of Hacking and Penetration Testing: Ethical Hacking and Penetration Testing Made Easy Patrick Engebretson

Publisher: ISBN-10: ISBN-13:

Syngress (2011) 1597496553 978-1597496551

Optional Text: Title: Author: Publisher: ISBN-10: ISBN-13:

Microsoft Log Parser Toolkit: A complete toolkit for Microsoft's undocumented log analysis tool Gabriele Giuseppini, Mark Burnett, Jeremy Faircloth, Dave Kleiman Syngress (2005) 1932266526 978-1932266528

(c) Student Evaluation Criteria Homework/Hands-on Projects: Midterm: Final Project:

35% 30% 35%