Course syllabus - Ethical Hacking

Objectives

The overall purpose of the course is to provide students with an understanding of ethical hacking methods and techniques, while promoting a critical awareness of the role of cybersecurity in society. The focus is on developing practical skills to identify and manage security risks, while emphasizing the importance of ethics and responsibility in hacking practices. Through interactive elements and case studies, the course aims to prepare participants to contribute positively to the field of cybersecurity, rather than merely achieving specific learning objectives.

Learning outcomes

After completing the course, the student should be able to:

1. plan and carry out a complete ethical hacking or penetration testing process, from reconnaissance to post‑exploitation,
2. analyze and report identified vulnerabilities and provide recommendations for risk reduction (risk mitigation) and
3. apply established methods, tools, and frameworks for offensive security and ethical hacking.

Course content

This course provides a practice‑oriented overview of ethical hacking and penetration testing with a focus on offensive methods. Through theoretical lectures, lab exercises and scenario‑based training, students are trained in reconnaissance, vulnerability analysis, exploitation and post‑exploitation, as well as how findings are documented and reported responsibly. The course emphasizes safe, controlled and ethical practice in penetration testing.

Course topics:

• Introduction to penetration testing and ethical hacking:
  Concepts, objectives and test types (black‑box, grey‑box, white‑box).
  Ethical aspects of offensive security (responsible disclosure, scope, consent).
• Information gathering and reconnaissance:
  Open‑source intelligence (OSINT).
  Network scanning and service discovery.
• Vulnerability analysis:
  Automated and manual vulnerability scanning.
  Prioritization and verification of vulnerabilities.
• Exploit development and exploitation:
  Web application attacks (e.g., SQLi, XSS, auth‑bypass).
  Network and service exploitation.
  Use and modification of exploits in controlled environments.
• Post‑exploitation and privilege escalation:
  Maintaining access, collecting forensic evidence and lateral movement within target environments (controlled lab scenarios). Privilege escalation techniques and persistence (in labs).
• Practical labs and scenarios:
  Simulated penetration tests from reconnaissance to reporting in isolated test environments.
  Exercises that train methodology, tools and decision‑making in offensive tasks.

Specific requirements

120 credits, of which 80 credits in engineering, including 30 credits in programming or software development. The course requires 22,5 credits of cyber security on advanced level, which can for example be achieved by having read the courses Cybersecurity Fundamentals 7.5 credits, Network security 7.5 credits and Cyber Security Operations 7.5 credits. In addition Swedish course 3 or Swedish level 3 and English course 6 or English level 2 are required. For courses given entirely in English exemption is made from the requirement in Swedish course 3 or Swedish level 3.

Examination

PRO1, Project, An assignment that is presented with a report and a demonstration of the project, 7,5 credits, examines the learning outcomes 1, 2 and 3, marks Fail (U) or Pass (G).

A student who has a certificate from MDU regarding disability study support, can request adaptions for the examination. It is the examiner who takes decisions on any adaptions, based on the certificate and other conditions.

Grade

Two-grade scale

Interim Regulations and Other Regulations

The course completely overlaps with DVA508 Attack and Defend.