Penetration Testing mailing list archives
Re: Graduate CS Pen Testing Class
From: Fredrik Strömberg <stromberg () insto org>
Date: Mon, 9 May 2011 15:46:03 +0200
Hi Wesley, I´m teaching a course for undergrads called "IT-security systems and risk analysis". It´s the last course the second year in an IT forensics/security bachelor, and they have limited programming experience. Our courses are obviously geared towards different groups, but I thought I should share anyway. I try to teach what Scott talks about (A->Z, the hacking mindset) through personal anecdotes and example after example on how you can use systems in ways not intended, in every lecture, in line with whatever subject I happen to talk about. IP over DNS and the (joke) sql injection in the swedish election are personal favorites because they work well for giving "Oh, I´d never have thought of that"-moments. Sanitizing inputs is obviously a big thing, so that´s something I come back to as often as I can, to show them that people have almost never thought of all ways in. These examples are often from a real intrusion, so it´s very obvious to them that this actually exists in the wild. It also makes it easier for them to connect and remember. As for the practical part of the course I use virtual machines. One attacker (with e.g. Metasploit) and one or more hackable machines - not just double-click->pwn but hack from one machine to the next, some local privilege escalation, maybe extract something from a database. If you´re teaching general pen testing, don´t forget to include lectures and exercises on web security. Kind regards, Fredrik Strömberg ------------------------------------------------------------------------ This list is sponsored by: Information Assurance Certification Review Board Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT and CEPT certs require a full practical examination in order to become certified. http://www.iacertification.org ------------------------------------------------------------------------
Current thread:
- Re: Graduate CS Pen Testing Class Fredrik Strömberg (May 09)