In this paper, we report on designing and deploying an on-campus, highly practical ethical hacking course using the foundation of Kungl. Tekniska Högskolan’s (KTH) existing, well-established, distance-based course. We explain our course organization, structure, and delivery and present the students’ formative and summative feedback and their results. Moreover, we justify the choice of our platform, a custom gcp-based cyber range with twelve capture the flag exercises designed for an online ethical hacking course, and how our on-campus course was implemented around it. Our ethical hacking course is organized around ten mandatory lectures, seven flag reports and three lectures on ethics, two demonstrations, and four guest lectures. The student evaluation is continuous and based on the flags captured. Our collected data indicates the amount of effort spent on each exercise, the used hints, and for how long most of the students were actively solving the exercises. The students’ feedback indicates they were overwhelmingly satisfied with the course elements and teaching staff. Finally, we propose changes to elements of our ethical hacking course. The course was delivered at Karlstad University over nine weeks between January and March 2023 for 24 students.
- Ethical hacking
- capture the flag
This is a preview of subscription content, access via your institution.
Tax calculation will be finalised at checkout
Purchases are for personal use onlyLearn about institutional subscriptions
https://darknetdiaries.com/, episodes 47, 49, 82, 87, and 88.
The Erasmus students do not receive the link.
Blankenship, L.: The conscience of a hacker. Phrack 1(7) (1986)
Fischer-Hübner, S., et al.: A MOOC on privacy by design and the GDPR. In: Drevin, L., Theocharidou, M. (eds.) WISE 2018. IAICT, vol. 531, pp. 95–107. Springer, Cham (2018). https://doi.org/10.1007/978-3-319-99734-6_8
Friedl, S., Glas, M., Englbrecht, L., Böhm, F., Pernul, G.: ForCyRange: an educational IoT cyber range for live digital forensics. In: Drevin, L., Miloslavskaya, N., Leung, W.S., von Solms, S. (eds.) WISE 2022. IFIPAICT, vol. 650, pp. 77–91. Springer, Cham (2022). https://doi.org/10.1007/978-3-031-08172-9_6
Kakouros, N., Johnson, P., Lagerström, R.: Detecting plagiarism in penetration testing education. In: Nordsec, 25th Nordic Conference on Secure IT Systems (2020)
Krathwohl, D.: A revision of bloom’s taxonomy: an overview. Theory Pract. 41(4), 212–218 (2002)
KTH: Course Information (2023). https://www.kth.se/cs/nse/studies/online-course-in-ethical-hacking-7-5-hp/course-information-1.819016. Accessed 24 Mar 2023
Levy, S.: Hackers: Heroes of the Computer Revolution, vol. 14. Anchor Press, Doubleday Garden City (1984)
Lindskog, S., Hedbom, H., Martucci, L.A., Fischer-Hübner, S.: Experiences from educating practitioners in vulnerability analysis. In: Futcher, L., Dodge, R. (eds.) WISE 2007. IAICT, vol. 237, pp. 73–80. Springer, New York (2007). https://doi.org/10.1007/978-0-387-73269-5_10
Mason, R.O.: Applying ethics to information technology issues. Commun. ACM 38(12), 55–57 (1995)
Tucker, B., Stronge, J.: Linking teacher evaluation and student learning. Association for Supervision and Curriculum Development (2005)
We thank Pontus Jonhson, Nikolaos Kakouros, and Sotirios Katsikeas from kth for sharing their cyber range and invaluable expertise and guidance. Additionally, we are grateful for the support of our colleague Tobias Vehkajärvi. Our ethical hacking course was influenced, in part, by our experience in developing courses on vulnerability analysis and moocs [2, 8].
Editors and Affiliations
© 2023 IFIP International Federation for Information Processing
About this paper
Cite this paper
Martucci, L.A., Magnusson, J., Akil, M. (2023). On-Campus Hands-On Ethical Hacking Course. In: Furnell, S., Clarke, N. (eds) Human Aspects of Information Security and Assurance. HAISA 2023. IFIP Advances in Information and Communication Technology, vol 674. Springer, Cham. https://doi.org/10.1007/978-3-031-38530-8_7
Publisher Name: Springer, Cham
Print ISBN: 978-3-031-38529-2
Online ISBN: 978-3-031-38530-8