On-Campus Hands-On Ethical Hacking Course

Martucci, Leonardo A.; Magnusson, Jonathan; Akil, Mahdi

doi:10.1007/978-3-031-38530-8_7

On-Campus Hands-On Ethical Hacking Course

Design, Deployment and Lessons Learned

Leonardo A. Martucci¹⁷,
Jonathan Magnusson¹⁷ &
Mahdi Akil¹⁷

Conference paper
First Online: 26 July 2023

Part of the IFIP Advances in Information and Communication Technology book series (IFIPAICT,volume 674)

Abstract

In this paper, we report on designing and deploying an on-campus, highly practical ethical hacking course using the foundation of Kungl. Tekniska Högskolan’s (KTH) existing, well-established, distance-based course. We explain our course organization, structure, and delivery and present the students’ formative and summative feedback and their results. Moreover, we justify the choice of our platform, a custom gcp-based cyber range with twelve capture the flag exercises designed for an online ethical hacking course, and how our on-campus course was implemented around it. Our ethical hacking course is organized around ten mandatory lectures, seven flag reports and three lectures on ethics, two demonstrations, and four guest lectures. The student evaluation is continuous and based on the flags captured. Our collected data indicates the amount of effort spent on each exercise, the used hints, and for how long most of the students were actively solving the exercises. The students’ feedback indicates they were overwhelmingly satisfied with the course elements and teaching staff. Finally, we propose changes to elements of our ethical hacking course. The course was delivered at Karlstad University over nine weeks between January and March 2023 for 24 students.

Keywords

Ethical hacking
education
ethics
cybersecurity
capture the flag

This is a preview of subscription content, access via your institution.

Chapter: USD 29.95; Price excludes VAT (USA)

eBook: USD 89.00; Price excludes VAT (USA)

Hardcover Book: USD 119.99; Price excludes VAT (USA)

Tax calculation will be finalised at checkout

Purchases are for personal use only

Learn about institutional subscriptions

Notes

1.
https://www3.kau.se/kursplaner/en/DVAD25_20231_en.pdf.
2.
https://www.hackthebox.com/ and https://tryhackme.com/.
3.
https://www.uscyberrange.org/ and https://jyvsectec.fi/cyber-range/.
4.
https://darknetdiaries.com/, episodes 47, 49, 82, 87, and 88.
5.
https://www.mentimeter.com/.
6.
The Erasmus students do not receive the link.
7.
https://github.com/CTFd/CTFd.

References

Blankenship, L.: The conscience of a hacker. Phrack 1(7) (1986)
Google Scholar
Fischer-Hübner, S., et al.: A MOOC on privacy by design and the GDPR. In: Drevin, L., Theocharidou, M. (eds.) WISE 2018. IAICT, vol. 531, pp. 95–107. Springer, Cham (2018). https://doi.org/10.1007/978-3-319-99734-6_8
CrossRef Google Scholar
Friedl, S., Glas, M., Englbrecht, L., Böhm, F., Pernul, G.: ForCyRange: an educational IoT cyber range for live digital forensics. In: Drevin, L., Miloslavskaya, N., Leung, W.S., von Solms, S. (eds.) WISE 2022. IFIPAICT, vol. 650, pp. 77–91. Springer, Cham (2022). https://doi.org/10.1007/978-3-031-08172-9_6
CrossRef Google Scholar
Kakouros, N., Johnson, P., Lagerström, R.: Detecting plagiarism in penetration testing education. In: Nordsec, 25th Nordic Conference on Secure IT Systems (2020)
Google Scholar
Krathwohl, D.: A revision of bloom’s taxonomy: an overview. Theory Pract. 41(4), 212–218 (2002)
CrossRef Google Scholar
KTH: Course Information (2023). https://www.kth.se/cs/nse/studies/online-course-in-ethical-hacking-7-5-hp/course-information-1.819016. Accessed 24 Mar 2023
Levy, S.: Hackers: Heroes of the Computer Revolution, vol. 14. Anchor Press, Doubleday Garden City (1984)
Google Scholar
Lindskog, S., Hedbom, H., Martucci, L.A., Fischer-Hübner, S.: Experiences from educating practitioners in vulnerability analysis. In: Futcher, L., Dodge, R. (eds.) WISE 2007. IAICT, vol. 237, pp. 73–80. Springer, New York (2007). https://doi.org/10.1007/978-0-387-73269-5_10
CrossRef Google Scholar
Mason, R.O.: Applying ethics to information technology issues. Commun. ACM 38(12), 55–57 (1995)
CrossRef Google Scholar
Tucker, B., Stronge, J.: Linking teacher evaluation and student learning. Association for Supervision and Curriculum Development (2005)
Google Scholar

Download references

Acknowledgements

We thank Pontus Jonhson, Nikolaos Kakouros, and Sotirios Katsikeas from kth for sharing their cyber range and invaluable expertise and guidance. Additionally, we are grateful for the support of our colleague Tobias Vehkajärvi. Our ethical hacking course was influenced, in part, by our experience in developing courses on vulnerability analysis and moocs [2, 8].

Author information

Authors and Affiliations

Karlstad University, Karlstad, Sweden
Leonardo A. Martucci, Jonathan Magnusson & Mahdi Akil

Authors

Leonardo A. Martucci
View author publications
You can also search for this author in PubMed Google Scholar
Jonathan Magnusson
View author publications
You can also search for this author in PubMed Google Scholar
Mahdi Akil
View author publications
You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Leonardo A. Martucci .

Editor information

Editors and Affiliations

University of Nottingham, Nottingham, UK
Steven Furnell
University of Plymouth, Plymouth, UK
Nathan Clarke

Rights and permissions

Reprints and Permissions

Copyright information

About this paper

Cite this paper

Martucci, L.A., Magnusson, J., Akil, M. (2023). On-Campus Hands-On Ethical Hacking Course. In: Furnell, S., Clarke, N. (eds) Human Aspects of Information Security and Assurance. HAISA 2023. IFIP Advances in Information and Communication Technology, vol 674. Springer, Cham. https://doi.org/10.1007/978-3-031-38530-8_7

Download citation

DOI: https://doi.org/10.1007/978-3-031-38530-8_7
Published: 26 July 2023
Publisher Name: Springer, Cham
Print ISBN: 978-3-031-38529-2
Online ISBN: 978-3-031-38530-8
eBook Packages: Computer ScienceComputer Science (R0)

Published in cooperation with
http://www.ifip.org/