Skip to main content

On-Campus Hands-On Ethical Hacking Course

Design, Deployment and Lessons Learned

Part of the IFIP Advances in Information and Communication Technology book series (IFIPAICT,volume 674)


In this paper, we report on designing and deploying an on-campus, highly practical ethical hacking course using the foundation of Kungl. Tekniska Högskolan’s (KTH) existing, well-established, distance-based course. We explain our course organization, structure, and delivery and present the students’ formative and summative feedback and their results. Moreover, we justify the choice of our platform, a custom gcp-based cyber range with twelve capture the flag exercises designed for an online ethical hacking course, and how our on-campus course was implemented around it. Our ethical hacking course is organized around ten mandatory lectures, seven flag reports and three lectures on ethics, two demonstrations, and four guest lectures. The student evaluation is continuous and based on the flags captured. Our collected data indicates the amount of effort spent on each exercise, the used hints, and for how long most of the students were actively solving the exercises. The students’ feedback indicates they were overwhelmingly satisfied with the course elements and teaching staff. Finally, we propose changes to elements of our ethical hacking course. The course was delivered at Karlstad University over nine weeks between January and March 2023 for 24 students.


  • Ethical hacking
  • education
  • ethics
  • cybersecurity
  • capture the flag

This is a preview of subscription content, access via your institution.

Buying options

USD   29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
USD   89.00
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Hardcover Book
USD   119.99
Price excludes VAT (USA)
  • Durable hardcover edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Learn about institutional subscriptions


  1. 1.

  2. 2. and

  3. 3. and

  4. 4., episodes 47, 49, 82, 87, and 88.

  5. 5.

  6. 6.

    The Erasmus students do not receive the link.

  7. 7.


  1. Blankenship, L.: The conscience of a hacker. Phrack 1(7) (1986)

    Google Scholar 

  2. Fischer-Hübner, S., et al.: A MOOC on privacy by design and the GDPR. In: Drevin, L., Theocharidou, M. (eds.) WISE 2018. IAICT, vol. 531, pp. 95–107. Springer, Cham (2018).

    CrossRef  Google Scholar 

  3. Friedl, S., Glas, M., Englbrecht, L., Böhm, F., Pernul, G.: ForCyRange: an educational IoT cyber range for live digital forensics. In: Drevin, L., Miloslavskaya, N., Leung, W.S., von Solms, S. (eds.) WISE 2022. IFIPAICT, vol. 650, pp. 77–91. Springer, Cham (2022).

    CrossRef  Google Scholar 

  4. Kakouros, N., Johnson, P., Lagerström, R.: Detecting plagiarism in penetration testing education. In: Nordsec, 25th Nordic Conference on Secure IT Systems (2020)

    Google Scholar 

  5. Krathwohl, D.: A revision of bloom’s taxonomy: an overview. Theory Pract. 41(4), 212–218 (2002)

    CrossRef  Google Scholar 

  6. KTH: Course Information (2023). Accessed 24 Mar 2023

  7. Levy, S.: Hackers: Heroes of the Computer Revolution, vol. 14. Anchor Press, Doubleday Garden City (1984)

    Google Scholar 

  8. Lindskog, S., Hedbom, H., Martucci, L.A., Fischer-Hübner, S.: Experiences from educating practitioners in vulnerability analysis. In: Futcher, L., Dodge, R. (eds.) WISE 2007. IAICT, vol. 237, pp. 73–80. Springer, New York (2007).

    CrossRef  Google Scholar 

  9. Mason, R.O.: Applying ethics to information technology issues. Commun. ACM 38(12), 55–57 (1995)

    CrossRef  Google Scholar 

  10. Tucker, B., Stronge, J.: Linking teacher evaluation and student learning. Association for Supervision and Curriculum Development (2005)

    Google Scholar 

Download references


We thank Pontus Jonhson, Nikolaos Kakouros, and Sotirios Katsikeas from kth for sharing their cyber range and invaluable expertise and guidance. Additionally, we are grateful for the support of our colleague Tobias Vehkajärvi. Our ethical hacking course was influenced, in part, by our experience in developing courses on vulnerability analysis and moocs [2, 8].

Author information

Authors and Affiliations


Corresponding author

Correspondence to Leonardo A. Martucci .

Editor information

Editors and Affiliations

Rights and permissions

Reprints and Permissions

Copyright information

© 2023 IFIP International Federation for Information Processing

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Martucci, L.A., Magnusson, J., Akil, M. (2023). On-Campus Hands-On Ethical Hacking Course. In: Furnell, S., Clarke, N. (eds) Human Aspects of Information Security and Assurance. HAISA 2023. IFIP Advances in Information and Communication Technology, vol 674. Springer, Cham.

Download citation

  • DOI:

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-031-38529-2

  • Online ISBN: 978-3-031-38530-8

  • eBook Packages: Computer ScienceComputer Science (R0)