«Approved»

Dean
________________________
«____» _____________ 2021

Syllabus
Academic Year 2020 - 2021

1. General information
Course title Hacking lab
Degree cycle (level)/ 6B06301 “Cyber Security”
major
Year, trimester 1, 3
Number of credits 5
Language of English
delivery:
Prerequisites “Introduction to cyber security”, “Linux basics”

Postrequisites No postrequisites
Lecturer(s) 1. Filko Ivan, senior lecturer, Master of technical science, Certified
Ethical Hacker, Cyber Security Expert at TSARKA,
[email protected] .
2. Yesbol Uristembayev, bachelor of radio engineering electronics
and telecommunications,cyber security analyst, lecturer,
[email protected]. Astana IT University,
Expo, C1 block, 2nd floor.
3. Kutlymurat Mambetniyazov, Master of Computer Science, Cyber
Security Expert at NitroTeam,
[email protected]
2. Goals, objectives and learning outcomes of the course
1. Course “Hacking lab” is a 10-week course. This course covers fundamentals of
description ethical hacking.
2. Course goal(s) Course goal is to introduce the students to ethical hacking. These course
materials will assist you in developing the skills necessary to work as a
cyber security engineer and as a penetration tester.
3. Course Course objectives include:
objectives: • To understand the concept of penetration testing.
• To understand the role of ethical hacking to conduct security
assessments.
• To get basic hacking skills
4. Skills & The course designed for people who are new to the study of cyber
competences security, and does not require any prior skills.
5. Course learning Upon completion of the course, students will be able to perform the
outcomes: following tasks:
• Know and apply the hacking skills to perform a penetration test.
• Understand basic principles of penetration testing.
• Be acquainted with the concepts of information security controls and
countermeasures.
1
 • Know and understand enumeration techniques, network scanning
techniques and perform vulnerability analysis
6. Methods of • Theoretical and practical assessments
assessment • Quizzes
7. Reading list • https://dmcxblue.gitbook.io/red-team-notes/
• https://book.hacktricks.xyz/

8. Resources Online journals, article, papers, books and internet resources.

9. Course policy Course and university policies include:

Attendance: Students are expected to attend all scheduled class sessions

with all required reading and supplementary materials. Readings are to be
completed prior to class.

The student won’t obtain additional points for course attendance, but the
attendance is important to pass the course. In case the student is not able
to attend the classes for some reasons, he/she must inform the dean’s office
in advance and the student itself is responsible for learning all materials,
which were given during unattended lessons.

In case if the student did not attend more than 30% of the classes
without any reasonable excuses, the teacher has a right to mark him as “not
graded”, and the student wouldn’t be admitted to the exam. In other words,
students must participate in at least 70% of all class time, otherwise he/she
fails the course.

Preparation for Class: Class participation is a very important part of the

learning process in this course. Although not explicitly grade, students will
be evaluated on the QUALITY of their contributions and insights. Quality
comments possess one or more of the following properties:
- Offers a different and unique, but relevant, perspective;
- Contributes to moving the discussion and analysis forward;
- Builds on other comments.

Class work: The duration of each lecture and practical lesson is 50 minutes
and 40 minutes for online class. Students are expected to complete all
readings and assignments ahead of time, attend class regularly and
participate in class discussions. In case of systemic student’s misconduct,
the student would be dispensed from the classes.

Being late on class: When students come to class late, it can disrupt the
flow of a lecture or discussion, distract other students, impede learning,
and generally erode class morale. Moreover, if left unchecked, lateness can
become chronic and spread throughout the class. By the policy of this
course, students who come late to class for more than 5 minutes are not
allowed to get in to class and consequently, they will be marked as “absent”
for the specific hour.

2
Attestation I and II: Students with score less than 25% for Attestation
period I or Attestation period II (RK1/RK2) are automatically failed and
should take the course again.

Home work / Assignments: The assignments are designed to acquaint

students with the theoretical knowledge and practical skills required for
the course. The textbook readings will be supplemented with materials
collected from recent professional articles and journals. In case of using
someone’s work (papers, articles, any publications), all works must be
properly cited. Failure to cite work will be resulted as a cheating from the
students and may be a subject of additional disciplinary measures.

Late assignments: Most assignments will be discussed in class on the due

date, therefore late assignments will not receive credit. It is expected that
all work will be submitted on time. Failure to pass assignments in on time
will result in 0% for the assignment. In other words, no late submissions
are allowed. All gradings are based using a percentage grading scale.

In the event of some extraordinary event, students should notify the teacher
and request an extension of the deadline. If approved, a new date will be
given to the student depending upon the circumstances.

Final exam: The final exam for the course “Hacking lab” is a practical
exercise hour which covers the most theoretical part of the course.

Laptops and mobile devices can only be used for classroom purposes
when directed by the teacher. Misuse of laptops or handheld devices will
be considered a breach of discipline and appropriate action will be initiated
by the teacher.

Cheating and plagiarism are defined in the Academic conduct policies of

the university and include:
1. Submitting work that is not your own papers, assignments, or exams;
2. Copying ideas, words, or graphics from a published or unpublished
source without appropriate citation;
3. Submitting or using falsified data;
4. Submitting the same work for credit in two courses without prior consent
of both instructors.

Any student who is found cheating or plagiarizing on any work for this
course will receive 0 (zero) for that work and further actions will also be
taken regarding academic conduct policies of the university.

Academic Conduct Policies of the university: The full texts of all the
academic conduct code will be posted to the students using the learning
management system (moodle.astanait.edu.kz).

Contacting the Instructor (Teacher): The easiest and the most reliable
way to get in touch with the teacher is by email. Students must feel free to
send emails if they have a question related to the course. The teacher will
respond as soon as he can but not always instantaneously. Besides that,
students are also welcomed to arrange a one-to-one meeting with the
3
 teacher by their office during office hours to discuss the class using both
offline and online ways.

3. Course Content

# Abbreviation Meaning
1 TSIS Teacher-supervised independent work
2 SIS Students’ independent work
3 IP Individual project
4 PA Practical assignment
5 LW Laboratory work
6 MCQ Multiple choice quiz

3.1 Lecture, practical/seminar/laboratory session plans

Lab. sessions
Lectures

Practice
sessions
We

(H/W)

(H/W)

(H/W)

(H/W)
(H/W)
TSIS

SIS
ek Course Topic
No

1 Introduction to Ethical Hacking & Building 0 5 0 1 9

workplace

2 Network and networks scanners 0 5 0 1 9

3 Introduction to databases and injections 0 5 0 1 9

4 The Ethical Hacker Methodology & Information 0 5 0 1 9
Gathering (Reconnaissance)
5 Scanning & Enumeration & Scanning Tools 0 5 0 1 9
6 Web applications structure 0 5 0 1 9

7 Web application attack’s part 1 (OWASP) 0 5 0 1 9

8 Web application attack’s part 2 (OWASP) 0 5 0 1 9

9 Web application attack’s part 3 (OWASP) 0 5 0 1 9

10 Hacking competition: juice shop (OWASP) 0 5 0 1 9

Total hours: 150 0 50 0 10 90

3.2 List of assignments for Student Independent Study

Assignments (topics) for Recommended literature Form of

№ Hours
Independent study and other sources (links) submission
1 2 3 4 5
1 Understanding Ethical hacking Books, internet resources Exercises
9

4
 2 Installing and working in Linux on Books, internet resources Exercises
Virtual machine 9
3 Managing VM and practice on Books, internet resources Exercises
9
Linux
4 Tools for Network scanning 9 Books, internet resources Exercises
5 Understanding web applications Books, internet resources Exercises
9
structure
6 Practice locally for hacking web Books, internet resources Exercises
9
servers and web applications
7 Practice locally for hacking web Books, internet resources Exercises
servers and web applications 9

8 Practice locally for hacking web Books, internet resources Exercises

servers and web applications 9

9 Practice locally for hacking web Books, internet resources Exercises

9
servers and web applications
10 Real CTF competition and practical Books, internet resources Exercises
9
exam preparation

4. Student performance evaluation system for the course

Period Assignments Number of Total

points
1st Assignments: 100
attestation Assignment 1 25
Assignment 2 25

Mid-term test 50
2nd Assignments: 100
attestation Assignment 3 25
Assignment 4 25

End-term test 50
Final exam multiple-choice test and practical 100
questions
Total 0,3 * 1st Att + 0,3 * 2nd Att + 0,4*Final 100

Achievement level as per course curriculum shall be assessed according to the evaluation
chart adopted by the academic credit system.

Letter Grade according to the

Numerical equivalent Percentage
Grade traditional system
А 4,0 95-100
Excellent
А- 3,67 90-94
В+ 3,33 85-89
В 3,0 80-84
Good
В- 2,67 75-79
С+ 2,33 70-74
С 2,0 65-69
С- 1,67 60-64 Satisfactory
5
 D+ 1,33 55-59
D 1,0 50-54
FX 0 25-49
Fail
F 0 0-24

Based on the specific grade for each assignment, and the final grade, following criteria
must be satisfied:
Grade Criteria to be satisfied
- Work would be worthy of further dissemination under appropriate conditions
- Mastery of advanced methods and techniques at a level beyond that explicitly
taught
- Ability to synthesize and employ in an original way idea from across the subject
90-100 - Outstanding command of critical analysis and judgment
- Excellent range and depth of attainment of intended outcomes
- Mastery of a wide range of methods and techniques
- Evidence of study and originality of what has been taught
80-89 - Able to display a command of critical analysis and judgement
- Attained all the intended learning outcomes for a unit
- Able to use well a range of methods and techniques to come to conclusions
70-79 - Able to employ critical analysis and judgement
- Some limitations in attainment of learning objectives, but has managed to grasp
most of them
- Able to use most of the methods and techniques taught
- Evidence of study and comprehension of what has been taught but grasp insecure
- Some grasp of the issues and concepts underlying the techniques and material
60-69 taught, but weak and incomplete
- Attainment of only a minority of the learning outcomes
- Able to demonstrate a clear but limited use of some of the basic methods and
techniques taught
- Weak and incomplete grasp of what has been taught
- Deficient understanding of the issues and concepts underlying the techniques and
50-59 material taught
- Attainment of nearly all the intended learning outcomes deficient
- Lack of ability to use at all or the right methods and techniques taught
- Inadequately and incoherently presented
- Wholly deficient grasp of what has been taught
- Lack of understanding of the issues and concepts underlying the techniques and
25-49 material taught
No significant assessable material, absent or assessment missing a must pass
0-24 component

5. Methodological Guidelines

Assessment is administered continuously throughout the course. The students are rated
against their performance in continuous rating administered throughout the semester (60%)
and summative rating done during the examination session (40%), total 100%. Continuous
rating is students’ on-going performance in class and independent work. Class work is assessed
for attendance, laboratory works' defense and in- class assessments.

6
 - TSIS (Teacher Supervised Student Independent Study) -comprises presentation to be
done by students independently and checked by instructor.
- Mid-term and End-term is a review of the topics covered and assessment of
each student's knowledge. The form of the mid-term and end-term exams is complex.
Final assessment for the course “Hacking lab” is a multiple-choice test for one hour which covers
the most theoretical part of the course. At the completion of the exam, all works must be submitted
in the Learning Management System (moodle.astanait.edu.kz). No late submissions are allowed
in the exam.