Unit convenor and teaching staff |
Unit convenor and teaching staff
Convenor
Damian Jurd
Lecturer
Alireza Jolfaei
|
---|---|
Credit points |
Credit points
4
|
Prerequisites |
Prerequisites
Admission to MInfoTech(Cyber Sec)
|
Corequisites |
Corequisites
|
Co-badged status |
Co-badged status
|
Unit description |
Unit description
This unit provides an introduction to ethical hacking and offensive security. Strong emphasis is given to ethics and ethical behaviour as students are exposed to penetration techniques and methods. In other words, students are taught how to systematically look for and exploit vulnerabilities in software, protocols and systems in order to report those vulnerabilities and improve the safety of those software, protocols and systems. Communication, in speaking and writing plays a critical role in this unit. The most proficient students in this unit may be selected to represent the University at various national pentesting competitions and challenges.
|
Information about important academic dates including deadlines for withdrawing from units are available at https://www.mq.edu.au/study/calendar-of-dates
On successful completion of this unit, you will be able to:
No extensions will be granted without an approved application for Special Consideration. There will be a deduction of 20% of the total available marks made from the total awarded mark for each 24 hour period or part thereof that the submission is late. For example, 25 hours late in submission for an assignment worth 10 marks – 40% penalty or 2 marks deducted from the total. No submission will be accepted after solutions have been posted.
If you receive Special Consideration for the final exam, a supplementary exam will be scheduled after the normal exam period, following the release of marks. By making a special consideration application for the final exam you are declaring yourself available for a resit during the supplementary examination period and will not be eligible for a second special consideration approval based on pre-existing commitments. Please ensure you are familiar with the policy prior to submitting an application. Approved applicants will receive an individual notification one week prior to the exam with the exact date and time of their supplementary examination.
Name | Weighting | Hurdle | Due |
---|---|---|---|
In-class exercises | 12% | No | Weeks 2, 4, 6, 8, 10, 12 |
CTF - Capture The Flag | 18% | No | Weeks 3, 7, 11 |
Module Exams | 60% | No | Weeks 5, 9, Exam Period |
Research Topic | 10% | No | Week 13 |
Due: Weeks 2, 4, 6, 8, 10, 12
Weighting: 12%
During even numbered weeks you will be set an in-class exercise related to that week's lecture topic to complete during your workshop class. Your work will be checked and marked in the workshop class in which it is completed. No late submissions are accepted.
Due: Weeks 3, 7, 11
Weighting: 18%
For each of the three modules you will compete in a group based capture-the-flag exercise. Students will have the opportunity to apply the principles, tools, and techniques that they have learnt against live systems in order to find various vulnerabilities. The CTF will be conducted during your practical class. Students will complete the CTF as members of a group in class and individually submit a report describing what vulnerabilities were found and their attack methodology. CTF reports will be due before the following week's practical class.
Due: Weeks 5, 9, Exam Period
Weighting: 60%
Module exams will be conducted as capture-the-flag exercises and will follow the structure of the CTF exercise conducted two weeks prior to the module exam. Unlike the CTF exercise students will complete the module exams individually, not in groups. As for the CTF a report will be submitted before the following week's practical class.
Due: Week 13
Weighting: 10%
Student groups will research a well known vulnerability (chosen by the teaching staff) and provide a presentation and demonstration of the vulnerability. Each presentation will be followed by a brief question-and-answer session. Group members will submit a report individually with a focus on the ethical implicatoins of the use and misuse of the vulnerability.
Each week you should attend three hours of lectures, and a three hour practical workshop. For details of days, times and rooms consult the timetables webpage.
Note that practicals workshops (lab sessions) commence in week 1. The week-by-week details of the practical (lab) classes will be available from iLearn.
You must attend the practicals that you are enrolled in.
The following two textbooks contain the bulk of the weekly readings.
Unit Websites
ITEC653 is administered via iLearn (http://ilearn.mq.edu.au/).
Lecture recordings
Digital recordings of lectures may be available. When available they will be linked from iLearn.
In this unit, you should do the following:
Lecture notes will be made available each week but these notes are intended as an outline of the lecture only and are not a substitute for your own notes or the recommended reading list.
Tentative teaching schedule, subject to change:
Week |
Module |
Lecture Topics |
Assessment |
Mode |
Weight |
Submit |
1 |
Systems |
Introduction, ethics, group selection Virtual machines, kali linux, windows, file systems, process models, vulnerabilities |
Diagnostic Test |
Individual |
0% |
|
2 |
In-class exercise |
Individual |
2% |
|
||
3 |
Capture The Flag (CTF) |
Group |
6% |
|
||
4 |
In-class exercise |
Individual |
2% |
CTF Report |
||
5 |
Web |
Web infrastructure, injections, cross-site scripting, cookies, headers, fuzzing, vulnerabilities |
Module Exam |
Individual |
20% |
|
6 |
In-class exercise |
Individual |
2% |
Module Report |
||
7 |
CTF |
Group |
6% |
|
||
8 |
In-class exercise |
Individual |
2% |
CTF Report |
||
9 |
Networking |
Network stack, scanning, services, authentication protocols, services, vulnerabilities
|
Module Exam |
Individual |
20% |
|
10 |
In-class exercise |
Individual |
2% |
Module Report |
||
11 |
CTF |
Group |
6% |
|
||
12 |
In-class exercise |
Individual |
2% |
CTF Report |
||
13 |
|
|
Group presentations |
Group |
10% |
Reflective Report |
Formal Exam Period |
|
Module Exam |
Individual |
20% |
Module Report |
Macquarie University policies and procedures are accessible from Policy Central (https://staff.mq.edu.au/work/strategy-planning-and-governance/university-policies-and-procedures/policy-central). Students should be aware of the following policies in particular with regard to Learning and Teaching:
Undergraduate students seeking more policy resources can visit the Student Policy Gateway (https://students.mq.edu.au/support/study/student-policy-gateway). It is your one-stop-shop for the key policies you need to know about throughout your undergraduate student journey.
If you would like to see all the policies relevant to Learning and Teaching visit Policy Central (https://staff.mq.edu.au/work/strategy-planning-and-governance/university-policies-and-procedures/policy-central).
Macquarie University students have a responsibility to be familiar with the Student Code of Conduct: https://students.mq.edu.au/study/getting-started/student-conduct
Results published on platform other than eStudent, (eg. iLearn, Coursera etc.) or released directly by your Unit Convenor, are not confirmed as they are subject to final approval by the University. Once approved, final results will be sent to your student email address and will be made available in eStudent. For more information visit ask.mq.edu.au or if you are a Global MBA student contact globalmba.support@mq.edu.au
Macquarie University provides a range of support services for students. For details, visit http://students.mq.edu.au/support/
Learning Skills (mq.edu.au/learningskills) provides academic writing resources and study strategies to improve your marks and take control of your study.
Students with a disability are encouraged to contact the Disability Service who can provide appropriate help with any issues that arise during their studies.
For all student enquiries, visit Student Connect at ask.mq.edu.au
If you are a Global MBA student contact globalmba.support@mq.edu.au
For help with University computer systems and technology, visit http://www.mq.edu.au/about_us/offices_and_units/information_technology/help/.
When using the University's IT, you must adhere to the Acceptable Use of IT Resources Policy. The policy applies to all who connect to the MQ network including students.
Our graduates will also be capable of creative thinking and of creating knowledge. They will be imaginative and open to experience and capable of innovation at work and in the community. We want them to be engaged in applying their critical, creative thinking.
This graduate capability is supported by:
We want our graduates to have emotional intelligence and sound interpersonal skills and to demonstrate discernment and common sense in their professional and personal judgement. They will exercise initiative as needed. They will be capable of risk assessment, and be able to handle ambiguity and complexity, enabling them to be adaptable in diverse and changing environments.
This graduate capability is supported by:
Our graduates will take with them the intellectual development, depth and breadth of knowledge, scholarly understanding, and specific subject content in their chosen fields to make them competent and confident in their subject or profession. They will be able to demonstrate, where relevant, professional technical competence and meet professional standards. They will be able to articulate the structure of knowledge of their discipline, be able to adapt discipline-specific knowledge to novel situations, and be able to contribute from their discipline to inter-disciplinary solutions to problems.
This graduate capability is supported by:
We want our graduates to be capable of reasoning, questioning and analysing, and to integrate and synthesise learning and knowledge from a range of sources and environments; to be able to critique constraints, assumptions and limitations; to be able to think independently and systemically in relation to scholarly activity, in the workplace, and in the world. We want them to have a level of scientific and information technology literacy.
This graduate capability is supported by:
Our graduates should be capable of researching; of analysing, and interpreting and assessing data and information in various forms; of drawing connections across fields of knowledge; and they should be able to relate their knowledge to complex situations at work or in the world, in order to diagnose and solve problems. We want them to have the confidence to take the initiative in doing so, within an awareness of their own limitations.
This graduate capability is supported by:
We want to develop in our students the ability to communicate and convey their views in forms effective with different audiences. We want our graduates to take with them the capability to read, listen, question, gather and evaluate information resources in a variety of formats, assess, write clearly, speak effectively, and to use visual communication and communication technologies as appropriate.
This graduate capability is supported by:
As local citizens our graduates will be aware of indigenous perspectives and of the nation's historical context. They will be engaged with the challenges of contemporary society and with knowledge and ideas. We want our graduates to have respect for diversity, to be open-minded, sensitive to others and inclusive, and to be open to other cultures and perspectives: they should have a level of cultural literacy. Our graduates should be aware of disadvantage and social justice, and be willing to participate to help create a wiser and better society.
This graduate capability is supported by:
We want our graduates to be aware of and have respect for self and others; to be able to work with others as a leader and a team player; to have a sense of connectedness with others and country; and to have a sense of mutual obligation. Our graduates should be informed and active participants in moving society towards sustainability.
This graduate capability is supported by:
At the end of the semester, you will receive a grade that reflects your achievement in the unit
In this unit, the final mark will be calculated by combining the marks for all assessment tasks according to the percentage weightings shown in the assessment summary. The practical classes are classified as a hurdle assessment, this means that you will be required to perform to a satisfactory standard in at least nine of the practical classes to pass the unit.
Concretely, in order to pass the unit, you must obtain an overall total mark of 50% or higher, and satisfactorily complete at least 9 out of the 12 practical exercises.
Students obtaining a higher grade than a pass in this unit will (in addition to the above)