教學大綱 Syllabus

科目名稱:滲透測試實務應用

Course Name: Penetration Testing and Its Applications
  • 學年學期:113-2 Spring Semester, 2025
  • 科目代碼:791026001 Course No.791026001

修別:群

Type of Credit: Partially Required

3.0

學分數

Credit(s)

40

預收人數

Number of Students

課程資料Course Details
  • 開課單位:資安碩一、資安碩二 Course Department:Master Program in Information Security/M/1&2
  • 授課老師:孫士勝 Instructor: SUN SHI-SHENG
  • 先修科目:無Prerequisite(N/A)
  • 上課時間:一D56 Session: mon13-16

課程簡介Course Description

本課程介紹系統與網路等受測目標的安全性與弱點以及可能被利用的途徑,透過模擬駭客與惡意使用者的思維、工具、及技術來測試與驗證受測目標的相關弱點及風險層級,並評估如何改善受測目標的安全性漏洞以提高整體資訊安全。
課程中擬採用國網中心CDX雲端資安攻防平臺(Cyber Defense eXercise)帶領學生上機演練,透過虛擬化環境佈署相關攻防演練場景讓學生學習使用相關檢測工具並實際操作滲透測試相關技術,以提高學生資安技術觀念及能力。

This course introduces the security and vulnerabilities of systems, networks, and other targeted object, as well as potential exploitation methods. By simulating the mindset, tools, and techniques of hackers and malicious users, we will test and verify the vulnerabilities and risk levels of targeted objects. Furthermore, we will evaluate how to improve the security vulnerabilities of targeted objects to enhance overall cybersecurity.
In this course, we will utilize the cloud-based security training platform, CDX (Cyber Defense eXercise) of National Center for High-Performance Computing (NCHC), to guide students in hands-on exercises. Through CDX, we will deploy various attack and defense scenarios for students to learn how to use relevant detection tools and practice penetration testing techniques, thereby enhancing students' understanding and skills in cybersecurity.

核心能力分析圖 Core Competence Analysis Chart

能力項目說明

    課程目標與學習成效Course Objectives & Learning Outcomes

    學生於本課程將習得以下能力:
    1. 了解系統、網路及應用程式的強度、弱點及威脅。
    2. 熟悉與掌握相關檢測工具及技術。
    3. 具備強化系統與網路弱點之知識。

    In this course, students will learn to:
    1. Identify the strengths, weaknesses, and threats of systems, networks, and applications.
    2. Be familiar with relevant detection tools and techniques.
    3. Acquire the knowledge to strengthen the vulnerabilities of systems and networks.

    每周課程進度與作業要求 Course Schedule & Requirements

    教學週次Course Week 彈性補充教學週次Flexible Supplemental Instruction Week 彈性補充教學類別Flexible Supplemental Instruction Type

    Note: The following is a preliminary course schedule. Course schedule may change and the actual course content will be posted on the Moodle page.

    週次

    Week

    課程主題

    Topic

    課程內容與指定閱讀

    Content and Reading Assignment

    教學活動與作業

    Teaching Activities and Homework

    學習投入時間

    Student workload expectation

    課堂講授

    In-class Hours

    課程前後

    Outside-of-class Hours

    W01

    02/17

    資訊安全滲透測簡介

    Introduction to Penetration Testing

    Syllabus &

    Introduction to Penetration Testing

    V

    3

    3

    W02

    02/24

    網路資訊蒐集

    Network Information Gathering Techniques

    Network Information Gathering Techniques &

    Cyber Defense eXercise, CDX

    HW#1

    3

    3

    W03

    03/03

    弱點發現及掃描技術

    Vulnerability Discovery and Scanning

    OpenVAS & Nessus

    V

    3

    3

    W04

    03/10

    密碼學、密碼設置、密碼分析與通行碼

    Cryptography, Password Security, Cryptanalysis, and Passphrases

    John the Ripper

    V

    3

    3

    W05

    03/17

    弱點利用平台

    Vulnerability Exploitation Platforms

    Kali Linux & Metasploit

    HW#2

    3

    3

    W06

    03/24

    Windows弱點利用

    Windows Exploitation

    Mimikatz & Powershell & SMB & AD

    V

    3

    3

    W07

    04/31

    Linux弱點利用

    Linux Exploitation

    Chroot & Kernel exploit

    V

    3

    3

    W08

    04/07

    Web ServerWeb弱點利用

    Web Server and Web Application Exploitation

    Apache/IIS/Tomcat server and config & SSL/TLS

    V

    3

    3

    W09

    04/14

    Midterm
     

    CYBERSEC 2025 04/15~04/17

    Midterm

     

    CYBERSEC 2025 04/15~04/17

    V

    3

    4.5

    W10

    04/21

    內網滲透

    Internal Network Penetration

    Sniffer, ARP Spoofing and Poisoning, MITM

    HW#3

    3

    3

    W11

    04/28

    VPN安全測試及通訊掩護

    VPN Security Testing and Traffic Obfuscation

    IKEForce & PPTP Hacking & Overlay network

    V

    3

    3

    W12

    05/05

    網路設備滲透及WiFi滲透

    Network Device and WiFi Penetration

    SSDP & CDP & Aircrack ng

    V

    3

    3

    W13

    05/12

    實體滲透

    Physical Penetration

    Key logger & BadUSB

    V

    3

    3

    W14

    05/19

    社交工程

    Social Engineering

    urlcrazy &Setoolkit &

    Beef

    HW#4

    3

    3

    W15

    05/26

    阻斷服務及壓力測試

    Denial of Service and Stress Testing

    DoS/DDoS & DDoSer hping

    V

    3

    3

    W16

    06/02

    Term Project Report

    Term Project Report

    V

    3

    4.5

    W17

    06/09

    Course-related Online Learning

     

     

     

     

    W18

    06/16

    Self-learning

     

     

     

     

     

    授課方式Teaching Approach

    60%

    講述 Lecture

    10%

    討論 Discussion

    10%

    小組活動 Group activity

    20%

    數位學習 E-learning

    0%

    其他: Others:

    評量工具與策略、評分標準成效Evaluation Criteria

    The grading criteria is tentatively as follows. Please refer to Moodle of this course for the final version.
    In-class lab activities and homework: 50%
    Midterm: 25%
    Term Project: 25%

    This course is conditionally open to use Generative AI tools:

    • If students use Generative AI tools, they need to briefly explain how to use Generative AI for topic development, sentence polishing, or structural reference in the "footnote of title page" or "references" in the assignments or reports.
    • If the student uses Generative AI tools but does not indicate them in the assignments or reports, the teacher has the right to regrade or deny the assignments or reports.
    • Students taking this course will be deemed to have agreed to the above statement of conditional open use of Generative AI tools when registering for the course.

    本課程有條件開放使用生成式AI工具:

    • 修課同學若使用生成式AI工具,需於作業或報告中的「標題頁註腳」或「引用文獻後」簡要說明如何使用生成式AI進行議題發想、文句潤飾或結構參考等使用方式。
    • 若經查核使用生成式AI工具,卻未於作業或報告中標明,授課教師有權針對作業或報告重新評分或不予計分。
    • 修讀本課程同學於選課時即視為同意以上有條件開放使用生成式AI工具聲明。

    指定/參考書目Textbook & References

    Textbooks and references:
    1. Kali Linux Penetration Testing Bible (Gus Khawaja, Wiley, ISBN: 978-1119719083)
    2. Adversarial Tradecraft in Cybersecurity: Offense versus defense in real-time computer conflict (Dan Borges, Packt Publishing, ISBN: 978-1801076203)
    3. 極黑駭客專用的OS:Kali Linux2無差別全網滲透 (李華峰, 深智數位, ISBN: 978-9860776072)
     

    已申請之圖書館指定參考書目 圖書館指定參考書查詢 |相關處理要點

    維護智慧財產權,務必使用正版書籍。 Respect Copyright.

    本課程可否使用生成式AI工具Course Policies on the Use of Generative AI Tools

    有條件開放使用:Please refer to "Evaluation Criteria" for details. 請參考「評量工具與策略、評分標準成效」內容。 Conditional Permitted to Use

    課程相關連結Course Related Links

    The Moodle link 
https://moodle-course02.nccu.edu.tw/course/view.php?id=9555

    課程附件Course Attachments

    課程進行中,使用智慧型手機、平板等隨身設備 To Use Smart Devices During the Class

    Yes

    列印