MTU Courses - COMP9053 - Scripting for Cybersecurity

Module Details

Module Code:	COMP9053
Title:	Scripting for Cybersecurity
Long Title:	Scripting for Cybersecurity
NFQ Level:	Expert
Valid From:	Semester 1 - 2021/22 ( September 2021 )

Duration:	1 Semester

Credits:	5

Field of Study:	4811 - Computer Science

Module Delivered in:	4 programme(s)

Module Description:	In this module students will learn how to write programs and scripts to perform cyber security functions such as packet manipulation and network scanning techniques. In addition, they will learn ethical hacking techniques to program a range of network, web and malware attacks with the aim of evaluating and identifying vulnerabilities in systems and networks.

Learning Outcomes
On successful completion of this module the learner will be able to:
#	Learning Outcome Description
LO1	Evaluate the principles and techniques of ethical hackers to help businesses protect their infrastructure and information.
LO2	Applying programming concepts to evaluate the security and identify vulnerabilities in systems, networks or system infrastructure in an ethical manner.
LO3	Utilise programming libraries and its associated functionality to preform network packet manipulation.
LO4	Leverage programming libraries to implement a range of network based attacks.
LO5	Communicate with websites and web APIs for the purpose of utilising third-party services and identifying web application vulnerabilities.

Dependencies
Module Recommendations This is prior learning (or a practical skill) that is strongly recommended before enrolment in this module. You may enrol in this module if you have not acquired the recommended learning but you will have considerable difficulty in passing (i.e. achieving the learning outcomes of) the module. While the prior learning is expressed as named MTU module(s) it also allows for learning (in another module or modules) which is equivalent to the learning specified in the named module(s).

Incompatible Modules These are modules which have learning outcomes that are too similar to the learning outcomes of this module. You may not earn additional credit for the same learning and therefore you may not enrol in this module if you have successfully completed any modules in the incompatible list.
No incompatible modules listed
Co-requisite Modules
No Co-requisite modules listed
Requirements This is prior learning (or a practical skill) that is mandatory before enrolment in this module is allowed. You may not enrol on this module if you have not acquired the learning specified in this section.
No requirements listed

Indicative Content
Ethical Hacking Legal side of hacking. Hacking environment. Virtual Box - Kali linux. Linux basics. Python and ethical hacking. Python environment.
Python Scripting Data structures, looping and conditionals, formatted printing, regular expressions, environment variables, functions, modules, command line arguments, file I/O, error handling, reading config files, logging, parsing and formatting dates and times. Regular expressions. Functions. Classes. String method. Containers. Using APIs.
Network packet manipulation Scapy library. MAC address. Changing a MAC address using Python. Address Resolution Protocol (ARP). Scanning, sniffing and fuzzing. Packet design. Building packets. Stacking layers. Reading PCAP files. Port scanning. Domain Specific Language (DSL). Decoding packets. Graphical dumps. Generating sets of packets. Sending packets. Send and Receive. SYN Scans. TCP Traceroute. Super Sockets. Sniffing. Importing and exporting data. Frame injection.
Classical Network Attacks Password interception. Malformed packets. Ping of Death. Nestea attack. Land Attack. ARP Cache Poisoning. DNS spoofer. Bypassing HTTPs. Sniffing login credentials. Rouge DHCP Server Detector. OS fingerprinting.
Malware Writing malware basics. Execute Systems command payloads. Sending emails. Stealing wifi passwords. Stealing passwords on remote computers. File systems manipulation. Writing a keylogger. Write a backdoor - sending and receiving data over TCP. Implementing skeleton for client/server communication. Serialisation. Reading, writing and uploading files. Converting to binary executable. Running executable. Trojan. Anti virus programs.
Web Attacks Sending GET requests. Website subdomains. Hidden paths and discovery. Reading response content. POST requests. Login information. Brute force attack. DoS attack. Vulnerability scanner. Posting forms. Sessions. XSS Vulnerabilities and discovery. OWASP Top 10

Assessment Breakdown	%
Module Content & Assessment
Coursework	100.00%

Assessments

Coursework

Assessment Type	Project	% of Total Mark	50
Timing	Week 8	Learning Outcomes	1,2,3
Assessment Description Students will develop and submit assigned scripts which will demonstrate their command of the language and its libraries to execute Red/Blue Team operations.

Assessment Type	Project	% of Total Mark	50
Timing	Sem End	Learning Outcomes	2,3,4,5
Assessment Description The student for example, will design and develop scripts/program that will launch a network based attack and design a solution that prevents the exploitation of the vulnerability that lead to the attack.

No End of Module Formal Examination

Reassessment Requirement
Coursework Only This module is reassessed solely on the basis of re-submitted coursework. There is no repeat written examination.

The University reserves the right to alter the nature and timings of assessment

Module Workload

Workload: Full Time
Workload Type	Contact Type	Workload Description	Frequency	Average Weekly Learner Workload	Hours
Lecture	Contact	Lecture delivering theory underpinning learning outcomes.	Every Week	2.00	2
Lab	Contact	Lab to support learning outcomes.	Every Week	2.00	2
Independent Learning	Non Contact	Independent learning.	Every Week	3.00	3
Total Hours					7.00
Total Weekly Learner Workload					7.00
Total Weekly Contact Hours					4.00

Workload: Part Time
Workload Type	Contact Type	Workload Description	Frequency	Average Weekly Learner Workload	Hours
Lecture	Contact	Lecture delivering theory underpinning learning outcomes.	Every Week	2.00	2
Lecture	Contact	Lab to support learning outcomes.	Every Week	2.00	2
Directed Learning	Non Contact	Independent Study.	Every Week	3.00	3
Total Hours					7.00
Total Weekly Learner Workload					7.00
Total Weekly Contact Hours					4.00

Recommended Book Resources
Module Resources
Mark Lutz. (2013), Learning Python, O'Reilly Media, [ISBN: 9781449355739]. Justin Sietz. (2014), Black Hat Python: Python Programming for Hackers and Pentesters, No Starch Press, [ISBN: 9781593275907].
Supplementary Book Resources
Mark Lutz. (2014), Python Pocket Reference: Python In Your Pocket, O'Reilly Media, [ISBN: 9781449357016]. David Beazley and Brian K. Jones. (2013), Python Cookbook, O'Reilly Media, [ISBN: 9781449340377]. Sanjib Sinha. Beginning Ethical Hacking with Python Paperback, Apress, [ISBN: 9781484225400]. Zach Codings. Computer Programming And Cyber Security for Beginners, Independently published, [ISBN: 9781671532908]. Christian Martorella. (2018), Learning Python Web Penetration Testing: Automate web penetration testing activities using Python, Packt Publishing, [ISBN: 178953397X].
This module does not have any article/paper resources
Other Resources
Website, The Python Tutorial, https://docs.python.org/3.5/tutorial/ind ex.html Website, A Byte of Python, https://www.gitbook.com/book/swaroopch/b yte-of-python/details Website, Learn Python The Hard Way, http://learnpythonthehardway.org/ Website, The Hitchhiker’s Guide to Python!, http://docs.python-guide.org/en/latest/ Website, Python reference, https://docs.python.org/3.5/index.html

Programme Code	Programme	Semester	Delivery
Module Delivered in
CR_KINSE_9	Master of Science in Cybersecurity	1	Mandatory
CR_KCYMN_9	Master of Science in Cybersecurity Management	1	Elective
CR_KINSY_9	Postgraduate Diploma in Science in Cybersecurity	1	Mandatory
CR_KCYMT_9	Postgraduate Diploma in Science in Cybersecurity Management	1	Elective