Hacking computer systems and networks has been widely discussed in today's news and
has been dramatized in entertainment as an activity for criminals and misfits.
However, the vast majority of the public has no concept of how breaches are performed
in practice. In this course, students will learn in a hands-on lab setting
about the underlying computing concepts
behind breaking a system, the techniques that are used, and tools that allow these hacks
to be carried out. In addition, this course will delve into the ethical impact of real-world
breaches, and will discuss techniques that could have been applied to mitigate the attacks.
Finally, the course will examine ways that students can apply their knowledge of hacking
for positive uses that improve the security of the Internet and could lead to careers in
cybersecurity. If you are curious about what hacking really looks like and enjoy
solving challenging puzzles, this course is for you.
Technical topics covered include program control flow analysis,
basic code exploitation, network observation, network protocol attacks,
developing exploit code, intelligence gathering,
web application vulnerabilities, lateral movement,
privilege escalation, physical security, device hacking,
social engineering, and physical security.
The course objectives are:
- Students will demonstrate an understanding of the most common hacking techniques used by cyber criminals and how they are exploited.
- Students will know what common tools are used to carry out cyber attacks, as well as what tools are used to defend against them.
- Students will be able to execute basic attacks in realistic IT environments, and be able to analyze new vulnerabilities that they have not seen previously.
- Students will be able to articulate the ethical impacts of real-world breaches and will be able to describe the most common defensive technology used both prior to and during a cyberattack.
Most of the course readings will come from the following book, with additional resources assigned as required readings.
Hacking: The Art of Exploitation, 2nd Edition by Jon Erickson, (No Starch)
In addition, the following book provides optional reference material for many of the tools we will be studying in the course.
The Hacker Playbook 2: Practical Guide To Penetration Testing by Peter Kim, (Amazon)
A detailed list of lectures, readings, assignments, due dates (subject
to change as the semester evolves) is available on the
Students will be evaluated based on the following breakdown:
- 20% Quizzes and exercises
- 30% Exams
- 20% Course project
- 15% Ethical studies
- 10% End of semester CTF
- 5% Class participation
Scale: 70 ≤ C < 77 ≤ C+ < 80 ≤ B- < 84 ≤ B < 88 ≤ B+ < 90 ≤ A- < 94 ≤ A
The course will include one midterm and one final exam. Students
will be responsible for material covered both in the readings AND
lectures. Attendance is therefore recommended as not all class
discussions will be covered in the text.
Quizzes will be given weekly at the beginning of class and will cover
topics from the assigned readings. It is required
that students do the reading prior class, as a good
percentage of their grade will depend on them. Quizzes
missed because of absences
can not be made up unless arrangements
are made with
the instructor prior to the course
Periodically, students will be assigned reading on a real-world breach
and will be required to complete a worksheet documenting the technical
details, ethical impacts, and economic outcomes of each breach. These worksheets
will be discussed in-class and will be graded for clarity and comprehensive coverage
by the professor.
The main deliverable of the course is the term project.
Students will be expected to work alone or in pairs and will have the option to choose
from one of the three following project options:
All projects will culminate with
a written report as well as a short in-class
- Identify a vulnerable application
that is used in practice and develop an exploit that can be demonstrated for the class
in a virtual environment.
- Develop a tutorial for using a security tool that was not covered in class.
- Develop an in-class lab exercise for future offerings of the course.
The project grade will be broken down into the following components:
- 10% Project topic selection
- 30% Final presentation
- 60% Final report
All class assignments and project milestones are assessed a 15% per-day late penalty,
with a maximum of 3 days, after which the assignment will not be graded.
Students with legitimate reasons who contact the professor before
the deadline may apply for an extension.
End of semester CTF
The final course period will be dedicated to a competitive
capture the flag (CTF) competition that will allow students
to apply their skills in a competitive environment.
Winning the contest is not required to get a good grade,
as students will be graded on this portion of the course
based on a demonstrated understanding of how to apply
course materials in an unguided exercise.
To do well in this course, students must take active and regular roles
in discussion and demonstrate comprehension of the reading and lecture
themes. Students are required to do the assigned reading before
class. This will be closely monitored by the professor, thereby
making a student's ability to demonstrate their comprehension of
material essential to a receiving a passing grade.
Disabilities and Learning Support
It is the policy of Villanova to make reasonable academic accommodations
for qualified individuals with disabilities. You must present verification
and register with the Learning Support Office by contacting 610-519-5176
or at firstname.lastname@example.org. Accommodations cannot be made
until verification is delivered to the professor, and cannot be enacted retroactively.
For physical access or
temporary disabling conditions, please contact the Office of Disability
Services at 610-519-4095 or email Stephen.email@example.com
Registration is needed in order to receive accommodations.
Academic Integrity Policy
All students are expected to uphold Villanova's Academic Integrity Policy and Code. Any incident of academic dishonesty will typically result in an "F" for the assignment and will be reported to the appropriate university officials. See the statement of the full policy on the
Graduate Arts and Sciences website. You can view the Academic Integrity Policy and Code, as well as other useful information related to writing papers, at the
Academic Integrity Gateway web site
Absences for Religious Holidays
Villanova University makes every reasonable effort to allow members of the community to observe their religious holidays, consistent with the University’s obligations, responsibilities, and policies. Students who expect to miss a class or assignment due to the observance of a religious holiday should discuss the matter with their professors as soon as possible, normally at least two weeks in advance. Absence from classes or examinations for religious reasons does not relieve students from responsibility for any part of the course work required during the absence.
See the full University policy