National Computing Education Accreditation Council

NCEAC

NCEAC.FORM.001-D

COURSE DESCRIPTION FORM: CS-4061: Ethical Hacking Concepts and Practices

COURSE DESCRIPTION FORM

INSTITUTION FAST School of Computing, National University of Computer
and Emerging Sciences, Islamabad

BS-CS – Fall 2021

PROGRAM TO BE EVALUATED

Course Description

1 NCEAC.FORM.001.D
 National Computing Education Accreditation Council
NCEAC

NCEAC.FORM.001-D

Course Code CS-4061

Course Title Ethical Hacking Concepts and Practices
Credit Hours 3
Prerequisites by
Course(s) and Topics
Grading Policy Absolute grading
Policy about missed Retake of missed assessment items (other than midterm/ final exam) will not be held.
assessment items in For a missed midterm/ final exam, an exam retake/ pretake application along with
the course necessary evidence are required to be submitted to the department secretary. The
examination assessment and retake committee decides the exam retake/ pretake cases.
Course Plagiarism Plagiarism in project or midterm/ final exam may result in F grade in the course.
Policy Plagiarism in an assignment will result in zero marks in the whole assignments category.
Assessment 60% Theory 40% Practical
Instruments with Assessment Items
Weights (homework, Assessment Item Number Weight (%)
quizzes, midterms,
final, programming Assignments 4 15
assignments, lab work, Quizzes 4 10
etc.)
Mid Term Exam 1 25
Project 1 10
Final Exam 1 40
Course Instructors Mr. Zeeshan Qaiser
Lab Instructors (if
any)
Course Coordinator Mr. Zeeshan Qaiser
URL (if any)
Current Catalog The course aims to familiarize the students with ethical hacking concepts using hands-on
Description approach and techniques. The course focuses on using different operating system to test
the vulnerabilities in the system, network and applications. This course also focuses on
getting familiarization of hacker’s mindset i.e. exploit the system in a test case in order to
avoid any potential breach in real. The course will be covering all the ethical hacking
modules including information gathering, scanning, exploitation, covering tracks and
reporting. The course also covers sub modules including OWASP top 10 vulnerabilities,
Metasploit, man in the middle. All the topics are covered using hands-on approach.
The students (group of 2-3) will be given a practical task in which students will be
performing all the steps they learnt to test a scenario and later on will present in the last 3
classes of the semester.

Textbook (or James Broad, Andrew Bindner, “Penetration Testing with Kali Linux” 1st Edition, Elsevier.
Laboratory Manual
for Laboratory
Courses)
Reference Material Certified Ethical Hacking Guide” Version 9 or 10

2 NCEAC.FORM.001.D
 National Computing Education Accreditation Council
NCEAC

NCEAC.FORM.001-D

Course Learning
A. Course Learning Outcomes (CLOs)
Outcomes
After completion of the course, the students shall be able to:

1. Define concepts of ethical hacking and terminologies

2. Setup the machines and can configure the testing and vulnerable environments
3. Test System, network, web and mobile platform by applying all ethical hacking
steps.
4. Make professional reports of all the assessment and penetration testing

B. Program Learning Outcomes

1. Computing Apply knowledge of mathematics, natural sciences, 

Knowledge computing fundamentals, and a computing
specialization to the solution of complex computing
problems.
2. Problem Identify, formulate, research literature, and 
Analysis analyze complex computing problems, reaching
substantiated conclusions using first principles of
mathematics, natural sciences, and computing
sciences.
3. Design/ Design solutions for complex computing problems
Develop and design systems, components, and processes
Solutions that meet specified needs with appropriate
consideration for public health and safety, cultural,
societal, and environmental considerations.
4. Investigation & Conduct investigation of complex computing 
Experimentation problems using research based knowledge and
research based methods.
5. Modern Tool Create, select, and apply appropriate techniques, 
Usage resources and modern computing tools, including
prediction and modelling for complex computing
problems.
6. Society Apply reasoning informed by contextual 
Responsibility knowledge to assess societal, health, safety, legal,
and cultural issues relevant to context of complex
computing problems.
7. Environment Understand and evaluate sustainability and impact
and Sustainability of professional computing work in the solution of
complex computing problems.
8. Ethics Apply ethical principles and commit to professional 
ethics and responsibilities and norms of computing
practice.
9. Individual and Function effectively as an individual, and as a 
Team Work member or leader in diverse teams and in multi-
disciplinary settings.
10. Communicate effectively on complex computing 
Communication activities with the computing community and with
society at large.
11. Project Demonstrate knowledge and understanding of 
Management and management principles and economic decision

3 NCEAC.FORM.001.D
 National Computing Education Accreditation Council
NCEAC

NCEAC.FORM.001-D

Finance making and apply these to one’s own work as a

member or a team.
12. Life Long Recognize the need for, and have the preparation 
Learning and ability to engage in independent and life-long
learning in the broadest context of technological
changes.

C. Mapping of CLOs on PLOs

(CLO: Course Learning Outcome, PLOs: Program Learning Outcomes)
PLOs

1 2 3 4 5 6 7 8 9 10 11 12

1      
2     
CLOs

3     
4       

Topics covered in Topics to be covered:

the course with
number of lectures No. of Contact
List of Topics
on each topic Weeks Hours CLO(s)
(assume 15 weeks of Introduction and basic terminologies
1 3 1
instruction and 1.5 regarding ethical hacking
hour lecture duration) Stages of Ethical Hacking, Hacker
Classes, Vulnerability Research,
Legal Implications of Hacking, Linux
1 3 2
environment setup, Scope of
Penetration Testing, documentation
techniques of penetration testing,

Linux basics, Introduction to foot

printing, Information gathering
methodology, DNS Enumeration,
Whois and ARIN Lookups,
Introduction to Social Engineering, 2 6 3,4
Common type of social engineering
attacks, Scanning phase,
Vulnerability Assessment, Nessus,
OpenVas, dirbuster, OwaspZap
Nmap, NSE and Zenmap, Setup
vulnerable server, DOS attacks,
3 9 3
Malware threats, Network and OS
threats, Metasploit, Armitage
Hacking OS and Wireless network,
MITM, sniffing, wireshark, network 2 6 2,3
miner, session hijacking

4 NCEAC.FORM.001.D
 National Computing Education Accreditation Council
NCEAC

NCEAC.FORM.001-D

OWASP Top 10 vulnerabilities, web

application testing using burp suite,
3 9 1,2,3
hacking a web server, Maintaining
Access, Clearing logs
Hacking mobile platforms, Reporting,
2 6 3,4
Review
Project Presentations 1 3 1,2,3,4

Total 15 45
Laboratory
Projects/Experiments
Done in the Course
Programming
Assignments Done in
the Course
Problem Analysis Solution Design Social and Ethical
Class Time Spent (in Theory (%)
(%) (%) Issues (%)
percentage)
50 25 20 5

Oral and Written Every student is required to submit at least __4___ written reports of typically _5____
Communications pages and to make __1___ oral presentation of typically ____15___ minutes’ duration.

5 NCEAC.FORM.001.D
 National Computing Education Accreditation Council
NCEAC

NCEAC.FORM.001-D

COURSE CONTENTS
Courseware Events
(Lab/ Case Study/ Quiz/
Weeks Contents/ Topics Assignment/ Project/ Comments (if any)
Presentation/ Research
Report/ Term Paper etc.)
Introduction and basic terminologies regarding ethical
Week-01
hacking
Stages of Ethical Hacking, Hacker Classes, Vulnerability
Research, Legal Implications of Hacking, Linux
Week-02 environment setup, ethical hacking vs penetration testing,
Scope of Penetration Testing. Black box white box, grey
box Testing.
Phases of ethical hacking, Linux basics, Introduction to
foot printing,
Information gathering methodology, DNS Enumeration,
Whois and ARIN Lookups, shodan, DNS enum, Wpscan, Assignment 1, Quiz 1
Week-03
Dirbuster, Introduction to Social Engineering, Common
type of social engineering attacks, phishing, vishing,
smishing, pretexting, baiting, tailgating, piggybacking,
Quid Pro Quo. Tools: Gophish
Setup vulnerable server, Scanning phase, Vulnerability
Week-04
Assessment, Nessus, Nikto, OpenVas, OwaspZap , FING
Open port, closed port, Filtered port, Nmap, NSE and
Assignment 2
Week-05 Zenmap,
DOS attacks, Hping Tool, Malware threats, Network and
Week-06 Quiz 2
OS threats, HAK 5 Kit
Usage of Metasploit, meterpreter, payload generation and
Week-07
exploit, Armitage. Project Discussion
Week-08 Hacking OS and Wireless network, Routersploit Assignment 3
MITM, sniffing, Wireshark, network miner, session
Week-09 Quiz 3
hijacking
Week-10 OWASP Top 10 vulnerabilities version 2013 and 2017
Web application testing using, SQLmap, XSSER, burp Assignment 4
Week-11
suite
Week-12 Hacking a web server, Maintaining Access, Clearing logs Quiz 4
Hacking mobile platforms, payload generation and
Week-13
encoding. Setting up L3mon and msfvenom

Making a professional report, Review, Introduction to Bug

Week-14
Bounty

Week-15
Project Presentation

6 NCEAC.FORM.001.D