Module Descriptors
APPLIED ETHICAL HACKING
COMP50108
Key Facts
Digital, Technology, Innovation and Business
Level 5
20 credits
Contact
Leader: Pantaleon Lutta Odongo
Email: pantaleon.lutta@staffs.ac.uk
Hours of Study
Scheduled Learning and Teaching Activities:
Independent Study Hours:
Total Learning Hours:
Pattern of Delivery
- Occurrence A, Stoke Campus, UG Semester 1
- Occurrence B, Stoke Campus, UG Semester 2
Sites
- Stoke Campus
Assessment
- PRACTICAL SKILLS ASSESSMENT - CONTROLLED CONDITIONS (ONLINE) 2 HOURS weighted at 50%
- REPORT - 2000 WORDS weighted at 50%
Module Details
LEARNING OUTCOMES
1. Explain and analyse the stages required by an ethical hacker to compromise a target.
Analysis
Knowledge & Understanding
2. Critically evaluate strengths and vulnerabilities of security measures implemented on IT systems.
Enquiry
Analysis
Application
3. Demonstrate a critical knowledge of the tools, methods and procedures and their application as used in the ethical hacking of single-host and networked environments
Knowledge & Understanding
Learning
Application
Enquiry
4. Demonstrate a critical knowledge of the tools, methods and techniques used in conducting and reporting on hacking activities.
Knowledge & Understanding
Application
Communication
Analysis
Knowledge & Understanding
2. Critically evaluate strengths and vulnerabilities of security measures implemented on IT systems.
Enquiry
Analysis
Application
3. Demonstrate a critical knowledge of the tools, methods and procedures and their application as used in the ethical hacking of single-host and networked environments
Knowledge & Understanding
Learning
Application
Enquiry
4. Demonstrate a critical knowledge of the tools, methods and techniques used in conducting and reporting on hacking activities.
Knowledge & Understanding
Application
Communication
ADDITIONAL ASSESSMENT DETAILS
Practical Skills Assessment - under controlled conditions 50%
You will undertake a penetration test of a given target in a contained and legal environment; within the target there will be 10 “flags” which contain unique information. The practical assessment involves a time-limited lab in which you will conduct structured reconnaissance, scanning, exploitation, and post-exploitation tasks on a target network. You will be asked to undertake penetrating testing activities, in line with the ethical hacking lifecycle, in order to locate the flag information and will need to provide the information contained as their answers to the examination. (Learning Objectives 3 and 4)
Report 50%
You are required to document and discuss system vulnerabilities, recommend mitigations, and communicate findings clearly to a mixed technical and non-technical audience as an expert witness. (Learning Outcomes 1, 2, 3 and 4)
Assessing aspects of the following KSBs from the CSTP Apprenticeship Standard:
K1: Foundations of cyber security, its significance, concepts, threats, vulnerabilities and assurance
K12: Threats, vulnerabilities, impacts and mitigations in ICT systems and the enterprise environment
S12: Discover, identify and analyse threats, attack techniques, vulnerabilities and mitigations
K14: Structured and ethical intelligence analysis, methods, techniques
S14: Undertake ethical system reconnaissance and intelligence analysis
K15: Management of cyber security risk, tools and techniques
S15: Undertake risk modelling, analysis and trades
K22: How to diagnose cause from observables. Application of SIEM (Security Information and Event Management) tools & techniques
S22: Security monitoring, analysis and intrusion detection. Recognise anomalies & behaviours
K23: Cyber incident response, management, escalation, investigation & 3rd party involvement
S23: Manage intrusion response, including with 3rd parties
K24: Legal, regulatory, compliance & standards environment
K25: Applicability of laws regulations & ethical standards
S25: Organise testing & investigation work in accordance with legal & ethical requirements
K26: Legal responsibilities of system owners, users, employers, employees
S26: Develop & apply information security policy to implement legal or regulatory requirements
B1: Fluent in written communications and able to articulate complex issues
B8: Analytical and critical thinking skills for Technology Solutions development and can systematically analyse and apply structured problem-solving techniques to complex systems and situations
B10: Can conduct effective research, using literature and other media
B12: Able to demonstrate a ‘security mind-set’ (how to break as well as make).
B15: A thorough approach to work in the cyber security role
You will undertake a penetration test of a given target in a contained and legal environment; within the target there will be 10 “flags” which contain unique information. The practical assessment involves a time-limited lab in which you will conduct structured reconnaissance, scanning, exploitation, and post-exploitation tasks on a target network. You will be asked to undertake penetrating testing activities, in line with the ethical hacking lifecycle, in order to locate the flag information and will need to provide the information contained as their answers to the examination. (Learning Objectives 3 and 4)
Report 50%
You are required to document and discuss system vulnerabilities, recommend mitigations, and communicate findings clearly to a mixed technical and non-technical audience as an expert witness. (Learning Outcomes 1, 2, 3 and 4)
Assessing aspects of the following KSBs from the CSTP Apprenticeship Standard:
K1: Foundations of cyber security, its significance, concepts, threats, vulnerabilities and assurance
K12: Threats, vulnerabilities, impacts and mitigations in ICT systems and the enterprise environment
S12: Discover, identify and analyse threats, attack techniques, vulnerabilities and mitigations
K14: Structured and ethical intelligence analysis, methods, techniques
S14: Undertake ethical system reconnaissance and intelligence analysis
K15: Management of cyber security risk, tools and techniques
S15: Undertake risk modelling, analysis and trades
K22: How to diagnose cause from observables. Application of SIEM (Security Information and Event Management) tools & techniques
S22: Security monitoring, analysis and intrusion detection. Recognise anomalies & behaviours
K23: Cyber incident response, management, escalation, investigation & 3rd party involvement
S23: Manage intrusion response, including with 3rd parties
K24: Legal, regulatory, compliance & standards environment
K25: Applicability of laws regulations & ethical standards
S25: Organise testing & investigation work in accordance with legal & ethical requirements
K26: Legal responsibilities of system owners, users, employers, employees
S26: Develop & apply information security policy to implement legal or regulatory requirements
B1: Fluent in written communications and able to articulate complex issues
B8: Analytical and critical thinking skills for Technology Solutions development and can systematically analyse and apply structured problem-solving techniques to complex systems and situations
B10: Can conduct effective research, using literature and other media
B12: Able to demonstrate a ‘security mind-set’ (how to break as well as make).
B15: A thorough approach to work in the cyber security role
INDICATIVE CONTENT
Understand the ethics and legal challenges of cyber security.
Vulnerability identification and computer threats analysis and evaluation
Security Analysis Methodologies
Understand the business aspect behind penetration Testing.
Analyse the technical foundation of penetration testing.
Introduction to foot printing and scanning
System hacking and enumeration
Evaluation of automated security assessment tools
Test Report Writing and Post Test Actions
Additional topics may be covered, where possible and appropriate. We will use examples from Linux and other modern operating systems to illustrate concepts covered through the course.
This module will support the development and assessment of the following KSBs from the CSTP Apprenticeship Standard:
K1: Foundations of cyber security, its significance, concepts, threats, vulnerabilities and assurance
K2: Network foundations, connections, internetworking, protocols, standards, performance, security and server virtualisation
S2: Design, build, configure, optimise, test and troubleshoot simple and complex networks
K5: Operating System principles, architectures, features, mechanisms, security features and exploits
S5: Configure an Operating System in accordance with security policy. Identify threats and features
K12: Threats, vulnerabilities, impacts and mitigations in ICT systems and the enterprise environment
S12: Discover, identify and analyse threats, attack techniques, vulnerabilities and mitigations
K14: Structured and ethical intelligence analysis, methods, techniques
S14: Undertake ethical system reconnaissance and intelligence analysis
K15: Management of cyber security risk, tools and techniques
S15: Undertake risk modelling, analysis and trades
K17: Concepts & benefits of security management systems, governance & international standards
S17: Apply a management system and develop an information security management plan
K22: How to diagnose cause from observables. Application of SIEM (Security Information and Event Management) tools & techniques
S22: Security monitoring, analysis and intrusion detection. Recognise anomalies & behaviours
K23: Cyber incident response, management, escalation, investigation & 3rd party involvement
S23: Manage intrusion response, including with 3rd parties
K24: Legal, regulatory, compliance & standards environment
K25: Applicability of laws regulations & ethical standards
S25: Organise testing & investigation work in accordance with legal & ethical requirements
K26: Legal responsibilities of system owners, users, employers, employees
S26: Develop & apply information security policy to implement legal or regulatory requirements
B1: Fluent in written communications and able to articulate complex issues
B8: Analytical and critical thinking skills for Technology Solutions development and can systematically analyse and apply structured problem-solving techniques to complex systems and situations
B10: Can conduct effective research, using literature and other media
B12: Able to demonstrate a ‘security mind-set’ (how to break as well as make)
B15: A thorough approach to work in the cyber security role
Learning within this module maps to the following Fundamental British Values:¿¿
Rule of law
Democracy
Learning within this module maps to the following principles of Safeguarding & Prevent:¿
Duty of care
Reporting and accountability
Protecting from harm
Vulnerability identification and computer threats analysis and evaluation
Security Analysis Methodologies
Understand the business aspect behind penetration Testing.
Analyse the technical foundation of penetration testing.
Introduction to foot printing and scanning
System hacking and enumeration
Evaluation of automated security assessment tools
Test Report Writing and Post Test Actions
Additional topics may be covered, where possible and appropriate. We will use examples from Linux and other modern operating systems to illustrate concepts covered through the course.
This module will support the development and assessment of the following KSBs from the CSTP Apprenticeship Standard:
K1: Foundations of cyber security, its significance, concepts, threats, vulnerabilities and assurance
K2: Network foundations, connections, internetworking, protocols, standards, performance, security and server virtualisation
S2: Design, build, configure, optimise, test and troubleshoot simple and complex networks
K5: Operating System principles, architectures, features, mechanisms, security features and exploits
S5: Configure an Operating System in accordance with security policy. Identify threats and features
K12: Threats, vulnerabilities, impacts and mitigations in ICT systems and the enterprise environment
S12: Discover, identify and analyse threats, attack techniques, vulnerabilities and mitigations
K14: Structured and ethical intelligence analysis, methods, techniques
S14: Undertake ethical system reconnaissance and intelligence analysis
K15: Management of cyber security risk, tools and techniques
S15: Undertake risk modelling, analysis and trades
K17: Concepts & benefits of security management systems, governance & international standards
S17: Apply a management system and develop an information security management plan
K22: How to diagnose cause from observables. Application of SIEM (Security Information and Event Management) tools & techniques
S22: Security monitoring, analysis and intrusion detection. Recognise anomalies & behaviours
K23: Cyber incident response, management, escalation, investigation & 3rd party involvement
S23: Manage intrusion response, including with 3rd parties
K24: Legal, regulatory, compliance & standards environment
K25: Applicability of laws regulations & ethical standards
S25: Organise testing & investigation work in accordance with legal & ethical requirements
K26: Legal responsibilities of system owners, users, employers, employees
S26: Develop & apply information security policy to implement legal or regulatory requirements
B1: Fluent in written communications and able to articulate complex issues
B8: Analytical and critical thinking skills for Technology Solutions development and can systematically analyse and apply structured problem-solving techniques to complex systems and situations
B10: Can conduct effective research, using literature and other media
B12: Able to demonstrate a ‘security mind-set’ (how to break as well as make)
B15: A thorough approach to work in the cyber security role
Learning within this module maps to the following Fundamental British Values:¿¿
Rule of law
Democracy
Learning within this module maps to the following principles of Safeguarding & Prevent:¿
Duty of care
Reporting and accountability
Protecting from harm
WEB DESCRIPTOR
This module provides apprentices with the knowledge, tools and ethical framework required to perform penetration testing activities. Combining theory with real-world application, it prepares learners for roles in offensive security, cyber consultancy, and incident response.
LEARNING STRATEGIES
This module will be delivered in a blended learning mode consisting of face-to-face, online and guided learning sessions.
Teaching sessions will blend theory and practical learning, and most importantly where possible will seek to be contextualised in your workplace as part of your apprenticeship. You will be introduced to curriculum concepts and ideas and will then be able to apply theory to practical examples. In addition, you will be provided with a range of resources for independent study such as case studies, academic papers and industry case studies. There will be a mixture of practical and theoretical formative (mock or practice) exercises which will help you build knowledge and confidence in preparation for summative (formal) assessment.
The delivery will be delivered as follows:
Module Launch week: 12 hours.
There will be a module launch week with up to 12 hours of face-to-face contact time devoted to developing your understanding of the core purpose and assessment of the module. You will be presented with details of how the learning will be structured and how to access to the learning materials for the remainder of the module.
Structured Learning Sessions: 15 hours
Following the module launch week you will have a further 15 hours of attendance-based contact time as a class with the module team. This will typically be as 10 x 1.5-hour online classes. Classes which will be a combination of activities including lectures, demonstrations, discussions, tutorials and seminars. Some sessions maybe in flipped classroom style, where you will be expected to watch online recordings, read materials or respond to practical activities in preparation for active engagement with problem solving in the online session.
1:1 Progress Checks: 1 hour
As a Blended Learner understanding your progress can be a challenge so you are allocated an hour of 1:1 time with your tutor (typically 3 x 20-minute meetings). Some of these may be in small groups if appropriate. These sessions may be used to discuss key topics, troubleshoot solutions, review working drafts etc.
Assignment Development: Time 30 hours
A typical assignment will take you a minimum 30 hours to complete.
This module includes 58 off-the-job (OTJ) training hours as standard, covering new learning funded by the apprenticeship levy. A total 200 nominal learning hours has been attributed to this module, incorporating OTJ training alongside broader academic development beyond levy-funded new learning.
Teaching sessions will blend theory and practical learning, and most importantly where possible will seek to be contextualised in your workplace as part of your apprenticeship. You will be introduced to curriculum concepts and ideas and will then be able to apply theory to practical examples. In addition, you will be provided with a range of resources for independent study such as case studies, academic papers and industry case studies. There will be a mixture of practical and theoretical formative (mock or practice) exercises which will help you build knowledge and confidence in preparation for summative (formal) assessment.
The delivery will be delivered as follows:
Module Launch week: 12 hours.
There will be a module launch week with up to 12 hours of face-to-face contact time devoted to developing your understanding of the core purpose and assessment of the module. You will be presented with details of how the learning will be structured and how to access to the learning materials for the remainder of the module.
Structured Learning Sessions: 15 hours
Following the module launch week you will have a further 15 hours of attendance-based contact time as a class with the module team. This will typically be as 10 x 1.5-hour online classes. Classes which will be a combination of activities including lectures, demonstrations, discussions, tutorials and seminars. Some sessions maybe in flipped classroom style, where you will be expected to watch online recordings, read materials or respond to practical activities in preparation for active engagement with problem solving in the online session.
1:1 Progress Checks: 1 hour
As a Blended Learner understanding your progress can be a challenge so you are allocated an hour of 1:1 time with your tutor (typically 3 x 20-minute meetings). Some of these may be in small groups if appropriate. These sessions may be used to discuss key topics, troubleshoot solutions, review working drafts etc.
Assignment Development: Time 30 hours
A typical assignment will take you a minimum 30 hours to complete.
This module includes 58 off-the-job (OTJ) training hours as standard, covering new learning funded by the apprenticeship levy. A total 200 nominal learning hours has been attributed to this module, incorporating OTJ training alongside broader academic development beyond levy-funded new learning.
TEXTS
Casey, E. (2025) Digital Evidence and Computer Crime: Forensic Science, Computers, and the Internet. 5th edn. Academic Press.
Vacca, J. R. (2024) Computer Forensics: Principles and Practices. 4th edn. Pearson.
Endorf, C., Schultz, E. E. & Mellander, K. (2024) Incident Response & Computer Forensics. 4th edn. New York: McGraw Hill.
Engebretson, P. (2023) The Basics of Hacking and Penetration Testing: Ethical Hacking and Penetration Testing Made Easy. 3rd edn. Cambridge, MA: Syngress.
Bejtlich, R. (2023) The Practice of Network Security Monitoring: Understanding Incident Detection and Response. Revised Edition. San Francisco: No Starch Press.
Swanson, M., Hash, J., Bowen, P. & Johnson, A. (2023) Contingency Planning Guide for Federal Information Systems. National Institute of Standards and Technology (NIST) Special Publication 800-34 Revision 1 1.
Madsen, T. (2022), Security Architecture – How & Why (River Publishers Series in Security and Digital Forensics), River Publishers; 1st edition
Holt, T, J et. al. (2022), Cybercrime and Digital Forensics: An Introduction, Routledge; 3rd edition
Johansen, G, (2022), Digital Forensics and Incident Response: Incident response tools and techniques for effective cyber threat response, 3rd Edition, Packt Publishing; 3rd edition
Oettinger, G. (2022), Learn Computer Forensics: Your one-stop guide to searching, analysing, acquiring, and securing digital evidence, 2nd Edition, Packt Publishing; 2nd edition
Mullins, M. (2022), Cyber Security Awareness: Employee Handbook, Kindle Edition
Anderson, R. (2021), Security Engineering: A Guide to Building Dependable Distributed Systems, 3rd Edition, Wiley, 3rd EditionIEEE Transactions on Information Forensics and Security
IEEE Security & Privacy
ScienceDirect – Computers & Security
Vacca, J. R. (2024) Computer Forensics: Principles and Practices. 4th edn. Pearson.
Endorf, C., Schultz, E. E. & Mellander, K. (2024) Incident Response & Computer Forensics. 4th edn. New York: McGraw Hill.
Engebretson, P. (2023) The Basics of Hacking and Penetration Testing: Ethical Hacking and Penetration Testing Made Easy. 3rd edn. Cambridge, MA: Syngress.
Bejtlich, R. (2023) The Practice of Network Security Monitoring: Understanding Incident Detection and Response. Revised Edition. San Francisco: No Starch Press.
Swanson, M., Hash, J., Bowen, P. & Johnson, A. (2023) Contingency Planning Guide for Federal Information Systems. National Institute of Standards and Technology (NIST) Special Publication 800-34 Revision 1 1.
Madsen, T. (2022), Security Architecture – How & Why (River Publishers Series in Security and Digital Forensics), River Publishers; 1st edition
Holt, T, J et. al. (2022), Cybercrime and Digital Forensics: An Introduction, Routledge; 3rd edition
Johansen, G, (2022), Digital Forensics and Incident Response: Incident response tools and techniques for effective cyber threat response, 3rd Edition, Packt Publishing; 3rd edition
Oettinger, G. (2022), Learn Computer Forensics: Your one-stop guide to searching, analysing, acquiring, and securing digital evidence, 2nd Edition, Packt Publishing; 2nd edition
Mullins, M. (2022), Cyber Security Awareness: Employee Handbook, Kindle Edition
Anderson, R. (2021), Security Engineering: A Guide to Building Dependable Distributed Systems, 3rd Edition, Wiley, 3rd EditionIEEE Transactions on Information Forensics and Security
IEEE Security & Privacy
ScienceDirect – Computers & Security
RESOURCES
Virtualised penetration testing environments (e.g. Kali Linux)
Wireshark
Metasploit Framework
Burp Suite
Vulnerable virtual machines (e.g. Metasploitable, DVWA)
Wireshark
Metasploit Framework
Burp Suite
Vulnerable virtual machines (e.g. Metasploitable, DVWA)