This module will address topics of:

Ethics, legal frameworks and professional responsibilities in penetration testing
Penetration testing methodologies
Business context and commercial considerations of security testing
Reconnaissance and information gathering on passive and active techniques
Network scanning, enumeration and service identification
Vulnerability assessment and analysis using industry tools
System hacking: exploitation techniques and privilege escalation
Post-exploitation activities
Password attacks and credential harvesting techniques
Evaluation of automated security assessment tools and their limitations
Professional report writing and communicating findings to stakeholders

Additional topics may be covered where appropriate. Practical exercises will be conducted using Kali Linux and other industry-standard tools within isolated, legal laboratory environments.

BCS / TechSkills elements:

Industry related methods employed in ethical hacking
Principles of business impact from cases of ethical hacking
Ethical, legal, and social impact related to ethical hacking activity

PRACTICAL - Practical Skills Demonstration - A skills demonstration in examination style. You will be asked to undertake a penetration test of a given target in a contained and legal environment; within the target there will be a number of flags which contain unique information. You will be asked to undertake penetrating testing activities, in line with the ethical hacking lifecycle (with address of legal and ethical criteria), in order to locate the flag information and will need to provide the information contained as your answers to the assessment.

PRESENTATION – You will describe the penetration lifecycle, legal considerations, and ethical boundaries. The presentation will also focus on security vulnerabilities.

Teaching material will be presented through a combination of lectures, tutorials, practical exercises and directed self-study. The lectures given will be covering the theoretical content of the module giving the students a detailed understanding of various penetration testing techniques. The tutorial sessions will be provided to allow for discussion and practical exercises to be carried out. The tutorial sessions will be used to allow you to experiment within a penetration testing environment.

1. Explain the stages of the penetration testing lifecycle, applying methodologies that adhere to legal and ethical boundaries.

Knowledge and Understanding

2. Evaluate the security posture of networked systems and web applications, identifying vulnerabilities, and assessing their potential business impact.

Application and Problem-Solving
Research Skills

3. Apply tools, methods and techniques used by penetration testers in conducting hacking activities.

Knowledge and Understanding
Reflection

4. Critically evaluate the use of industry-standard hacking tools and techniques against both a networked environment and a single-host target.

Knowledge and Understanding
Communication

VMWare Workstation v16 or later
Kali Linux
metasploitable 2
Host Machine with at least 8GB RAM, i5 or later processor, 250GB SSD Storage

Weidman, G. (2024), Penetration Testing: A Hands-On Introduction to Hacking, 2nd Edition, No Starch Press.

Engebretson, P. (2023), The Basics of Hacking and Penetration Testing: Ethical Hacking and Penetration Testing Made Easy, 3rd Edition, Syngress.

Stuttard, D. and Pinto, M. (2023), The Web Application Hacker's Handbook: Finding and Exploiting Security Flaws, 2nd Edition, Wiley.

Kennedy, D., O'Gorman, J., Kearns, D. and Aharoni, M. (2022), Metasploit: The Penetration Tester's Guide, No Starch Press.

OWASP Foundation (2025), "OWASP Testing Guide" [Online] Available at: https://owasp.org/www-project-web-security-testing-guide/ (Accessed: 08/02/2026).

In this module, you will develop the practical skills required to work as an ethical hacker and penetration tester. You will learn to think like an attacker, using the same tools and techniques employed by malicious hackers, but within strict legal and ethical boundaries to help organisations identify and fix their security weaknesses.