Study Guide

Objectives (course unit)

The digital landscape is evolving at an unprecedented rate with unknown threats lurking around every corner. Cybersecurity resilience in the modern world cannot be just an addon - it's a necessity. Organizations must build cybersecurity resilience, and offensive security professionals like Ethical Hackers and Penetration Testers can help proactively discover unknown threats and address them before cybercriminals do.

This course is designed to prepare learners with the Ethical Hacker skillset. By doing real-world inspired hands-on practice labs, learners develop essential workforce readiness skills to lay a solid foundation in offensive security.

After completing the course, the students will be able to:
- Understand the mindset and tactics of threat actors
- Use several offensive security tools in proficient way
- Scope, execute and report vulnerability assessments
- Recommend mitigation strategies
- Understand the ethical aspect of hacking

By the end of the course, students have learned how to use ethical hacking tools to find, assess, and exploit vulnerabilities in a range of simulated and real-world targets.

Content (course unit)

- Ethical Hacking and Penetration Testing
- Testing tools and environments
- Planning and Scoping a Test
- Information Gathering
- Exploiting Vulnerabilities
- Post-exploitation
- Analysis and Reporting

Prerequisites (course unit)

- Basic knowledge of cybersecurity
- Strong computer usage skills and understanding of how a computer operates
- Fundamentals of the Windows operating system
- Basic proficiency with Linux commands
- Introductory knowledge of programming
- Solid understanding of computer networks and their functionality

Assessment criteria, satisfactory (1-2) (course unit)

The student:
- Understands the basic principles of ethical hacking and penetration testing and explains their relevance to cybersecurity.
- Performs fundamental steps in offensive testing in simulated environments following instructions.
- Uses hacking tools at a basic level.

Assessment criteria, good (3-4) (course unit)

The student:
- Applies ethical hacking methods in practical scenarios.
- Uses hacking tools effectively, documents findings, and critically analyzes them.
- Creates a basic proof-of-concept to demonstrate a discovered vulnerability and its impact in a simulated environment.

Assessment criteria, excellent (5) (course unit)

The student:
- Has the necessary skills to participate in a planned penetration test as an active tester, following the plan and demonstrating an understanding of its details and objectives.
- Effectively utilizes tools and techniques as part of the testing process and interprets findings accurately.
- Prepares professional summaries detailing findings, risks, and relevant recommendations.

Location and time

Delivered in Spring 2025 according to the timetable, see lukkarit.tamk.fi
wk1-10: Remote sessions and out-of-class discussions and guidance in Teams
wk11-17: On-campus teaching and laboratory work in room C3-05

Exam schedules

Completing the course consists of several components and cannot be completed through a single exam. Most assignments and tests have specific time windows during which they, along with their retakes, must be completed. The skills exam will be held in April during the final in-person session. The theory exam, including retakes, can be taken during weeks 16–18. All time windows will be announced in advance.

Assessment methods and criteria

Compulsory for Grade 1:
- Successful completion of the Ethical Hacker course, meeting the requirements set by Cisco Networking Academy (minimum 70% on the Final Exam and completion of the Capstone activity).
- A score of over 50% on the theoretical exam in TAMK's examination system.

Compulsory for Grades 2-5:
- Fulfillment of all Grade 1 requirements.
- A score of over 50% on the Skills Exam.
- Completion of more than 50% of the laboratory exercises.
- The final grade (2-5) is determined based on the points from compulsory tasks and the number of completed lab assignments.

Needing retakes and failing to meet deadlines will negatively impact the grade.

Assessment scale

0-5

Teaching methods

- Digital learning materials
- Remote learning and lessons and On-campus teaching and laboratory work
- Lectures and discussions
- Problem-based learning and laboratory work
- Exams, Skills exam, Assignments etc.

Learning materials

Cisco Networking Academy Ethical Hacker online Course: https://www.netacad.com/courses/ethical-hacker?courseLang=en-US (enrollment link will be provided in Teams)
Lab Assignments and other materials provided by the teacher (link in Teams)
A lot of additional materials (like videos) available in the Internet

Student workload

5 cr - 135 hours student work
Ethical Hacker course + lectures ~70 hours (incl. reading, quizzes, step-by-step labs, capstone project)
Hacking Labs + guidance ~50 hours
Skills Exam + Exam + preparation ~15 hours

Content scheduling

More detailed plan will be given at the beginning of the course (in Teams)
Weeks 1-10: Remote sessions, Cisco Networking Academy course Ethical Hacker, remote labs
Weeks 11-17: On-campus sessions, labs

Completion alternatives

This course is demanding and requires demonstrating skills and knowledge through exams, challenging assignments, and adherence to deadlines. If these aspects are problematic for you, consider completing the similar kind of course offered in CampusOnline (Cross-institutional studies through Pakki) instead.

Practical training and working life cooperation

The implementation aims to include guest speakers from industry-leading companies.

International connections

Cisco Networking Academy is internationally recognized study program.

Further information

The language of lectures is Finnish, but the materials and assignments are in English, and guidance is also available in English if needed.

Some mandatory tasks can only be completed in the school's laboratory.

The level of the assignments will be based on the specifications outlined in the prerequisites:
- Above basic knowledge of cybersecurity
- Strong computer usage skills and understanding of how a computer operates
- Fundamentals of the Windows operating system
- Basic proficiency with Linux commands
- Introductory knowledge of programming (proficiency to write short scripts and read code)
- Solid understanding of computer networks and their functionality (knowledge of tcp/ip protocols)

This course is demanding and requires demonstrating skills and knowledge through exams, challenging assignments, and adherence to deadlines. If these aspects are problematic for you, consider completing the similar kind of course offered in CampusOnline (Cross-institutional studies through Pakki) instead.