IFN656 Ethical Hacking and Penetration Testing


To view more information for this unit, select Unit Outline from the list below. Please note the teaching period for which the Unit Outline is relevant.


Unit Outline: Semester 1 2026, Gardens Point, Internal

Unit code:IFN656
Credit points:12
Pre-requisite:IFN658 and IFN694
Disclaimer - Offer of some units is subject to viability, and information in these Unit Outlines is subject to change prior to commencement of the teaching period.

Overview

Ethical hackers  and penetration testers share the same goal: ensuring systems are secure. They use similar techniques, adopting methods often used by malicious threat actors, but not for malicious purposes. Ethical hackers try to anticipate malicious hackers’ behavior to expose system vulnerabilities so that they can addressed before they are exploited. Penetration testers focus on specific systems and methods to ensure security and compliance. Penetration testing helps to determine the level of risk of an information system.

This course covers penetration-testing techniques and tools that ethical hackers and cyber security specialists use to discover vulnerabilities in the people, process and technology aspects of networked communication and computer systems. The course provides a structured knowledge base for security professionals to identify vulnerabilities and recommend actions for mitigation to enhance network security and protect data from potential attackers.

Learning Outcomes

On successful completion of this unit you will be able to:

  1. Explain the ethical considerations in vulnerability discovery, disclosure, documenting and reporting.
  2. Describe in detail the stages in the penetration testing or ethical hacking process.
  3. Apply ethical hacking methodologies for security reconnaissance and vulnerability identification.
  4. Exploit identified vulnerabilities to gain access to information systems and resources.
  5. Work independently and collaborate with others to ethically identify and exploit vulnerabilities, and communicate the findings in writing.
  6. Provide recommendations to address identified issues, in a format that is suitable for both technical and non-technical audiences.

Content

You will investigate the following topics:

  • Ethical considerations in vulnerability discovery, disclosure, documenting and reporting
  • Stages in the pen-testing process: planning, reconnaissance, scanning, vulnerability assessment, exploitation, post-exploitation documentation and result reporting
  • Useful open-source tools for each stage of the pen-testing process
  • Vulnerability discovery related to people, processes and technology: Social engineering, OSINT, password cracking, web application exploit techniques, keyloggers, privilege escalation, …

Knowledge of Intrusion Detection Systems/ Intrusion Prevention Systems, and ways to circumvent them, exploit misconfiguration or cover tracks to hide evidence of malicious actions   

Learning Approaches

You are responsible for your academic progression through this unit. Unit staff will provide a learning environment designed to maximise your learning experience. In order to realise your full potential, it is strongly recommended that you actively participate in all of the learning activities offered in this unit.

The content of the unit is delivered through weekly pre-recorded lectures and tutorial/practical sessions, and through the QUT Learning Management System. During the weekly sessions, theory on various pen-testing topics will be presented, and structured hands-on lab activities will reinforce the key theoretical concepts and build practical skills.

You should expect to spend, on average, 10 - 15 hours per week involved in preparing for and attending scheduled classes, preparing and completing assessment tasks as well as in independent study to consolidate your learning. You must be able to manage your time and prioritise activities in order to complete the required unit activities.

Your participation in the learning activities provides opportunities for you to self-assess and to obtain feedback from unit staff and your peers, further developing your interpersonal and oral communication skills.

The unit coordinator will use email and the unit's QUT Learning Management System to make announcements and post various types of information throughout the semester. It is your responsibility to access your email account and the unit's QUT Learning Management System regularly. 

Feedback on Learning and Assessment

You will have a range of opportunities to receive feedback on your learning and progress in this unit. This includes:

  • formative in-class individual and whole-of-class feedback provided by unit staff during tutorial classes
  • responses to questions posed through the unit communication channel from your peers and teaching staff
  • feedback given on your assessment items via the rubric and written feedback, individually and during scheduled review sessions
  • have a private consultation with teaching staff

Assessment

Overview

This unit covers penetration-testing techniques and tools that ethical hackers and cyber security specialists use to discover vulnerabilities in the people, process and technology aspects of networked communication and computer systems. The course provides a structured knowledge base for security professionals to identify vulnerabilities and recommend actions for mitigation to enhance network security and protect data from potential attackers.

The assessment covers both the knowledge acquired throughout the semester and practical application using industry standard tools. You should be able to work both independently and as a productive and cooperative team member.

  • Independent work is required to complete some assessment items. For these items, although you may discuss the assessment topics with others, the work you submit for assessment must be your own individual effort. It is your responsibility to ensure that your work is completed in a timely manner.
  • For group assessment tasks it is the responsibility of all group members to ensure the work is completed. 

Unit Grading Scheme

7- point scale

Assessment Tasks

Assessment: Assignment 1

Students work in pairs to explain the methodology behind reconnaissance and scanning, to demonstrate common reconnaissance and scanning techniques, and demonstrate effective use of reconnaissance and scanning tools for ethical hacking purposes. The report should include: should include: An Introduction, screen shots of experiments conducted, analysis of the method used and relevant references.

This assignment is eligible for the 48-hour late submission period and assignment extensions. 

Weight: 20
Length: A report of 5-6 pages
Individual/Group: Group
Due (indicative): Week 6
Related Unit learning outcomes: 1, 2, 3, 5

Assessment: Assignment 2

Labs: There will be laboratory activities consisting of many exercises. The exercises investigate particular topics in penetration testing and ethical hacking, such as scanning, enumeration and system hacking. Students (groups of 1-2) should implement the exercise tasks and document their findings for each lab, building a portfolio.

This assignment is eligible for the 48-hour late submission period and assignment extensions. 

Weight: 30
Individual/Group: Individual
Due (indicative): Week 12
Related Unit learning outcomes: 1, 2, 3, 4, 5, 6

Assessment: Final Exam (written)

Test the knowledge and understanding of the concepts presented in the unit

Weight: 50
Individual/Group: Individual
Due (indicative): During central examination period
Central exam duration: 3:10 - Including 10 minute perusal
Related Unit learning outcomes: 1, 2, 6

Academic Integrity

Academic integrity is a commitment to undertaking academic work and assessment in a manner that is ethical, fair, honest, respectful and accountable.

The Academic Integrity Policy sets out the range of conduct that can be a failure to maintain the standards of academic integrity. This includes, cheating in exams, plagiarism, self-plagiarism, collusion and contract cheating. It also includes providing fraudulent or altered documentation in support of an academic concession application, for example an assignment extension or a deferred exam.

You are encouraged to make use of QUT’s learning support services, resources and tools to assure the academic integrity of your assessment. This includes the use of text matching software that may be available to assist with self-assessing your academic integrity as part of the assessment submission process.

Breaching QUT’s Academic Integrity Policy or engaging in conduct that may defeat or compromise the purpose of assessment can lead to a finding of student misconduct (Code of Conduct – Student) and result in the imposition of penalties under the Management of Student Misconduct Policy, ranging from a grade reduction to exclusion from QUT.

Requirements to Study

Costs

There are no out of the ordinary costs associated with the study of this unit.

Resources

There is no required textbook for this unit. All learning materials will be provided via the Canvas site. This unit utilises a range of different software, which is available in computer laboratories or is freely available.

Resource Materials

Other

Canvas site

Risk Assessment Statement

There are no extraordinary risks associated with the classroom/ lecture activities in this unit.