Semester	Spring Semester, 2025
Department	MA Program of Management Information Systems, First Year MA Program of Management Information Systems, Second Year
Course Name	Penetration Testing and Its Applications
Instructor	SUN SHI-SHENG
Credit	3.0
Course Type	Elective
Prerequisite

Course Objective

Course Description

Course Schedule

Note: The following is a preliminary course schedule. Course schedule may change and the actual course content will be posted on the Moodle page.

週次 Week	課程主題 Topic	課程內容與指定閱讀 Content and Reading Assignment	教學活動與作業 Teaching Activities and Homework	學習投入時間 Student workload expectation
週次 Week	課程主題 Topic	課程內容與指定閱讀 Content and Reading Assignment	教學活動與作業 Teaching Activities and Homework	課堂講授 In-class Hours	課程前後 Outside-of-class Hours
W01 02/17	資訊安全滲透測簡介 Introduction to Penetration Testing	Syllabus & Introduction to Penetration Testing	V	3	3
W02 02/24	網路資訊蒐集 Network Information Gathering Techniques	Network Information Gathering Techniques & Cyber Defense eXercise, CDX	HW#1	3	3
W03 03/03	弱點發現及掃描技術 Vulnerability Discovery and Scanning	OpenVAS & Nessus	V	3	3
W04 03/10	密碼學、密碼設置、密碼分析與通行碼 Cryptography, Password Security, Cryptanalysis, and Passphrases	John the Ripper	V	3	3
W05 03/17	弱點利用平台 Vulnerability Exploitation Platforms	Kali Linux & Metasploit	HW#2	3	3
W06 03/24	Windows弱點利用 Windows Exploitation	Mimikatz & Powershell & SMB & AD	V	3	3
W07 04/31	Linux弱點利用 Linux Exploitation	Chroot & Kernel exploit	V	3	3
W08 04/07	Web Server及Web弱點利用 Web Server and Web Application Exploitation	Apache/IIS/Tomcat server and config & SSL/TLS	V	3	3
W09 04/14	Midterm CYBERSEC 2025 04/15~04/17	Midterm CYBERSEC 2025 04/15~04/17	V	3	4.5
W10 04/21	內網滲透 Internal Network Penetration	Sniffer, ARP Spoofing and Poisoning, MITM	HW#3	3	3
W11 04/28	VPN安全測試及通訊掩護 VPN Security Testing and Traffic Obfuscation	IKEForce & PPTP Hacking & Overlay network	V	3	3
W12 05/05	網路設備滲透及WiFi滲透 Network Device and WiFi Penetration	SSDP & CDP & Aircrack ng	V	3	3
W13 05/12	實體滲透 Physical Penetration	Key logger & BadUSB	V	3	3
W14 05/19	社交工程 Social Engineering	urlcrazy &Setoolkit & Beef	HW#4	3	3
W15 05/26	阻斷服務及壓力測試 Denial of Service and Stress Testing	DoS/DDoS & DDoSer hping	V	3	3
W16 06/02	Term Project Report	Term Project Report	V	3	4.5
W17 06/09	Course-related Online Learning
W18 06/16	Self-learning

Teaching Methods

Teaching Assistant

Shang-Te Wang (王尚德)

112791013@nccu.edu.tw

Requirement/Grading

The grading criteria is tentatively as follows. Please refer to Moodle of this course for the final version.

In-class lab activities and homework: 50%

Midterm: 25%

Term Project: 25%

This course is conditionally open to use Generative AI tools:

If students use Generative AI tools, they need to briefly explain how to use Generative AI for topic development, sentence polishing, or structural reference in the "footnote of title page" or "references" in the assignments or reports.

If the student uses Generative AI tools but does not indicate them in the assignments or reports, the teacher has the right to regrade or deny the assignments or reports.

Students taking this course will be deemed to have agreed to the above statement of conditional open use of Generative AI tools when registering for the course.

本課程有條件開放使用生成式AI工具：

修課同學若使用生成式AI工具，需於作業或報告中的「標題頁註腳」或「引用文獻後」簡要說明如何使用生成式AI進行議題發想、文句潤飾或結構參考等使用方式。

若經查核使用生成式AI工具，卻未於作業或報告中標明，授課教師有權針對作業或報告重新評分或不予計分。

修讀本課程同學於選課時即視為同意以上有條件開放使用生成式AI工具聲明。

Textbook & Reference

Textbooks and references:

1. Kali Linux Penetration Testing Bible (Gus Khawaja, Wiley, ISBN: 978-1119719083)

2. Adversarial Tradecraft in Cybersecurity: Offense versus defense in real-time computer conflict (Dan Borges, Packt Publishing, ISBN: 978-1801076203)

3. 極黑駭客專用的OS：Kali Linux2無差別全網滲透 (李華峰, 深智數位, ISBN: 978-9860776072)

Urls about Course

The Moodle link https://moodle-course02.nccu.edu.tw/course/view.php?id=9555

Attachment