Carnegie Mellon University

Hacking Exposed


Benoit Morel

Number of Lectures


Course Description

Hacking can refer to all malicious cybersecurity activity. This course focuses on some aspects of that world. Namely, the course takes the perspective of hackers, with emphasis on the tools they developed and used and their method. Many of those tools are dual use, i.e. they are also used by system administrators.

As we see with Anonymous and Lulzsec, hackers can represent a serious threat. In cybersecurity, there is no centralized repository of knowledge. Hackers build a kind of community, within which quite a lot of information circulates, somewhat under the radar. The "hackers" carry a lot of the useful knowledge with them.  Part of the intention of the course is to clarify to a certain extent how hackers "learn" and what they tend to do with their "knowledge" or expertise.

In this course the emphasis will be more on the "technological" side of hacking, i.e. tools and design of attacks, as opposed to "social engineering" for example. Social engineering is very important and enters in many attacks. But this course is based on the principle that it is more difficult to get informed about the technical aspect of hacking.

As a result, tools on the other hand will play an important role in this course. The idea is to see what they can and can't do and how easy or difficult it is to use them. Another focus of this course is on the impact of technological changes such as the wireless technology and the proliferation of embedded systems on hacking.



Recommended Textbook



  • Lecture 1:   The Origin and Early Days of Hacking
  • Lecture 2:   Early Phase of Hacking
  • Lecture 3:   Vulnerabilities
  • Lecture 4:   Selected Hacking  Tools (I): Netcat, Nmap, (NCat), Nessus, Wireshark
  • Lecture 5:   "Hacking Exposed": The Books of That Name: 1999-2012
  • Lecture 6:   Analysis of Selected Tools (II): Cain and Abel Burp Suite, Sqlmap, Cain and Abel, SNORT
  • Lecture 7:   Short History of Malware
  • Lecture 8:   Anatomy and Physiology of Malware
  • Lecture 9:   The Hackers' Work Bench: Metrasploit, Back Track, etc.
  • Lecture 10: Wireless Hacking
  • Lecture 11: Hardware Hacking
  • Lecture 12: Smartphones and Hacking
  • Lecture 13: The Challenge of Being a Hacker Against Financial Institutions
  • Lecture 14: When Hacking Intersects Cybercriminality and Cyberwar
  • Lecture 15: Hacking Today
  • Lecture 16: The Future of Hacking