Learning Experience

The Learning Lab experience is supported by both asynchronous and synchronous components. Each Learning Lab sequence includes a set of resources, an asynchronous discussion, and an interactive live session, all of which culminate in the development of a project or application to apply learning to local and specific contexts in support of the learning objectives.


Welcome Session

September 6, 2022, 12:00–1:00 p.m. ET

This is a live session to learn the details of the Learning Lab, the Canvas site, and expectations for the microcredential. There will also be time to get to know your fellow Lab partners and facilitator.

Learning Cycle 1: Tools of the Trade

September 7, 2022, 12:00–1:30 p.m. ET

This session will highlight the tools used by ethical hackers and by a threat actor.


  • Identify common tools
  • Understand how tools can be used to breach an organization
  • Learn basic design elements to communicate effectively

Individual: Conduct a port scan using Zenmap
Individual: (Optional) Conduct a vulnerability scan

Learning Cycle 2: Exploitation Techniques

September 14, 2022, 12:00–1:30 p.m. ET

This workshop will focus on identifying and exploiting vulnerabilities.


  • Understand social engineering
  • See the effects that a successful phishing campaign can have on an organization
  • Understand how an exploit can compromise a server in an organization

Individual: Spotting a phish
Individual: Deploying ransomware

Review and Reflect Session

September 21, 2022, 12:00–1:30 p.m. ET

The Learning Lab will conclude with an application or implementation project (described below) and a closing live session to review and process the learning from the lab.

Lab Implementation Project

Hacking Metasploitable3 CTF
Metasploitable3 is a highly vulnerable Windows Server 2008 computer. The goal of this exercise is to learn about the Metasploit framework and how to use it to hack into a virtual machine. The exercise will allow you to capture cards (flags) using various techniques that exploit vulnerabilities. Each one of these vulnerabilities has a video series and written directions. The virtual machine access will be available for the duration of the class. More time can be granted upon request.