Jaipur Engineering College and

Research
Centre, Shri Ram ki Nangal , via Academic Year
Sitapura 2024-2025
RIICO, Jaipur 302022

REPORT OF

INDUSTRIAL TRAINING ON

“Cybersecurity & Ethical Hacking”

In partial fulfilment of the requirement for the award of

degree of Bachelor of Technology
In
Electronics & Communications Engineering

(Session 2024-25)

Submitted to: Submitted by:

Mr. Sudarshan
Akshay Kapoor
Jain
23EJCEC005

Department of Electronics & Communications Engineering

Jaipur Engineering College and Research Centre, Jaipur
Rajasthan Technical University, Kota
2024-25
Jaipur Engineering College and
Research
Centre, Shri Ram ki Nangal , via Academic Year
Sitapura 2024-2025
RIICO, Jaipur 302022
 Jaipur Engineering College and
Research
Centre, Shri Ram ki Nangal , via Academic Year
Sitapura 2024-2025
RIICO, Jaipur 302022

CERTIFICATE

This is to certify that the report of the training submitted is the outcome of the practical training
done at “Infosys Springboard ” in “Cybersecurity & Ethical Hacking ” is carried out by
Akshay Kapoor bearing RTU Roll No.:23EJCEC005 under the guidance and supervision of
“Mr. Sudarshan Jain” for the award of Degree of Bachelor of Technology (B. Tech.) in
Computer Science and Technology from Jaipur Engineering College & Research Centre,
Jaipur (Raj.), India affiliated to Rajasthan Technical University, Kota during the academic
year 2024-2025.

To the best of my knowledge the report: -

i) Embodies the work of the candidate.

ii) Has duly been completed.
iii) Fulfils the requirement of the ordinance relating to the bachelor of technology degree
of the Rajasthan technical University and
iv) Is up to the desired standard for the purpose of which is submitted.
 Jaipur Engineering College and
Research
Centre, Shri Ram ki Nangal , via Academic Year
Sitapura 2024-2025
RIICO, Jaipur 302022

VISION OF ECE DEPARTMENT

To become a renowned Centre of excellence in computer science and engineering and make
competent engineers & professionals with high ethical values prepared for lifelong learning.

MISSION OF ECE DEPARTMENT

1. To impart outcome-based education for emerging technologies in the field of computer

science and engineering.
2. To provide opportunities for interaction between academia and industry.
3. To provide a platform for lifelong learning by accepting the change in technologies 4. To
develop the aptitude of fulfilling social responsibilities.
 Jaipur Engineering College and
Research
Centre, Shri Ram ki Nangal , via Academic Year
Sitapura 2024-2025
RIICO, Jaipur 302022

PROGRAM OUTCOMES (POs)

1. Engineering knowledge: Apply the knowledge of mathematics, science, engineering
fundamentals, and an engineering specialization to the solution of complex engineering
problems.
2. Problem analysis: Identify, formulate, research literature, and analyse complex engineering
problems reaching substantiated conclusions using first principles of mathematics, natural
sciences, and engineering sciences.
3. Design/development of solutions: Design solutions for complex engineering problems and
design system components or processes that meet the specified needs with appropriate
consideration for the public health and safety, and the cultural, societal, and environmental
considerations.
4. Conduct investigations of complex problems: Use research-based knowledge and research
methods including design of experiments, analysis and interpretation of data, and synthesis of
the information to provide valid conclusions.
5. Modern tool usage: Create, select, and apply appropriate techniques, resources, and modern
engineering and IT tools including prediction and modelling to complex engineering
activities with an understanding of the limitations.
6. The engineer and society: Apply reasoning informed by the contextual knowledge to assess
societal, health, safety, legal and cultural issues and the consequent responsibilities relevant to
the professional engineering practice.
7. Environment and sustainability: Understand the impact of the professional engineering
solutions in societal and environmental contexts, and demonstrate the knowledge of, and need
for sustainable development.
8. Ethics: Apply ethical principles and commit to professional ethics and responsibilities and
norms of the engineering practice.
9. Individual and team work: Function effectively as an individual, and as a member or leader
in diverse teams, and in multidisciplinary settings.
10. Communication: Communicate effectively on complex engineering activities with the
engineering community and with society at large, such as, being able to comprehend and write
effective reports and design documentation, make effective presentations, and give and
receive clear instructions.
11. Project management and finance: Demonstrate knowledge and understanding of the
engineering and management principles and apply these to one’s own work, as a member and
leader in a team, to manage projects and in multidisciplinary environments.
12. Life-long learning: Recognize the need for, and have the preparation and ability to engage in
independent and life-long learning in the broadest context of technological change.
 Jaipur Engineering College and
Research
Centre, Shri Ram ki Nangal , via Academic Year
Sitapura 2024-2025
RIICO, Jaipur 302022

PROGRAM EDUCATIONAL OBJECTIVES

(PEOs)

The PEOs of the B.Tech (ECE) program are:

1. To produce graduates who are able to apply computer engineering knowledge to provide
turn-key IT solutions to national and international organizations.
2. To produce graduates with the necessary background and technical skills to work
professionally in one or more of the areas like – IT solution design development and
implementation consisting of system design, network design, software design and
development, system implementation and management etc. Graduates would be able to
provide solutions through logical and analytical thinking.
3. To able graduates to design embedded systems for industrial applications.
4. To inculcate in graduates effective communication skills and team work skills to enable
them to work in a multidisciplinary environment.
5. To prepare graduates for personal and professional success with commitment to their
ethical and social responsibilities.

PROGRAM SPECIFIC OUTCOMES (PSOs)

• PSO1: Ability to interpret and analyse network specific and cyber security issues in real
world environment.
• PSO2: Ability to design and develop mobile and web-based applications under realistic
constraints.
 Jaipur Engineering College and
Research
Centre, Shri Ram ki Nangal , via Academic Year
Sitapura 2024-2025
RIICO, Jaipur 302022

COURSE OUTCOMES (COs)

On completion of project Graduates will be able to-
• CO1: Generate the report based on the Projects carried out for demonstrating the ability to
apply the knowledge of engineering field during training
• CO2: Demonstrate Competency in relevant engineering fields through problem
identification, formulation and solution.

MAPPING: CO’s & PO’s

Subject Code Cos Program Outcomes (POs)

P P P P P P P P P PO PO PO
O O O O O O O O O 10 11 12
1 2 3 4 5 6 7 8 9
3 3 2 2 2 1 1 2 2 3 3 3
Industrial CO
-1
Training 3 3 3 3 3 1 1 2 2 3 3 3
CO
-2
 Jaipur Engineering College and
Research
Centre, Shri Ram ki Nangal , via Academic Year
Sitapura 2024-2025
RIICO, Jaipur 302022

DECLARATION

I hereby declare that the report entitled “Industrial Training on Cybersecurity & Ethical Hacking”
has been carried out and submitted by the undersigned to the Jaipur Engineering College & Research
Centre,Jaipur (Rajasthan) in an original work, conducted under the guidance and supervision.

The empirical findings in this report are based on the data, which has been collected by me. I have
not reproduced from any report of the University neither of this year nor of any previous year.

I understand that any such reproduction from an original work by another is liable to be punished in
a way the University authorities’ deed fits.

Akshay Kapoor
Enrollment No.: - 23EJCEC005
 Jaipur Engineering College and
Research
Centre, Shri Ram ki Nangal , via Academic Year
Sitapura 2024-2025
RIICO, Jaipur 302022

PREFACE

Bachelor of Technology in Electronics & Communications Engineering

is the Rajasthan Technical University course (Approved by AICTE) having a duration of 4 years.

As a prerequisite of the syllabus every student on this course has to take professional training from any
Industry related to the stream for 56 days in order to complete his/her studies successfully. And it is
required to submit the project report on the completion of it.

The main objective of this training is to create awareness regarding the application of theories in
the practical world of Information Technology and to give a practical exposure of the real world to
the student.

I feel great pleasure to present this project report.

 Jaipur Engineering College and
Research
Centre, Shri Ram ki Nangal , via Academic Year
Sitapura 2024-2025
RIICO, Jaipur 302022

ACKNOWLEDGEMENT

Any serious and lasting achievement or success, one can never achieve without the help, guidance
and co-operation of so many people involved in the work.

It is my pleasant duty to express my profound gratitude and extreme regards and thanks to Mr.
Arpit Agarwal and Dr. V.K. Chandna who gave me an opportunity to take professional training
in Infosys Springboard.

I would also like to thank Mr. Sudarshan Jain , Training & Placement Officer, Jaipur who
recommended me for this training.

Last but not the least, I am grateful to my beloved parents whose blessings and inspirations are
always with me. I am heartily thankful to those people who are involved directly or indirectly in
this project for encouraging me whenever I needed their help in spite of their busy schedule.

Akshay Kapoor
23EJCEC005
 Jaipur Engineering College and
Research
Centre, Shri Ram ki Nangal , via Academic Year
Sitapura 2024-2025
RIICO, Jaipur 302022

CHAPTER INDEX

PA
S. NO. TIT
LE GE
N
O.
Certificate ii-
iii
Declaration iv

Preface v

Acknowledgement vi

Company Profile vii

Chapter Index vi
ii
Figure Index x

1 Introduction .
1.1 CyberSecurity 1-3

2 Ethical Hacking 4.
2.1 Information Gathering 4-8

2.2 Vulnerability Analysis 8

2.3 Network Hacking 9

2.4 Password Attacks 10

2.5 Tools 11-12

Academic Year 2024-2025

3. Future Scope 13

Conclusion 14
 Jaipur Engineering College and
Research
Centre, Shri Ram ki Nangal , via Academic Year
Sitapura 2024-2025
RIICO, Jaipur 302022

CHAPTER 1

INTRODUCTION

1.1 CyberSecurity

Cybersecurity refers to the practices, technologies, and processes designed to protect computer
systems, networks, devices, and sensitive data from unauthorized access, use, disclosure, disruption,
modification, or destruction. In today’s interconnected world, cybersecurity is crucial for
individuals, organizations, and governments to safeguard their digital assets and maintain trust.
Key Components:
1. Network Security: Protecting networks from hacking, eavesdropping, and unauthorized
access.
2. Application Security: Ensuring software applications are secure and free from vulnerabilities.
3. Data Security: Protecting sensitive data through encryption, access controls, and backup
systems.
4. End-User Education: Training users to recognize and respond to cyber threats, such as
phishing and malware.
5. Incident Response: Developing plans to quickly respond to and contain cyber attacks.
Threats and Challenges:
1. Evolving Attack Vectors: New technologies and attack methods emerge constantly, requiring
ongoing updates and adaptations.
2. Lack of Skilled Professionals: Insufficient cybersecurity talent and resources to address the
growing threat landscape.
3. Increased Attack Surface: The proliferation of IoT devices and cloud computing expands the
attack surface, creating new vulnerabilities.
Best Practices:
1. Implement Multi-Layered Defenses: Combine multiple security controls to provide robust
protection.
2. Keep Software and Systems Up-to-Date: Regularly update and patch software, operating
systems, and firmware to fix vulnerabilities.
3. Use Strong Authentication and Authorization: Ensure secure login processes and access
controls.
4. Monitor and Analyze Network Traffic: Continuously monitor and analyze network activity
to detect and respond to threats.
By understanding the importance of cybersecurity and implementing effective measures, individuals
and organizations can reduce the risk of cyber attacks and protect their digital assets.

Cybersecurity means protecting data, networks, programs and other information from unauthorized
or unattended access, destruction or change. In today’s world, cybersecurity is very important
because of some security threats and cyber-attacks. For data protection, many companies develop
software. This software protects the data. Cybersecurity is important because not only it helps to
secure information but also our system from virus attack. After the U.S.A. and China, India has the
highest number of internet users.

Cyber Threats
It can be further classified into 2 types. Cybercrime – against individuals, corporates,
etc.and Cyberwarfare – against a state.
Cyber Crime
Use of cyberspace, i.e. computer, internet, cellphone, other technical devices, etc., to commit a
crime by an individual or organized group is called cyber-crime. Cyber attackers use numerous
software and codes in cyberspace to commit cybercrime. They exploit the weaknesses in the
software and hardware design through the use of malware. Hacking is a common way of piercing
the defenses of protected computer systems and interfering with their functioning. Identity theft is
also common.
Cybercrimes may occur directly i.e, targeting the computers directly by spreading computer viruses.
Other forms include DoS attack. It is an attempt to make a machine or network resource unavailable
to its intended users. It suspends services of a host connected to the internet which may be
temporary or permanent.
Malware is a software used to disrupt computer operation, gather sensitive information, or gain
access to private computer systems. It usually appears in the form of code, scripts, active content,
and other software. ‘Malware’ refers to a variety of forms of hostile or intrusive software, for
example, Trojan Horses, rootkits, worms, adware, etc.
Another way of committing cybercrime is independent of the Computer Network or Device. It
includes Economic frauds. It is done to destabilize the economy of a country, attack on banking
security and transaction system, extract money through fraud, acquisition of credit/debit card data,
financial theft, etc.
Hinder the operations of a website or service through data alteration, data destruction. Others
include using obscene content to humiliate girls and harm their reputation, Spreading pornography,
threatening e-mail, assuming a fake identity, virtual impersonation. Nowadays misuse of social
media in creating intolerance, instigating communal violence and inciting riots is happening a lot.
Get the huge list of more than 500 Essay Topics and Ideas
Cyber Warfare
Snowden revelations have shown that Cyberspace could become the theatre of warfare in the 21st
century. Future wars will not be like traditional wars which are fought on land, water or air. when
any state initiates the use of internet-based invisible force as an instrument of state policy to fight
against another nation, it is called cyberwar’.
It includes hacking of vital information, important webpages, strategic controls, and intelligence. In
December 2014 the cyberattack a six-month-long cyberattack on the German parliament for which
the Sofacy Group is suspected. Another example 2008 cyberattack on US Military computers. Since
these cyber-attacks, the issue of cyber warfare has assumed urgency in the global media.
Inexpensive Cybersecurity Measures
 The simplest thing you can do to up your security and rest easy at night knowing your data is
safe is to change your passwords.
 You should use a password manager tool like LastPass, Dashlane, or Sticky Password to keep
track of everything for you. These applications help you to use unique, secure passwords for
every site you need while also keeping track of all of them for you.
 An easy way for an attacker to gain access to your network is to use old credentials that have
fallen by the wayside. Hence delete unused accounts.
 Enabling two-factor authentication to add some extra security to your logins. An extra layer of
security that makes it harder for an attacker to get into your accounts.
Conclusion
Today due to high internet penetration, cybersecurity is one of the biggest need of the world as
cybersecurity threats are very dangerous to the country’s security. Not only the government but also
the citizens should spread awareness among the people to always update your system and network
security settings and to the use proper anti-virus so that your system and network security settings
stay virus and malware-free.
 Academic Year
2024-2025
Jaipur Engineering College and
Research
Centre, Shri Ram ki Nangal , via
Sitapura
RIICO, Jaipur 302022

2.1 Ethical Hacking

1.Introduction
Definition: Ethical hacking, also known as penetration testing or white-hat hacking, is the practice of
attempting to breach a computer system or network with the owner’s permission, to identify
vulnerabilities and weaknesses, and report them for remediation.
Goals:
1. Identify security vulnerabilities and weaknesses.
2. Report findings to the system owner.
3. Assist in fixing vulnerabilities to improve overall system security.
Types of Ethical Hackers:
1. Network hackers: Focus on network infrastructure and protocols.
2. Web application hackers: Target web applications and APIs.
3. Social engineers: Use human psychology to manipulate individuals into revealing sensitive
information.
Key Concepts:
1. Permission-based: Ethical hacking is only legal with explicit permission from the system
owner.
2. Objective: Find vulnerabilities before malicious attackers can exploit them.
3. Methodology: Use various tools and techniques, similar to malicious hackers, but with the
goal of identifying and reporting vulnerabilities.
Benefits:
1. Improved system security.
2. Identification of vulnerabilities before they can be exploited by malicious attackers.
3. Compliance with security standards and regulations.
Note: Ethical hacking is a legal and ethical practice when done with permission and for the purpose of
improving system security. It is essential to distinguish ethical hacking from illegal and malicious
hacking activities
Ethical Hacking Tutorial
Ethical Hacking tutorial provides basic and advanced concepts of Ethical Hacking. Our Ethical
Hacking tutorial is developed for beginners and professionals.
Ethical hacking tutorial covers all the aspects associated with hacking. Firstly, we will learn how to
install the needed software. After this, we will learn the 4 type of penetration testing section which is
network hacking, gaining access, post exploitation, website hacking.
In network hacking section, we will learn how networks work, how to crack Wi-Fi keys and gain
access the Wi-Fi networks. In Gaining access section, we will learn how to gain access to the servers
and personal computers. In the post-exploitation section, we will learn what can we do with the access
that we gained in the previous section. So we learn how to interact with the file system, how to
execute a system command, how to open the webcam. In the website hacking section, we will learn
how the website works, how to gather comprehensive information about website. In the end, we will
learn how to secure our system from the discussed attacks.
What is Hacking?
Gaining access to a system that you are not supposed to have access is considered as hacking. For
example: login into an email account that is not supposed to have access, gaining access to a remote
computer that you are not supposed to have access, reading information that you are not supposed to
able to read is considered as hacking. There are a large number of ways to hack a system.
In 1960, the first known event of hacking had taken place at MIT and at the same time, the
term Hacker was organized.
What is Ethical hacking?
Ethical hacking is also known as White hat Hacking or Penetration Testing. Ethical hacking
involves an authorized attempt to gain unauthorized access to a computer system or data. Ethical
hacking is used to improve the security of the systems and networks by fixing the vulnerability found
while testing.
Ethical hackers improve the security posture of an organization. Ethical hackers use the same tools,
tricks, and techniques that malicious hackers used, but with the permission of the authorized person.
The purpose of ethical hacking is to improve the security and to defend the systems from attacks by
malicious users.
Types of Hacking
We can define hacking into different categories, based on what is being hacked. These are as follows:
1. Network Hacking
2. Website Hacking
3. Computer Hacking
4. Password Hacking
5. Email Hacking
1. Network Hacking: Network hacking means gathering information about a network with the
intent to harm the network system and hamper its operations using the various tools like
Telnet, NS lookup, Ping, Tracert, etc.
2. Website hacking: Website hacking means taking unauthorized access over a web server,
database and make a change in the information.
3. Computer hacking: Computer hacking means unauthorized access to the Computer and steals
 the information from PC like Computer ID and password by applying hacking methods.
4. Password hacking: Password hacking is the process of recovering secret passwords from data
that has been already stored in the computer system.
5. Email hacking: Email hacking means unauthorized access on an Email account and using it
without the owner's permission.
Advantages of Hacking
There are various advantages of hacking:
1. It is used to recover the lost of information, especially when you lost your password.
2. It is used to perform penetration testing to increase the security of the computer and network.
3. It is used to test how good security is on your network.
Disadvantages of Hacking
There are various disadvantages of hacking:
1. It can harm the privacy of someone.
2. Hacking is illegal.
3. Criminal can use hacking to their advantage.
4. Hampering system operations.

Ethical Hacking Tutorial Index

o Ethical Hacking Tutorial

o Types of Hackers
o Famous Hackers
o Environmental setup
Network Penetration
o Network Penetration Testing
o Basic of Network
Pre-connection Attacks
o Pre-connection Attacks
o Wireless Interface in Monitor mode
o About airodump-ng
o Run airodump-ng
o Deauthenticate
Gaining Access
o Introduction
o Gaining Access
o WEP Introduction
o WEP Cracking
o Fake Authentication Attack
o ARP Request Replay Attack
o WPA Theory
o Handshake Theory
o Capturing Handshakes
o Creating Wordlist
o Cracking Wordlist
o Securing Network from Attacks
Post Attacks
o Post-Connection Attacks
o Netdiscover
o Zenmap
MITM Attacks
o MITM Attacks
o ARP spoofing using arpspoof
o
 ARP spoofing using MITMf
o Bypassing HTTPS
o DNS Spoofing
Server Attacks
o Server-side Attacks
o Server-side Attack Basics
o Attacks - Metasploit basics
o Exploiting a Code Execution Vulnerability
o Installing MSFC
o MSFC Scan
o MSFC Analysis
o Installing Nexpose
o Nexpose Scanning

Prerequisite
There is nothing specific prerequisite for learning computer network.
Audience
Our Ethical Hacking Tutorial is designed to help beginners and professionals.
 Jaipur Engineering College and
Research Academic Year
Centre, Shri Ram ki Nangal , via 2024-2025
Sitapura
RIICO, Jaipur 302022

Information gathering is the systematic process of collecting, organizing, and analyzing data, facts, and
knowledge from various sources to obtain insights, generate knowledge, and support decision-making.
This process is essential in various contexts, including:
 Academic research
 Journalism
 Market research
 Intelligence gathering
 Everyday life situations
Methods of information gathering include:
 Traditional interviews and surveys
 Literature reviews
 Web scraping
 Data mining
 Social media analysis
 Whois lookup
 Netcraft and Robtex tools
 Subdomain discovery and analysis
Effective information gathering involves:
 Identifying relevant sources
 Collecting data through various methods
 Organizing and analyzing the collected information
 Drawing conclusions or making informed judgments based on the findings
In the context of penetration testing and ethical hacking, information gathering is the first step, providing a
detailed map of the target network and understanding the amount of effort required for a complete
assessment. It is an art that every penetration-tester and hacker should master for a better experience in
penetration testing.

New Report: 2024 State of Threat Intelligence

Unlock the latest insights from over 550 cybersecurity leaders and learn how to optimize your threat
intelligence strategy.
Get your Free Copy

Effective information gathering is crucial, whether you’re assessing cybersecurity risks, undertaking market
research, or conducting academic inquiries. This article demystifies the process, providing a clear
framework for collecting, analyzing, and leveraging data. With a focus on essential tools and strategies,
you will learn to refine your information gathering to produce accurate, actionable outcomes.
Key Takeaways
 Information gathering is a systematic approach to collecting, organizing, and analyzing data that
incorporates planning, quality control, and stakeholder involvement, and it’s fundamental for
informed decision-making and comprehensive research.
 A systematic information gathering process involves clear objectives, appropriate data collection
methods (e.g., surveys, interviews, observations), and thorough analysis and organization of
 data to identify trends and support decisions using techniques like linear regression and
visualization tools.
 Tactical tools such as network mappers, packet sniffers, domain research tools, and advanced
techniques like penetration testing, data mining, and search engines are crucial for in-depth
information analysis, identifying vulnerabilities, and enhancing cybersecurity.
What is Information Gathering?
Information gathering extends beyond mere data collection. It is a systematic process that involves
acquiring, arranging, and evaluating data, facts, and knowledge from diverse sources using sophisticated
information gathering tools. The principles that guide this process are simple yet profound. They
encompass:
 Maintaining simplicity in the process
 Thorough planning
 Collecting reliable data with stringent quality control
 Involving pertinent stakeholders
Every piece of data, every fact, and every bit of knowledge collected aids in making well-informed
decisions, strategic planning, and conducting comprehensive research.
The foundation of this process lies in systematic data collection. It involves the implementation of
systematic sampling methods and the execution of a methodical process for gathering observations or
measurements. Whether you’re researching network protocols or analyzing consumer behavior, the
methods used to gather information play a crucial role in the quality of the insights obtained.
If you want to learn more about what’s the difference between information, data and threat intelligence
we suggest you take a look at this blog post titled: “Threat Intelligence, Information, and Data: What Is the
Difference?”.
The Information Gathering Process: A Step-by-Step Guide
With a grasp on the fundamentals, we will now delve deeper into the process of gathering data. It’s a
journey that starts with:
1. Identifying objectives
2. Selecting appropriate data collection methods
3. Analyzing and organizing the gathered data to generate actionable insights and support decision-
making.
Identifying Objectives and Defining Scope
The first step on this journey is establishing precise objectives and defining the scope. Clear objectives
facilitate improved decision-making and enhance productivity, engagement, and communication. Defining
the scope involves documenting specific goals, deliverables, and tasks. It sets boundaries, identifies
necessary resources, and facilitates the creation of a project schedule. However, this process is not
without challenges. Cost overruns, delays, inaccurate estimates, and changing requirements are just a few
of the typical obstacles that may be encountered.
Surmounting these challenges is key to effective data gathering and a smooth progression of the journey.
Selecting Appropriate Data Collection Methods
Once the objectives are set and the scope defined, the ensuing step involves selecting suitable data
collection methods. There are several techniques for data collection, including:
 Surveys
 Interviews
 Observations
 Focus groups
 Experiments
 Secondary data analysis
The choice of technique depends on the objectives of the information gathering process. For instance,
surveys are ideal when the objective is to reach specific individuals or locations and draw insights from a
specific group.
On the other hand, interviews are most suitable when researchers aim to acquire qualitative data and
understand the thoughts and behaviors of individuals. The choice of data collection method significantly
influences the quality of the collected data and the insights derived from it.
Analyzing and Organizing Gathered Data
The concluding step in the information gathering process entails:
1. Analyzing and organizing the gathered data
2. Identifying issues and opportunities for data collection
3. Carrying out identification, collection, analysis, and reporting of data to generate insights
4. Supporting decision-making
To effectively organize qualitative data, it is important to:
1. Create a plan
2. Select an appropriate organization tool
3. Establish a consistent file naming system
4. Record the data in a spreadsheet
Patterns and trends can be identified through the exploration and visualization of the data, while analyzing
data using techniques such as linear regression and time series analysis.
The use of data analysis tools is of significant importance as they enable businesses to:
 Mitigate risks
 Enhance their financial performance
 Make well-informed decisions
 Discover patterns
 Detect discrepancies
At Recorded Future, we take this process to the next level by seamlessly aggregating and organizing data
from diverse sources, including text, imagery, and technical documents. Leveraging advanced technologies
like natural language processing and machine learning, we perform real-time analysis and mapping of
insights across a vast network of entities.
This approach empowers us not only to detect patterns and discrepancies efficiently but also significantly
enhances risk mitigation, threat intelligence solutions, financial performance, and informed decision-
making capabilities.
Tactical Tools for Information Gathering
With a comprehension of the process, we will now look at the tactical tools used in information gathering.
These tools, like network mappers, packet sniffers, and domain research tools, are essential in uncovering
valuable information about networks, systems, and online resources.
Network Mappers and Port Scanners
Network mappers and port scanners play a significant role in the information gathering process. A network
mapper like Nmap:
 Scan open ports
 Recognize services operating on those ports
 Generate visual maps based on data from regular scans to ensure the accuracy of network
information
They are vital in identifying network devices, components, and connections, and contribute to the
maintenance of precise records for thorough analysis and security evaluations.
These tools pinpoint open ports by dispatching packets to a range of ports on a network and subsequently
analyzing the responses. They also play a crucial role in identifying vulnerable services by conducting port
scanning on specified ports and analyzing responses from those services.
Packet Sniffers and Protocol Analyzers
Another integral set of tools for information gathering are packet sniffers and protocol analyzers, like
Wireshark. They:
 Capture and analyze network packets to diagnose network issues and monitor network traffic
 Enable users to filter and drill down into the data
 Store captured information for offline analysis
By capturing live packet data and analyzing it in real-time, these tools offer valuable insights for network
troubleshooting and optimization.
Notable packet sniffers and protocol analyzers include:
 Wireshark
 Auvik
 ManageEngine NetFlow Analyzer
 SolarWinds Network Packet Sniffer
 Paessler PRTG
 Tcpdump
 WinDump
 NetworkMiner
 Colasoft
Domain and IP Research Tools
We will conclude our discussion of tactical tools with domain and IP research tools. Some examples of
these tools include:
 Dig
 Ping
  Host
 Whois command
 WHOIS Search & Lookup
 SecurityTrails API
These tools aid in gathering information pertaining to IP addresses, networks, web pages, and DNS
records. For instance, Dig is a DNS checker diagnostic tool for identifying Domain Name System issues and
collecting data on domain and network infrastructure.
These tools are advantageous in network security monitoring for:
 Identifying potential weaknesses, misconfigurations, and vulnerabilities in network systems
 Assisting in fortifying security
 Preparing for potential attacks.
Advanced Techniques in Information Gathering
The realm of information gathering is not limited to basic tools and techniques. Advanced methods like
penetration testing, data mining, and leveraging search engines offer deeper insights and uncover hidden
information, taking your information gathering prowess to the next level with the best information
gathering tools.
Penetration Testing with Metasploit Framework
Metasploit Framework is a powerful tool in the field of advanced information gathering. It comprises a
plethora of tools that aid penetration testers in identifying security vulnerabilities, executing exploitation,
and evaluating the security stance of systems or networks. Metasploit Framework operates by allowing
security professionals and hackers to collect information, detect vulnerabilities, and exploit them to obtain
unauthorized entry into systems.
It offers a wide array of tools and modules for simulating attacks and evaluating security across various
operating systems, ensuring the operating system remains secure.
In their chapter "The Seven-Step Information Gathering Process," Pearson emphasizes the importance of
thorough information gathering for successful penetration testing, stating, "Good information gathering
can make the difference between a successful pen test and one that fails to provide maximum benefit to
the client". This underscores the pivotal role that comprehensive information gathering plays in ensuring a
penetration test effectively identifies vulnerabilities and enhances a client's security posture.
Data Mining for In-depth Analysis
Data mining is another advanced technique in information gathering. It involves:
 Sifting through extensive data sets
 Recognizing patterns and connections
 Resolving business issues
 Offering more comprehensive insights.
Tools like Maltego serve as a tool for real-time data mining and information gathering, enabling users to
query various sources and analyze data for link analysis.
Leveraging Search Engines and Online Resources
Search engines and online resources offer a treasure trove of information that can be harnessed for
advanced information gathering. A search engine delivers accurate results through targeted keyword
searches, providing a comprehensive understanding that assists individuals in accessing the information
they require.
Tools like Shodan.io can be employed for advanced information gathering by querying specific details of
connected devices, including web servers. The Wayback Machine provides access to archived internet
pages, which is crucial for monitoring changes over time and providing historical context.
Practical Applications
Information gathering is not a mere academic exercise. It has practical applications that range from case
studies to cybersecurity assessments, to market research.
We will now examine these applications and observe the real-world impact of effective information
gathering.
Case Studies: Success Through Effective Data Collection
Case studies provide real-world evidence of the power of effective information gathering. They showcase
how organizations have utilized information gathering techniques to solve problems and make informed
decisions. Successful case studies demonstrate the use of interviews, observations, and the case study
method in comprehensively analyzing different scenarios.
These methodologies incorporate a spectrum of empirical material collection tools that tackle a variety of
research questions, validating the effectiveness of information gathering across multiple professional
domains.
The Recorded Future Intelligence Graph stands as a prime example of the seamless integration of data
collection, information gathering, and intelligence within a single platform.
 Jaipur Engineering College and
Research
Centre, Shri Ram ki Nangal , via Academic Year
Sitapura 2024-2025
RIICO, Jaipur 302022

2.2 Vulnerability Analysis

Vulnerability analysis is the process of identifying, classifying, and prioritizing security weaknesses
in computer systems, networks, applications, and infrastructure. It helps organizations understand
their exposure to cyber threats and risks, enabling them to mitigate or remediate vulnerabilities.
Key aspects of vulnerability analysis:
1. Data gap analysis: Identifying gaps in existing data and assessing whether sufficient
information is available to determine vulnerability.
2. Vulnerability scanning: Using automated tools to detect and identify vulnerabilities in
systems, networks, and applications.
3. Classification and prioritization: Categorizing vulnerabilities based on severity, impact, and
likelihood of exploitation, and prioritizing remediation efforts accordingly.
4. Remediation: Implementing fixes, patches, or workarounds to eliminate or mitigate
identified vulnerabilities.
Types of vulnerability assessments:
1. Network-based scans: Identifying network security attacks and detecting vulnerable
systems on wired or wireless networks.
2. Host-based scans: Examining servers, workstations, or other network hosts for
configuration settings and patch history.
3. Wireless network scans: Validating secure configuration of wireless network infrastructure.
4. Application scans: Testing websites for known software vulnerabilities and incorrect
configurations.
5. Database scans: Identifying weak points in databases to prevent malicious attacks.
6. Penetration testing: Simulating attacks to identify vulnerabilities in personnel, procedures,
or processes.
Benefits of vulnerability analysis:
1. Improved security posture: Identifying and remediating vulnerabilities reduces exposure to
cyber threats.
2. Compliance: Meeting regulatory requirements by demonstrating a proactive approach to
vulnerability management.
3. Risk reduction: Minimizing the likelihood and impact of security breaches.
4. Cost savings: Reducing the financial burden of responding to and recovering from security
incidents.
Regular vulnerability assessments, coupled with a vulnerability management program, are essential
for organizations to stay ahead of evolving cyber threats and maintain a strong security posture.
 Jaipur Engineering College and
Research
Centre, Shri Ram ki Nangal , via Academic Year
Sitapura 2024-2025
RIICO, Jaipur 302022

2.3 Social Engineering

Phishing attacks are growing in prevalence during the pandemic, according to David Dufour, Vice
President of Engineering and Cybersecurity at Webroot. Webroot’s recent threat report concludes
that people are receiving 34% more emails than before the pandemic, and this increase was
accompanied by an uptick in phishing attacks.
“Well, I think none of this will be surprising, but it's just kind of critical to bring up so people are
keeping it top of mind,” Dufour said. “A lot of things are, hey, make a donation or, you know, click
here, click this link to be able to donate to help COVID survivors or things of that nature. Or maybe,
hey, you want to get your stimulus check quicker, click this link and give us your account
information, and we'll get your stimulus check deposited in, you know, a few minutes. None of that
is true…They're just trying to get you to click that link.”
Dufour added that the combination of the increase in email volume and the distractions of working
from home creates a perfect environment for phishing attacks to succeed.
“The problem that we're seeing is kind of twofold,” Dufour said. “One – people are getting
inundated with emails from colleagues or, you know, customers even, where it may be coming
from their personal account, it may be coming from their business account because everyone's
working at home, so they're getting a lot of email from unfamiliar places, and some of it's
legitimate for them to do their job. And the other big issue is you're at home with little Susie or
little Johnny from school and you're trying to make them lunch and you're trying to answer emails
and you're trying to respond to your boss, and so there's also a distraction factor, where people
aren't as focused on what they're reading and they're more apt to click as well.”
Dufour concluded that employees want to learn how to make smarter decisions, and organizations
need to help educate them.
“The security industry has realized that the user is not as dumb as we want to make them out to
be,” he said. “People really want to do the right thing. If we can educate them – like I said, most
people know what phishing is. We just gotta keep it top of mind and in their brain to be aware of it.
But on top of that, the thing that people really need to be doing is slowing down and taking the
time to read what's going on. And if you're in a busy spot, maybe don't answer your email. Set
aside some time when you can do it thoughtfully.”
New-school security awareness training can create a culture of security within your organization by
teaching your employees how to avoid falling for social engineering attacks.
 Jaipur Engineering College and
Research
Centre, Shri Ram ki Nangal , via Academic Year
Sitapura 2024-2025
RIICO, Jaipur 302022

9 Most Common Examples of Social Engineering Attacks

In no particular order, here are nine common cyber threats that leverage social engineering tactics to
gain access to sensitive information. While most of these attacks occur online, several can rear their
heads in physical spaces like offices, apartment buildings, and cafes.
1. Phishing
The most pervasive way of implementing social engineering, hackers will use deceptive emails,
websites, and text messages to steal sensitive personal or organizational information from
unsuspecting victims. Despite how well-known phishing email techniques are, 1 in 5 employees still
click on those suspicious links
2. Spear Phishing
This email scam is used to carry out targeted attacks against individuals or businesses. Spear
phishing is more intricate than your average mass phishing email, as it requires in-depth research on
potential targets and their organizations
3. Baiting
This type of attack can be perpetrated online or in a physical environment. The cyber criminal
usually promises the victim a reward in return for sensitive information or knowledge of its
whereabouts.
4. Malware
A category of attacks that includes ransomware, victims are sent an urgently worded message and
tricked into installing malware on their device(s). Ironically, a popular tactic is telling the victim that
malware has already been installed on their computer and that the sender will remove the software if
they pay a fee.
5. Pretexting
This attack involves the perpetrator assuming a false identity to trick victims into giving up
information. Pretexting is often leveraged against organizations with an abundance of client data,
like banks, credit card providers, and utility companies.
6. Quid Pro Quo
This attack centers around an exchange of information or service to convince the victim to act.
Normally, cyber criminals who carry out these schemes don’t do advanced target research and offer
to provide “assistance,” assuming identities like tech support professionals.
7. Tailgating:
This attack targets an individual who can give a criminal physical access to a secure building or
area. These scams are often successful due to a victim’s misguided courtesy, such as if they hold the
door open for an unfamiliar “employee.”
8. Vishing
In this scenario, cyber criminals will leave urgent voicemails to convince victims they must act
quickly to protect themselves from arrest or another risk. Banks, government agencies, and law
enforcement agencies are commonly impersonated personas in vishing scams.
9. Water-Holing
This attack uses advanced social engineering techniques to infect a website and its visitors with
malware. The infection is usually spread through a website specific to the victims' industry, like a
popular website that’s visited regularly.
 Jaipur Engineering College and
Research
Centre, Shri Ram ki Nangal , via Academic Year
Sitapura 2024-2025
RIICO, Jaipur 302022

2.3 Network Hacking

Pre-Connection Attacks
 Changing MAC Address

 Enabling Monitor Mode

 De-Authentication Attack

Gaining Access
 WEP (Wired Equivalent Protection)

 WEP Cracking

 WPA - WPA2 (Wi-Fi Protected Access)

 WPA - WPA2 Cracking

Post Connection Attacks
 Network Mapping (Information Gathering)

 MITM (Man in the Middle) Attack

 ARP Spoofing - Poisoning

 BetterCap

 BetterCap GUI

 HSTS (HTTP Strict Transport Security)

 Jaipur Engineering College and
Research Academic Year
Centre, Shri Ram ki Nangal , via 2024-2025
Sitapura
RIICO, Jaipur 302022

2.5 Tools for Hacking

Types of ethical hacking tools
Ethical hackers need a variety of tool types to achieve their goals, including:
 Vulnerability scanners: These tools automate the process of scanning for vulnerabilities in your
system or network. Examples include Snyk Code and Brakeman.
 Penetration testing frameworks: These comprehensive frameworks give you guidance and
methodology for penetration testing. PTES, NIST SP 800-115, and OSSTMM are some commonly used
frameworks
 Exploitation frameworks: These toolkits are like treasure chests filled with exploits for different
systems and applications. Try frameworks such as Metasploit, Cobalt Strike, or Canvas.
 Network mapping and reconnaissance tools: If you're curious to explore and map a network and its
devices, these tools are your go-to. Nmap, Netcat, and Wireshark are popular examples.
 Password cracking tools: Need to crack some passwords or test their strength? Try out John the
Ripper, Hashcat, and Hydra.
 Web application testing tools: Finding and exploiting vulnerabilities in web apps is your thing? Burp
Suite, OWASP ZAP, and Nikto are your trusty sidekicks on that mission.
 Social engineering toolkits: Ready to play mind games? These toolkits simulate social engineering
attacks like phishing or spear phishing. The Social Engineering Toolkit (SET) is a popular one among the
hacking community.
Top ethical hacking tools
Snyk
Snyk is a developer-first security platform that provides continuous monitoring and remediation for
vulnerabilities in code, containers, open-source dependencies, and cloud infrastructure. It can integrate with
various development workflows and tools such as GitHub, Jenkins, and AWS CodePipeline. Snyk's technology
is designed to identify vulnerabilities in a your project, monitor them over time, and provide remediation
advice to developers. It supports multiple programming languages including JavaScript, Python, Ruby, and
Java.
OWASP Dependency-Check
OWASP Dependency-Check is a tool that identifies and reports known vulnerabilities in project dependencies.
It scans project dependencies for known vulnerabilities in standard software libraries and frameworks. It
supports multiple programming languages and package managers, including Java, .NET, Ruby, Node.js, and
Python. The tool integrates with build automation tools such as Maven, Gradle, and Ant.

Nmap
Nmap is a powerful port scanner and network exploration tool. It can discover hosts and services on a
network and identify vulnerabilities and security issues. It supports various scanning techniques, including
ping scanning, TCP and UDP port scanning, and OS detection. Nmap also provides advanced features such as
version detection, scriptable interactions with target systems, and the ability to scan for specific
vulnerabilities.
Metasploit
Metasploit is a penetration testing framework with many exploits and payloads. It can be used to simulate
attacks and test the security of systems and applications. It includes a database of known vulnerabilities and
exploits, as well as the ability to create custom exploits. Metasploit can also automate testing and reporting,
making it a popular tool for security professionals.
 Jaipur Engineering College and
Academic Year
Research 2024-2025
Centre, Shri Ram ki Nangal , via
Sitapura
RIICO, Jaipur 302022

2.6 Sniffing and Spoofing

Sniffing is the process in which all the data packets passing in the network are monitored. Sniffers are usually used
by network administrators to monitor and troubleshoot the network traffic. Whereas attackers use Sniffers to
monitor and capture data packets to steal sensitive information containing password and user accounts. Sniffers
can be hardware or software installed on the system.
Spoofing is the process in which an intruder introduces fake traffic and pretends to be someone else (legal source
or the legitimate entity). Spoofing is done by sending packets with incorrect source address over the network. The
best way to deal and tackle with spoofing is to use a digital signature.
Though Kali Linux comes packed with many tools for sniffing and spoofing the ones listed below, are mostly used
by attackers these days.
Wireshark :
Wireshark is a network protocol analyzer that is termed to be the most used and best tool around the word. With
Wireshark, you can see what is happening in your network and apply filters to get the most efficient results for
what you are looking for. In Kali, Linux Wireshark is already installed and can be located under Applications —
sniffing and spoofing — Wireshark.

Wireshark is a GUI based tool, so once you click on the icon Wireshark GUI will open

Once the GUI loads you can see several interfaces like Ethernet, Wi-Fi, Bluetooth, and so on, based on your
connection to the network you can choose the interface and start capturing the network traffic. In this case, we are
on Ethernet(eth0), so select the eth0 interface and click on the start capturing packets icon which is located in the
top left corner.
Once you start capturing packets it will look something like this :

You can also apply specific filters for better searching, for example, if you want to track only HTTP requests you
can use apply a display filter bar and apply all the filters you need for better track results.
macchanger :
macchanger is the most used tool under sniffing and spoofing, macchanger can change your mac address, or we
can say your physical address to hide your actual identity in the network.
You can locate macchanger in Kali Linux under Applications — sniffing and spoofing — macchanger

macchanger is a command-line based tool so once you click on macchanger a shell will pop up with the help menu

Here is the example of macchanger tool application.

Change random mac address: First, let’s change the network card’s hardware MAC address to a random address.
First, we will find the MAC address of the eth0 network interface. To do this we execute macchanger with an
option -s and an argument eth0.
 Jaipur Engineering College and
Research
Centre, Shri Ram ki Nangal , via Academic Year
Sitapura 2024-2025
RIICO, Jaipur 302022

The Job Application form stands as a testament to the participants’ ability to integrate knowledge from various
domains of web development into a cohesive, functional, and user-friendly application. The journey through this
project has not only provided valuable technical skills but also fostered an understanding of how technology can
be leveraged to improve everyday life.
As this training concludes, participants leave with a well-rounded skill set, including front-end development,
back-end logic, database management, user experience design, and security best practices. They are now
prepared to contribute meaningfully to future web development projects, whether in professional or personal
capacities. The job application form marks the beginning of what promises to be a successful career for each
participant in the ever-evolving world of technology.
Looking forward, participants are equipped to tackle more complex challenges, build innovative applications,
and continuously improve their knowledge and skills. This project has laid a solid foundation, and the skills .
 Jaipur Engineering College and
Research
Centre, Shri Ram ki Nangal , via Academic Year
Sitapura 2024-2025
RIICO, Jaipur 302022

FUTURE SCOPE

Based on the provided search results, here are some key insights and trends that highlight the future
scope of ethical hacking:
1. Growing Demand: The demand for ethical hackers is expected to rise, driven by the increasing
need for cybersecurity and data protection across various industries, including government,
corporate enterprises, healthcare, entertainment, banking, and others.
2. 20% Growth by 2023: According to one snippet, the number of ethical hackers is predicted to
rise by 20% by the end of 2023, indicating a significant growth trajectory.
3. Job Stability: Ethical hacking has a 0% unemployment rate, making it a highly sought-after
and stable career option.
4. Shortage of Skills: There is a major shortage of skills in the larger field of information security,
highlighting the need for trained and certified ethical hackers.
5. Cloud Computing and IoT: As more companies move to the cloud and adopt Internet of
Things (IoT) technologies, the need for ethical hackers to identify and mitigate vulnerabilities
in these areas will increase.
6. Penetration Testing: Ethical hacking, also known as penetration testing, will continue to play a
crucial role in identifying threats and vulnerabilities, and helping organizations improve their
security posture.
7. High-Growth Careers: Industry experts predict that the global penetration testing market value
will reach US$4.1 billion by 2027, indicating a bright future for ethical hackers.
8. Certifications and Training: The importance of certifications and training in ethical hacking
will continue to grow, with organizations seeking professionals who possess the necessary skills
and knowledge to identify and mitigate threats.
Key Industries and Sectors:
1. Internet security and networking
2. Banking and finance
3. Healthcare
4. Government
5. Corporate enterprises
6. Entertainment
Key Skills and Tools:
1. Technical and non-technical skills
2. Familiarity with various operating systems and technologies
3. Knowledge of penetration testing frameworks and tools
4. Understanding of cloud computing and IoT security
5. Certification in ethical hacking, such as CEH, GCIA, GCFA, or GPEN
 Jaipur Engineering College and
Research
Centre, Shri Ram ki Nangal , via Academic Year
Sitapura 2024-2025
RIICO, Jaipur 302022

Conclusion

In conclusion to the context of the report, we can conclude that applied ethical is no joke and requires
A lof of time and efforts to learn, it takes hours and hours of practice to master, you may require
A lot of intel and hands down skills to get good at it. The work of an ethical hacker comes under
system defences, they meticulously work on the computer network of their client and find security
weaknesses and find adequate solutions to them. Recently, the rising interest and attention that was
given to ethical hackers, has led companies to think of ethical hackers as an asset to the companies.
Companies and organizations now, do not shy away from investing in ethical hackers and their
teams. Ethical hackers save data and reputation loss worth billions. Companies are actively
expanding their networks of ethical hackers to avoid any security catastrophe. There are millions of
exploits going around each day nearly 1 million device are exploited daily.
Ethical hacking is necessary for any organization or nation to safeguard itself from any form of cyber
terrorism. Pursuing ethical hacking can make an individual a great asset to the nation and the
organization.
There are many benefits of hacking, the primary benefit however is to safeguard oneself from cyber
terrorism and protect your sensitive information. The secondary benefits include recovery of data,
strengthening computer systems, taking preventive methods, and ensuring digital security.
If we talk in terms of hardware, a desktop/laptop and a stable internet are all we need for ethical
hacking. If we talk about the intellectual part, we need good programming skills, adequate
knowledge, CEH certification, etc. For ethical hacking.

In simple words, ethical hacking is gaining access to a digital system with permission from the
concerned authorities. And running security checks and tests on it, to improve it later.
Two major types of hacking are exploit writing and web hacking. For exploit writing, python is the
best language and for web hacking Java is the best language.

Yes, coding is needed for hacking. It is rather an essential skill for hacking since it includes dealing
with and altering the base codes of the computer network and computer configuration.
Some sources, tools and sites which made the report possible:
Tryhackme.com
Hackthebox.com
Zsecurity.org
Pentesterlab.com
CTFs
Hack this site
Udemy.com
Pentesteracademy.com
Hack the box academy
Virtual box
Kali linux
OWASP