Date: 03 – 12 - 2024

Visvesvaraya Technological University (VTU)

“JnanaSangama”, Machhe, Belagavi, Karnataka.
590018
2024 - 2025

Report on
Pedagogy Intervention 1
Real Time Exposure (Certification Course)

Course Name
Title: Ethically Hack The Planet Part - 1
By: Udemy

Bachelor of Engineering in Information

Science

Under The Supervision of

Dr Reshma Banu
Professor
Dept of ISE, VVIET
Submitted by:
Jitendar
Choudhary
.P
Type equation here.
 “ETHICALLY HACK THE PLANET”
“Ethically Hack the Planet part-1 course with the certifying agency
Udemy”

Table of the Contents

SI No. Contents
1. Setup
2. Cybersecurity Awareness
3. Introduction to Ethical Hacking
4. Introduction to Linux
5. Browser, Location & Password Security
6. Steganography
7. Phishing Attacks
8. Windows and Mobile Testing
9. SMTP
10. HTTP
11. Learning Outcomes

Objectives:
Ethically Hack the Planet" is a course that trains the learner in the
practice of ethical hacking and cybersecurity. Its major objectives are:

• Ethical Hacking Knowledge:

Understand what ethical hacking means and its importance in
cybersecurity. Identify and explain the differences between ethical
hacking and malicious hacking.
• Knowledge of Cyber Threats:
Identify common types of cyber threats, weaknesses, and attack points.
Understand motivations and methodologies employed by cyber
attackers.
• Hands-on Skill Building Experience
Get hands-on exposure using ethical hacking tools and methods.
Learn to penetrate test and vulnerability assessment.
• Legal and Ethical Considerations:
Legal impacts of the hacks.
Ethical standards of best practices in cybersecurity.
• Implementation of security measures:
Implementation of appropriate security measures to make sure systems
are safe.
Ability to create and maintain a safe environment.
• Incident Response Planning:
Understanding the processes involved to react to cyber-incidents.
Reporting vulnerabilities and breach effectively.

About This Course:

This Ethical Hacking course is designed for beginners to master the

essentials of this dynamic field. Led by an experienced instructor, it
promises an enlightening learning experience.
Key Components:
• Core Concepts: Understand the fundamental role of Ethical
Hacking in cybersecurity.
• Practical Skills: Learn essential Linux commands for effective
navigation in hacking scenarios.
• Phishing Attacks: Explore methodologies and consequences,
along with proactive measures to prevent such threats.
• Security Topics: Cover Browser Security, Location Security, and
Wifi Testing to comprehend modern cyber threats.
• Testing Vulnerabilities: Investigate Windows and Mobile Testing,
focusing on vulnerabilities and defences.
• Steganography: Discover covert techniques for concealing
information.
 • Password Security: Master techniques to strengthen digital
defences and prevent breaches.

Start Date: November 27, 2024

End Date: November 30, 2024
Duration: 1 hour and 00 minutes

1. Setup:
Running an ethical hacking environment requires a few foundations of
execution. Initially you got have a top edge performing unit or laptop
which empowers you to deliver many VMs. The os recommended for this
hacking tool is Kali Linux as it comes with plenty of hacking tools ready
to use. By using the virtualization software like VirtualBox or VMware
you can make isolated environments where you can test and learn in
peace. Legally and safely training on vulnerable, e.g. Metasploit able
systems is a significant part of what we do. You should at least have a
wire secured network, probably some VPN to protect your assets.
Learning Nmap, Wireshark and Burp Suite will enable you to better
scan, monitor, test etc. Last but not least test all systems with
permission, follow ethical hacking guidelines to keep aside possible legal
problems and make the learning process more decent.

2. Cyber Security Awareness:

In today's digital age, cybersecurity awareness is crucial for individuals
and organizations. With the increasing number of cyber threats,
understanding how to protect sensitive information and systems is
essential.
Key Components of Cybersecurity Awareness
1. Recognizing Threats: Awareness begins with identifying common
threats such as phishing, malware, and ransomware. Phishing
 attacks often come in the form of deceptive emails that trick users
into providing personal information.
2. Safe Browsing Practices: Users should practice safe browsing
habits, including avoiding suspicious links and ensuring websites
are secure (look for HTTPS in the URL).
3. Password Management: Strong, unique passwords are vital.
Utilizing password managers can help users maintain complex
passwords without the need to remember each one.
4. Regular Updates: Keeping software and systems updated is
crucial. Updates often contain security patches that protect against
vulnerabilities.
5. Employee Training: Organizations should implement regular
training sessions to educate employees about cybersecurity best
practices, fostering a culture of security awareness.

Phishing

Denial of
Malware
Services

Cyber Threats

Insider
Ransomware
Threats

Data
Breaches

Cybersecurity awareness is a shared responsibility. By understanding

threats and adopting safe practices, individuals and organizations can
significantly reduce their risk of cyber incidents.
 3. Introduction to Ethical Hacking
Ethical hacking, also known as penetration testing or white-hat hacking,
is the practice of intentionally probing systems, networks, and
applications to identify vulnerabilities that malicious hackers could
exploit. Unlike black-hat hackers, who breach systems for malicious
purposes, ethical hackers operate with permission and aim to improve
security. This proactive approach is essential in today’s digital
landscape, where cyber threats are increasingly sophisticated and
prevalent.
• 5 Phases of Ethical Hacking
• Importance Of Ethical Hacking:

1. Identifying Vulnerabilities: One of the primary goals of ethical

hacking is to uncover weaknesses in an organization’s security
posture. Ethical hackers use various techniques, such as scanning
and vulnerability assessment, to identify potential entry points for
attackers. By simulating real-world attacks, they can provide
organizations with a clear picture of their security vulnerabilities.
2. Enhancing Security Posture: Ethical hackers offer valuable insights
into how attackers think and operate. By understanding these
tactics, organizations can bolster their defenses and implement
stronger security measures. This process often leads to the
development of more robust security protocols, training for
employees, and improved incident response strategies.
3. Compliance and Regulations: Many industries, such as finance
and healthcare, are subject to strict regulatory requirements
regarding data protection and cybersecurity. Ethical hacking helps
organizations meet these compliance standards by conducting
regular security assessments and audits. This not only protects
sensitive information but also avoids potential legal penalties.
4. Building Trust: Organizations that prioritize cybersecurity through
ethical hacking demonstrate their commitment to safeguarding
customer information. By actively seeking out and addressing
vulnerabilities, they build trust with clients and stakeholders,
enhancing their reputation and credibility in the market.
5. Cost-Effectiveness: Investing in ethical hacking can save
organizations significant amounts of money in the long run. By
identifying and addressing vulnerabilities before they can be
exploited, companies can avoid the financial repercussions of data
breaches, which can include legal fees, regulatory fines, and
damage to their reputation.
▪ Methodologies:

OWASP testing guide

NIST Cybersecurity Framework
PTES (Penetration Testing Execution Standard
 4. Introduction To Linux:
Linux is an open-source operating system that serves as a robust
alternative to proprietary systems like Windows and macOS. Developed
by Linus Torvalds in 1991, it is built on the Linux kernel, the core
component that interacts with hardware. One of Linux's defining features
is its flexibility; it can be customized
to suit various needs, from personal
computers to servers and
embedded systems. With a diverse
range of distributions, or "distros,"
such as Ubuntu, Fedora, and
CentOS, users can choose versions
tailored for specific applications,
user interfaces, or performance
requirements.
The open-source nature of Linux means that anyone can inspect,
modify, and distribute the source code, fostering a collaborative
community that drives innovation and security improvements. This
approach not only enhances reliability but also reduces costs, making
Linux a popular choice among enterprises, developers, and enthusiasts
alike. Its versatility allows it to power the majority of web servers,
supercomputers, and many IoT devices, reflecting its scalability.
Linux is known for its strong security model, providing features like user
permissions and access controls that mitigate vulnerabilities. The
command-line interface (CLI) is a powerful component, enabling users to
perform complex tasks efficiently. However, many distros also offer user-
friendly graphical interfaces, making Linux accessible to a broad
audience.
Overall, Linux's community-driven development, customization options,
and robust security make it an integral part of the computing landscape.
Whether for programming, system administration, or everyday use, Linux
continues to grow in popularity, contributing to its reputation as a reliable
and flexible operating system choice for various user needs
5. Browser, Location and Password Security:

▪ Browser Security
Browser security is crucial for protecting users from online threats
such as malware, phishing, and data breaches. Modern web
browsers implement various security features, including built-in pop-
up blockers, anti-phishing mechanisms, sandboxing, and encryption
protocols like HTTPS to secure data transmission. Regular updates
are essential, as they patch vulnerabilities that cybercriminals might
exploit. Additionally, users should practice safe browsing habits, such
as avoiding suspicious links and using strong, unique passwords.
Privacy settings and extensions, such as ad blockers or tracker
blockers, further enhance security, providing a safer online
experience by limiting exposure to potentially harmful content and
safeguarding personal information.
▪ Location Security
Location security encompasses practices and technologies designed
to protect physical premises from unauthorized access and threats.
This includes access control systems, surveillance cameras, and
alarm systems to monitor activities and secure sensitive areas.
Additionally, it involves assessing geographic vulnerabilities and
nearby criminal activity. Effective location security combines these
physical measures with technology, employee training, and
emergency response plans to safeguard assets and mitigate potential
risks associated with the location.
▪ Password Security

Password security is vital for protecting digital accounts and sensitive

information from unauthorized access. Strong passwords should be
unique, consisting of a mix of upper and lower case letters, numbers,
and special characters, ideally longer than 12 characters. Users
should avoid common phrases and personal information. Employing a
password manager can help generate and store complex passwords
securely. Additionally, enabling two-factor authentication (2FA) adds
an extra layer of protection, making it much harder for attackers to
gain access to accounts.
 6. Steganography:
Steganography is the practice of concealing a message within another
medium, allowing the hidden information to exist undetected. Unlike
cryptography, which scrambles the message but reveals that
transmission is taking place, steganography aims to hide the existence
of the communication itself. Common methods include embedding text
within images, audio files, or video streams. For example, digital images
can have data hidden in the least significant bits of pixel values, making
it nearly impossible to detect without specific tools.
There are several applications for steganography, including secure
communication, copyright protection, and digital watermarking. It is used
by individuals looking to maintain privacy and by organizations to protect
sensitive information from prying eyes. However, steganography can
also be misused for malicious purposes, such as embedding malware
within seemingly innocuous files.
A basic representation of steganography is shown in this image

Alice and Bob are inside the prison. Eve is the warden who oversees all
the communication between Alice and Bob. Now, Alice and Bob are
planning to escape the prison, and to pursue the plan, they have to
communicate in a way where Eve does not get any suspicions. Using
cryptography and digital watermarking in this situation only protects the
content of the information, however, Eve will realize about their secret
communication. Steganography is the only option for Alice and Bob to
communicate without creating any suspicion. The escape plan is hidden
inside a normal-looking image and communicated between Alice and
Bob. Eve can see only the normal-looking cover image. Picture explains
the overall workflow of the steganography and steganalysis from Alice,
Bob, and Eve’s perspectives. Alice and Bob are inside the prison. Eve is
the warden who oversees all the communication between Alice and Bob.
Now, Alice and Bob are planning to escape the prison, and to pursue the
plan, they have to communicate in a way where Eve does not get any
suspicions. Using cryptography and digital watermarking in this situation
only protects the content of the information, however, Eve will realize
about their secret communication. Steganography is the only option for
Alice and Bob to communicate without creating any suspicion. The
escape plan is hidden inside a normal-looking image and communicated
between Alice and Bob. Eve can see only the normal-looking cover
image.Picture explains the overall workflow of the steganography and
steganalysis from Alice, Bob, and Eve’s perspectives.

7. Phishing Attacks:
Phishing is a form of social engineering and a scam where attackers
deceive people into revealing sensitive information or
installing malware such as viruses, worms, adware, or ransomware.
Phishing attacks have become increasingly sophisticated and often
transparently mirror the site being
targeted, allowing the attacker to
observe everything while the victim
navigates the site, and transverses
any additional security boundaries with
the victim. As of 2020, it is the most
common type of cybercrime, with
the FBI's Internet Crime Complaint Centre reporting more incidents of
phishing than any other type of cybercrime.
Phishing attacks, often delivered via email spam, attempt to trick
individuals into giving away sensitive information or login credentials.
Most attacks are "bulk attacks" that are not targeted and are instead sent
in bulk to a wide audience. The goal of the attacker can vary, with
common targets including financial institutions, email and cloud
productivity providers, and streaming services. The stolen information or
access may be used to steal money, install malware, or spear phish
others within the target organization. Compromised streaming service
accounts may also be sold on darknet markets.

8. Windows and Mobile Testing:

Windows Testing: This process often begins with a thorough risk
assessment of the Windows environment, encompassing workstations,
servers, and network configurations. Security professionals utilize
various tools, such as vulnerability scanners (e.g., Nessus, Qualys) and
penetration testing suites (e.g., Metasploit), to discover weaknesses.
Testing typically includes:
• Configuration Review: Ensuring that security settings are properly
configured.
• Patch Management: Verifying that the latest security updates and
patches are applied.
• Malware Protection Assessment: Evaluating effectiveness of
antivirus and endpoint protection systems.
• User Privilege Audits: Checking for excessive privileges granted to
users and services.
Mobile Testing: Mobile application security testing focuses on both iOS
and Android platforms, addressing unique challenges due to varying
security models. Key components include:
• Static and Dynamic Analysis: Analyzing source code (static) and
running applications (dynamic) to uncover vulnerabilities.
• Data Security: Assessing how sensitive data is handled within
apps, particularly during storage and transmission.
• Secure API Testing: Ensuring that communication between the app
and backend services is protected against exploitation.
• User Interface Security Checks: Identifying potential security flaws
in user interactions, such as improper session management.
 9. SMTP:
SMTP (Simple Mail Transfer Protocol) plays a critical role in the secure
transmission of email communications. As a widely used protocol for
sending emails between servers, it is essential to implement security
measures to protect against various threats, including email spoofing,
phishing attacks, and data interception.
Key security enhancements for SMTP include:
1. SMTP Authentication: This ensures that only authorized users can
send emails, preventing unauthorized access and mitigating spam.
2. Transport Layer Security (TLS): TLS encrypts the connection
between email servers, safeguarding email contents during
transmission and preventing eavesdropping.
3. Sender Policy Framework (SPF): SPF helps in validating the
sender’s IP address, reducing the chances of email spoofing.
4. DomainKeys Identified Mail (DKIM): DKIM adds a digital signature
to emails, verifying that the content has not been altered during
transit.

10. HTTP:
HTTP, or Hypertext Transfer Protocol, is the foundational protocol used
for transmitting hypertext documents on the World Wide Web. It defines
how messages are formatted and transmitted between clients, like web
browsers, and servers. When a user enters a URL or clicks a link, the
browser sends an HTTP request to the server, which responds with the
requested content, such as HTML pages, images, or files. HTTP
operates over TCP/IP, typically using port 80. While HTTP facilitates the
transfer of information, its unencrypted nature makes it vulnerable to
eavesdropping, leading to the adoption of HTTPS, which secures data
through encryption.
Learning Outcomes:

▪ Understand the fundamentals of cybersecurity and

implement measures to protect digital assets.

▪ Develop job-seeking skills including resume building,

interview techniques, and personal branding.

▪ Explore diverse avenues for generating income, including

freelancing, and investment strategies.

▪ Master the art of ethical hacking and security testing

through hands-on bug bounty hunting exercises.

Contents Max Marks Obtained Marks

Title 4M
Objective 2M
About 6M
Learning Outcome 4M
Certificate 4M