KEMBAR78
Cyber Security Lab Manual | PDF | Cryptography | Spyware
0% found this document useful (0 votes)
1K views112 pages

Cyber Security Lab Manual

Uploaded by

ajay c
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
0% found this document useful (0 votes)
1K views112 pages

Cyber Security Lab Manual

Uploaded by

ajay c
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
You are on page 1/ 112

Cyber Security – 20CS54I 2023-24

1) Protecting Your Computing Devices


1. Turn on the Firewall
Windows Firewall is a Microsoft Windows application that filters information coming to your
system from the Internet and blocking potentially harmful programs. It is necessary to turn on
because Windows Defender Firewall helps prevent hackers and malicious software from gaining
access to your PC through the internet or a network.
Steps to Turn ON Firewall:
Step 1: Go to Start and open Control Panel.
Step 2: Select System and Security > Windows Defender Firewall.

Step 3: Choose Turn Windows Firewall on or off.


Step 4: Choose Turn Windows Firewall on or off. Select Turn on Windows Firewall for
domain, private, and public network settings.

RP, Dept of CSE 1


Cyber Security – 20CS54I 2023-24

2. Install antivirus and antispyware


Antivirus: Antivirus software is a type of program designed and developed to protect Operating
system from malware like viruses, computer worms, botnets, rootkits, keyloggers and etc.
Antispyware: Anti-spyware software is a type of program designed to prevent and detect unwanted
spyware program installations and to remove those programs if installed. It is also used to manage
browsers.
Steps to Install Antivirus:
Step 1: Go to browser, search for total 360 security antivirus software or any other antivirus
software.

RP, Dept of CSE 2


Cyber Security – 20CS54I 2023-24

Step 2: Click on the download.


Step 3: Open the Downloads folder and double click the downloaded file and install
it. Step 4: Click on start > go to Full Check and Check Now.

RP, Dept of CSE 3


Cyber Security – 20CS54I 2023-24

Steps to Install Antispyware (Spywareblaster):


Anti-spyware is a type of software that is designed to detect and remove unwanted spywareprograms.
Spyware is a type of malware that is installed on a computer without the user's knowledge in order to
collect information about them. This can pose a security risk to the user, but more frequently spyware
degrades system performance by taking up processing power, installing additional software, or
redirecting users' browser activity.

Anti-spyware software detects spyware through rules-based methods or based on downloaded


definition files that identify common spyware programs. Anti-spyware software can be used to find and
remove spyware that has already been installed on the user's computer, or it can act much like an anti-
virus program by providing real-time protection and preventing spyware from being downloaded in the
first place.
Some antivirus software vendors include McAfee, AVG, Trend Micro, etc. Some anti-
spyware software vendors include Microsoft, Webroot, McAfee, etc.
Step 1: Go to browser and search for antispyware blaster.

Step 2: Select downloads and click on spywareBlaster.

RP, Dept of CSE 4


Cyber Security – 20CS54I 2023-24

Step 3: Select Download SpywareBlaster 6.0


Step 4: Open the spywareblastersetup60 from the downloads and install it
Step 5: Double-click on setup file > Agree to agreement > Browse the location > click next >
Install.

RP, Dept of CSE 5


Cyber Security – 20CS54I 2023-24

Step 6: Open the application > click next >select automatic updating
and click next.
Step 7: Select the browser you to protect > select activate protection.

3. Manage your operating system and browser


GOOGLE CHROME
 Setting the default browser – Open Google chrome web browserclick on 3 dots
select settingsselect Default browser Make Google Chrome the default browser
button.
 Automatic download – Open Google chrome web browserclick on 3 dots select
settingschoose “privacy and security”select “site settings” and choose “Additional
permissions” and select the “Automatic downloads” and check “Sites can ask to
automatically download multiple files”.
 Handling Cookies – Open Google chrome web browserclick on 3 dots select
settingschoose “privacy and security”select Cookies and other site data  check
the “Block third-party cookies in Incognito”.
 Do not save Passwords – Open Google chrome web browserclick on 3 dots select
settingsselect “Auto fill” and select the “password” and uncheck the “Offer to save
passwords”.

RP, Dept of CSE 6


Cyber Security – 20CS54I 2023-24
34

 Microphone Access – Open Google chrome web browserclick on 3 dots select


settingschoose “privacy and security”select “site settings” and choose “permission”
and select the “Microphone” and check “Sites can ask to use your microphone”.
 Camera Access – Open Google chrome web browserclick on 3 dots select
settingschoose “privacy and security”select “site settings” and choose “permission”
and select the “Camera” and check “Sites can ask to use camera”.

INTERNET EXPLORER
 Block unwanted pop-ups – Open Internet explorerGo to Tools menu select
Internet optionsselect Privacy tabcheck the “turn on pop-up blocker” box.
 Block unwanted plugins - Open Internet explorerGo to Tools menu select Internet
optionsselect Advanced tab and scroll down to Multimedia. Uncheck “Play
animations” and “Play sounds” in webpages if they are checked.
 Set your browser to not set passwords - Open Internet explorerGo to Tools menu
select Internet optionsselect Content tab and click the AutoComplete Settings button
and uncheck the “user names and passwords on forms” box
 Handling cookies - Open Internet explorerGo to Tools menu select Internet
options select Privacy tab and click the “Advanced” button. Check the “Override”
box and the “Accept” button for First-party cookies and “Prompt” button for Third-party
cookies. The “Always allow…” button should not be checked. Click OK. When done,
click the Apply button.
Browser security is an important part in keeping your information safe.
• Your browser is the window to the internet and also the first line of defence
against malware threats. Some small tweaks to your browser security settings
are all that you need to make your time online that much safer.
Browser features and their security vulnerabilities
• Browsers use many tools for various tasks, such as Java, Flash Player, ActiveX,
etc. But these often come with security flaws, which cybercriminals exploit to
get access to your PC. A quick rundown of these tools will help you figure out
if you need them or not.
Deactivate ActiveX.

RP, Dept of CSE 7


Cyber Security – 20CS54I 2023-24

• A browser add-on that comes preinstalled on Internet Explorer or Microsoft


Edge and only works with these browsers. ActiveX acts as a middle man
between your PC and Java/Flash based interactions in certain sites.
• This creates security problems by giving malicious websites a window into
your PC. What’s more, ActiveX is rarely used nowadays, so be on your guard
if a site asks you to install it and accept the installation only if you are 150%
sure that site is trustworthy.
Try to disable JavaScript.
• JavaScript is a programming language used by websites to run various
programs and features. Sites such as YouTube or Google Docs need it to
function, but so do advertising, pop-up software and a whole host of other
spammy elements from the internet.
• Cybercriminals use JavaScript in malicious ways in order to infect your device
with malware and other harmful software. If you disable JavaScript altogether
you will get a much quicker and simplified browser experience, with little to no
ads, pop-ups, and greatly improved page load times and generally a cleaner
Internet experience at the cost of specialized tools such as Google Docs or
YouTube.
• This doesn’t need to be as drastic as it sounds, since browsers do allow you
to white list certainsites which can run JavaScript.
Delete Cookies.
• These are small data files stored on your browser. Websites use cookies in
order to remember youraccounts and passwords, browsing history and to track
user behaviour on their site. Because of the information they contain, cookies
are prime targets for cybercriminals, especially the ones that contain emails,
account names and passwords.
• When you disable and clear cookies you cut down on the personal data
cybercriminals can obtain. One thing you will want to keep in mind is that
there are two types of cookies: First party and third party cookies. First party
cookies are placed by the site you visit, for instance you get a first party cookie
by cnn.com while visiting cnn.com. Third party cookies are placed by other

RP, Dept of CSE 8


Cyber Security – 20CS54I 2023-24

sites, for example you get a cookie from amazon.com while visiting cnn.com.
• First party cookies are frequently used to remember your login information so
you don’t have to enter it every time you visit a site. But we can’t stress this
enough, don’t allow your browser to save passwords!
• Third party cookies are almost always placed on your computer by advertisers
or marketers interested in tracking your movement online, so nothing bad will
happen if you block them. Browser extensions and add-ons add extra
functionality to your browser such as ad blocking or search bars. However,
these add-ons pose a security risk, since they can open up windows into your
PC which can be exploited to inject malware.
Chrome hacks and tips for better security
• If you use Google Chrome and want to improve your browser security settings,
then go to browsersettings.
• At the Downloads section, press “Ask where to save each file before
downloading”. This way, you won’t have a web location try to automatically
save dangerous content to your computer. At the same time, this gives you the
option to place suspicious content in a safe location where you can analyze it
afterwards.

RP, Dept of CSE 9


Cyber Security – 20CS54I 2023-24

Next, go to the Autofill tab.


• By enabling “Offer to save passwords” browser will ask to save your
password before login andvice versa.
• By enabling “Auto Sign-in” browser will automatically sign in to
websites using storedcredentials.
• On clicking “Check passwords” will keep your passwords safe from data
breaches and othersecurity issues.
• We can “View and manage saved passwords of our Google Account”.
In privacy and security tab, we can observe for cookies, browsing data, security and
privacy.

RP, Dept of CSE 10


Cyber Security – 20CS54I 2023-24

4. Set up password protection.


Steps to set up Password protection
Step 1: Go to Start and open Control Panel.
Step 2: Select User Accounts > click Change Account Type.

Steps 3: Double click on User account > click on create password.


Step 4: Enter new password and confirm the password > click create password.

RP, Dept of CSE 11


Cyber Security – 20CS54I 2023-24

2) Install and setup Git. Perform the following operations.


a) creating a repository
b) making and recording changes
c) staging and committing changes
d) viewing the history of all the changes and undoing changes
e) cloning a repository

a) creating a repository
 Click on + icon, select New repository
Enter Repository name
Check add README file option
Click Create repository option

RP, Dept of CSE 12


Cyber Security – 20CS54I 2023-24

Create a local directory using the following command in command line:


$mkdir test
$ cd test
The next step is to initialize the directory:
$ git init
The above command will create a new subdirectory named. git that holds all necessary
repository files. The. git subdirectory can be understood as a Git repository skeleton.

RP, Dept of CSE 13


Cyber Security – 20CS54I 2023-24

Now Go to the folder where "test" is created and create a text document named "demo."
Open"demo" and put any content, like "Hello Cyber security specialist." Save and close the
file.
If we want to start version-controlling for existing files, we should track these files with
git add command, followed by a commit. We can list all the untracked files by git status
command.
Enter the Git bash interface and type in the following command to check the status:
$ git status
To share these files on the version control system, we have to track it with git add command
followed by a commit. To track the files, operate git add command as follows:
$ git add demo.txt
To commit a file (it’s like save file), perform the git commit command as follows:
$ git commit -m "first commit"

RP, Dept of CSE 14


Cyber Security – 20CS54I 2023-24

Pushing- From Local system to remote location (Git Hub)


Step 1: Before pushing local file to remote location or GitHub, we have to first add and
commit file.
Step 2: Link the Git to a Github account using following command.
$ git config --global user.username
Ex: $ git config --global user.kavigithub112
Where username is name of user account on GitHub.
Step 3: Now Copy repository link of final_repo which was created on GitHub. Go back to
Git bash and link the remote and local repository using the following command:
$ git remote add origin <link> or
$ git remote add origin https://github.com/kavigithub112/final_repo.git
Step 4: Push the local file onto the remote repository using the following command:
$ git push origin master
Step 5: Move back to Github and click on "final_repo" and check if the local file "demo.txt"
is pushed to this repository. We can find demo.txt file on branches option.

RP, Dept of CSE 15


Cyber Security – 20CS54I 2023-24

Make some changes to demo text file and save again to repository.
 Open demo text file and make some changes and save it.
 Open git bash and type following commands:

$ git status
$ git add demo.txt
$ git commit -m "second commit"
$ git push origin master

RP, Dept of CSE 16


Cyber Security – 20CS54I 2023-24

RP, Dept of CSE 17


Cyber Security – 20CS54I 2023-24

Cloning a repository
In Git, cloning is the act of making a copy of any target repository. The target repository can
be remote or local. You can clone your repository from the remote repository to create a
local copyon your system. Also, you can sync between the two locations.

Pulling- From remote location to local system


Suppose, you want to clone a repository from GitHub, or have an existing repository
owned byany other user you would like to contribute.
Steps to clone a repository are as follows:
Step 1: Open GitHub website and login with user account and navigate to the main page of

RP, Dept of CSE 18


Cyber Security – 20CS54I 2023-24

the repository.
Step 2: After logging into GitHub account, click on New button to create new repository.
Step 3: Now give any name for your repository such as Test_Demo. Choose repository as
public or private.

Then check Add a README file and click on create repository.

Step 4: Now you can add any files to main tab using add file option.
Step 5: Next click on code to copy link of Test_Demo repository-> select HTTPS and copy link

RP, Dept of CSE 19


Cyber Security – 20CS54I 2023-24

Step 6: Open Git Bash and use git clone command as follows.
$ git clone https://github.com/AnnappaSK/Test_Demo.git and press enter as shown
below figure.
Step 7: Now go to the test folder where you have downloaded repository called
final_demo from remote location.

RP, Dept of CSE 20


Cyber Security – 20CS54I 2023-24

RP, Dept of CSE 21


Cyber Security – 20CS54I 2023-24

3) Inspect and download digital certificates using a web browser and visiting popular
websites- Identify and write down the crypto algorithms in TLS.
What is a Digital Certificate?
 Digital certificates are electronic credentials that are used to assert the online identities
of individuals, computers, and other entities on a network. Digital certificates function
similarly to identification cards such as passports, Adhaar cards and drivers licenses.
 Most commonly they contain a public key and the identity of the owner. They are
issued by certification authorities (CAs) that must validate the identity of the
certificate-holder both before the certificate is issued and when the certificate is used.
 Common uses include business scenarios requiring authentication, encryption, and
digital signing.
Certificate Authority
 A Certificate Authority (CA) issues digital certificates that contain a public key and the
identity of the owner. The matching private key is not made available publicly, but kept
secret by the end user who generated the key pair. The certificate is also a confirmation
or validation by the CA that the public key contained in the certificate belongs to the
person, organization, server or other entity noted in thecertificate. CAs use a variety of
standards and tests to do so. In essence, the Certificate Authority is responsible for
saying "yes, this person is who they say they are, and we, the CA, verify that".
 If the user trusts the CA and can verify the CA's signature, then he can also verify
that a certain publickey does indeed belong to whoever is identified in the certificate.
Browsers maintain list of well known CAs root certificates. Aside from commercial
CAs, some providers issue digital certificates to the public at no cost. Large institutions
or government entities may have their own CAs.
Real Examples:
 Let us check a real certificate, its details and its chain. There are certificate viewer tools
that read those archaic encoding formats and show the certificates nicely! You can
actually check any https url in any browser to check a X.509 digital certificate. Here
we are going to check internet banking site of State Bank of India in Chrome.
 Go to https://www.onlinesbi.sbi/ and click on the padlock icon to view certificate as
shown below.

RP, Dept of CSE 22


Cyber Security – 20CS54I 2023-24

 Once you click on the certificate is valid link, Windows certificate viewer tool will
open and show the certificate owned by State Bank of India. This certificate, as you
can see in "Issued by" field is issued by DigiCert EV RSA CA G2.

 Now you can download/export certificate to know more details like


subject, SBI, and its detailDistinguished Name (DN).
 Open downloaded file and Click on details tab to explore version, serial number,

RP, Dept of CSE 23


Cyber Security – 20CS54I 2023-24

issuer, valid from,valid to, subject, public key and many more.

Identify and write down the crypto algorithms in TLS:


 Launch Chrome.
 Enter the URL you wish to check in the browser.
 Click on the ellipsis located on the top-right in the browser.
 Select More tools > Developer tools > Security
 Look for the line "Connection...". This will describe the version of TLS or SSL used.

RP, Dept of CSE 24


Cyber Security – 20CS54I 2023-24

RP, Dept of CSE 25


Cyber Security – 20CS54I 2023-24

4) Design a Simple Cryptosystem (Including Key Generation, Encryption, Decryption,


Digital Signature or Hash Function) Using any Tool
JCRYPT TOOL
 Jcrypt is a framework for developing cryptological and cryptographical programs.
 JCrypt is a free software
 JCrypt Tool enables students, teachers, developers, and anyone else interested in
cryptography to apply and analyze cryptographic algorithms.
Installation
1. The JCrypTool installation is very simple
2. Select any web browser ex : google browser.
3. In search type jcrypt tool free download from softpedia.
4. Download and extract the zip file.
5. Launch the main program and get started.
6. Admin rights are not required.
Cryptography is the study of secure communications techniques that allow only the
sender and intended receiver of a message to view its contents.

Types Of Cryptography
1. Symmetric Cryptography
2. Asymmetric Cryptography
3. Digital Signature
4. Hash Function

Symmetric Cryptography: also known as secret key


cryptography Encrypting and decrypting a message
using single key The single key is known as secret key
Ex: AES- Advanced Encryption
Standard, RC4- Rivest Cipher 4
DES- Data Encryption Standard ETC

Steps: For Encryption (Plaintext Is Converted Into Ciphertext)

RP, Dept of CSE 26


Cyber Security – 20CS54I 2023-24

1. Go To File
2. Select New Empty Text Editor File
3. Save The File
4. Open A Saved File Type A Message You Want To Send
5. Go To Algorithm -> Select Symmetric Algorithm ->Select Aes
6. In Dialog Box Select Encrypt Option
7. Click On Key Generation
8. Generate A Secret Key
9. Finish

Steps: For Decryption (Ciphertext Is Converted Into Plaintext)


1. Go To File
2. Select Encrypted File
3. Go To Algorithm -> Select Symmetric Algorithm ->Select Aes
4. In Dialog Box Select Decrypt Option
5. Enter Secet Key
6. Finish

Asymmetric Algorithm Also Known As Public Key


Cryptography Encrypting and decrypting a message
using double key. The two keys are Private and public
key.
Example: RSA - Rivest, Shamir, Adleman, DSS - Digital Signature Standard etc

Steps: For Encryption (Plaintext Is Converted Into Ciphertext)


1. Go To File
2. Select New Empty Text Editor File
3. Save The File
4. Open A Saved File Type A Message You Want To Send
5. Go To Algorithm -> Select Asymmetric Algorithm ->Select Rsa
6. In Dialog Box Select Encrypt Option

RP, Dept of CSE 27


Cyber Security – 20CS54I 2023-24
7. Click On Key Generation

RP, Dept of CSE 28


Cyber Security – 20CS54I 2023-24

8. Generate A Private Key


9. Finish
Steps: For Decryption (Ciphertext Is Converted Into Plaintext)
1. Go To File
2. Select Encrypted File
3. Go To Algorithm -> Select Asymmetric Algorithm ->Select Rsa
4. In Dialog Box Select Decrypt Option
5. Enter Private Key
6. Finish

DIGITAL SIGNATURE
A digital signature is a cryptographic output used to verify the authenticity of data.
Digital signature algorithm consists of two operations: SIGN and VERIFY
OPERATION.
Steps: Signing Of Data
1. Go To File – Select A New File Text Editor
2. Type A Message
3. Go To Algorithm
4. Select Signature - > Select Dsa
5. Select Sign -> Choose Path To Save A Cryptograpghic Value
6. Finish
Steps: Verifying The Data
1. Go To File – Select A New File Text Editor
2. Type A Message
3. Go To Algorithm
4. Select Signature - > Select Dsa
5. Select Verify -> Open The Saved Path
6. Finish

Result: Valid Means Authenticated


Invalid Means Unauthenticated Wrong Sender

RP, Dept of CSE 29


Cyber Security – 20CS54I 2023-24

Hash Function
A cryptographic hash function is a mathematical function used in
cryptography. It is one way function.
It’s also a process that takes plaintext data of any size and converts it into a unique
cipher text of a specific length.
Steps For Hash Function
1. Go To File – Select A New File Text Editor
2. Type A Message
3. Go To Algorithm
4. Go To Hash->Select
Md5 Finish

RP, Dept of CSE 30


Cyber Security – 20CS54I 2023-24

5) Attacks and vulnerabilities: Injection attacks : SQL, HTTP header, OS command


OS Command Injection:
Step 1: Download the burp suite app from the chrome
Step 2: Open the burp suite app > click next > start burp > go to proxy > click on open browser
Step 3: Then the burp suite browser will open, minimize that
Step 4: Go to normal chrome, search “/all labs”
Step 5: Select OS Command Injection and it will ask for port swigger login

Step 6: Create an account on port swigger and login to that


Step 7: Then click on Access lab and copy the path
Step 8: Come to burp suite browser, paste that path > select one > click on view details

RP, Dept of CSE 31


Cyber Security – 20CS54I 2023-24

Step 9: Click on check stock and then come to the burp suite > turn on the intercept > it will
show some codes which is shown in the below

Step 10: In the 20th line go to the end and give one space and type “|ls” and then click forward

RP, Dept of CSE 32


Cyber Security – 20CS54I 2023-24

Step 11: Go to burp suite browser again click on check stock , it will show the result like below

HTTP Header Injection:


Step 1: Download the burp suite app from the chrome
Step 2: Open the burp suite app > click next > start burp > go to proxy > click on open browser
Step 3: Then the burp suite browser will be open , minimize that
Step 4: Go to normal chrome, search “/alllabs”
Step 5: Select XML external entity (XXE) Injection and it will ask for port swigger login

RP, Dept of CSE 33


Cyber Security – 20CS54I 2023-24

Step 6: Create an account on port swigger and login to that


Step 7: Then click on Access lab and copy the path
Step 8: Come to burp suite browser,> paste that path > select one > click on view details

Step 9: Click on check stock and then come to the burp suite > turn on the intercept > it will
show some codes which is shown in the below picture

Step 10: In the 21st line add these below code


 <!DOCTYPE test [ <!ENTITY xxe SYSTEM "file:///etc/passwd"> ]>

RP, Dept of CSE 34


Cyber Security – 20CS54I 2023-24

 And in the product id , remove that number and add the below command
 &xxe;
 Right click > click on send to Repeater

Step 10: Go to Repeater > click on send > it will show the response

RP, Dept of CSE 35


Cyber Security – 20CS54I 2023-24

Step 11: In the 21st line you can remove the psswd and type “group” or admin and then click
send, it will show the response

SQL Injection :
Step 1: Go to chrome > search “BWAPP LOGIN”
Step 2: Click on new user > create an account > and then login to that

RP, Dept of CSE 36


Cyber Security – 20CS54I 2023-24

Step 3: In the top right corner > Select SQL Injection > set security level to high > click on
Hack

Step 4: Search for a movie > search one movie name

RP, Dept of CSE 37


Cyber Security – 20CS54I 2023-24

Step 5: Open the burp suite > go to proxy > click on options
Step 6: Note down the number [127.0.0.1:8080]

Step 7: Go to setting > search proxy settings > turn on manual proxy setup > enter the proxy IP
address and port number which is note downed from the burp suite > click on save

RP, Dept of CSE 38


Cyber Security – 20CS54I 2023-24

Step 8: Now go to chrome, search something, it will not load

Step 9: Go to settings > proxy settings > turn off the manual proxy setup
Step 10: Now go to chrome > reload that > now it will work

RP, Dept of CSE 39


Cyber Security – 20CS54I 2023-24

RP, Dept of CSE 40


Cyber Security – 20CS54I 2023-24

6)Process observation and analysis with Process Hacker


Process Hacker
Process Hacker is an open-source tool that will allow you to see what processes are running
on a device, identify programs that are eating up CPU resources and identify network
connections that are associated with a process. These types of features make Process Hacker
an ideal tool for monitoring malware on a device.
Step 1 – Go To Chrome And Download Process Hacker Tool

Step 2 – Open The Application

RP, Dept of CSE 41


Cyber Security – 20CS54I 2023-24

Below is the default display shown for Process Hacker when it is launched on a device:

RP, Dept of CSE 42


Cyber Security – 20CS54I 2023-24

The first tab named ‘Processes’ gives an overview of what processes are running on the device
which contains the following information:
 Name of the running process
 The PID is the process ID, this is a unique number assigned to the process
 The CPU tab displays the amount of CPU being consumed by the process
 The I/O total output tab
 The Private bytes tab
 The User name tab displays which account was used to launch the process
 The Description tab displays information relating to what the process is
The ‘Processes’ tab also colour codes the listed processes. By navigating to ‘Hacker’ and then
‘Options’ menu you can identify what each colour represents in Process Hacker.

This then opens the ‘Options’ menu.

RP, Dept of CSE 43


Cyber Security – 20CS54I 2023-24

Select the ‘Highlighting’ tab to view what each color represents:

RP, Dept of CSE 44


Cyber Security – 20CS54I 2023-24

I won’t cover what each colour represents but this is useful to quickly identify what processes
are expected system processes compared to say a packed process.
The image below displays the services identified by Process Hacker, services run in the
background and don’t interact with the desktop.

RP, Dept of CSE 45


Cyber Security – 20CS54I 2023-24

The ‘Services’ tab displays the following information:


 Name of identified service
 Display name of service
 Type of service identified i.e. Driver
 Status of service i.e. Running
 Start type i.e. Boot start
 Process identifier of service if available
The ‘Network’ tab is useful for malware analysis as malware will often try to call home to the
bad guy’s command and control (c2) infrastructure.

RP, Dept of CSE 46


Cyber Security – 20CS54I 2023-24

The ‘Network’ tab displays the following information:


 Process name and PID
 Local address
 Local port used by the process
 Remote address the process is connecting to
 Remote port of network connection
 Protocol used by the process
 State of identified network connection
 Owner
The ‘Disk’ tab displays information relating to files on the device hard drive which are being
used:

RP, Dept of CSE 47


Cyber Security – 20CS54I 2023-24

The ‘Disk’ tab displays the following information:


 Process name and PID
 File location on disk
 Read rate average in real-time of the hard drive
 Write rate average in real-time of the hard drive
 Total rate average of read and write output
 I/O priority
 Response time

RP, Dept of CSE 48


Cyber Security – 20CS54I 2023-24

7) NTFS file system practical using NTFS Permissions Reporter


 NTFS Permissions reporting is good ways of auditing the level of access that user
have on filesand folders so that maintaining NTFS folder security is enhanced.
 Managing folders is a difficult task since it requires constant monitoring of the
NTFS permissions to avoid unauthorized access. However, if you have a good tool,
you can convenientlypresent easy-to-read reports listing the permissions granted to a
user or a group of users.
TOOL: NTFS PERMISSIONS REPORTER
 The NTFS Permissions Reporter by is an excellent tool that allows you to export file
and folder permissions for further reviewing.
 Once installed, you can right click on any folder in your Windows Explorer and
select the “Analyze with Permissions Reporter” option. Thereafter, you’ll be directed
to the tool’s main page for you to see the various permissions associated with the
folder.

Colorized report results—After selecting the folder you want to view its NTFS

RP, Dept of CSE 49


Cyber Security – 20CS54I 2023-24

permissions byclicking “Run Project from File menu”, you’ll be presented with a report of
the permissions in various colors, allowing you to make a proper analysis. For example,
Full Control permission is colored in red while Read and Execute permission is colored in
green.

Varied reporting formats—depending on your preferences, you can choose either


the Folder View orthe Table View report format on View option.

RP, Dept of CSE 50


Cyber Security – 20CS54I 2023-24

 Share Permissions: The tool has option that allows you to view share permissions.

RP, Dept of CSE 51


Cyber Security – 20CS54I 2023-24

 The NTFS Permissions Reporter exports the folder permissions reports as HTML
files. Just clickthe “Export Report” button to export the results.

RP, Dept of CSE 52


Cyber Security – 20CS54I 2023-24

8) PowerShell scripting and automation techniques


POWERSHELL AUTOMATION
Automation with PowerShell is executing your commands via a script; those commands you
type every day in PowerShell to do something. You can also use your PowerShell scripts and
run them with Task Scheduler at desired times of the day.
POWERSHELL TO AUTOMATE SCA AND SAST TOOLS
PREREQUISITES: OWASP DEPENDENCY-TOOL (SCA TOOL), VISUAL CODE
GREPPER TOOL (SAST TOOL), JAVA, NX PARSER , JAVA FILE

Step 1 – Prepare A Script To Perform The Scans


#Sample Automation script
$OWASPD_path = "C:\dependency-check\bin”
$VGC_Path = "C:\Program Files (x86)\VisualCodeGrepper"
Write-Host " "
Write-Host " "
Write-Host "=============================================="
Write-Host "PowerShell to Automate the SCA and SAST Scans"
Write-Host "=============================================="
Write-Host " "
Write-Host ""
Write-Host "SCA Scan : OWASP Dependency
Checker" Write-Host " "
$dependency_path = Read-Host "Please enter the path for Dependency checker with pattern"
Write-Host "Your Dependency path:"
Write-Host $dependency_path
Set-Location -Path $OWASPD_path
Write-Host "The current working
directory" pwd
dependency-check.bat --scan $dependency_path #C:\Users\Administrator\
Downloads\Demo\nxparser-master\nxparser-master\**\*.jar Write-Host " "

RP, Dept of CSE 53


Cyber Security – 20CS54I 2023-24

Write-Host "SAST Scan: Visual Code Grepper


" Write-Host " "
$VGC_code_path = Read-Host "Please enter the directory path for the Visual Code Grepper"
$VGC_l = Read-Host "Please enter the programming langauge [Enter any one from the list:
CPP, PLSQL, JAVA, CS, VB, PHP, COBOL"
Write-Host "Your Scanning
folder" Write-Host
$VGC_code_path
Write-Host "Current Working directory"
Set-Location -Path $VGC_Path
pwd
./Visualcodegrepper.exe -c -l $VGC_l -t $VGC_code_path --results
C:\Users\Administrator\Downloads\Demo\dvja-master\result.csv
Write-Host " "
Write-Host " "
Write-Host "End of Sample Automation
script" NOTE-CHANGES TO BE MADE
 DEPENDENCY-CHECK PATH
 VISUAL CODE GREPPER PATH
 RESULT TO BE SAVED PATH
After changing the script save it as extention.ps1

STEP 2 –OPEN POWERSHELL and RUN IT AS ADMINISTRATOR

RP, Dept of CSE 54


Cyber Security – 20CS54I 2023-24

Perform following commands


Cd C:\Users\USER\Documents\KAVI (path where you have saved your script)
we must enable the execution policy like below command. Please disable it post your lab, as
its vulnerable to keep this kind of policies.
Set-ExecutionPolicy unrestricted (command to enable execution policy)

RP, Dept of CSE 55


Cyber Security – 20CS54I 2023-24

STEP 3 -Now,execute the following command to start the scan


./SCA_SAST_Automation.ps1 (script title)

STEP 4 – Now dependency-scan will take place,we must give the path where the nx parser
master is located.
\nxparser-master\**\*.jar (to run dependency scan)

After SCA scanning,

RP, Dept of CSE 56


Cyber Security – 20CS54I 2023-24

Now For Sast Scan,Copy The Path Where Your Source Code Is Located And Paste It In
Powershell.
C:\Users\USER\Downloads\onlinebookstore-master
And Specify The Code Language-JAVA (In This Context) You Can Also Select Php,Cs,Etc.

The result of sast scan will be located at the place where we have specified in the script.

RP, Dept of CSE 57


Cyber Security – 20CS54I 2023-24

SAST report .

Dependency-check report (it will be saved in dependency-check\bin).

RP, Dept of CSE 58


Cyber Security – 20CS54I 2023-24

9) Using the Microsoft Threat Modeling methodology, execute a threat model for a given
application architecture using Microsoft threat modeling tool.
Threat Modelling:
Threat modeling works to identify, communicate, and understand threats and mitigations within
the context of protecting something of value. A threat model is a structured representation of all
the information that affects the security of an application. In essence, it is a view of the
application and its environment through the lens of security. Threat modeling can be applied to
a wide range of things, including software, applications, systems, networks, distributed systems,
Internet of Things (IoT) devices, and business processes.

STEPS TO PERFORM THREAT MODELLING


STEP 1 – Go to chrome and download microsoft threat modelling tool 2016.

STEP 2 – Download all the 3 files.

RP, Dept of CSE 59


Cyber Security – 20CS54I 2023-24

STEP 3 – After installing, open the application and select creat a model option.

STEP 4 – Create the diagram using the below mentioned stencils.

RP, Dept of CSE 60


Cyber Security – 20CS54I 2023-24

RP, Dept of CSE 60 S


Cyber Security – 20CS54I 2023-24

STEP 5 – Create the model as you require

STEP 6 – Go to view>analysis view

STEP 6 – Next generate a report, click on report > create full report.

RP, Dept of CSE 61


Cyber Security – 20CS54I 2023-24

Step 7 – Click on generate report.

The report will be generated.

RP, Dept of CSE 62


Cyber Security – 20CS54I 2023-24

RP, Dept of CSE 63


Cyber Security – 20CS54I 2023-24

10) Demonstrate a tool like OWASP Dependency Check.


OWASP Dependency-Check
Dependency-Check is a Software Composition Analysis (SCA) tool that attempts to detect
publicly disclosed vulnerabilities contained within a project’s dependencies. It does this by
determining if there is a Common Platform Enumeration (CPE) identifier for a given
dependency. If found it will generate a report linking to the associated CVE entries.
PREREQUISITES – Java version 7+.
Step 1 – Go to chrome and search for OWASP DEPENDENCY CHECK TOOL.

Step 2 – In the downloads section, select COMMAND LINE option.

RP, Dept of CSE 64


Cyber Security – 20CS54I 2023-24

Step 3 – Dependency-check tool will be downloaded in the ZAR format, extract that.

Step 4 – After extracting, place the folder in Local Disk C.


Step 5 – Open command prompt, and execute following commands

RP, Dept of CSE 65


Cyber Security – 20CS54I 2023-24

 Cd/.. (to go back to local disk c).


 Cd dependency-check (change directory to dependency check).
 Cd bin (inside dependency check, change to bin).

To check the installation of tool – dependency-check.bat –h


Step6 – DOWNLOAD NX-parser to scan the dependency.

RP, Dept of CSE 66


Cyber Security – 20CS54I 2023-24

After downloading nx parser, extract that and paste it to local disk C.


Step7 – run the following command to perform dependency scan
 Dependency-check.bat --scan \nx parser-master\**\*.jar

RP, Dept of CSE 67


Cyber Security – 20CS54I 2023-24

Step 8 – After performing scan , the report will be generated and stored in dependency-check
folder automatically.

You can view the report here.

RP, Dept of CSE 68


Cyber Security – 20CS54I 2023-24

file:///C:/dependency-check/bin/dependency-check-report.html

RP, Dept of CSE 69


Cyber Security – 20CS54I 2023-24

RP, Dept of CSE 70


Cyber Security – 20CS54I 2023-24

RP, Dept of CSE 71


Cyber Security – 20CS54I 2023-24

11) Change Management during pre-commit in repositories


Pre-commit:
Step 1: Install python and GO as required for this setting from the below links.
https://www.python.org/downloads/ - Python
https://go.dev/doc/install - Go
Step 2: Go to Command prompt, run the below command
 pip install pre-commit
Step 3: now do the push operations
 cd desktop
 mkdir cyber
 cd cyber
 git init
 now create one text document as demo or anything else in the folder which we created.
 Then come to cmd , run the below command
 git status -> it will show the newly added file

 git add demo.txt


 git commit -m “first commit”
 git config –global user.moulyanm

RP, Dept of CSE 72


Cyber Security – 20CS54I 2023-24

 create new repository at git hub and copy the code

 git remote add origin https://github.com/moulyanm/cyberr.git [pastecode]


 git push origin master

 now install the pre-commit by giving the below command


 pre-commit install
 Go to chrome > search git leaks > scroll down > copy the 3 lines of pre-commit code

RP, Dept of CSE 73


Cyber Security – 20CS54I 2023-24

.pre-commit-config.yaml
repos:
- repo: https://github.com/zricethezav/gitleaks
rev: v8.12.0
hooks:
- id: gitleaks

 Create a new text document in the folder which we created and then paste that code and
save it as “. pre-commit-config.yaml”
 Then go cmd, run the below command

 git add.
 git commit -m “test”

 now it will show passed because there is no barcode in the folder

 now you can add any barcode to your folder to check and then go to cmd add and
commit, it will show failed

RP, Dept of CSE 74


Cyber Security – 20CS54I 2023-24

RP, Dept of CSE 75


Cyber Security – 20CS54I 2023-24

12) Conduct Penetration testing on any web site/web application and report the
vulnerabilities. Explain Dynamic Analysis using an example – owasp zap.
DAST TOOL
Dynamic Application Security Testing (DAST) is the process of analyzing a web
application through the front-end to find vulnerabilities through simulated attacks. This
type of approach evaluates the application from the “outside in” by attacking an application
like a malicious user would. After a DAST scanner performs these attacks, it looks for
results that are not part of the expected result set and identifies security vulnerabilities.
AUTOMATED SCAN
 STEP 1 – Go to Chrome > Dowload Owasp Zap.
 https://www.zaproxy.org/download/ (LINK TO DOWLOAD OWASP ZAP).

 After download complete the installation.


 STEP 2 – Open owasp zap tool.

RP, Dept of CSE 76


Cyber Security – 20CS54I 2023-24

 STEP 3 – Select 3rd option and click start.

 STEP 4 - Click on Automation Scan.

RP, Dept of CSE 77


Cyber Security – 20CS54I 2023-24

 STEP 5 - Select the url (http://testdemo.com).

 STEP 6 – Select chrome.

RP, Dept of CSE 78


Cyber Security – 20CS54I 2023-24

 STEP 7 – Click on attack.

 The result is in process.

RP, Dept of CSE 79


Cyber Security – 20CS54I 2023-24

 STEP 8 - Select report > click on generate report.

 STEP 9 - Report will be generated.

RP, Dept of CSE 80


Cyber Security – 20CS54I 2023-24

 ZAP Scanning Report

RP, Dept of CSE 81


Cyber Security – 20CS54I 2023-24

13) Conduct Penetration testing on any web site/web application and report the
vulnerabilities. Exploring the application manually and Explore pages protected by login

DAST TOOL
MANUAL EXPLORE
 STEP 1 – Open owasp zap.

 STEP 2 – Click on start.

RP, Dept of CSE 82


Cyber Security – 20CS54I 2023-24

 STEP 3 – Select manual explore

 STEP 4 –Enter the url you need to scan (https://demo.testfire.net)

RP, Dept of CSE 83


Cyber Security – 20CS54I 2023-24

 STEP 5 – Select chrome > click on launch browser.

 STEP 6 - The url will be displayed through the chrome you have launched.

RP, Dept of CSE 84


Cyber Security – 20CS54I 2023-24

 STEP 7 – Click on sign in.


 Perform the following operations (sql injection)
 Username - ‘ or 1=1--+
 Password = (give anything)
 Click on log in

RP, Dept of CSE 85


Cyber Security – 20CS54I 2023-24

 After log in, the page will be displayed

 STEP 8 – Visit the few pages

RP, Dept of CSE 86


Cyber Security – 20CS54I 2023-24

 STEP 9 - The sites you have visited will be displayed in the left side

 STEP 10 – Select report > click on generate report.

RP, Dept of CSE 87


Cyber Security – 20CS54I 2023-24

 STEP 11 – In the report we can view the sites we have visited, and the vulnerabilities
the site possess.

RP, Dept of CSE 88


Cyber Security – 20CS54I 2023-24

14) Create a cloud account & Setup 2Factor Authentication on account


Account Pre requisites
AWS cloud account
Google Authenticator App

Step 1: Go to browser search for Amazon AWS

Step 2: Click on the first link displayed On the Screen

RP, Dept of CSE 89


Cyber Security – 20CS54I 2023-24

Step 3: Go to Sign in console


Select IAM user
Enter 12 digits account
ID Click on next

RP, Dept of CSE 90


Cyber Security – 20CS54I 2023-24

Step 4: Enter username and


Password Click on sign in

Step 5: After successful login, in search bar search for IAM and click on it

RP, Dept of CSE 91


Cyber Security – 20CS54I 2023-24

Step 6: Click on Add MFA for yourself

Step 7: Scroll Down and click on Assign MFA device

RP, Dept of CSE 92


Cyber Security – 20CS54I 2023-24

Step 8: Select Virtual MFA Device


: Give a Name and Click on Continue

Step 9: Scan the Displayed QR Code on Google Authenticator App


: Enter two MFA codes it generates
: click on Assign MFA

RP, Dept of CSE 93


Cyber Security – 20CS54I 2023-24

Step 10: Sign out from Account


: sign in again it will ask for for MFA Code

RP, Dept of CSE 94


Cyber Security – 20CS54I 2023-24
bu

15) Setup Burp Suite on local machine and observe traffic of 1 website.
Intercept HTTP traffic with Burp Proxy
• Intercepting a request
Burp Proxy lets you intercept HTTP requests and responses sent between Burp's browser and the
target server. This enables you to study how the website behaves when you perform different
actions.
Step 1: Launch Burp's browser
Go to the Proxy > Intercept tab.
Click the Intercept is off button, so it toggles to Intercept is on.

Click Open Browser. This launches Burp's browser, which is preconfigured to work with Burp
right out of the box. Position the windows so that you can see both Burp and Burp's browser.
Step 2: Intercept a request
Using Burp's browser, try to visit https://portswigger.net and observe that the site doesn't load.
Burp Proxy has intercepted the HTTP request that was issued by the browser before it could
reach the server. You can see this intercepted request on the Proxy > Intercept tab.

RP, Dept of CSE 95


Cyber Security – 20CS54I 2023-24

The request is held here so that you can study it, and even modify it, before forwarding it to the
target server.
Step 3: Forward the request
Click the Forward button several times to send the intercepted request, and any subsequent ones,
until the page loads in Burp's browser.
Step 4: Switch off interception
Due to the number of requests browsers typically send, you often won't want to intercept every
single one of them. Click the Intercept is on button so that it now says Intercept is off.

RP, Dept of CSE 96


Cyber Security – 20CS54I 2023-24

Go back to the browser and confirm that you can now interact with the site as normal.
Step 5: View the HTTP history
In Burp, go to the Proxy > HTTP history tab. Here, you can see the history of all HTTP traffic
that has passed through Burp Proxy, even while interception was switched off.
Click on any entry in the history to view the raw HTTP request, along with the corresponding
response from the server.

RP, Dept of CSE 97


Cyber Security – 20CS54I 2023-24

This lets you explore the website as normal and study the interactions between Burp's browser
and the server afterward, which is more convenient in many cases.

RP, Dept of CSE 98


Cyber Security – 20CS54I 2023-24

16) Setting up the environment:


• Installing Android Studio and Creating Android Virtual Devices
• Using Android Debug Bridge (ADB) to interact with the Android Virtual Devices (AVD)
• Transferring files between Host machine and AVD using
ADB Installing Android Studio
Go to chrome search for android studio for windows

Create Android Virtual Devices


Go to Android Studio
Select tool and click on Device manager

RP, Dept of CSE 99


Cyber Security – 20CS54I 2023-24

Select virtual
Click on create virtual device
Select a device
Select specification and finish it.

Setup a ADB environment on host system


Go to chrome
Search for ADB Platform tools
 Extract files
copy the platform tools path

RP, Dept of CSE 100


Cyber Security – 20CS54I 2023-24

Edit Environmental Variables for your system


Select environmental variables
Select System variable and Path
Click on new

RP, Dept of CSE 101


Cyber Security – 20CS54I 2023-24

Paste the path click on ok

Transferring Files between host Machine and AVD using ADB


Open Virtual Device
Turn on developer option by clicking 7 times on Build number

RP, Dept of CSE 102


Cyber Security – 20CS54I 2023-24

Turn on USB Debugging

Go to Command Prompt


Type the below Commands
$adb (to confirm the adb installed successful on your system
$adb devices
$adb shell
$ls
$cd sdcard
$touch cyber.txt
Check the created file in Virtual Device
Go to file manager
Select emulator path on left side options

RP, Dept of CSE 103


Cyber Security – 20CS54I 2023-24

Transferring Files between host machine and AVD using ADB isSuccessful

RP, Dept of CSE 104


Cyber Security – 20CS54I 2023-24

17) Setup the following tools onto your machine and reverse the application.
– Apktool
– Dex2Jar
– JDGUI
Reverse engineering
STEP 01 :- Install the dex2.jar, ju-gui and apktool. Links are below :
https://www.filecroco.com/download-jd-gui/download/ : ju-gui
https://sourceforge.net/projects/dex2jar/ :dex2.jar
https://ibotpeaches.github.io/Apktool/ :apktool

STEP 02 :- Now go to This PC


STEP 03 :- Click on DOWNLOAD

STEP 04 :- Now extract the APTTOOL to C:/ DRIVE


STEP 05 :- Go to *C:/ DRIVE * And copy the apktool

RP, Dept of CSE 105


Cyber Security – 20CS54I 2023-24

STEP 06 :- Then go to DESKTOP And create a NEW FOLDER Name as reverse engineer
and In inside paste the copied APKTOOL and SAVE

RP, Dept of CSE 106


Cyber Security – 20CS54I 2023-24

STEP 07 : Then go to DOWNLOADS


STEP 08 :- Click on JD-GUI TOOL

STEP 09 :- Now Select the JD-GUI APPLICATION AND CLICK ON IT

RP, Dept of CSE 107


Cyber Security – 20CS54I 2023-24

STEP 10 :- Now Select the JD-GUI.exc and click on it

STEP 10 :- Now Create a NEW FILE. Click on OPEN FILE

RP, Dept of CSE 108


Cyber Security – 20CS54I 2023-24

STEP 11 :- Now Select the DESKTOP then Select your FOLDER Reverse engineer

STEP 12 :- Now inside the Reverse engineer file Select the APKTOOL and CLICK ON IT

RP, Dept of CSE 109


Cyber Security – 20CS54I 2023-24

STEP 13 :- After SELECT the APKTOOL.2.1.0.jar wiil be OPENED like this

STEP 14 :- Now select the ORG and click on the RUNTIME in APKTOOL.2.1.0.jar now the
java source code programs will be generated automatically.

RP, Dept of CSE 110


Cyber Security – 20CS54I 2023-24

RP, Dept of CSE 111

You might also like