VISVESVARAYA TECHNOLOGICAL UNIVERSITY

Gnana Sangama, Belgaum – 560109, Karnataka

A
INTERNSHIP REPORT ON
“Cyber Security and Ethical Hacking”
By
G S SURABHI : 1KS17EC040

Submitted in partial fulfillment for the award of

BACHELOR OF ENGINEERING
IN
ELECTRONICS AND COMMUNICATION ENGINEERING

Carried out at
Knowledge Solutions India

Under the guidance of

Internal Guide External Guide

Mrs. Pooja Mr. Rajkumar Bhunia
Assistant Professor Knowledge Solutions India
Department of ECE, KSIT

K. S. INSTITUTE OF TECHNOLOGY
#14, Raghuvanahalli, Kanakapura main road,
Bangalore – 560109
2020-2021
 K. S. INSTITUTE OF TECHNOLOGY
#14, Raghuvanahalli, Kanakapura Main road,
Bangalore – 560062

Department of Electronics and Communication Engineering

Certificate

This is to certify that the Internship work entitled

“Cyber Security and Ethical Hacking”

Carried out by

G S SURABHI: 1KS17EC040

is a bonafide work done at Knowledge Solutions India in partial fulfillment for the award of
Bachelor of Engineering Degree in Electronics and Communication from Visvesvaraya
Technological University, Belgaum during the year 2020-2021. It is certified that all
corrections and suggestions indicated during internal assessment have been incorporated in the
report deposited in the department library. The Internship report has been approved as it
satisfies the academic requirements in respect of Work prescribed for Bachelor of
Engineering Degree.

Signature of Guide Signature of HOD Signature of Principal

EXTERNAL VIVA:

Name of Examiners Signature with Date

1.

2.
 ACKNOWLEDGEMENT

Any internship requires guidance, hard work and co-ordinators help. It gives great
pleasure to acknowledge with thanks to the assistance and contribution of many
individual who had been actively involved at stages of this internship.

I feel immense pleasure to express my deep and profound gratitude to our

principal Dr. Dileep Kumar K for creating an excellent and technically sound
academic environment in our institute.

I am thankful to our Head of the Department Prof Dr. P. N. Sudha, B.E, M.Tech,
Ph.D, Department of Electronics and Communication Engineering for providing
all guidance, which were vital for this internship.

I am thankful to our internship coordinators Mr. Santhosh Kumar, Assistant

Professor, Mr. Praveen A, Assistant Professor, Electronics and Communication
Department, KSIT, for their cooperation and help throughout.

G S SURABHI
 ABSTRACT
The objective of this briefing is to present an overview of cyber security and ethical hacking
techniques. Cyber security is the practice of defending computers, servers, mobile devices,
electronic systems, networks, and data from malicious attacks. It's also known as information
technology security or electronic information security. The term applies in a variety of
contexts, from business to mobile computing, and can be divided into a few common
categories.Ethical hacking is a process of detecting vulnerabilities in an application, system,
or organization’s infrastructure that an attacker can use to exploit an individual or
organization. They use this process to prevent cyberattacks and security breaches by lawfully
hacking into the systems and looking for weak points.

The evolution of cyber security and some of history’s most notable cyber-attacks. Changes in
cyber security have rapidly advanced. The Morris Worm in 1988 crashed about 10% of the
70,000 internet-connected computers and cost $96 million worth of damage.

With the continued evolution of cyber security, there were viruses that took down major
systems such as the Melissa Virus. Then cyber threats moved on to credit cards and
infiltrating personal information causing great concern for identity theft. As advances in
cyber security protection improved so did advances in cyber-attacks as evidenced by the 2013
Target and 2014 SONY data breaches.
 TABLE OF CONTENTS

Sl. No. Chapter Page No.

1 About the Company 1

2 Introduction 2
3 Task Performed 4
4 Project Implementation and it’s features 15
5 Reflection notes 24
6 Conclusion 26
7 References 27
 LIST OF FIGURES

Figure No. Description Page No.

1.1 Company logo 1

3.1.1 Some of the important directories 9
3.1.2 robots.txt result 9
3.1.3 Shows several username and passwords 10
3.1.4 Shows several username and passwords database 10
4.2.1 Sandbox 18

4.2.2 Working of sandboxie 19

4.2.3 Virus creation 20
4.2.4 Virus total 20
4.2.5 Malware detection in virus total 21
4.2.6 Encrypting the malware file 21
4.2.7 File upload in virus total 22
4.2.8 Anti-malware software’s 22
4.2.9 Remote access of windows system 23
Cyber Security and Ethical Hacking

CHAPTER 1
ABOUT THE COMPANY
1.1 Brief History
Knowledge Solution India is a certification and training company. Being Microsoft
Authorized Education Partners as well as Certiport CATC they offer International
Certifications by Microsoft, Apple, Adobe, EC Council, Autodesk, Quick books etc. and
work closely with Universities and Colleges across the country. KSI has a well-qualified
team of subject matter experts. These professionals have an abundance of experience in
their subjective fields and are also certified themselves. They are passionate about the
subjects they teach and bring this enthusiasm into their webinars and courses. They trained
for information gathering, vulnerability assessment, recognizance, digital forensics, use of
various tools, malware; they have the best technical training delivered across the country.
All their courses start from scratch assuming no prerequisite and their team puts full efforts
to ensure that a candidate completed the program only after acquiring relevant skills.

Figure 1.1: company logo

1.2 Contact Details Address:

Ghanshyam Park, Dhole Patil Road, Pune, Maharashtra - 411001 Phone numbers: +91 -
9910732501, +91 – 9818864887

Department of ECE, KSIT, 2020-2021 Page 1

Cyber Security and Ethical Hacking

CHAPTER 2
ABOUT THE DEPARTMENT
2.1 Introduction
The workshop introduces students to cyber security and ethical hacking. They trained for
information gathering, vulnerability assessment, recognizance, digital forensics, use of
various tools, malware. They are passionate about the subjects they teach and bring this
enthusiasm into their webinars and courses. These professionals have an abundance of
experience in their subjective fields and are also certified themselves.

2.1.1 Chronicle:

The evolution of cyber security and some of history’s most notable cyber-attacks. Changes
in cyber security have rapidly advanced. The Morris Worm in 1988 crashed about 10% of
the 70,000 internet-connected computers and cost $96 million worth of damage.

With the continued evolution of cyber security, there were viruses that took down major
systems such as the Melissa Virus. Then cyber threats moved on to credit cards and
infiltrating personal information causing great concern for identity theft. As advanc es in
cyber security protection improved so did advances in cyber-attacks as evidenced by the 2013
Target and 2014 SONY data breaches.

2.1.2 Definition of Cyber Security and Ethical Hacking:

Cyber security is the practice of defending computers, servers, mobile devices, electronic
systems, networks, and data from malicious attacks. It's also known as information
technology security or electronic information security. The term applies in a variety of
contexts, from business to mobile computing, and can be divided into a few common
categories.

Ethical hacking is a process of detecting vulnerabilities in an application, system, or

organization’s infrastructure that an attacker can use to exploit an individual or organization.
They use this process to prevent cyberattacks and security breaches by lawfully hacking into
the systems and looking for weak points.

2.1.3 Features of Cyber Security:

It allows us to secure our network or system, which must work with critical or sensitive
organizational data. Below are a few things that one could do using this.

• Data protection – The primary role of Cybersecurity is to protect the confidential data
that is supposed to be accessed by the authorized user only.
• Enforcing CIA – The three features of Cybersecurity: Confidentiality, Integrity, and
Availability, could be enforced by the mean of internet security.
• Mitigate breach risk – The very secure and updated system is very less biased towards
security breaches. It helps the users to protect their data from getting exposed to any of
malicious user or attacker.

Department of ECE, KSIT, 2020-2021 Page 2

Cyber Security and Ethical Hacking

• Ensures business continuity – It offers some plan that ensures sustainable business
processes, which could keep the organization’s reputation and ensure that business
should continue without any obstacle.

2.2 Roles and Responsibilities

I was assigned to work on a project assigned by the external guide. The project assigned
was to create a Malware using ebowla and analyze the malware.

For implementation of project, I have used virtual machine. I have used Linux system.
Installed ebowla master to create the malware. Ebowla master works only for python 2.

Cyber Security is a subset of Information security management that focuses on digital

information and digital assets. Cyber security’s goal is to assure the CIA of digital
information within the organization.
CIA stands for: Confidentiality, Integrity & Availability.
At initial stage of malware creation was not encrypted so when the malware file was
uploaded in virus total website anti malware software’s was able to detect the malware.

Genetic configure file was used encrypt the virus and then the encrypted malware file was
uploaded in virus total website, where most of the prominent anti malware software’s could
not detect the virus.
Then this encrypted malware file was uploaded in windows machine where it acted as a
spyware, remote control of windows machine through Linux system.

Department of ECE, KSIT, 2020-2021 Page 3

Cyber Security and Ethical Hacking

CHAPTER 3
TASK PERFORMED
3.1 Work Plan

Overview of this 6-week Internship

• Weekly Assignments: I received a series of assignments that incrementally solve

a real-world cyber security problem.
• Mentoring: We reached out to one of our mentors, in case when we faced any
difficulty at any point in the program.
• Live classes: While it is good to struggle a bit and solve a vulnerability on my own,
I had virtual live classes to help me learn the basic concepts of cyber security and
ethical hacking.
• Final Interview with Experts: At the end of the 6 weeks, we had an interview with
experts, who tested my projects that I did during our internship.
• Internship Certificate: At the end of the internship, I received an internship
completion certificate upon passing a video interview with our faculty and an
industry expert.

Week 1: Introduction to information security and computer networking

Date 27/10/2020 – 03/11/2020

Task Assigned Information security
Task Objective To understand basics of computer
networking
Task Outcome To be able to comprehend the basics
Brief Description of the Work (with supportive diagrams / data tables / tool
descriptions etc.)

In the week 1, this course introduces the Information Security Program. provided with a
basic understanding of the legal and regulatory basis for the program, Information
Security is basically the practice of preventing unauthorized access, use, disclosure,
disruption, modification, inspection, recording or destruction of information. Computer
network is an interconnection between two or more hosts/computers. The connectivity
can be physical by using cables or virtual using wireless network. Different types
of networks include LAN, WAN, MAN, etc.

Department of ECE, KSIT, 2020-2021 Page 4

Cyber Security and Ethical Hacking

Week 2: Information gathering and basics of web development

Date 05/11/2020 – 13/11/2020

Task Assigned Information gathering and web
development
Task Objective To gather advance information and HTML
and PHP basics.
Task Outcome To be able to comprehend the google
dorking.
Brief Description of the Work (with supportive diagrams / tool descriptions etc.)

In the week 2, Information Gathering in this section, we will discuss various techniques
to gather information about the client using the Whois Lookup, Netcraft, and Robtex.
Then we will see how we can attack a server by targeting websites that are hosted on
that server. Back to website hacking, there are three approaches that one can take when
planning to perform a hack on a website/web app. These approaches include:-Server-side
Attack, Client-side Attack, Web Application Pen testing.As mentioned earlier, every
attack begins with information gathering. There is a couple of information that one can
gather during the process. These include but are not limited to:

1. Victim IP addresses

2. Domain Name Information

3. Technologies used by the website/web applications

4. Other websites on the same server

5. DNS records

6. Unlisted files, subdomains and directories

This information could help you perform a successful hack on a website/ web app. I will
be showing you how to use some tools to gather information about a target website/web
app. We will start with:-

1. Whois Lookup (https://whois.domaintools.com/)

Whois is an online tool that helps one to lookup information of the target website/web
app such as Domain name, IP address block or an autonomous system but it is also used
to query for a wider range of information. The information that is provided in the Whois
lookup is publicly available unless the website is using domain privacy.

Department of ECE, KSIT, 2020-2021 Page 5

Cyber Security and Ethical Hacking

How to use Whois Lookup

You can either visit the whois site here (https://whois.domaintools.com/) and type in the
domain name of the target website then it’s going to give you the website information or
if you are a terminal fun you can type this on the terminal whois
<domain_name_of_target)

Results The WHOIS details are classified as below.

• The domain information

• Registrant Contact

• Administrative Contact

• Technical Contact

Domain information

This type of information contains the general details about the domain. It will consist of
the following fields: Domain: This field will give you the domain name which we are
querying the WHOIS details. Registrar: This is the details of the registrar with whom the
domain name is registered. Registration Date: This is the date when the domain name
was first registered. Expiration Date: This is the date when the domain will expire.
Updated Date: This is the date when the WHOIS details last updated. Status: This is the
registrar status of the domain. This will be “OK” if there is no restriction and the domain
is free to transfer from one registrar to another. Name Servers: This field will provide
the details of the nameservers used by the domain.

Registrant Contact

As the name indicates, this area will provide you with details of the registrant of a
domain. As you can see the Whois Query returns a bunch of information. Which could be
relevant depending on what type of attack you are trying to carry out. For instance, the
information about the registrar company. You can hack into the registrar company to get
information about a certain domain.

2. Netcraft

If you are gathering in-depth information on the technologies used in a website/web app,
you could use the following website: netcraft.com The information that netcraft provides
includes: Background — This includes basic domain information .Network — This
includes information from IP Address to Domain names to nameservers. SSL/TLS —
This gives the ssl/tls status of the target. Hosting History -This gives the information on
the hosting history of the target. Sender Policy Framework (SPF) — This describes who
can send mail on the domains behalf.

Site Technology — This section includes details on :

Department of ECE, KSIT, 2020-2021 Page 6

Cyber Security and Ethical Hacking

Cloud & PaaS: Cloud computing is the use of computing resources (hardware and
software) that are delivered as a service over a network (typically the Internet). Platform
as a service (PaaS) is a category of cloud computing services that provide a computing
platform and a solution stack as a service.

Server-Side: Includes all the main technologies that Netcraft detects as running on the
server such as PHP.

Client-Side Includes all the main technologies that run on the browser (such as
JavaScript and Adobe Flash).

Content Delivery Network: A content delivery network or content distribution network

(CDN) is a large distributed system of servers deployed in multiple data centers on the
Internet. The goal of a CDN is to serve content to end-users with high availability and
high performance.

Content Management System: A content management system (CMS) is a computer

program that allows publishing, editing and modifying content as well as maintenance
from a central interface.

Mobile Technologies: Mobile technology is the technology used for hand held mobile
devices.

Web Stats: Web analytics is the measurement, collection, analysis and reporting of
internet data for purposes of understanding and optimizing web usage.

Character Encoding: A character encoding system consists of a code that pairs each
character from a given repertoire with something else such as a bit pattern, sequence of
natural numbers, octets, or electrical pulses in order to facilitate the transmissio n of data
(generally numbers or text) through telecommunication networks or for data storage.

Web Browser Targeting: Web browser targeting enables software applications to make
use of specific functions of the browser as well as optimizing the application for specific
browser versions.3. Robotext (https://www.robtex.com/)

This will help gather comprehensive Domain Name Server (DNS) information on the
target victim.Robtex uses various sources to gather public information about IP numbers,
domain names, host names, Autonomous systems, routes etc. It then indexes the data in a
big database and provides free access to the data.

Department of ECE, KSIT, 2020-2021 Page 7

Cyber Security and Ethical Hacking

How to use it is simple. You just go to the website and type the domain name and press
go.

4. Bing(https://bing.com)

This will help discover the websites on the same server

Gaining access to one website on a server can help you gain access to another on the
same server.

You can use bing to find out what other domains are on the same server as the target
domain. You can do this by typing the IP: [IP address] on the bing search bar.

It’s going to list for you all the domain names with the same IP address.

5. Knockpy

Knockpy is a python tool designed to enumerate subdomains on a target domain through

a wordlist. It is designed to scan for DNS zone transfer and to try to bypass the wildcard
DNS record automatically if it is enabled.

Sub domains can be useful when it comes to website hacking, noting that some
subdomains are not public. You can test the security of the subdomains and see if you can
use them to break into the website/web app.

How to install knockpy:

1. Download it from github : (gitclone.)

2. Navigate to knock.py

3. Run it: Python knockpy.py [domain name]

6. Dirb

Dirb is a web content scanner. This will help you discover sensitive and hidden files and
directories of a website or web application.It looks for existing (and/or hidden) Web
Objects. It basically works by launching a dictionary based attack against a web server
and analyzing the response.DIRB comes with a set of preconfigured attack wordlists for
easy usage but you can use your custom wordlists. Also, DIRB sometimes can be used as
a classic Common Gateway Interface [CGI] scanner, but remember it is a content scanner
not a vulnerability scanner.

Department of ECE, KSIT, 2020-2021 Page 8

Cyber Security and Ethical Hacking

In the example below, I used drib on mutillidae.Mutillidae is a free, open source,

deliberately vulnerable web-application providing a target for web-security enthusiasts to
experiment on.To run it type:drib [domain name] on the terminal. e.g drib
http//:192.168.0.141/mutillidae.The figure below shows some of the files/directories that
were listed

Fig3.1.1 Some of the important directories

Robots.txt — This is a file that contains the files that we don’t want the website or
Google to read.

These are some of the results I got when I navigated to robots.txt.

Fig3.1.2 robots.txt result

The figure above shows some of the files that robots.txt has. Some of the important ones
that we see are the passwords file and the config.inc.

Department of ECE, KSIT, 2020-2021 Page 9

Cyber Security and Ethical Hacking

The figure below shows the results that we get when we navigate to passwords.

Fig3.1.3 shows several usernames and passwords

For now we do not know where they can be used but we can store them in a word list
and use them to brute force the login credentials that are required in that website.

The other interesting file is the config.inc. The figure below shows the results that I got
when I navigated to it.

Fig3.1.4 shows the username and the password of a database

This is important information that used to get into the database.

Department of ECE, KSIT, 2020-2021 Page 10

Cyber Security and Ethical Hacking

Week 3: Advanced web application attacks

Date 16/11/2020 – 24/11/2020

Task Assigned
By passing client-side filters, IDOR and rate
limiting issues, arbitrary file upload.
Task Objective To understand the concept of
By passing client-side filters, IDOR and
rate limiting issues, arbitrary file upload.
Task Outcome To be able to comprehend and apply the
By passing client-side filters, IDOR and
rate limiting issues, arbitrary file upload.
Brief Description of the Work (with supportive diagrams / data tables / tool
descriptions etc.)

In the week 3, I has full control over the client and the data it submits and can bypass any
client-side controls that are not replicated on the server. With intercept turned off in the
Proxy "Intercept" tab, visit the web application you are testing in your browser. Access the
page of the web application you wish to test. In this example we are using the
"Bypass Client Side JavaScript Validation" page of the "WebGoat" training tool.
Insecure direct object references (IDOR) are a type of access control vulnerability that
arises when an application uses user-supplied input to access objects directly.
As the name suggests Arbitrary File Upload Vulnerabilities is a type of vulnerability
which occurs in web applications if the file type uploaded is not checked, filtered or
sanitized. The main danger of these kind of vulnerabilities is that the attacker can upload a
malicious PHP, ASP etc. script and execute it.

Department of ECE, KSIT, 2020-2021 Page 11

Cyber Security and Ethical Hacking

Week 4: Automating VAPT and secure code development

Date 25/11/2020 – 29/11/2020

Task Assigned Automating VAPT and secure code
development
Task Objective To understand the concept of
Automating VAPT and secure code
development

Task Outcome To be able to comprehend and apply the

Automating VAPT and secure code
development

In the week 4, I was taught on the concepts that Automating VAPT and secure code
development Automated tools are widely used in analyzing large codebase, having millions
of codes line enhancing the throughput of the code review process. They can identify all
the insecure packets of code in the database which can further be evaluated by the
developer or any security analyst. MANUAL CODE REVIEW.
Vulnerability assessment and penetration testing is the most comprehensive technical park
for cybersecurity auditing. It includes assessing for vulnerabilities, penetration testing,
reporting, and parching of your company’s web/mobile applications and networking
infrastructure. Whereas the vulnerability assessment aims at finding the security gaps in the
application, penetration testing exploits the gaps discovered to generate a PoC (Proof of
Concept). Vulnerability assessment and penetration testing are crucial activities in web
application security assessment. They constitute a part of secure code development and are
of utmost importance in today’s date of complex cyber-attacks. A website that has not been
sufficiently assessed for common vulnerabilities may prove a treasure for hackers as they
might attack such insecure websites to gain access to underlying databases leading to data
breaches. Not just this, hackers may even add hidden malicious code in your website code
that may lead anyone to visit your website, being unconsciously infected. VAPT is a step in
the right direction from the perspective of website security and with advanced automated
off-the-shelf tools available the time for vulnerability discovery is slowly converging. Know
the type of VAPT is best for your environment and secure your website today. VAPT is an
extremely significant exercise in web application security assessment. VAPT establishes a
piece of secure code development and is of integral significance in today’s day and age of
complicated cyber assaults. Here are some of the key benefits of Vulnerability assessment
and penetration testing. Vulnerability assessment and penetration testing are the most far-
reaching technical park for digital security reviewing. It is inclusive of the incorporation of
surveying for vulnerabilities, penetration testing, announcing and parching organization’s
web/portable applications systems administration framework. Vulnerability assessment
aims for finding the security gaps in the application, on the other hand, penetration testing
really exploits the security holes found to create a PoC.

Department of ECE, KSIT, 2020-2021 Page 12

Cyber Security and Ethical Hacking

Week 5: Documenting and reporting vulnerabilities

Date 27/11/2020 – 01/12/2020

Task Assigned Documenting and reporting
vulnerabilities

Task Objective To understand the Documenting and

reporting vulnerabilities

Task Outcome To be able to comprehend and apply the

Documenting and reporting
vulnerabilities

In the week 4, I was taught Documenting and reporting vulnerabilities.

Documenting and remediating vulnerabilities in apps is a time-consuming process that
requires a lot of thorough testing, documenting, and compiling of the information into a
readable report. The purpose of this document is to describe a voluntary process
for reporting and resolving reports of potential security vulnerabilities. Nothing in
this document shall create any legal rights or obligations. Similarly, in cases where the
stipulations of this document conflict with applicable law or contractual obligations of any
party, the law or such obligations shall have precedence.
When documenting the results of a Web app penetration test, it is important that both the
pentester and the organization for which he is undertaking the work agree on a format
that needs to be followed. This means that there is no set format that pentesters use in
general, so there is some flexibility in the documentation aspect of a Web app pentest. It
is important that the company which has requested such testing be able to und erstand the
results, as well as what remedial actions are required after the testing. Other parties that
will be looking at the report are: developers, project managers, business owners,
management and the IT department, as well as those that are responsib le for auditing and
compliance.

The main aspect of reporting to keep in mind is that it must be easy to read and logically
set up so that the sequence of testing makes sense to everyone. The list of remedial
actions should be clearly defined. The report should also suggest which parties are
responsible for gaps in the app’s security; the task of repairing the issue can then be
delegated accordingly. Obviously the pentester cannot know all of the internal
responsibilities for each of the departments, so in some instances the stakeholders will
have to meet after the pentesting has been completed and the report has been finalized
and issued.

Department of ECE, KSIT, 2020-2021 Page 13

Cyber Security and Ethical Hacking

Week 6: Project Work

Date 02/12/2020 – 08/12/2020

Task Assigned The project assigned is to Create ebowla
malware and analyze the malware, and
create an SOP on java vulnerable lab.

Task Objective To able the concepts which was learnt during

this internship and apply it to the project
work

Task Outcome To be able to apply the concepts learnt to the

project work.

Brief Description of the Work (with supportive diagrams / data tables / tool
descriptions etc.)

In the week 6, after all the concepts were taught, I was assigned to work a project given
by the external guide. The project assigned is to Create ebowla malware and analyze the
malware, and create an SOP on java vulnerable lab.

Department of ECE, KSIT, 2020-2021 Page 14

 Cyber Security and Ethical Hacking

CHAPTER 4

PROJECT IMPLEMENTATION AND ITS

FEATURES

4.1 Problem statement

The project assigned is to Create ebowla malware and analyze the malware and create an
SOP on java vulnerable lab.
I was assigned to work on a project assigned by the external guide. The project assigned
was to create a Malware using ebowla and analyze the malware.

For implementation of project, I have used virtual machine. I have used Linux system.
Installed ebowla master to create the malware. Ebowla master works only for python 2.

Cyber Security is a subset of Information security management that focuses on digital

information and digital assets. Cyber security’s goal is to assure the CIA of digital
information within the organization.
CIA stands for: Confidentiality, Integrity & Availability.
At initial stage of malware creation was not encrypted so when the malware file was
uploaded in virus total website anti malware software’s was able to detect the malware.

Genetic configure file was used encrypt the virus and then the encrypted malware file was
uploaded in virus total website, where most of the prominent anti malware software’s could
not detect the virus.
Then this encrypted malware file was uploaded in windows machine where it acted as a
spyware, remote control of windows machine through Linux system

4.2 Methodology:
Two fundamental approaches for malware analysis are.

 Static analysis:
It is a method of malware analysis which done without running the malware.

 Dynamic analysis
dynamic analysis is a method of malware analysis which the malware is running in a secure
system

MALWARE:
Malware is intrusive software that is designed to damage and destroy computers and
computer systems. Malware is a contraction for “malicious software.”

Department of ECE, KSIT, 2020-2021 Page 15

 Cyber Security and Ethical Hacking
Types of malware

1. Spyware
2. Spyware is often used by people wishing to test their loved ones ‘computer activities. Of
course, hackers can use spyware in targeted attacks to record victims’ keystrokes and access
passwords or intellectual property. Adware and spyware are typically the simplest to uninstall
because they are not nearly as nasty as other malware programs. Check and stop the malicious
executable –you’re finished.
3. The method used for using the device or client, whether it’s social engineering, unpatched
code or a dozen other root causes, is much more important than actual adware or spyware.
This is because while the purposes of a spyware or adware program are not that malicious,
as a trojan with remote backdoor access, all of them use the same breakdown methods. The
existence of a spyware program should be a warning against a kind of vulnerability in the
system or client before really bad things occur.

2. Adware

• Adware a type of software to view advertisements on your computer, forward search requests
to websites for ads, and collect marketing data on your computer. For example, adware
normally gathers information about the types of websites you visit to display custom ads.
• Some feel that adware collecting information is malicious adware without your permission.
Another example of malicious adware is intrusive pop-up advertising for pretended fixes
for computer viruses or bad results.

3. Computer Virus

• A computer virus is mainly characterized by malicious software that cybercriminals

replicate. Typically, it targets and infects existing files on the target system. For performing
malicious activities on the targeted system, viruses should run to target every file the program
can run. Since the advent of computers, viruses have been around, at least in theory.
• John von Neumann made his first academic study on machine theory in 1949. In the ‘ 70s,
the first examples are live viruses. We use system resources and the robbing and corrupting
of data, such as making the host network useless or inefficient. Another common feature of
viruses is their release, which makes them difficult to identify. Viruses are uninvited, hide in
anonymity, replicate when they are executed, and generally work in obscurity by infecting
other documents.

4. Worm

• Worms were even longer than computer viruses before mainframe days. Email took them
into the model in the late 1990s, and computer security practitioners were hit by malicious
worms that came as email attachments for almost a decade. One individual would open a
wormed e-mail, and the whole company would be easily contaminated. The odd
characteristic of the worm is that it replicates itself.
• Take Iloveyou’s infamous worm: When it left, almost every email client in the world was
hit, telephone systems overwhelmed (with the text being fraudulently sent), TV networks
downed, and even the daily paper I had for half a day was postponed. Several other worms,
including SQL Slammer and MS Blaster, provided the worm with its place in the history of
software security. The successful worm makes its capacity to propagate without end-user
interference so devastating. In comparison, viruses need an end -user to begin it, at least,

Department of ECE, KSIT, 2020-2021 Page 16

 Cyber Security and Ethical Hacking
before attempting to infect other innocent files and users. Worms use other dirty work files
and software.

5. Trojan

• A Trojan is a malicious program that seems useful to itself. Cybercriminals supply trojans
with regular code, which persuades a victim to download it. The word comes from the ancient
Greek history of the wooden horse used by ambush to conquer the city of Troy. Trojan
horses on machines are just as attacking. The payload may be anything other than a backdoor
that allows attackers to access the affected device unauthorized. Trojans often give
cybercriminals access to IP addresses, passwords and bank details to personal information
from a client. It is often used by keyloggers to quickly capture account and password names
or credit card information and divulge the malware actor’s details.
• Many ransomware attacks are performed with a Trojan horse by inside a seemly harmless
piece of data the malicious software is stored. Security experts consider that Trojans today
are among the most dangerous malware types, particularly Trojans intended to rob users of
financial data. Some insidious forms of trojans claim to kill viruses but add viruses instead.

6. Ransomware

• Malware programs that encrypt the information and retain it as a recovery waiting for a
payoff in the cryptocurrency have been a large percentage of malware in recent years, and
the percentage is still that. Additionally, Ransomware has crippled businesses, hospitals,
police, and even whole cities. Most freelance systems are Trojans, which means that some
kind of social engineering must expand them. After it’s executed, the majority of users are
checking and encrypting files within several minutes.
• If the client is searching for a few hours before the encryption routine is set up, the malware
manager will determine exactly how much the victim can afford and also ensure that other
supposedly safe backups are removed or encrypted. Like any other malware type,
Ransomware can be avoided, but once executed, the damage may be difficult to reverse
without a strong, checked backup. Several reports have shown that around a third of the
victims are still paying their ransoms, and around 30% of the victims are still not disclosing
their records. Whatever the case, it needs other devices, decryption keys and more than a
little chance to open the encrypted files, if possible.

7. Rootkit

• A rootkit is a usually malicious collection of software tools, which offers unauthorized access
to a computer by unauthorized users. After installing the rootkit, the rootkit controller can
execute files remotely and change system settings on the host machine.
• Most malware programs today are known as rootkits or rootkits. Malware programs simply
try to change the underlying operating system to monitor the software effectively and conceal
it from antimalware.

8. Phishing and Spear Phishing

• Phishing is one of the cybercrimes that occurs when an e-mail, telephone or text message is
contacted to entice a victim to provide sensitive data, such as personal identification, bank
and credit card details and passwords, by someone posing as a legitimate entity. Phishing is
not a malware type, technologically speaking, but a delivery method that criminals use to
spread other malware forms. Because of its importance and how it operates, we have included
it here in malware forms.
Department of ECE, KSIT, 2020-2021 Page 17
 Cyber Security and Ethical Hacking
• An attack sometimes lures a person to click on a malicious URL to fool the user to believe
that he or she visits an online payment gateway or another online service. The malic ious site
then records the name and password of the user and any other personal or financial
information. Spear Phishing is a type of attack targeted at a particular person or group of
people like a corporation’s CFO to access confidential financial information.

9. Malware Detection and Repair

• Sadly it can be a fool’s mistake to find and uninstall individual malware components. It is
easy to make a mistake and skip a part. Therefore, you don’t know if the malware has changed
the system in a way that it’s not completely reliable again.
• If malware removal and forensics are not properly trained, back up data (without it, if
necessary), format the drive, and reinstall the programs and data if the malware is identified.

Symptoms of Malware
Below are some of the common symptoms and signs of a malware infection:

• Reduce your machine, programs, and Internet access.

• The web browser also stops working entirely.
• Immediately, the popups of intrusive ads will flood your screen.
• Frequent machine or software crashes unanticipated.
• Inattentive disk storage decreases.
• The homepage of the Web browser was changed.
• People who complain of getting odd and meaningless emails

Software Description:

Fig 4.2.1: Sandbox

Sandboxie uses isolation technology to separate programs from your underlying operating system
preventing unwanted changes from happening to our personal data, programs and applications that
rest safety on our hard drive.

Department of ECE, KSIT, 2020-2021 Page 18

 Cyber Security and Ethical Hacking

4.2.1 Sandboxie:

Fig4.2.2 working of sandboxie

When sandboxed programs create (or modify) objects, such as files, some object must in fact be
created. Sandboxie creates these objects out of the way, to protect the system from harmful
changes. But these objects must reside somewhere in the system. This page describes where various
types of sandboxed objects are placed. Beginning with version 2.80 of Sandboxie, the layout of the
sandbox is not tied to computer-specific device names and account names. See Portable Sandbox for
more information.

Sandboxie may be your first line of defense, but it should certainly be complemented by the more
traditional anti-virus and anti-malware solutions. These solutions can let you know if your system
does become infected in any way.

Typically, those other solutions employ various forms of pattern matching to discover malicious
software and other threats. Sandboxie, on the other hand, quite simply does not trust any software
code enough to let it out of the sandbox.

The combination of the two approaches should keep malicious software – which is serving the
interest of other unknown parties – out of your computer.

Department of ECE, KSIT, 2020-2021 Page 19

 Cyber Security and Ethical Hacking

4.2.2 Steps for malware preparation are:

Fig4.2.3 virus creation

Payload used to create virus is msfvenom. The virus created works only on windows operating
system.
Here test.exe is the malware file name.

Fig4.2.4 virus total

The malware containing file is uploaded in virus total website.

Department of ECE, KSIT, 2020-2021 Page 20

 Cyber Security and Ethical Hacking

Fig4.2.5 Malware detection in virus total

After uploading virus containing file in virus total website without encrypting the file, out of 71
anti-malware software 48 software’s could detect the malware in the file.

Fig4.2.6 Encrypting the malware file

Here ebowla.py file is downloaded. Where ebowla works only for python 2 version and then file test.exe is
genetic configured using symmetric encryption to encrypt the file. Go payload is used and the file is converted
to go_symetric_test.exe. go. Encrypted file is given name adobe_activatoe.exe.

Department of ECE, KSIT, 2020-2021 Page 21

 Cyber Security and Ethical Hacking

Fig4.2.7 File upload in Virus total

The encrypted malware file named adobe_activator.exe is uploaded in virus total website to check
whether anti malware software’s can detect the virus.

Fig4.2.8 Anti malware software’s

After uploading the malware file in virus total out of 71 anti malware softwares only 3 softwares could detect
the malware. The prominent anti malware softwares such as kaspersky, McAfee,quick heal could not detect
the malicious file.

Department of ECE, KSIT, 2020-2021 Page 22

 Cyber Security and Ethical Hacking

Fig4.2.9 Remote access of windows system

After creating the encrypted malware. This file is downloaded in the windows OS to analyze the
working of the malware. The malware downloaded in the windows system in right side of the above
figure we can notice the remote access of this system through Linux system.
Here this malware acts as a spyware where the important credentials entered by windows user is
displayed on the Linux system.

Department of ECE, KSIT, 2020-2021 Page 23

Cyber Security and Ethical Hacking

Chapter 5
REFLECTION NOTES
1.1 Experience
My internship experience at Knowledge Solution India has taught me not only the technical
concepts but also to work as a team. My External Guide, Mr Rajkumar B is a continuous
source of inspiration. His guidance has helped me to learn new concepts and complete my
project in this internship at ease. I gained valuable work experience and the internship also
made me realize how to work and execute the given tasks within the deadline.
1.2 Technical Outcomes
1. Learned new concepts and technologies: During the course of the internship, I had to
constantly learn new concepts and technologies such as information gathering,
vulnerability assessment, recognizance, digital forensics, use of various tools, malware.
2. Understood the importance of cyber security: As the world is starting to depend more
on the internet by the day, the global cyber threat continues to evolve at a rapid pace.
The number of data breaches rising each year. How might one avoid this, you may
wonder. This is where cyber security comes in. Cyber security is the practice of
defending computers, servers, mobile devices, electronic systems, networks, and data
from malicious attacks. The term applies in a variety of contexts, from business to
mobile computing, and can be divided into a few common categories. Cyber threats can
arrive from any level of association. Cyber security is no longer something any company
can ignore. Security regularly affects businesses of all sizes and makes them cause
reversible reputational damage to the companies involved. Let us break down into
factors as to why cyber security is important .

1.3 Non-Technical Outcomes

1. Time Management: During the internship, I had to execute all the weekly tasks assigned
by the External Guide within the given time frame. It helped me learn to manage my
time better by maintaining a balance between my work and personal life.
2. Responsibility: Being responsible is an integral skill required in the job arena. My
internship experience made me more responsible and accountable for what decisions I
made and how I executed what was allocated to me.
3. Communication Skills: In this internship, after the project work was done, we had to
present a seminar on the project which we worked on and we had to write report on it.
Our verbal communication had to clear and concise in so that our questions and
problems encountered in the project were clearly understood by others.

Department of ECE, KSIT, 2020-2021 Page 24

Cyber Security and Ethical Hacking

4. Team Work: During this internship, after the concepts were taught, I was assigned to
work on a project within a team. So, we divided the whole project assigning tasks to
each member in the team to work on it within the deadline.
5. Work Ethics: The internship helped me develop work ethics i.e., submitting weekly
assignments on time, attending all the sessions and completing all the project works
within the deadline.
6. Adaptability Skills: During this internship, we had a lot of tasks which had to be
completed within the week itself. So, managing both the assignments and session, I
finally adapted to the work environment.

Overall, those are the main points I learned. Nevertheless, that content may become quickly
outdated, with new best practices, new job skills requirements. Still, the most important
things after 6 weeks as an intern were the personal reflections, I had on myself. It was a very
open-minded experience that made me definitely different and even more enthusiast about
cyber security and ethical hacking.

Department of ECE, KSIT, 2020-2021 Page 25

Cyber Security and Ethical Hacking

Chapter 6
CONCLUSION
More highly skilled workers in cybersecurity roles would help the nation respond more
robustly to the cybersecurity problems it faces.
All organizations need to understand their threat environment and the risks they face,
address their cybersecurity problems.
Backup and safeguard all important data and information.
Install and update firewalls and antivirus protection on every computer
Although the need for cybersecurity workers is likely to continue to be high, it is difficult
to forecast with certainty the number of workers required or the needed mix of
cybersecurity knowledge and skills.
There are many indications today that demand for cybersecurity workers will continue to
be high, but it is notoriously difficult to measure or forecast labor supply and demand for
any field, especially one that is as dynamic and fast moving as cybersecurity. Moreover,
there are several factors that may affect future need. These include the following:
• How the cybersecurity challenge will evolve as technologies and threats evolve, and how
this may alter workforce capability and capacity requirements.
• How advances—such as better-quality, more-secure software; more productive
cybersecurity tools; better training of the workers that operate and manage IT systems; or
more robust law enforcement—might change the number of workers needed in certain
roles and change the skills needed for others.
• How much responsibility for cybersecurity might shift from organizations at large to
more specialist information technology (IT) or cybersecurity firms, which may reduce the
number or change the mix of cybersecurity workers needed by organizations.

Department of ECE, KSIT, 2020-2021 Page 26

 Cyber Security and Ethical Hacking

REFERENCES

[1 ] A Cybersecurity Agenda for the 45th President. (2017, January 5). Retrieved
from https://www.csis.org/news/cybersecurity-agenda-45th-president

[2 ] An Examination of the Cybersecurity Labor Market. (n.d.). Retrieved

from http://www.rand.org/content/dam/rand/pubs/research_reports/RR400/RR430/RAND_
RR430.pdf

[3 ] Applications Now Available for City Colleges of Chicago’s New Cyber Security “Boot
Camp”. (2017, March 18). Retrieved from http://www.ccc.edu/news/Pages/Applications-
Now-Available-for-City-Colleges-of-Chicagos-New-Cyber-Security-Boot-Camp-.aspx

[4 ] ApprenticeshipUSA Investments. (2017, June 22). Retrieved

from https://www.dol.gov/featured/apprenticeship/grants

[5 ] Assante, M., Tobey, D. (2011, February 4). Enhancing the Cybersecurity Work force.
Retrieved from http://ieeexplore.ieee.org/document/5708280/

[6 ] Assessment Act. Retrieved from https://www.congress.gov/bill/114th-congress/senate-

bill/2007/text

[7 ] ATE Centers. (n.d.). Retrieved from http://www.atecenters.org/

[8 ] ATE Centers and National Science Foundation. (n.d.). ATE Centers Impact Report.
Retrieved from http://www.atecenters.org/wp-content/uploads/PDF/ATEIMPACT_2016-
17.pdf

[9 ] ATE Centers and National Science Foundation. (n.d.). ATE Programs and Overview.
Retrieved from http://www.atecenters.org/wp-
content/uploads/2016/07/ATE_Overview_2016.pdf

Department of ECE, KSIT, 2020-2021 Page 27