1. What are the Roles and Responsibilities of System Administrator?

Write the steps for creating

the User account, setting permissions and protecting your files with password.

Creating the User account, setting permissions

Steps
1. Go to SETTINGS and Click Accounts
2. Go to Family & Other User (On Left Side)
3. Click "Add Someone else to PC"
4. Enter all details of Sign in Like Microsoft Account ...If we don’t have Microsoft Account details then
Click “I don’t have Persons Sign in Information” Link and Click “Add another User without Microsoft
Account"
5. Enter all details
6. Click Next (Now Account is created)
7. To See Account Created - Click Start Menu- Click User Name of Account you logged in first-
Click the Account name Created - Then enter Pass Code of Account.....

2. Write the steps for disk partitioning and perform operations like shrinking, Extending, deleting
and formatting.

Ans: After installing Windows 10, we need to partition hard drive in Disk Management to distribute more
free space for Windows 10 future use. If you have unallocated space on your hard drive, it's ok to create
partition with it without data loss, but if you have no such space available, you have to split exist partition
into partitions, in Windows 10 Disk Management, Delete Volume is the function you shall use, which
will not keep data when operating.

1. Create a new Partition

Steps of creating a new partition in Windows 10 Disk Management:

1. Press Windows bottom and type disk management in search box to open Disk Management.
2. Right-click on unallocated space and select New Simple Volume; follow New Simple Volume
Wizard.
3. Confirm Simple Volume size, assign drive letter, format volume with file system, allocate unit
size (cluster size), Volume label, and perform a quick format, Finish.

When a new window pops up, it means you succeed; this window is file explorer of the volume you
created.
2. Merge partitions
Windows 10 Disk Management has no function called Merge Partitions, but we simulate it in Disk
Management, without the help of any third-party partition software, the thoery is to maunally copy
everything from one partition to another, delete one partition, merge the free space to another

Functions we’ll be using to merge partitions:

 Delete Volume
 Extend Volume

Steps of merging volume using Disk Management:

1. Press Windows + E to open File Explorer, or in Disk Management right-click on the target
partition and click Explore
2. Press Ctrl+A to select all files and navigate into another Drive you’d like to merge, right-click on
an empty (blank) area and choose New and choose Folder, name it as “Merged Drive” or any
other name you prefer
3. Double-click to go into that folder and Ctrl+V to paste everything there, time spend on this
progress may vary according to the file size
4. Then in Disk Management, right-click on the we copied data from and choose Delete
Volume and confirm when prompted with the warning message to make this area unallocated
5. Then right-click on the other partition and choose Extend Volume to evoke to Extend Volume
Wizard

By doing so, we can merge two partitions in Disk Management

3. Prepare a Case study on Ransomware attacks. (Ex: MediaMarkt)

European electronics retailer MediaMarkt suffered a massive ransomware attack in early November 2021.
The attack affected as many as 3,100 servers, rendering cash registers across numerous stores incapable
of accepting credit cards or printing receipts. Hive—the ransomware group behind the attack—initially
demanded $240 million, though it reduced the ransom shortly afterward.

MediaMarkt didn’t suspend operations after discovering the attack, but the company did limit in-store
services and shut down some IT resources to contain it. After negotiating with Hive, MediaMarkt was
able to lower the ransom to $50 million, though it remains unclear whether the company restored the
compromised systems or paid the ransom.

What we learned:

The MediaMarkt attack is significant for its size and target. It highlights the growing trend of
cybercriminals targeting retailers, who often have valuable data but may lack cybersecurity resources.
The high initial demand also emphasizes attackers’ growing confidence and greed. Security professionals
in retail sectors must prepare for increasingly severe attacks.

4. Write the steps for installation of software from Open source Mode and Paid subscription mode

Installing software from open source:

Acknowledge that Windows is not a friend of open-source software. This is also because it does not come
with the make build system, so compiling from source code is harder. You will need to install a
precompiled version.
 Go to the project website.
 Check for ports of the program. Find a port for either Windows or your version of
Windows.
 Download and run the installer.
 Once installed, shortcuts will likely be created.

Installing software from Paid Subscription Mode:

5. Write the steps to make Microsoft Chrome as a default browser, Add Active X Controls and
Add–on to the Browser.

Steps to make Chrome as a default browse

1. Go to settings and Click Apps

2. Go to Default apps ( On Left Side)
3. Go down and click Microsoft edge
4. Replace Microsoft edge with browser of choice
• To make sure the change applied to the correct file types, review the list below the "Set default"
button.

5. To exit, close the settings window.

Adding Active X Controls to the Browser

Step 1

Open your Google Chrome browser.

Step 2

Click on the Google Chrome menu option (three horizontal or vertical lines/dots, depending on the
version that you have installed).

Step 3

Click on Settings.

Step 4

Scroll to the bottom of the page and select Advanced.

Step 5

Navigate to the System section.

Step 6

Select Open Proxy Settings and a new popup window will appear.

Step 7

Click on the Security tab and select Custom Level (located under the Security Level for This Zone
section).From there, you will be able to see all the security settings that you can change. Scroll down and
select the Prompt option for both “Download Signed ActiveX Controls” and “Download Unsigned
ActiveX Controls sections”. Also, make sure that Enable has been checked in the “Run ActiveX Control
and Plug-Ins” section.

Click on ‘OK‘and restart your browser for the changes to be saved.

6. Write the steps to establish peer to peer network connection using two systems in a LAN

Step 1: Navigate to the Desktop

Open command prompt and then use the command <cd Desktop> to change into the desktop directory.
This step is simply for convenience so that it is easier to find the folder you're going to be working with.

[1] You can open command prompt by clicking on the windows button at the bottom left and tying
<cmd>.

Step 2: Create Your Folder

Use the command <md *folder name*>. Make sure that it is visible on your desktop.
[2] The command md allows you to create a new folder. After tying md press space and type the name of
the folder you want to create. If the folder has more than one word in the name, make sure to put the name
in quotation marks.

Step 3: Navigate to the Folder and Open the Properties

Open the file explorer and go under the Desktop section. Left-click then right-click on the folder. The
left-click highlights the folder, and the right-click opens a menu of options. Once the menu of options
pops up click on the properties. When you open the properties, window go to the sharing section.

Step 4: Choose Who You Want to Share With.

Type <Everyone> and click add. Once you're done with that click share and then go to the advanced
sharing.

[3] The default setting for the folder is set to only read. This means that if a person accesses the folder,
they will only be able to view the files and not actually be able to write to the folder.

Step 5: Sharing the Folder

Press the box that lets you share the folder and then go into the permissions section.

Step 6: Permissions

Make sure to give full control to the people that have access to the shared folder. Click Apply then click
OK. Once you press OK, you'll be back at the advanced sharing page. Press Apply and OK on that page
too.

Step 7: Open Control Panel

Navigate into the control panel and click on the Network and Internet section.

Step 8: Network and Sharing

Navigate into the Network and Sharing section.

Step 9: Advanced Sharing

Navigate to the advanced sharing settings.

Step 10: Choose Home and Work / Public

 Step 11: Select All Options

There are going to be many options, the ones you need for the sharing to work are common sense like
making sure that your device is allowed to be discovered. And turn off password protected sharing.

Step 12: Go into Network

Go onto another computer and open the file explorer. Go into the Network section found on the left-hand
side at the bottom.

Step 13: Find the Device

Find the original device that the file was shared from.

Step 14: Find the Folder That Was Shared

Once you click on the device you will find all the files that were shared from it. You can tell that the
folder is shared over the network because it has the green crossroads looking thing under its name.

7. What is WiFi? How do you configure the Wifi on Windows operating system

Ans: Wifi:Wi-Fi is the wireless technology used to connect computers, tablets, smartphones and other
devices to the internet.Wi-Fi is the radio signal sent from a wireless router to a nearby device, which
translates the signal into data you can see and use. The device transmits a radio signal back to the router,
which connects to the internet by wire or cable.

Setting up a wireless network in Windows

Before you can set up your wireless network, here’s what you’ll need:

Broadband Internet connection and modem. A broadband Internet connection is a high-speed Internet
connection. Digital Subscriber Line (DSL) and cable are two of the most common broadband
connections. You can get a broadband connection by contacting an Internet service provider (ISP).

Wireless router. A router sends info between your network and the Internet. With a wireless router, you
can connect PCs to your network using radio signals instead of wires. There are several different kinds of
wireless network technologies, which include 802.11a, 802.11b, 802.11g, 802.11n, 802.11ac, and
802.11ax.

Wireless network adapter. A wireless network adapter is a device that connects your PC to a wireless
network. To connect your portable or desktop PC to your wireless network, the PC must have a wireless
network adapter.

Select Start , type device manager in the search box, and then select Device Manager.

1. Expand Network adapters.

2. Look for a network adapter that might have wireless in the name.

Setting up the modem and Internet connection

 After you have all the equipment, you'll need to set up your modem and Internet connection. your Internet
service provider (ISP), follow the instructions that came with your modem to connect it to your PC and
the Internet. If you're using Digital Subscriber Line (DSL), connect your modem to a phone jack. If you're
using cable, connect your modem to a cable jack.

Securing your wireless network

Security is always important; with a wireless network, it's even more important because your network's
signal could be broadcast outside your home. If you don't help secure your network, people with PCs
nearby could access info stored on your network PCs and use your Internet connection.To help make your
network more secure.

Change the default user name and password. This helps protect your router. Most router manufacturers
have a default user name and password on the router and a default network name (also known as the
SSID). Someone could use this info to access your router without you knowing it. To help avoid that,
change the default user name and password for your router.

Set up a security key (password) for your network. Wireless networks have a network security key to
help protect them from unauthorized access. We recommend using Wi-Fi Protected Access 3
(WPA3) security if your router and PC support it. See the documentation for your router for more detailed
info, including what type of security is supported and how to set it up.

Some routers support Wi-Fi Protected Setup (WPS). If your router supports WPS and it’s connected to
the network, follow these steps to set up a network security key:

 In Windows 10, select Start , then select Settings > Network & Internet > Status > Network and
Sharing Center.

Connect a PC to your wireless networkIn Windows 10

1. Select the Network or Wifi icon in the notification area.

2. In the list of networks, choose the network that you want to connect to, and then select Connect.

3. Type the security key (often called the password).

4. Follow additional instructions if there are any.

If you have problems with your Wi-Fi network when using Windows 10, see Fix Wi-Fi problems in
Windows for advanced troubleshooting info.

8. Write the steps to Install and configure Network Components like switches, Hub and Modem and
how do you connect to Dial-Up networking
9. What are the features of firewall? Write the steps in providing network security and to set Firewall
Security in windows.

10.Write the steps for installation of System Software, Application software and Antivirus.

11.What do you mean by Spooling printers? Write the steps for spooling printer.

A printer spooler is a simple program that manages all print jobs that are submitted to the print server or a
computer printer. It allows the users to store multiple print jobs within a print queue or a buffer without
affecting the application or the underlying system performance, and it also allows to delete a print job
being processed. It enables a user to manage the print jobs currently waiting to be printed.

1. Click the Windows "Start" button, right-click "Computer" and choose "Manage" from the
context menu.
2. Double-click "Services and Applications" and double-click "Services" to view all the services.
3. Scroll down and double-click the "Print Spooler" service to open its Properties window.
4. Select "Automatic" in the Startup Type drop-down menu and click the "Start" button to enable
printer spooling on your computer.
5. Click "OK" to close the Properties window, and close the Computer Management window.

12.Write a Programto identify the category of IP address for a given IP address

#include <stdio.h>
#include <string.h>
void extractIpAddress(unsigned char *sourceString,short *ipAddress)
{
unsigned short len=0;
unsigned char oct[4]={0},cnt=0,cnt1=0,i,buf[5];

len=strlen(sourceString);
for(i=0;i<len;i++)
{
if(sourceString[i]!='.'){
buf[cnt++] =sourceString[i];
}
if(sourceString[i]=='.' || i==len-1){
buf[cnt]='\0';
cnt=0;
oct[cnt1++]=atoi(buf);
}
}
ipAddress[0]=oct[0];
ipAddress[1]=oct[1];
ipAddress[2]=oct[2];
ipAddress[3]=oct[3];
}

int main()
{
unsigned char ip[20]={0};
short ipAddress[4];
 printf("Enter IP Address (xxx.xxx.xxx.xxx format): ");
scanf("%s",ip);

extractIpAddress(ip,&ipAddress[0]);

printf("\nIp Address: %03d. %03d. %03d.

%03d\n",ipAddress[0],ipAddress[1],ipAddress[2],ipAddress[3]);

if(ipAddress[0]>=0 && ipAddress[0]<=127)

printf("Class A Ip Address.\n");
if(ipAddress[0]>127 && ipAddress[0]<191)
printf("Class B Ip Address.\n");
if(ipAddress[0]>191 && ipAddress[0]<224)
printf("Class C Ip Address.\n");
if(ipAddress[0]>224 && ipAddress[0]<=239)
printf("Class D Ip Address.\n");
if(ipAddress[0]>239)
printf("Class E Ip Address.\n");

return 0;
}

Output

Enter IP Address (xxx.xxx.xxx.xxx format): 145.160.017.001

Ip Address: 145. 160. 017. 001

Class B Ip Address.

13.Write a Program to check the strength of the password.

#include<stdio.h>
#include <stdlib.h>

int main()
{
char c;
int symbol=0,dig=0,upper=0,lower=0,leng=0,count=0;
while(scanf(“%c―,&c)>0)
{
if(c==’#’||c==’!’||c==’$’||c==’@’||c==’_’)
symbol++;
else if(isdigit(c))
dig++;
else if(c>=65&&c<=90)
upper++;
else if(c>=97&&c<=122)
lower++;

count++;
}
if(count>=8&&count<=25)
leng++;

if(symbol>=1&&dig>=2&&upper>=1&&lower>=1&&leng>0)
printf(“VALID―);
else
printf(“INVALID―);

14. Write the steps to transfer files between Wireless communication using Blue Tooth and FTP

15.Prepare a case study on Cosmos Bank Cyber attack in Pune

Brief of the incidence:

A fraud was carried out at Punes’ cosmos bank, caused my malware attack on banks’ systems. INR 95 Cr
(approx. $13.4 billion) was withdrawn from several ATMs placed all around the globe. Transactions
regarding the fraud took place between August 11 to August 13 and the attack by the hackers originated
in Canada. The embezzlement was done by a malware attack on the bank servers and by cloning
thousands of debit cards, said Mr. Milind Kale, Cosmos Bank Chairman.Some payment experts theorize
that the fraud involved breaching the firewall in the servers that authorize ATM transactions. This meant
that the ATMs were releasing money without checking whether the cards were genuine or whether there
was a bank account.

Consequence of attack:
The malware attack was done on the critical communication systems between the various payment
gateways after which an amount estimated to be INR 78 crore was withdrawn “physically” through
12,000 ATM transactions outside India, while another 2,800 transactions were made in different corners
of the country, worth an estimated INR 2.5 crore. It was observed that unusual repeated transactions were
taking place through Visa and Rupay cards used at various ATMs for nearly two hours. On August 13,
INR 13.5 crore was transferred by the hackers to the Hong Kong-based Hanseng bank, using the Society
for Worldwide Interbank Financial Telecommunication (SWIFT) facility. As per the payment settlement
system, Visa and Rupay had raised demands for payment for all of the fraudulent transactions and as per
the agreement the bank had to pay a total amount of INR 80.5 Cr to them.Regarding the transaction of
transfer of money (INR 13.92 Cr) to a Hong Kong based bank.
Reasons of the attack:Investigations showed that the cyber-criminals had made enough and extremely
through background surveillance of the cosmos banking infrastructure first.. The researchers concluded
that the heist would be very visible from the bank audit report generated by the system itself.Also a few
days prior to the attack, the American FBI had warned banks of a major hacking threat to ATMs
worldwide and despite increased awareness and spend, organizations have proven themselves largely
unprepared for a more organized, strategic and persistent threat.

Technical Loopholes:It has been stated that the bank may have failed to adequately invest in its SOC
(Security Operation Center), which should have analyzed the traffic coming in. An analysis was made
that the bank’s fraud detection mechanism was non- existent as there should’ve been red alerts when so
many overseas transactions were taking place at such a short span of time.
However, in its statement the bank contended it had adequate IT security in place.

Results/Pending investigation:The Special Investigating Team (SIT) had recovered INR 10.25 Cr that
was lost in the heist as was revealed on August 2018.The Hong Kong based bank ‘Hang Seng bank’ also
returned INR 5.72 Cr in the first installment to Cosmos bank. The police also recovered INR 4 Lakh from
genuine Cosmos cardholders, who had visited ATMs when the malware was active and withdrew more
money than their account balance.
Impact on the business of the bank:The bank was neither penalized for its weak cyber-security nor has
anyone been held accountable. This highlights the need for RBI to enforce its cyber guidelines for
cooperative banks as strictly as it has for commercial banks. Extensive audit reports had been called
for.The bank's annual report reported total amount involved in the attack to be INR 100. 22 crore,
including exchange loss on payment settlement. That was not the only impact. The bank says that “the
cyber-attack and restoration of payment systems back to normalcy caused an impact on the customers and
their transactions.
Timeline of refund by Pune police:
January 2020 Rs 8.37 lakh
February 2020 Rs 5.98 crore
March 2020 Rs 27.25 lakh
April 2020 Rs 50.52 lakh

16.Write a Program to search the given pattern using optimized algorithm

#include <stdio.h>
#include <string.h>
int main (){
char txt[] = "tutorialsPointisthebestplatformforprogrammers";
char pat[] = "a";
int M = strlen (pat);
int N = strlen (txt);
for (int i = 0; i <= N - M; i++){
int j;
for (j = 0; j < M; j++)
if (txt[i + j] != pat[j])
break;
if (j == M)
printf ("Pattern matches at index %d \n", i);
}
return 0;
}

17.Prepare a case study on Social Media Crime that occurred in Pune 2021.

Social media crime recorded 100% rise in 2021 in Pune

The number of cybercrime complaints reported based on misuse of social networking sites doubled in
2021 compared to 2020. The overall number of complaints have seen an exponential increase since 2018.
The city cybercrime cell received 19,023 total complaints in 2021 that belong to various categories, such
as monetary frauds, sending vulgar messages on phones, email hacking, stealing online data and defaming
people by posting morphed pictures in social media and many more. According to Pune cybercrime police
data, 14,950 such complaints were reported in 2020 and 7,795 in 2019.
The methods of defrauding people have become innovative, according to BhagyashreeNavatake, deputy
commissioner of police, cybercrime, and Economic offence wing of Pune police. “There were innovative
ways of defrauding people every 8-10 days. When Covid began, the number of cases of calling up
positive patients and duping them increased. This happened in addition to the casual approach of people
who click on links and share OTP. The use of e-commerce and various kinds of software also increased.
These factors contributed to the rise in cases,” said DCP Navatake.
Among social media-related cybercrime, the cases from popular platforms Facebook and Instagram are
the highest. The city police introduced a new section for its records for “sextortion” and “friendship
fraud”, on Facebook and Instagram, which consist of cases of using sexual images or videos for extortion.
The highest number of cases were of defamation and posts by making fake profiles or making vulgar
comments on posts or through messages. The number of cases doubled from 791 in 2020, to 1,518 in
2021.
On other platforms including Twitter, the new section added for record was of posting vulgar comments
on Zoom meetings and uploading of videos on social media sites other than Facebook and Instagram. The
trend has seen a worrying rise among minor victims and adults equally. Children were exposed to added
screentime owing to the online schooling necessitated by the lockdown, said officials.

18.Prepare a case study on Japanese Bank for Keylogger Scam

In the London case, where the criminals attempted to transfer $420 from a London branch of Japanese
bank, the technique applied was password cracking. Using Key loggers, the criminals were in a position
to get access to some of the key passwords to the bank system. The information that was obtained from
the key logger programs was used to access some of the most important and restricted data areas,
including access codes that were private the banking top managerial staff. This gave the criminals directs
access to the bank information that led to the attempted crime.
It is also possible that the criminals also used session hijacking through the internet to enable them to get
into important accounts of the bank. A combination of these two techniques must have led to successful
log in to the private accounts of the bank. These are some of the topmost methods that the criminals
always use in accessing private information from the banks. Recent crimes related to the same have been
witnesses in various regions of the world. It has still been realized that password cracking is still the main
method that is usually employed.
There are numerous measures that exist to control cybercrimes. One of these is the use of strong
passwords or user ID. This should be frequently reviewed and changed to limit the extent to which the
key logger programs can access the passwords. It may be able to detect the password, but in changing this
password again and again, successful hacking may be limited.

19. Write the steps to prevent the denial of Service attacks.

1. Organize a DDoS Attack Response Plan. Don’t be caught blindsided by DDoS attacks; have a
response plan ready in case of a security breach so your organization can respond as promptly as possible.
Your plan should document how to maintain business operations if a DDoS attack is successful, any
technical competencies and expertise that will be necessary, and a systems checklist to ensure that your
assets have advanced threat detection.
2. Secure your Infrastructure with DDoS Attack Prevention Solutions.

Equip your network, applications, and infrastructure with multi-level protection strategies. This may
include prevention management systems that combine firewalls, VPN, anti-spam, content filtering and
other security layers to monitor activities and identity traffic inconsistencies that may be symptoms of
DDoS attacks.

3. Perform a Network Vulnerability Assessment.

Identify weakness in your networks before a malicious user does. A vulnerability assessment involves
identifying security exposures so you can patch up your infrastructure to be better prepared for a DDoS
attack, or for any cybersecurity risks in general.

4. Identify Warning Signs of a DDoS Attack.

If you can identify the symptoms of a DDoS attack as early as possible, you can act and hopefully
mitigate damage. Spotty connectivity, slow performance, and intermittent web crashes are all signs that
your business may be coming under attack from a DDoS criminal. Educate your team on signs of DDoS
attacks so everyone can be alert for warning signs.

5. Adopt Cloud-Based Service Providers.

Cloud providers who offer high levels of cybersecurity, including firewalls and threat monitoring
software, can help protect your assets and network from DDoS criminals. The cloud also has greater
bandwidth than most private networks, so it is likely to fail if under the pressure of increased DDoS
attacks.
20.Write the steps to demonstrate intrusion detection system (ids) using the tool SNORT

21. What is Malware? Write the steps to remove the malware from your PC.

How to remove malware from a Mac or PC

Step 1: Disconnect from the internet

Disconnecting from the internet will prevent more of your data from being sent to a malware server or the
malware from spreading further.
Step 2: Enter safe mode

If malware is set to load automatically, this will prevent the malware from loading, making it easier to
remove. To enter safe mode:

1. Restart your PC.

2. When you see the sign-in screen, hold down the Shift key and select Power → Restart.
3. After your PC restarts, to the “Choose an option” screen, select: Troubleshoot → Advanced
Options → Startup Settings.
4. On the next window, click the Restart button and wait for the next screen to appear.
5. A menu will appear with numbered startup options. Select number 4 or F4 to start your PC in
Safe Mode.

Disclaimer: Avoid logging into accounts during malware removal

To avoid sharing your personally identifiable information, do not log into sensitive accounts while your
device is infected.

Step 3: Check your activity monitor for malicious applications

If you know that you’ve installed a suspicious update or application, close the application if it’s running.
Your activity monitor shows the processes that are running on your computer, so you can see how they
affect your computer’s activity and performance.
In Type to search type → Resource Monitor → Find End Task → Right Click → End Process

Step 4: Run a malware scanner

Luckily, malware scanners can remove many standard infections. But remember that if you already have
an antivirus program active on your computer, you should use a different scanner for this malware check
since your current antivirus software may not detect the malware initially.

Step 5: Fix your web browser

Malware is likely to modify your web browser’s homepage to re-infect your PC. Check your homepage
and connection settings using the steps below for common browsers.
To verify your homepage on Chrome:
5. In the top right corner of your Chrome browser, click More → Settings.
5. Select the dropdown menu in the “Search engine” section.
6. Verify your default homepage.
6. Step 6: Clear your cache
After you’ve verified your homepage setting, it’s imperative to clear your browser’s cache. Follow these
steps below to learn how to clear your cache for Chrome and Internet Explorer.
To clear your cache on Chrome:
History → Clear Browsing Data → Time Range → All Time → Clear Data.
22.What are the various types of Vulnerabilities for hacking the web applications.

Most Common Website Security Vulnerabilities

• SQL Injections.

• Cross Site Scripting (XSS)

• Broken Authentication & Session Management.

• Insecure Direct Object References.

• Security Misconfiguration.

• Cross-Site Request Forgery (CSRF)

23.Write steps for sharing files and printer remotely between two system

24. List out the various Mobile security apps . Write the steps to install and use ,one of the mobile
security app

25.Write the algorithm for encoding and decoding the Hash-Based Message Authentication
Code(HMAC)

HMAC algorithm stands for Hashed or Hash-based Message Authentication Code. It is a result of work
done on developing a MAC derived from cryptographic hash functions. HMAC is a great resistance
towards cryptanalysis attacks as it uses the Hashing concept twice. HMAC consists of twin benefits of
Hashing and MAC and thus is more secure than any other authentication code. RFC 2104 has issued
HMAC, and HMAC has been made compulsory to implement in IP security. The FIPS 198 NIST
standard has also issued HMAC.

Objectives –

As the Hash Function, HMAC is also aimed to be one way, i.e, easy to generate output from input but
complex the other way round.
It aims at being less affected by collisions than the hash functions.
HMAC reuses the algorithms like MD5 and SHA-1 and checks to replace the embedded hash functions
with more secure hash functions, in case found.
HMAC tries to handle the Keys in a simpler manner.

26.Prepare a case study on Mahesh Bank cyber attack.

Police learnt Nigerian handlers operating from India were tasked to open bank accounts through locals in
banks. Phishing mails were sent by an unidentified hacker to 200 staff of Mahesh bank and two of
them clicked on links in mails, allowing remote access Trojan malware to be installed.

27.Prepare a case study of cyber attack through Facebook Account

 CEO Mark Zuckerberg’s private credentials are part of the larger leaked data set from
2019

Facebook has suffered yet another data breach , only this time, private information from 533
million accounts have been leaked online. Even the company’s founder and CEO Mark
Zuckerberg’s private credentials are part of the larger leaked data set from 2019.

What kind of data was leaked and how was it done?

Private information of users was primarily obtained by exploiting Facebook’s contact importer
feature that allows users to find friends on social media using their phone’s contact list.

Malicious actors exploited a weakness in the feature to gain access to user ID, address, phone
number, email address, names of workplaces, date of birth, date of account creation, and other
personal identifiable information. They then leaked this data in the dark web. Information on
users’ finance and password were not divulged.

All 533,000,000 Facebook records were just leaked for free.

This means that if you have a Facebook account, it is extremely likely the phone number used
for the account was leaked.

Facebook claims hackers obtained user data through data scraping — a process used by people
to import data from a website onto a local file that is saved in a computer. The social networking
giant also noted in a blog post that “the specific issue that allowed them [hackers] to scrape this
data in 2019 no longer exists.”

“A lot of companies like Facebook, Google and others provide their APIs to developers for
several reasons. Hacker groups essentially use them to scrape data from these sites,” said
Rajshekhar Rajaharia, a Rajasthan-based entrepreneur and cyber security researcher, in an email
to The Hindu.

“They can procure the name and email of a particular user from one website through their API,
A second website’s API might provide them with their phone number and address, a third might
open the doors to more sensitive information on the same user. Hackers are essentially
combining these details and creating a complete data set which is then being sold online.”
Uniqueness of this leak, and similarity with others

The latest instance stands out for the sheer number of accounts compromised. According to a
report published by Business Insider , personal information of over half a billion Facebook
users in 106 countries was leaked online. This includes over 32 million records on users in the
U.S., 11.5 million in the U.K., and 6 million in India.
 Earlier, data of 500 million LinkedIn users were being sold online by an unknown hacker who
had dumped two million users’ data as sample. Separately, online stock trading company
Upstox’s data was stolen due to compromised Amazon Web Service (AWS) keys.

This hack includes users’ Aadhaar and PAN credentials, passport soft copy, bank account
numbers, and photos of signatures, Rajaharia noted.

“In the case of LinkedIn, it was asserted that data was scraped, in other words, someone violated
the terms of service to cull out data from the public profile, combined with data from other
sites,” Raj Samani, Chief Scientist at cybersecurity firm McAfee told The Hindu .

The information leaked is in many ways similar to Facebook’s leak, but it contains other
professional information that might add another layer of sensitivity.

Where is this data now, and for what can it be used?

The stolen information can be used to send spam emails, make calls, mount phishing campaigns
and target advertising. It can be used to plot and execute various nefarious online fraud schemes.
Hackers can impersonate users and transfer cash on their behalf, without their knowledge.

The database of private information is available on dark web for anyone to sift through. CTO of
cyber intelligence firm Hudson Rock in early January confirmed that this data was now being
sold on various groups on the cloud-based messaging app Telegram. Recently the data set seems
to be popping up on various hacker forums all across the internet.

How can one check whether their data has been compromised?

Internet users seeking to know whether their data has been leaked or compromised, can
visit HaveiBeenPawned.com . All they have to do is to key in their email id and check.

28.Create a Presentation on “ Ethical Hacking” at least 10 slides

29. Write a Program to download a file from HTTP server

#include <sys/socket.h>
#include <sys/types.h>
#include <netinet/in.h>
#include <netdb.h>
#include <stdio.h>
#include <string.h>
#include <stdlib.h>
#include <unistd.h>
#include <errno.h>
#include <string.h>
#include <errno.h>
#include <arpa/inet.h>
#include <string.h>

int ReadHttpStatus(int sock){

char c;
char buff[1024]="",*ptr=buff+1;
int bytes_received, status;
printf("Begin Response ..\n");
while(bytes_received = recv(sock, ptr, 1, 0)){
if(bytes_received==-1){
perror("ReadHttpStatus");
exit(1);
}

if((ptr[-1]=='\r') && (*ptr=='\n' )) break;

ptr++;
}
*ptr=0;
ptr=buff+1;

sscanf(ptr,"%*s %d ", &status);

printf("%s\n",ptr);
printf("status=%d\n",status);
printf("End Response ..\n");
return (bytes_received>0)?status:0;

//the only filed that it parsed is 'Content-Length'

int ParseHeader(int sock){
char c;
char buff[1024]="",*ptr=buff+4;
int bytes_received, status;
printf("Begin HEADER ..\n");
while(bytes_received = recv(sock, ptr, 1, 0)){
if(bytes_received==-1){
perror("Parse Header");
exit(1);
}

if(
(ptr[-3]=='\r') && (ptr[-2]=='\n' ) &&
(ptr[-1]=='\r') && (*ptr=='\n' )
) break;
ptr++;
}

*ptr=0;
ptr=buff+4;
//printf("%s",ptr);

if(bytes_received){
ptr=strstr(ptr,"Content-Length:");
 if(ptr){
sscanf(ptr,"%*s %d",&bytes_received);

}else
bytes_received=-1; //unknown size

printf("Content-Length: %d\n",bytes_received);
}
printf("End HEADER ..\n");
return bytes_received ;

int main(void){

char domain[] = "sstatic.net", path[]="stackexchange/img/logos/so/so-logo-med.png";

int sock, bytes_received;

char send_data[1024],recv_data[1024], *p;
struct sockaddr_in server_addr;
struct hostent *he;

he = gethostbyname(domain);
if (he == NULL){
herror("gethostbyname");
exit(1);
}

if ((sock = socket(AF_INET, SOCK_STREAM, 0))== -1){

perror("Socket");
exit(1);
}
server_addr.sin_family = AF_INET;
server_addr.sin_port = htons(80);
server_addr.sin_addr = *((struct in_addr *)he->h_addr);
bzero(&(server_addr.sin_zero),8);

printf("Connecting ...\n");
if (connect(sock, (struct sockaddr *)&server_addr,sizeof(struct sockaddr)) == -1){
perror("Connect");
exit(1);
}

printf("Sending data ...\n");

snprintf(send_data, sizeof(send_data), "GET /%s HTTP/1.1\r\nHost: %s\r\n\r\n", path, domain);

if(send(sock, send_data, strlen(send_data), 0)==-1){

perror("send");
exit(2);
}
printf("Data sent.\n");
 //fp=fopen("received_file","wb");
printf("Recieving data...\n\n");

int contentlengh;

if(ReadHttpStatus(sock) && (contentlengh=ParseHeader(sock))){

int bytes=0;
FILE* fd=fopen("test.png","wb");
printf("Saving data...\n\n");

while(bytes_received = recv(sock, recv_data, 1024, 0)){

if(bytes_received==-1){
perror("recieve");
exit(3);
}

fwrite(recv_data,1,bytes_received,fd);
bytes+=bytes_received;
printf("Bytes recieved: %d from %d\n",bytes,contentlengh);
if(bytes==contentlengh)
break;
}
fclose(fd);
}

close(sock);
printf("\n\nDone.\n\n");
return 0;
}

30.Create a Presentation on “Security Protocols” ( atleast 5 protocols)

31.Write the steps to detect the number of devices connected to wifi and block unauthorized devices
32.Prepare a case study on Crypto currency Cyber attack. (Ex: Grim Finance)

33.Write an algorithm and Program for encrypting a plain text and decrypting a cipher text using
Caesar Cipher.

#include<stdio.h>

int main()
{
char message[100], ch;
int i, key;
printf("Enter a message to encrypt: ");
gets(message);
printf("Enter key: ");
scanf("%d", &key);
for(i = 0; message[i] != '\0'; ++i){
ch = message[i];
if(ch >= 'a' && ch <= 'z'){
ch = ch + key;
if(ch > 'z'){
ch = ch - 'z' + 'a' - 1;
}
message[i] = ch;
}
else if(ch >= 'A' && ch <= 'Z'){
ch = ch + key;
if(ch > 'Z'){
ch = ch - 'Z' + 'A' - 1;
}
message[i] = ch;
}
}
printf("Encrypted message: %s", message);
return 0;
}

Output
#Encryption

#Decryption

34.Write an algorithm and Program to implement Data Encryption Standard (DES) for encryption
and decryption

#include <stdio.h>
#include <stdlib.h>
#include <ctype.h>
#include <math.h>
#include <time.h>

int IP[] =
{
58, 50, 42, 34, 26, 18, 10, 2,
60, 52, 44, 36, 28, 20, 12, 4,
62, 54, 46, 38, 30, 22, 14, 6,
64, 56, 48, 40, 32, 24, 16, 8,
57, 49, 41, 33, 25, 17, 9, 1,
59, 51, 43, 35, 27, 19, 11, 3,
61, 53, 45, 37, 29, 21, 13, 5,
63, 55, 47, 39, 31, 23, 15, 7
};

int E[] =
{
32, 1, 2, 3, 4, 5,
4, 5, 6, 7, 8, 9,
8, 9, 10, 11, 12, 13,
12, 13, 14, 15, 16, 17,
16, 17, 18, 19, 20, 21,
20, 21, 22, 23, 24, 25,
24, 25, 26, 27, 28, 29,
28, 29, 30, 31, 32, 1
};

int P[] =
{
16, 7, 20, 21,
29, 12, 28, 17,
1, 15, 23, 26,
5, 18, 31, 10,
2, 8, 24, 14,
32, 27, 3, 9,
19, 13, 30, 6,
22, 11, 4, 25
};

int FP[] =
{
40, 8, 48, 16, 56, 24, 64, 32,
39, 7, 47, 15, 55, 23, 63, 31,
38, 6, 46, 14, 54, 22, 62, 30,
37, 5, 45, 13, 53, 21, 61, 29,
36, 4, 44, 12, 52, 20, 60, 28,
35, 3, 43, 11, 51, 19, 59, 27,
34, 2, 42, 10, 50, 18, 58, 26,
33, 1, 41, 9, 49, 17, 57, 25
};

int S1[4][16] =
{
14, 4, 13, 1, 2, 15, 11, 8, 3, 10, 6, 12, 5, 9, 0, 7,
0, 15, 7, 4, 14, 2, 13, 1, 10, 6, 12, 11, 9, 5, 3, 8,
4, 1, 14, 8, 13, 6, 2, 11, 15, 12, 9, 7, 3, 10, 5, 0,
15, 12, 8, 2, 4, 9, 1, 7, 5, 11, 3, 14, 10, 0, 6, 13
};

int S2[4][16] =
{
15, 1, 8, 14, 6, 11, 3, 4, 9, 7, 2, 13, 12, 0, 5, 10,
3, 13, 4, 7, 15, 2, 8, 14, 12, 0, 1, 10, 6, 9, 11, 5,
0, 14, 7, 11, 10, 4, 13, 1, 5, 8, 12, 6, 9, 3, 2, 15,
13, 8, 10, 1, 3, 15, 4, 2, 11, 6, 7, 12, 0, 5, 14, 9
};

int S3[4][16] =
{
10, 0, 9, 14, 6, 3, 15, 5, 1, 13, 12, 7, 11, 4, 2, 8,
13, 7, 0, 9, 3, 4, 6, 10, 2, 8, 5, 14, 12, 11, 15, 1,
13, 6, 4, 9, 8, 15, 3, 0, 11, 1, 2, 12, 5, 10, 14, 7,
1, 10, 13, 0, 6, 9, 8, 7, 4, 15, 14, 3, 11, 5, 2, 12
};

int S4[4][16] =
{
7, 13, 14, 3, 0, 6, 9, 10, 1, 2, 8, 5, 11, 12, 4, 15,
13, 8, 11, 5, 6, 15, 0, 3, 4, 7, 2, 12, 1, 10, 14, 9,
10, 6, 9, 0, 12, 11, 7, 13, 15, 1, 3, 14, 5, 2, 8, 4,
3, 15, 0, 6, 10, 1, 13, 8, 9, 4, 5, 11, 12, 7, 2, 14
};

int S5[4][16] =
{
2, 12, 4, 1, 7, 10, 11, 6, 8, 5, 3, 15, 13, 0, 14, 9,
14, 11, 2, 12, 4, 7, 13, 1, 5, 0, 15, 10, 3, 9, 8, 6,
4, 2, 1, 11, 10, 13, 7, 8, 15, 9, 12, 5, 6, 3, 0, 14,
11, 8, 12, 7, 1, 14, 2, 13, 6, 15, 0, 9, 10, 4, 5, 3
};

int S6[4][16] =
{
12, 1, 10, 15, 9, 2, 6, 8, 0, 13, 3, 4, 14, 7, 5, 11,
10, 15, 4, 2, 7, 12, 9, 5, 6, 1, 13, 14, 0, 11, 3, 8,
9, 14, 15, 5, 2, 8, 12, 3, 7, 0, 4, 10, 1, 13, 11, 6,
4, 3, 2, 12, 9, 5, 15, 10, 11, 14, 1, 7, 6, 0, 8, 13
};

int S7[4][16]=
{
4, 11, 2, 14, 15, 0, 8, 13, 3, 12, 9, 7, 5, 10, 6, 1,
13, 0, 11, 7, 4, 9, 1, 10, 14, 3, 5, 12, 2, 15, 8, 6,
1, 4, 11, 13, 12, 3, 7, 14, 10, 15, 6, 8, 0, 5, 9, 2,
6, 11, 13, 8, 1, 4, 10, 7, 9, 5, 0, 15, 14, 2, 3, 12
};
int S8[4][16]=
{
13, 2, 8, 4, 6, 15, 11, 1, 10, 9, 3, 14, 5, 0, 12, 7,
1, 15, 13, 8, 10, 3, 7, 4, 12, 5, 6, 11, 0, 14, 9, 2,
7, 11, 4, 1, 9, 12, 14, 2, 0, 6, 10, 13, 15, 3, 5, 8,
2, 1, 14, 7, 4, 10, 8, 13, 15, 12, 9, 0, 3, 5, 6, 11
};

int PC1[] =
{
57, 49, 41, 33, 25, 17, 9,
1, 58, 50, 42, 34, 26, 18,
10, 2, 59, 51, 43, 35, 27,
19, 11, 3, 60, 52, 44, 36,
63, 55, 47, 39, 31, 23, 15,
7, 62, 54, 46, 38, 30, 22,
14, 6, 61, 53, 45, 37, 29,
21, 13, 5, 28, 20, 12, 4
};

int PC2[] =
{
14, 17, 11, 24, 1, 5,
3, 28, 15, 6, 21, 10,
23, 19, 12, 4, 26, 8,
16, 7, 27, 20, 13, 2,
41, 52, 31, 37, 47, 55,
30, 40, 51, 45, 33, 48,
44, 49, 39, 56, 34, 53,
46, 42, 50, 36, 29, 32
};

int SHIFTS[] = { 1, 1, 2, 2, 2, 2, 2, 2, 1, 2, 2, 2, 2, 2, 2, 1 };

FILE* out;
int LEFT[17][32], RIGHT[17][32];
int IPtext[64];
int EXPtext[48];
int XORtext[48];
int X[8][6];
int X2[32];
int R[32];
int key56bit[56];
int key48bit[17][48];
int CIPHER[64];
int ENCRYPTED[64];

void expansion_function(int pos, int text)

{
for (int i = 0; i < 48; i++)
{
if (E[i] == pos + 1) {
EXPtext[i] = text;
 }
}
}

int initialPermutation(int pos, int text)

{
int i;
for (i = 0; i < 64; i++)
{
if (IP[i] == pos + 1) {
break;
}
}
IPtext[i] = text;
}

int F1(int i)
{
int r, c, b[6];

for (int j = 0; j < 6; j++) {

b[j] = X[i][j];
}

r = b[0] * 2 + b[5];
c = 8 * b[1] + 4 * b[2] + 2 * b[3] + b[4];

if (i == 0) {
return S1[r][c];
}
else if (i == 1) {
return S2[r][c];
}
else if (i == 2) {
return S3[r][c];
}
else if (i == 3) {
return S4[r][c];
}
else if (i == 4) {
return S5[r][c];
}
else if (i == 5) {
return S6[r][c];
}
else if (i == 6) {
return S7[r][c];
}
else if (i == 7) {
return S8[r][c];
}
}

int XOR(int a, int b) {

 return (a ^ b);
}

int ToBits(int value)

{
int k, j, m;
static int i;

if (i % 32 == 0) {
i = 0;
}

for (j = 3; j >= 0; j--)

{
m = 1 << j;
k = value & m;
if (k == 0) {
X2[3 - j + i] = '0' – 48;
}
else {
X2[3 - j + i] = '1' – 48;
}
}

i = i + 4;
}

int SBox(int XORtext[])

{
int k = 0;
for (int i = 0; i < 8; i++)
{
for (int j = 0; j < 6; j++) {
X[i][j] = XORtext[k++];
}
}

int value;
for (int i = 0; i < 8; i++)
{
value = F1(i);
ToBits(value);
}
}

int PBox(int pos, int text)

{
int i;
for (i = 0; i < 32; i++)
{
if (P[i] == pos + 1) {
break;
}
}
 R[i] = text;
}

void cipher(int Round, int mode)

{
for (int i = 0; i < 32; i++) {
expansion_function(i, RIGHT[Round – 1][i]);
}

for (int i = 0; i < 48; i++)

{
if (mode == 0) {
XORtext[i] = XOR(EXPtext[i], key48bit[Round][i]);
}
else {
XORtext[i] = XOR(EXPtext[i], key48bit[17 – Round][i]);
}
}

SBox(XORtext);

for (int i = 0; i < 32; i++) {

PBox(i, X2[i]);
}

for (int i = 0; i < 32; i++) {

RIGHT[Round][i] = XOR(LEFT[Round – 1][i], R[i]);
}
}

void finalPermutation(int pos, int text)

{
int i;
for (i = 0; i < 64; i++)
{
if (FP[i] == pos + 1) {
break;
}
}
ENCRYPTED[i] = text;
}

void convertToBinary(int n)
{
int k, m;
for (int i = 7; i >= 0; i--)
{
m = 1 << i;
k = n & m;

if (k == 0) {
fprintf(out, "0");
}
else {
 fprintf(out, "1");
}
}
}

int convertCharToBit(long int n)

{
FILE* inp = fopen("input.txt", "rb");
out = fopen("bits.txt", "wb+");
char ch;
int i = n * 8;

while (i)
{
ch = fgetc(inp);
if (ch == -1) {
break;
}
i--;
convertToBinary(ch);
}
fclose(out);
fclose(inp);
}

void Encryption(long int plain[])

{
out = fopen("cipher.txt", "ab+");
for (int i = 0; i < 64; i++) {
initialPermutation(i, plain[i]);
}

for (int i = 0; i < 32; i++) {

LEFT[0][i] = IPtext[i];
}

for (int i = 32; i < 64; i++) {

RIGHT[0][i – 32] = IPtext[i];
}

for (int k = 1; k < 17; k++)

{
cipher(k, 0);

for (int i = 0; i < 32; i++)

LEFT[k][i] = RIGHT[k – 1][i];
}

for (int i = 0; i < 64; i++)

{
if (i < 32) {
CIPHER[i] = RIGHT[16][i];
}
else {
 CIPHER[i] = LEFT[16][i – 32];
}
finalPermutation(i, CIPHER[i]);
}

for (int i = 0; i < 64; i++) {

fprintf(out, "%d", ENCRYPTED[i]);
}
fclose(out);
}

void Decryption(long int plain[])

{
out = fopen("decrypted.txt", "ab+");
for (int i = 0; i < 64; i++) {
initialPermutation(i, plain[i]);
}

for (int i = 0; i < 32; i++) {

LEFT[0][i] = IPtext[i];
}

for (int i = 32; i < 64; i++) {

RIGHT[0][i – 32] = IPtext[i];
}

for (int k = 1; k < 17; k++)

{
cipher(k, 1);

for (int i = 0; i < 32; i++) {

LEFT[k][i] = RIGHT[k – 1][i];
}
}

for (int i = 0; i < 64; i++)

{
if (i < 32) {
CIPHER[i] = RIGHT[16][i];
} else {
CIPHER[i] = LEFT[16][i – 32];
}
finalPermutation(i, CIPHER[i]);
}

for (int i = 0; i < 64; i++) {

fprintf(out, "%d", ENCRYPTED[i]);
}

fclose(out);
}

void convertToBits(int ch[])

{
 int value = 0;
for (int i = 7; i >= 0; i--) {
value += (int)pow(2, i) * ch[7 – i];
}
fprintf(out, "%c", value);
}

int bittochar()
{
out = fopen("result.txt", "ab+");
for (int i = 0; i < 64; i = i + 8) {
convertToBits(&ENCRYPTED[i]);
}
fclose(out);
}

void key56to48(int round, int pos, int text)

{
int i;
for (i = 0; i < 56; i++)
{
if (PC2[i] == pos + 1) {
break;
}
}
key48bit[round][i] = text;
}

int key64to56(int pos, int text)

{
int i;
for (i = 0; i < 56; i++)
{
if (PC1[i] == pos + 1) {
break;
}
}
key56bit[i] = text;
}

void key64to48(unsigned int key[])

{
int k, backup[17][2];
int CD[17][56];
int C[17][28], D[17][28];

for (int i = 0; i < 64; i++) {

key64to56(i, key[i]);
}

for (int i = 0; i < 56; i++)

{
if (i < 28) {
C[0][i] = key56bit[i];
 }
else {
D[0][i – 28] = key56bit[i];
}
}

for (int x = 1; x < 17; x++)

{
int shift = SHIFTS[x – 1];

for (int i = 0; i < shift; i++) {

backup[x - 1][i] = C[x – 1][i];
}

for (int i = 0; i < (28 – shift); i++) {

C[x][i] = C[x – 1][i + shift];
}

k = 0;
for (int i = 28 – shift; i < 28; i++) {
C[x][i] = backup[x – 1][k++];
}

for (int i = 0; i < shift; i++) {

backup[x - 1][i] = D[x – 1][i];
}

for (int i = 0; i < (28 – shift); i++) {

D[x][i] = D[x – 1][i + shift];
}

k = 0;
for (int i = 28 – shift; i < 28; i++) {
D[x][i] = backup[x – 1][k++];
}
}

for (int j = 0; j < 17; j++)

{
for (int i = 0; i < 28; i++) {
CD[j][i] = C[j][i];
}

for (int i = 28; i < 56; i++) {

CD[j][i] = D[j][i – 28];
}
}

for (int j = 1; j < 17; j++)

{
for (int i = 0; i < 56; i++) {
key56to48(j, i, CD[j][i]);
}
}
}

void decrypt(long int n)

{
FILE* in = fopen("cipher.txt", "rb");
long int plain[n * 64];
int i = -1;
char ch;

while (!feof(in))
{
ch = getc(in);
plain[++i] = ch – 48;
}

for (int i = 0; i < n; i++)

{
Decryption(plain + i * 64);
bittochar();
}

fclose(in);
}

void encrypt(long int n)

{
FILE* in = fopen("bits.txt", "rb");

long int plain[n * 64];

int i = -1;
char ch;

while (!feof(in))
{
ch = getc(in);
plain[++i] = ch – 48;
}

for (int i = 0; i < n; i++) {

Encryption(plain + 64 * i);
}

fclose(in);
}

void create16Keys()
{
FILE* pt = fopen("key.txt", "rb");
unsigned int key[64];
int i = 0, ch;

while (!feof(pt))
{
ch = getc(pt);
 key[i++] = ch – 48;
}

key64to48(key);
fclose(pt);
}

long int findFileSize()

{
FILE* inp = fopen("input.txt", "rb");
long int size;

if (fseek(inp, 0L, SEEK_END)) {

perror("fseek() failed");
}
// size will contain number of chars in the input file.
else {
size = ftell(inp);
}
fclose(inp);

return size;
}

int main()
{
// destroy contents of these files (from previous runs, if any)
out = fopen("result.txt", "wb+");
fclose(out);

out = fopen("decrypted.txt", "wb+");

fclose(out);

out = fopen("cipher.txt", "wb+");

fclose(out);

create16Keys();

long int n = findFileSize() / 8;

convertCharToBit(n);

encrypt(n);
decrypt(n);

return 0;
}

35.Write RSA algorithm and Program to implement RSA Standard for encryption and decryption

36.Write the steps to analyze the E-Mail Application’ssecurity vulnerabilities.

Email is the dream delivery platform for any and all types of cyberattacks; it provides a mechanism
capable of placing almost any kind of threat in front of almost any target.
Attackers use email to send malicious software attacks to an end user. Even when filters are able to find
potentially unwanted programs, attackers can still fall back to time-tested social engineering tactics to
convince victims to take actions against their own interests.

For decades, email has been the predominant end-user network application, so it should be no surprise
that attackers have focused their attention on exploiting email security threats. While the attack
techniques have become much more sophisticated over the years, security teams have long understood the
fundamentals of email security threats.

While the forms and intentions of email security threats have morphed many times, from sowing chaos
and denial of service via spam campaigns to today's dominant threats of ransomware and email fraud, the
email security threats themselves still generally fall into three categories:

Malware delivery
Phishing
Domain spoofing

Malware delivery
Ever since email applications began to include attachments, file attachments have been used to deliver
malware. Once email applications began to support executable content using the same types of content
that are offered on the web, attackers quickly learned to subvert that content with malicious code.

Phishing
Phishing, in all its forms, is the practice of using email or other types of messaging applications to carry
out social engineering campaigns in an effort to convince the victim to perform some action. Ordinary
phishing campaigns spread generic phishing emails to a broad spectrum of potential targets in order to
harvest user credentials or infect users' systems with ransomware by prompting them to click on
malicious links.

Domain spoofing
Spoofing domains is a common tactic attackers use against email users. The domain being spoofed may
be in the headers of a message to try to fool the recipient into believing that the email originated from a
known domain. For example, an attacker may send a phishing message that appears to have originated
from the recipient's employer, bank or other trusted source.

37.What is SQL Injection? Write steps for SQL Injection attack on Insert, Update and Delete.

SQL injection is a web security vulnerability that allows an attacker to interfere with the queries that an
application makes to its database. It generally allows an attacker to view data that they are not normally
able to retrieve. This might include data belonging to other users, or any other data that the application
itself is able to access. In many cases, an attacker can modify or delete this data, causing persistent
changes to the application's content or behavior.

SQL injection examples

There are a wide variety of SQL injection vulnerabilities, attacks, and techniques, which arise in different
situations. Some common SQL injection examples include:

Retrieving hidden data, where you can modify an SQL query to return additional results.
Subverting application logic, where you can change a query to interfere with the application's logic.
UNION attacks, where you can retrieve data from different database tables.
Examining the database, where you can extract information about the version and structure of the
database.
Blind SQL injection, where the results of a query you control are not returned in the application's
responses.

SQL injection in different parts of the query

Most SQL injection vulnerabilities arise within the WHERE clause of a SELECT query. This type of
SQL injection is generally well-understood by experienced testers.

But SQL injection vulnerabilities can in principle occur at any location within the query, and within
different query types. The most common other locations where SQL injection arises are:

In UPDATE statements, within the updated values or the WHERE clause.

In INSERT statements, within the inserted values.
In SELECT statements, within the table or column name.
In SELECT statements, within the ORDER BY clause.

38.Write an algorithm and a Program to implement Diffie Hellman Key

#include <stdio.h>
// Function to compute `a^m mod n`
int compute(int a, int m, int n)
{
int r;
int y = 1;

while (m > 0)
{
r = m % 2;

// fast exponention
if (r == 1) {
y = (y*a) % n;
}
a = a*a % n;
m = m / 2;
}

return y;
}

// C program to demonstrate the Diffie-Hellman algorithm

int main()
{
int p = 23; // modulus
int g = 5; // base

int a, b; // `a` – Alice's secret key, `b` – Bob's secret key.
int A, B; // `A` – Alice's public key, `B` – Bob's public key

// choose a secret integer for Alice's private key (only known to Alice)
a = 6; // or, use `rand()`
 // Calculate Alice's public key (Alice will send `A` to Bob)
A = compute(g, a, p);

// choose a secret integer for Bob's private key (only known to Bob)
b = 15; // or, use `rand()`

// Calculate Bob's public key (Bob will send `B` to Alice)

B = compute(g, b, p);

// Alice and Bob Exchange their public key `A` and `B` with each other

// Find secret key

int keyA = compute(B, a, p);
int keyB = compute(A, b, p);

printf("Alice's secret key is %d\nBob's secret key is %d", keyA, keyB);

return 0;
}

39.Write an RSA algorithm and Program to implement digital Signature Scheme

// C program for RSA asymmetric cryptographic

// algorithm. For demonstration values are
// relatively small compared to practical
// application
#include<stdio.h>
#include<math.h>

// Returns gcd of a and b

int gcd(int a, int h)
{
int temp;
while (1)
{
temp = a%h;
if (temp == 0)
return h;
a = h;
h = temp;
}
}

// Code to demonstrate RSA algorithm

int main()
{
// Two random prime numbers
double p = 3;
double q = 7;

// First part of public key:

double n = p*q;
 // Finding other part of public key.
// e stands for encrypt
double e = 2;
double phi = (p-1)*(q-1);
while (e < phi)
{
// e must be co-prime to phi and
// smaller than phi.
if (gcd(e, phi)==1)
break;
else
e++;
}

int k = 2; // A constant value

double d = (1 + (k*phi))/e;

// Message to be encrypted
double msg = 20;

printf("Message data = %lf", msg);

// Encryption c = (msg ^ e) % n
double c = pow(msg, e);
c = fmod(c, n);
printf("\nEncrypted data = %lf", c);

// Decryption m = (c ^ d) % n
double m = pow(c, d);
m = fmod(m, n);
printf("\nOriginal Message Sent = %lf", m);

return 0;
}
40. Write an algorithm and Program to generate Pseudo Random numbers in a range

#include <stdio.h>
#include <conio.h>
#include <stdlib.h>
int main()
{
int n, max, num, c;
printf("Enter the number of random numbers you want\n");
scanf("%d", &n);
printf("Enter the maximum value of random number\n");
scanf("%d", &max);
printf("%d random numbers from 0 to %d are:\n", n, max);
randomize();
for (c = 1; c <= n; c++)
{
num = random(max);
printf("%d\n",num);
}
 getch();
return 0;
}

41.Create a Presentation on “Cyber Security Regulations” with at least 10 slides

42.Create a Presentation on “Role of International Law” with at least 10 slides

43.Create a Presentation on “Cyber Forensics” with at least 10 slides

44.Create a Presentation on “Cyber Security Standards” with at least 10 slides

45.Create a Presentation on “Cyber Security Attacks” with at least 10 slides

46.Write a Program to validate your Email address

47. Write the steps to check the devices connected to your internet and about data usage

48.Create a Presentation on “Cyber Security Policies 2013” with at least 10 slides

49.Create a Presentation on “State and Private sectors in Cyber Space” with at least 10 slides

50.Write the steps to read Email Headers and identify them as SPAM