SlideShare a Scribd company logo

INTERNSHIPREVIEW-ISHAQ (1) [Recovered].pptx

it was done by me in our collage it will help ful for students

1 of 32
Download to read offline
INTERNSHIP REPORT&PROJECT
REVIEW-1
INTERNSHIP PERIOD: 20-07-22 / 24-08-22
P MOHAMMED ISHAQ-20691A3726-III CSC
CYBER SECURITY
REVIEW DATE : 04-11-2022
INTERNSHIP MENTOR : Mr.Abdul Jaleel D
ABOUT INDUSTRY/ORGANIZATION
DETAILS
ORGANIZATION NAME : INTERNSHIP STUDIO
• Internship Studio is an online training and internship platform founded on
the principle that students interested in any field should not be required to
have any sort of perspective knowledge in order to start their journey in that
field.
• The Founder and CEO of Internship Studio is Mr. Aniket Bihani.
• I have done this internship by virtual mode.
• The Internship Studio is located in MVPM Spark, Lane No 6, Ram Indu
Park, Nr. Balewadi High St, Baner, Pune-411045, Maharashtra, IN.
• Contact details: contact@internshipstudio.com
Internship Certificate
MY INTERNSHIP
ETHICAL HACKING
 ETHICAL HACKING is a process of detecting vulnerabilities in an application, system,
or organization's infrastructure.
 Ethical hacking involves an authorized attempt to gain unauthorized access to a
computer system, application, or data.
 Carrying out an ethical hack involves duplicating strategies and actions of malicious
attackers.
 This practice helps to identify security vulnerabilities which can then be resolved
before a malicious attacker has the opportunity to exploit them.
 Hence, Ethical hackers use their knowledge to secure and improve the technology of
organizations.
INTERNSHIP DESCRIPTION:
• I thoroughly enjoyed my experience as an intern for the ethical hacking team.
• The work was challenging and engaging, and I appreciated the opportunity to
work on such a wide variety of projects.
• I would recommend this internship to anyone interested in ethical hacking or
cybersecurity.
• The purpose of this project is to identify, assess, and document potential
vulnerabilities in an information system.
• The project will also develop recommendations for mitigating or eliminating the
identified vulnerabilities. The goal of this project is to ensure that the information
system is secure and protected from attack.
• By identifying and assessing potential vulnerabilities, the project will help to
ensure that the system is not susceptible to exploitation.
• This project is important because it will help to protect the information system
from being compromised. By identifying and assessing potential vulnerabilities,
the project will help to ensure that the system is not susceptible to exploitation.
THINGS I LEARNED IN THIS INTERNSHIP:
 Kali Linux
 Networking
 Wireshark and analysis
 Cryptography
 Man in the middle attack
 Information gathering
 Android Hacking With Metasploit
 Password Cracking
 Proxy chains and TOR
 Web Application Security
 Cross Site Scripting Practical
 Types of CSS: Introduction to Portswigger
 Social Engineering attack
 Automatic Vulnerability Scanner
 Reporting And Communication: Hands On Bug Bounty
Ad

Recommended

Network Vulnerability and Patching
Network Vulnerability and PatchingNetwork Vulnerability and Patching
Network Vulnerability and PatchingEmmanuel Udeagha B.
 
Web hacking 1.0
Web hacking 1.0Web hacking 1.0
Web hacking 1.0Q Fadlan
 
Domain 2 of CEH v11 Reconnaissance Techniques (21%).pptx
Domain 2 of CEH v11 Reconnaissance Techniques (21%).pptxDomain 2 of CEH v11 Reconnaissance Techniques (21%).pptx
Domain 2 of CEH v11 Reconnaissance Techniques (21%).pptxInfosectrain3
 
Network Security & Ethical Hacking
Network Security & Ethical HackingNetwork Security & Ethical Hacking
Network Security & Ethical HackingSripati Mahapatra
 
Vulnerability Penetration Test
Vulnerability Penetration TestVulnerability Penetration Test
Vulnerability Penetration TestTanya Williams
 
Virtual Labs SniffingConsider what you have learned so far
Virtual Labs SniffingConsider what you have learned so far Virtual Labs SniffingConsider what you have learned so far
Virtual Labs SniffingConsider what you have learned so far AlleneMcclendon878
 
Final project.ppt
Final project.pptFinal project.ppt
Final project.pptshreyng
 
A Deeper Look into Network Traffic Analysis using Wireshark.pdf
A Deeper Look into Network Traffic Analysis using Wireshark.pdfA Deeper Look into Network Traffic Analysis using Wireshark.pdf
A Deeper Look into Network Traffic Analysis using Wireshark.pdfJessica Thompson
 

More Related Content

Similar to INTERNSHIPREVIEW-ISHAQ (1) [Recovered].pptx

Penetration Testing Basics
Penetration Testing BasicsPenetration Testing Basics
Penetration Testing BasicsRick Wanner
 
Advanced Persistent Threats (APTs) - Information Security Management
Advanced Persistent Threats (APTs) - Information Security ManagementAdvanced Persistent Threats (APTs) - Information Security Management
Advanced Persistent Threats (APTs) - Information Security ManagementMayur Nanotkar
 
Why Penetration Testing Services Cyber51
Why Penetration Testing Services Cyber51Why Penetration Testing Services Cyber51
Why Penetration Testing Services Cyber51martinvoelk
 
Attackers May Depend On Social Engineering To Gain...
Attackers May Depend On Social Engineering To Gain...Attackers May Depend On Social Engineering To Gain...
Attackers May Depend On Social Engineering To Gain...Tiffany Sandoval
 
Network Vulnerabilities And Cyber Kill Chain Essay
Network Vulnerabilities And Cyber Kill Chain EssayNetwork Vulnerabilities And Cyber Kill Chain Essay
Network Vulnerabilities And Cyber Kill Chain EssayKaren Oliver
 
RIoT (Raiding Internet of Things) by Jacob Holcomb
RIoT  (Raiding Internet of Things)  by Jacob HolcombRIoT  (Raiding Internet of Things)  by Jacob Holcomb
RIoT (Raiding Internet of Things) by Jacob HolcombPriyanka Aash
 
01_Metasploit - The Elixir of Network Security
01_Metasploit - The Elixir of Network Security01_Metasploit - The Elixir of Network Security
01_Metasploit - The Elixir of Network SecurityHarish Chaudhary
 
IRJET- Penetration Testing using Metasploit Framework: An Ethical Approach
IRJET- Penetration Testing using Metasploit Framework: An Ethical ApproachIRJET- Penetration Testing using Metasploit Framework: An Ethical Approach
IRJET- Penetration Testing using Metasploit Framework: An Ethical ApproachIRJET Journal
 
Introduction To Information Security
Introduction To Information SecurityIntroduction To Information Security
Introduction To Information Securitybelsis
 
30ITSecurityThreatsVulnerabilitiesandCountermeasuresV1.ppt
30ITSecurityThreatsVulnerabilitiesandCountermeasuresV1.ppt30ITSecurityThreatsVulnerabilitiesandCountermeasuresV1.ppt
30ITSecurityThreatsVulnerabilitiesandCountermeasuresV1.pptKaukau9
 
Introduction to penetration testing
Introduction to penetration testingIntroduction to penetration testing
Introduction to penetration testingNezar Alazzabi
 
Formative Task 3: Social Engineering Attacks
Formative Task 3: Social Engineering AttacksFormative Task 3: Social Engineering Attacks
Formative Task 3: Social Engineering AttacksDamaineFranklinMScBE
 
Running Head Security Assessment Repot (SAR) .docx
Running Head  Security Assessment Repot (SAR)                    .docxRunning Head  Security Assessment Repot (SAR)                    .docx
Running Head Security Assessment Repot (SAR) .docxSUBHI7
 
Cyber warfare introduction
Cyber warfare introductionCyber warfare introduction
Cyber warfare introductionjagadeesh katla
 
Network Security_4th Module_Dr. Shivashankar
Network Security_4th Module_Dr. ShivashankarNetwork Security_4th Module_Dr. Shivashankar
Network Security_4th Module_Dr. ShivashankarDr. Shivashankar
 
Security protection On banking systems using ethical hacking.
Security protection  On banking systems using  ethical hacking.Security protection  On banking systems using  ethical hacking.
Security protection On banking systems using ethical hacking.Rishabh Gupta
 
Syed Ubaid Ali Jafri - Black Box Penetration testing for Associates
Syed Ubaid Ali Jafri - Black Box Penetration testing for AssociatesSyed Ubaid Ali Jafri - Black Box Penetration testing for Associates
Syed Ubaid Ali Jafri - Black Box Penetration testing for AssociatesSyed Ubaid Ali Jafri
 

Similar to INTERNSHIPREVIEW-ISHAQ (1) [Recovered].pptx (20)

Penetration Testing Basics
Penetration Testing BasicsPenetration Testing Basics
Penetration Testing Basics
 
Advanced Persistent Threats (APTs) - Information Security Management
Advanced Persistent Threats (APTs) - Information Security ManagementAdvanced Persistent Threats (APTs) - Information Security Management
Advanced Persistent Threats (APTs) - Information Security Management
 
Why Penetration Testing Services Cyber51
Why Penetration Testing Services Cyber51Why Penetration Testing Services Cyber51
Why Penetration Testing Services Cyber51
 
Computer security
Computer securityComputer security
Computer security
 
Attackers May Depend On Social Engineering To Gain...
Attackers May Depend On Social Engineering To Gain...Attackers May Depend On Social Engineering To Gain...
Attackers May Depend On Social Engineering To Gain...
 
Network Vulnerabilities And Cyber Kill Chain Essay
Network Vulnerabilities And Cyber Kill Chain EssayNetwork Vulnerabilities And Cyber Kill Chain Essay
Network Vulnerabilities And Cyber Kill Chain Essay
 
RIoT (Raiding Internet of Things) by Jacob Holcomb
RIoT  (Raiding Internet of Things)  by Jacob HolcombRIoT  (Raiding Internet of Things)  by Jacob Holcomb
RIoT (Raiding Internet of Things) by Jacob Holcomb
 
Application security
Application securityApplication security
Application security
 
01_Metasploit - The Elixir of Network Security
01_Metasploit - The Elixir of Network Security01_Metasploit - The Elixir of Network Security
01_Metasploit - The Elixir of Network Security
 
IRJET- Penetration Testing using Metasploit Framework: An Ethical Approach
IRJET- Penetration Testing using Metasploit Framework: An Ethical ApproachIRJET- Penetration Testing using Metasploit Framework: An Ethical Approach
IRJET- Penetration Testing using Metasploit Framework: An Ethical Approach
 
Introduction To Information Security
Introduction To Information SecurityIntroduction To Information Security
Introduction To Information Security
 
30ITSecurityThreatsVulnerabilitiesandCountermeasuresV1.ppt
30ITSecurityThreatsVulnerabilitiesandCountermeasuresV1.ppt30ITSecurityThreatsVulnerabilitiesandCountermeasuresV1.ppt
30ITSecurityThreatsVulnerabilitiesandCountermeasuresV1.ppt
 
Introduction to penetration testing
Introduction to penetration testingIntroduction to penetration testing
Introduction to penetration testing
 
Formative Task 3: Social Engineering Attacks
Formative Task 3: Social Engineering AttacksFormative Task 3: Social Engineering Attacks
Formative Task 3: Social Engineering Attacks
 
Running Head Security Assessment Repot (SAR) .docx
Running Head  Security Assessment Repot (SAR)                    .docxRunning Head  Security Assessment Repot (SAR)                    .docx
Running Head Security Assessment Repot (SAR) .docx
 
Cyber warfare introduction
Cyber warfare introductionCyber warfare introduction
Cyber warfare introduction
 
Network Security_4th Module_Dr. Shivashankar
Network Security_4th Module_Dr. ShivashankarNetwork Security_4th Module_Dr. Shivashankar
Network Security_4th Module_Dr. Shivashankar
 
Security protection On banking systems using ethical hacking.
Security protection  On banking systems using  ethical hacking.Security protection  On banking systems using  ethical hacking.
Security protection On banking systems using ethical hacking.
 
Syed Ubaid Ali Jafri - Black Box Penetration testing for Associates
Syed Ubaid Ali Jafri - Black Box Penetration testing for AssociatesSyed Ubaid Ali Jafri - Black Box Penetration testing for Associates
Syed Ubaid Ali Jafri - Black Box Penetration testing for Associates
 
Hacking
HackingHacking
Hacking
 

Recently uploaded

self introduction sri balaji
self introduction sri balajiself introduction sri balaji
self introduction sri balajiSriBalaji891607
 
Into the World of AI GDSC YCCE PPTX.pptx
Into the World of AI GDSC YCCE PPTX.pptxInto the World of AI GDSC YCCE PPTX.pptx
Into the World of AI GDSC YCCE PPTX.pptxGDSCYCCE
 
Plant Design for bioplastic production from Microalgae in Pakistan.pdf
Plant Design for bioplastic production from Microalgae in Pakistan.pdfPlant Design for bioplastic production from Microalgae in Pakistan.pdf
Plant Design for bioplastic production from Microalgae in Pakistan.pdfMianHusnainIqbal2
 
Introduction about Technology roadmap for Industry 4.0
Introduction about Technology roadmap for Industry 4.0Introduction about Technology roadmap for Industry 4.0
Introduction about Technology roadmap for Industry 4.0RaishKhanji
 
Microstrip Bandpass Filter Design using EDA Tolol such as keysight ADS and An...
Microstrip Bandpass Filter Design using EDA Tolol such as keysight ADS and An...Microstrip Bandpass Filter Design using EDA Tolol such as keysight ADS and An...
Microstrip Bandpass Filter Design using EDA Tolol such as keysight ADS and An...GauravBhartie
 
Get start with Machine Learning and Vertexai
Get start with Machine Learning and VertexaiGet start with Machine Learning and Vertexai
Get start with Machine Learning and VertexaiAshishChanchal1
 
Introduction to Binary Tree and Conersion of General tree to Binary Tree
Introduction to Binary Tree  and Conersion of General tree to Binary TreeIntroduction to Binary Tree  and Conersion of General tree to Binary Tree
Introduction to Binary Tree and Conersion of General tree to Binary TreeSwarupaDeshpande4
 
CCNA: Routing and Switching Fundamentals
CCNA: Routing and Switching FundamentalsCCNA: Routing and Switching Fundamentals
CCNA: Routing and Switching FundamentalsDebabrata Halder
 
sahana sri D AD21046 SELF INTRODUCTION.pdf
sahana sri D AD21046 SELF INTRODUCTION.pdfsahana sri D AD21046 SELF INTRODUCTION.pdf
sahana sri D AD21046 SELF INTRODUCTION.pdfsahanaaids46
 
Objectives of Software Engineering and phases of SDLC.pptx
Objectives of Software Engineering and phases of SDLC.pptxObjectives of Software Engineering and phases of SDLC.pptx
Objectives of Software Engineering and phases of SDLC.pptxGraceDenial
 
Deluck Technical Works Company Profile.pdf
Deluck Technical Works Company Profile.pdfDeluck Technical Works Company Profile.pdf
Deluck Technical Works Company Profile.pdfartpoa9
 
UNIT I INTRODUCTION TO INTERNET OF THINGS
UNIT I INTRODUCTION TO INTERNET OF THINGSUNIT I INTRODUCTION TO INTERNET OF THINGS
UNIT I INTRODUCTION TO INTERNET OF THINGSbinuvijay1
 
ROBOT PERCEPTION FOR AGRICULTURE AND GOOD PRODUCTION1.1.pdf
ROBOT PERCEPTION FOR AGRICULTURE AND GOOD PRODUCTION1.1.pdfROBOT PERCEPTION FOR AGRICULTURE AND GOOD PRODUCTION1.1.pdf
ROBOT PERCEPTION FOR AGRICULTURE AND GOOD PRODUCTION1.1.pdfRudraPratapSingh871925
 
Metrology Measurements and All units PPT
Metrology Measurements and  All units PPTMetrology Measurements and  All units PPT
Metrology Measurements and All units PPTdinesh babu
 
CDE_Sustainability Performance_20240214.pdf
CDE_Sustainability Performance_20240214.pdfCDE_Sustainability Performance_20240214.pdf
CDE_Sustainability Performance_20240214.pdf8-koi
 
Microstrip Bandpass Filter Design using EDA Tolol such as keysight ADS and An...
Microstrip Bandpass Filter Design using EDA Tolol such as keysight ADS and An...Microstrip Bandpass Filter Design using EDA Tolol such as keysight ADS and An...
Microstrip Bandpass Filter Design using EDA Tolol such as keysight ADS and An...GauravBhartie
 
STRETCHABLE STRAIN SENSORS BASED ON POLYPYRROLE AND THERMOPLASTIC POLYURETHAN...
STRETCHABLE STRAIN SENSORS BASED ON POLYPYRROLE AND THERMOPLASTIC POLYURETHAN...STRETCHABLE STRAIN SENSORS BASED ON POLYPYRROLE AND THERMOPLASTIC POLYURETHAN...
STRETCHABLE STRAIN SENSORS BASED ON POLYPYRROLE AND THERMOPLASTIC POLYURETHAN...MianHusnainIqbal2
 
S. Kim, NeurIPS 2023, MLILAB, KAISTAI
S. Kim,  NeurIPS 2023,  MLILAB,  KAISTAIS. Kim,  NeurIPS 2023,  MLILAB,  KAISTAI
S. Kim, NeurIPS 2023, MLILAB, KAISTAIMLILAB
 
GDSC solution challenge Android ppt.pptx
GDSC solution challenge Android ppt.pptxGDSC solution challenge Android ppt.pptx
GDSC solution challenge Android ppt.pptxAnandMenon54
 
SATHVIKA A AD21049 SELF INTRODUCTION.pdf
SATHVIKA A AD21049 SELF INTRODUCTION.pdfSATHVIKA A AD21049 SELF INTRODUCTION.pdf
SATHVIKA A AD21049 SELF INTRODUCTION.pdfSathvikaAlagar
 

Recently uploaded (20)

self introduction sri balaji
self introduction sri balajiself introduction sri balaji
self introduction sri balaji
 
Into the World of AI GDSC YCCE PPTX.pptx
Into the World of AI GDSC YCCE PPTX.pptxInto the World of AI GDSC YCCE PPTX.pptx
Into the World of AI GDSC YCCE PPTX.pptx
 
Plant Design for bioplastic production from Microalgae in Pakistan.pdf
Plant Design for bioplastic production from Microalgae in Pakistan.pdfPlant Design for bioplastic production from Microalgae in Pakistan.pdf
Plant Design for bioplastic production from Microalgae in Pakistan.pdf
 
Introduction about Technology roadmap for Industry 4.0
Introduction about Technology roadmap for Industry 4.0Introduction about Technology roadmap for Industry 4.0
Introduction about Technology roadmap for Industry 4.0
 
Microstrip Bandpass Filter Design using EDA Tolol such as keysight ADS and An...
Microstrip Bandpass Filter Design using EDA Tolol such as keysight ADS and An...Microstrip Bandpass Filter Design using EDA Tolol such as keysight ADS and An...
Microstrip Bandpass Filter Design using EDA Tolol such as keysight ADS and An...
 
Get start with Machine Learning and Vertexai
Get start with Machine Learning and VertexaiGet start with Machine Learning and Vertexai
Get start with Machine Learning and Vertexai
 
Introduction to Binary Tree and Conersion of General tree to Binary Tree
Introduction to Binary Tree  and Conersion of General tree to Binary TreeIntroduction to Binary Tree  and Conersion of General tree to Binary Tree
Introduction to Binary Tree and Conersion of General tree to Binary Tree
 
CCNA: Routing and Switching Fundamentals
CCNA: Routing and Switching FundamentalsCCNA: Routing and Switching Fundamentals
CCNA: Routing and Switching Fundamentals
 
sahana sri D AD21046 SELF INTRODUCTION.pdf
sahana sri D AD21046 SELF INTRODUCTION.pdfsahana sri D AD21046 SELF INTRODUCTION.pdf
sahana sri D AD21046 SELF INTRODUCTION.pdf
 
Objectives of Software Engineering and phases of SDLC.pptx
Objectives of Software Engineering and phases of SDLC.pptxObjectives of Software Engineering and phases of SDLC.pptx
Objectives of Software Engineering and phases of SDLC.pptx
 
Deluck Technical Works Company Profile.pdf
Deluck Technical Works Company Profile.pdfDeluck Technical Works Company Profile.pdf
Deluck Technical Works Company Profile.pdf
 
UNIT I INTRODUCTION TO INTERNET OF THINGS
UNIT I INTRODUCTION TO INTERNET OF THINGSUNIT I INTRODUCTION TO INTERNET OF THINGS
UNIT I INTRODUCTION TO INTERNET OF THINGS
 
ROBOT PERCEPTION FOR AGRICULTURE AND GOOD PRODUCTION1.1.pdf
ROBOT PERCEPTION FOR AGRICULTURE AND GOOD PRODUCTION1.1.pdfROBOT PERCEPTION FOR AGRICULTURE AND GOOD PRODUCTION1.1.pdf
ROBOT PERCEPTION FOR AGRICULTURE AND GOOD PRODUCTION1.1.pdf
 
Metrology Measurements and All units PPT
Metrology Measurements and  All units PPTMetrology Measurements and  All units PPT
Metrology Measurements and All units PPT
 
CDE_Sustainability Performance_20240214.pdf
CDE_Sustainability Performance_20240214.pdfCDE_Sustainability Performance_20240214.pdf
CDE_Sustainability Performance_20240214.pdf
 
Microstrip Bandpass Filter Design using EDA Tolol such as keysight ADS and An...
Microstrip Bandpass Filter Design using EDA Tolol such as keysight ADS and An...Microstrip Bandpass Filter Design using EDA Tolol such as keysight ADS and An...
Microstrip Bandpass Filter Design using EDA Tolol such as keysight ADS and An...
 
STRETCHABLE STRAIN SENSORS BASED ON POLYPYRROLE AND THERMOPLASTIC POLYURETHAN...
STRETCHABLE STRAIN SENSORS BASED ON POLYPYRROLE AND THERMOPLASTIC POLYURETHAN...STRETCHABLE STRAIN SENSORS BASED ON POLYPYRROLE AND THERMOPLASTIC POLYURETHAN...
STRETCHABLE STRAIN SENSORS BASED ON POLYPYRROLE AND THERMOPLASTIC POLYURETHAN...
 
S. Kim, NeurIPS 2023, MLILAB, KAISTAI
S. Kim,  NeurIPS 2023,  MLILAB,  KAISTAIS. Kim,  NeurIPS 2023,  MLILAB,  KAISTAI
S. Kim, NeurIPS 2023, MLILAB, KAISTAI
 
GDSC solution challenge Android ppt.pptx
GDSC solution challenge Android ppt.pptxGDSC solution challenge Android ppt.pptx
GDSC solution challenge Android ppt.pptx
 
SATHVIKA A AD21049 SELF INTRODUCTION.pdf
SATHVIKA A AD21049 SELF INTRODUCTION.pdfSATHVIKA A AD21049 SELF INTRODUCTION.pdf
SATHVIKA A AD21049 SELF INTRODUCTION.pdf
 

INTERNSHIPREVIEW-ISHAQ (1) [Recovered].pptx

  • 1. INTERNSHIP REPORT&PROJECT REVIEW-1 INTERNSHIP PERIOD: 20-07-22 / 24-08-22 P MOHAMMED ISHAQ-20691A3726-III CSC CYBER SECURITY REVIEW DATE : 04-11-2022 INTERNSHIP MENTOR : Mr.Abdul Jaleel D
  • 2. ABOUT INDUSTRY/ORGANIZATION DETAILS ORGANIZATION NAME : INTERNSHIP STUDIO • Internship Studio is an online training and internship platform founded on the principle that students interested in any field should not be required to have any sort of perspective knowledge in order to start their journey in that field. • The Founder and CEO of Internship Studio is Mr. Aniket Bihani. • I have done this internship by virtual mode. • The Internship Studio is located in MVPM Spark, Lane No 6, Ram Indu Park, Nr. Balewadi High St, Baner, Pune-411045, Maharashtra, IN. • Contact details: contact@internshipstudio.com
  • 4. MY INTERNSHIP ETHICAL HACKING  ETHICAL HACKING is a process of detecting vulnerabilities in an application, system, or organization's infrastructure.  Ethical hacking involves an authorized attempt to gain unauthorized access to a computer system, application, or data.  Carrying out an ethical hack involves duplicating strategies and actions of malicious attackers.  This practice helps to identify security vulnerabilities which can then be resolved before a malicious attacker has the opportunity to exploit them.  Hence, Ethical hackers use their knowledge to secure and improve the technology of organizations.
  • 5. INTERNSHIP DESCRIPTION: • I thoroughly enjoyed my experience as an intern for the ethical hacking team. • The work was challenging and engaging, and I appreciated the opportunity to work on such a wide variety of projects. • I would recommend this internship to anyone interested in ethical hacking or cybersecurity. • The purpose of this project is to identify, assess, and document potential vulnerabilities in an information system. • The project will also develop recommendations for mitigating or eliminating the identified vulnerabilities. The goal of this project is to ensure that the information system is secure and protected from attack. • By identifying and assessing potential vulnerabilities, the project will help to ensure that the system is not susceptible to exploitation. • This project is important because it will help to protect the information system from being compromised. By identifying and assessing potential vulnerabilities, the project will help to ensure that the system is not susceptible to exploitation.
  • 6. THINGS I LEARNED IN THIS INTERNSHIP:  Kali Linux  Networking  Wireshark and analysis  Cryptography  Man in the middle attack  Information gathering  Android Hacking With Metasploit  Password Cracking  Proxy chains and TOR  Web Application Security  Cross Site Scripting Practical  Types of CSS: Introduction to Portswigger  Social Engineering attack  Automatic Vulnerability Scanner  Reporting And Communication: Hands On Bug Bounty
  • 7. My Personal Benefit • I feel this internship has set me up for a better understanding of what legal studies are. • I feel empowered to be successful through the tools I have learned throughout this process. • This internship has allowed me to create a better understanding of how to find resources and other information systems to create real-life experience for comparing law and legal culture for future jobs. • The skills I have learned through creating this legal comparison has allowed me to build on my critical thinking skills. • Learning how to conduct ethical hacking assessments and penetration tests. • Gaining practical experience in report writing and presenting findings to clients or senior management.
  • 8. Networking: The fundamental of Hacking A network is a collection of computers, servers, mainframes, network devices, peripherals, or other devices connected to one another to allow the sharing of data. Protocols: ★ TCP(Transmission Control Protocol) ★ IP(Internet Protocol) ★ UDP(User Datagram Protocol) ★ FTP(File Transfer Protocol) ★ HTTP(Hyper Text Transfer Protocol) ★ HTTPS(Hyper Text Transfer Protocol Secure) ★ SMTP(Simple Mail Transfer Protocol) Internet Protocol addresses (IP addresses): makes the world go 'round. Or, at least, enable us to email, Skype, and navigate the web. It's almost as important as the world going around! Each digital device (computer, laptop, phone, tablet, etc.) is assigned an IP address, and this is what enables us to communicate and connect with it. Imagine an IP address as similar to your house address. Without that address, no one could find you and send you snail mail.
  • 9. Cryptography: Cryptography is a method of protecting information and communications through the use of codes, so that only those for whom the information is intended can read and process it. Objectives of Cryptography ★ Confidentiality : the information cannot be understood by anyone for whom it was unintended ★ Integrity : the information cannot be altered in storage or transit between sender and receiver. ★ Non-repudiation : the creator/sender of the information cannot deny at a later stage his or her intentions in the creation or transmission of the information ★ Authentication: the sender and receiver can confirm each other's identity and the origin/destination of the information Types of Cryptography 1. Single-key or symmetric-key encryption 2. Public-Key or asymmetric-key encryption
  • 10. Man in the Middle Attack: A man in the middle attack is a type of attack where the attacker intercepts communications between two parties and impersonates each party to the other. The attacker then has the ability to eavesdrop on the conversations, modify the messages, or even inject new messages.
  • 11. ARP Spoofing Tool :We can use arpsoof tool available in linux to spoof the arp and act as MITM. Let’s dive into the real man in the middle attack Steps to reproduce: Install ARPSPOOF by typing apt-get install dsniff Syntax: Arpsoof -i (interface) -t (Client IP) (Your gateway) Arpsoof -i (interface) -t (Your Gateway) (Client IP)
  • 12. Information Gathering Using Nmap: • Nmap is short for Network Mapper. It is an open-source Linux command-line tool that is used to scan IP addresses and ports in a network and to detect installed applications. • Ping Scan: Scan can list devices up or running. • > nmap -sp 192.168.1.1/24 • Scan a single host: Scans a single host for 1000 well-known ports. These ports are the ones used by popular services like SQL, SNTP, apache, and others • It makes your life easier since you can find an existing vulnerability from the Common Vulnerabilities and Exploits (CVE) database for a particular version of the service. You can then use it to attack a machine using an exploitation tool like Metasploit.
  • 13. Web Application Security: • A Web application (Web app) is an application program that is stored on a remote server and delivered over the Internet through a browser interface • Web application security is the process of protecting websites and online services against different security threats that exploit vulnerabilities in an application's code. ... The inherent complexity of their source code, which increases the likelihood of unattended vulnerabilities and malicious code manipulation. Different types of security tests: Dynamic Application Security Test (DAST) Static Application Security Test (SAST) Penetration Test Runtime Application Self Protection (RASP)
  • 14. We have three training weeks in internship. Each week there was 1 Quiz , so we have three Quiz’s Ethical hacking quiz 1: I scored 100%
  • 15. Ethical hacking quiz 2: I scored 100%
  • 16. Ethical hacking quiz 3: I scored 100%
  • 17. ASSESSING VULNERABILITIES It is the process of identifying vulnerabilities in the computer systems, networks, and the communication channels. It is performed as a part of auditing and also to defend the systems from further attacks. The vulnerabilities are identified, classified and reported to the authorities so that necessary measures can be taken to fix them and protect the organization.
  • 18. IN THIS PROJECT WE HAVE GIVEN THREE TASKS • TASK 1 : COMPLETING 3 PORTSWIGGER LABS • TASK 2: THEY’VE GIVEN A BANK APPLICATION WEBSITE . IN THIS WEBSITE WE DETECT VULNERABILITIES • TASK 3: TO EXECUTE A PAYLOAD IN THE WEBSITE(VULNWEB.COM) AND REPORT THE EFFECT OF THE VULNERABILITY IN THE WEBSITE.
  • 19. TASK 1: COMPLETING 3 PORTSWIGGER LABS LAB 1 Reflected XSS into HTML context with nothing encoded
  • 21. LAB 2 : Stored XSS into HTML context with nothing encoded
  • 23. LAB 3: DOM XSS in document.write sink using source location. search
  • 25. TASK 2: GIVEN THAT TO FIND A VULNERABILITY OF A GIVEN WEBSITE/COMPANY AND GENERATE A REPORT OF THE VULNERABILITY THAT ARE AVAILABLE IN THE WEBSITE.
  • 26. THE GENERATED REPORT IS DONE FROM THE OWASP-ZAP TOOL AND THE GENERATED REPORT IS SHOWN AS BELOW.
  • 27. TASK 3: TO EXECUTE A PAYLOAD IN THE WEBSITE(VULNWEB.COM) AND REPORT THE EFFECT OF THE VULNERABILITY IN THE WEBSITE.
  • 30. • Title : Cross Site Scripting • Domain : vulnweb.com • SubDomain: testasp.vulnweb.com Steps to reproduce: step1: Visit http://testasp.vulnweb.com step2: On the top of the menu you will find a search option step3: Click on it and you will be prompted to the search box step4: you can intercept the request in the burp suite step5: Now you can find different payloads for XSS(cross site scripting) step6: Send the request to the intruder and paste all the payloads step7: Try to find a successful payload for XSS
  • 31. Effect of this attack : Cross Site Scripting can lead to stealing of your user data and it can be harmful for your website/company Mitigation: If you want to prevent your website from XSS then you can just enable noscript on browser and by modifying the code which is vulnerable for which is linked with the user data.
  • 32. Conclusion • From this ethical hacking internship, I have gained a better insight into the network and computer security of an organization. • I have also gained a lot of technical knowledge. I have learnt the techniques of hacking and have also learnt how to prevent the network and computers of an organization from being hacked. • I have also learnt how to secure the data of an organization. I have also learnt about the legal aspects of hacking. • I have also learnt about the various tools used by hackers. I have also learnt about the various types of attacks that can be launched on an organization.