Module 2
Uploaded by
alok SrivastavaModule 2
Uploaded by
alok SrivastavaCybersecurity Certification Course
Cybersecurity Certification Course
Certification Project
© Brain4ce Education Solutions Pvt. Ltd.
Cybersecurity Certification Course
Business Logic:
Every organization requires a penetration tester to identify the loopholes in their network, which
hackers can attack and take advantage of. The penetration testers and ethical hackers secure
their networks and web applications from Black Hat Hackers. These penetration tests are usually
done by someone who has very little or no prior knowledge of the network to expose the blind
spots that could have been missed by the developer of the organization. The penetration testers
are given responsibility to perform penetration testing and hand over network reports to the
client if the application or network can be hacked.
Consideration/Scenario:
A web development company configured its network with many devices and started working on
website development. They hired you as a penetration tester, and you need to perform
penetration testing on all their client’s systems and websites. To test the systems' security, you
must verify the system by creating a virus/trojans and injecting it into the system.
This will help you analyze how the system is getting affected by the virus.
After these tests are completed, you also need to ensure that the information transferred
through email by the organization’s employees is safe. For that purpose, you need to perform
data encryption and steganography techniques to hide the information.
Make a report of all the tests and share it with the administrator to take further actions.
To start with the testing, we need to gather information about the website. To do so, perform
the below tasks:
Information Gathering on Websites
• Gather information about Instagram (website).
After information gathering, we need to test the company’s security network as well. To do so,
we will test their local system and its operating system (operating system). So, we need to
perform enumeration and penetration testing on the company system.
Enumeration and Penetration Testing on System
• Enumerate usernames from the local system using the Hyena tool and check the
availability of a shared folder.
• Test the Windows 10 security using ProRAT (or msfvenom) and get access to the key logs. Delete
the files from desktop or C drive and execute the commands to create a new folder on the
desktop and upload any file from your system.
Now, after testing the system/network, we must test the antivirus in their system. To do so, we
will create a virus and inject it into their system to determine/exploit its vulnerabilities.
©Brain4ce Education Solutions Pvt. Ltd Page 1
Cybersecurity Certification Course
Malware Creation and Exploitation
• Create a virus using Tetrabit Virus Maker and execute the virus in the victim machine.
After exploiting the system's vulnerabilities, we must also test and exploit the vulnerabilities of
the client websites. To do so, we need to perform penetration testing and DOS injection attack
on their websites.
Website Penetration Testing and DOS Injection Attacks
• Perform a DOS attack on windows 10 virtual machine using the LOIC tool and check the
performance.
• Try the cookie stealing attack on testphp.vulnweb.com.
• Scan the website using the Vega tool and create a report with screenshots.
• Test the website using SQL injection manually for testphp.vulnweb.com website.
After testing the systems and websites, one possibility that can steal sensitive information is
from the communication medium, that is, email communications. We need to secure this
transmission of messages by performing data encryption and hiding secret messages.
Data Encryption, Decryption, and Hiding of Secret Messages.
• Hide the secret text file in the image using command prompts and SNOW tool.
• Encrypt any text file using the CryptForge tool with the Blowfish algorithm and use the
calculator to encrypt the data with AES, MD5, SHA, etc.
Tools Covered in the Project:
• Hyena Tool
• ProRAT
• msfvenom
• Tetrabit Virus Maker
• LOIC Tool
• SNOW Tool
• CryptForge
Output to be Submitted:
Make a step-by-step report and submit the respective screenshots for all the below tasks for
verification.
▪ Report on Instagram website information gathering containing register information,
dates, registrant country, nameservers, techcontact, IP address, location, IP history, and
registrar history.
▪ Report on enumeration to determine the usernames, password policies, and shared
folders of the machine in a network.
▪ Report on penetration testing to determine the open ports of the network.
▪ Report to determine how the hackers can damage the user system if antivirus is not
updated or not installed, and the firewall is not working.
▪ Report on DOS injection attack to check the performance of the system.
▪ Report on cookie stealing.
©Brain4ce Education Solutions Pvt. Ltd Page 2
Cybersecurity Certification Course
▪ Report containing website user’s information using SQL injection.
▪ Report on ways to secure the data transmitted using encryption and steganography.