Modern Education Society’s Wadia College MESWCOE

of Engineering Pune - 411001

Cyber Security -
Awareness &
Hands-on Training
Cyber Security in a Nutshell
01 Cyber Security
In Digital Era.
What is Cyber Security ?

Cybersecurity is the practice of protecting

computer systems, networks, and digital
assets from unauthorized access, attacks,
and damage, ensuring the confidentiality,
integrity, and availability of information in
the digital space.
Who is a Hacker?

A hacker is an individual with advanced technical skills and

knowledge, often possessing expertise in computer systems
and networks.

Hackers can be categorized into different types based on

their intentions and actions.
● White Hat ● Hacktivist
● Black Hat ● Script Kiddie
● Grey Hat ● Nation-State Hacker
Types of Hacker
● White Hat : Known as ethical hackers, these individuals use
their skills to identify and fix security vulnerabilities. They work
to strengthen the cybersecurity defenses of organizations,
helping to protect against potential cyber threats.

● Black Hat : These are malicious hackers who exploit

vulnerabilities for personal gain, often with criminal intent. They
may steal sensitive information, disrupt systems, or engage in
activities such as identity theft or financial fraud.

● Grey Hat : Falling between the black hat and white hat
categories, gray hat hackers may exploit vulnerabilities without
malicious intent. However, their actions are usually
unauthorized, and they may disclose the vulnerabilities to the
affected parties after the fact.
Types of Hacker
● Hacktivists : Activists who use hacking techniques to promote
a social or political agenda. They may deface websites, leak
sensitive information, or disrupt online services to draw
attention to their cause.

● Script Kiddies : Individuals with limited technical skills who

use pre-written scripts or tools to launch attacks. They typically
lack in-depth understanding but can still cause damage due to
the accessibility of hacking tools.

● State-Sponsored Hackers: Hackers employed or supported

by governments to conduct cyber espionage, gather intelligence,
or engage in cyber warfare. Their activities often target other
nations, organizations, or critical infrastructure.
Different Teams in
Cybersecurity
Red Teaming:
● Red Teaming is a proactive, simulated attack approach to
identify and exploit vulnerabilities in a system.

● Their purpose is to Evaluate the effectiveness of security

measures and improve overall resilience.

● The objective of red team is:

1. Identify Weaknesses
2. Test Incident Response
3. Assess Security Awareness
Different Teams in
Cybersecurity
Blue Teaming:
● A proactive cybersecurity approach focused on defending
against potential threats by simulating real-world attack
scenarios.

● To enhance the overall security posture by identifying

vulnerabilities, improving incident response, and fostering
collaboration among security teams.

● The objective of blue team is:

1. Proactive Defense
2. Incident Response Enhancement
3. Continuous Improvements
Fields In Cyber Security
1. Information Security
2. IT Auditing & Compliance
3. Ethical Hacking / Penetration Testing
4. Threat Intelligence
5. Digital Forensics
6. Cryptography
Information Security
Roles/Responsibilities
● Network/Application Security
● Investigate on Data Breaches/Leaks
● Carry Out Security Plans
● Protect Systems from Malware

Certifications Recommended
● CompTIA Security+
● GCIA (Certified Intrusion Analyst)
● GCIH (Certified Incident Handler)
IT auditing and Compliance
Roles/Responsibilities
● Network Security Infrastructure
● Information Security & Processing
● Security Testing Procedures
● Industry Security Standards

Certifications Recommended
● ISO 27001 Lead Author
● GDPR
● HIPAA
● PCI DSS
Ethical Hacking / Penetration Testing
Roles/Responsibilities
● Security Assessment
● Risk Analysis
● Testing Methodologies
● Confidentiality & Legal Compliance

Certifications Recommended
● CEH (Certified Ethical Hacker)
● CompTIA PenTest+
● Global Privacy Enforcement Network
● Offensive Security Certified Professional
Threat Intelligence
Roles/Responsibilities
● Information Gathering
● Analysis & Contextualization
● Proactive Identification
● Communication & Collaboration

Certifications Recommended
● Certified Threat Intelligence Analyst
● Cyber Threat Intelligence Expert
● GIAC Cyber Threat Intelligence (GCTI)
● Certified in Cyber Threat Intelligence (CCTI)
Digital Forensics
Roles/Responsibilities
● Identify Attack Behaviors
● Investigate Suspicious Network Traffic
● Collect and Review Digital Evidence
● Create Mitigation & Recovery Process

Certifications Recommended
● EnCase Certified Examiner
● Certified Hacking Forensic Investigator
● GIAC Certified Forensic Analyst
● AccessData Certified Examiner
Cryptography
Roles/Responsibilities
● Encryption & Decryption
● Key Management
● Define Security Architecture
● Cryptographic Policy Development

Certifications Recommended
● CISSP
● Certified Encryption Specialist
● Certified Cryptography Expert
● CISM
02 Awareness
Cyber Security Awareness Necessity
Basic Terminology
● Malware: Malware, short for malicious software, refers to
any software specifically designed to harm, exploit, or
compromise computer systems, networks, or user data. It
encompasses a wide range of malicious programs,
including viruses, worms, trojan horses, ransomware,
spyware, and more.

● Virus: A virus is a type of malware that attaches itself to a

legitimate program or file, often executable files or
documents. It requires a host program to execute and
spread.

● Worm: A worm is a standalone malicious program that can

independently replicate and spread across computer
networks.Unlike viruses, worms do not need a host
program to propagate.
Basic Terminology
● Trojan: Refers to a type of malware that disguises itself as
a legitimate or benign program to deceive users and gain
unauthorized access to their systems. Trojan typically
tricks users into installing it by appearing as a harmless or
desirable application. Once inside a system, the Trojan can
perform a variety of malicious activities, such as stealing
sensitive information, creating backdoors for attackers, or
causing other forms of damage.

● Ransomware: It is a type of malicious software designed

to block access to a computer system or files until a sum
of money, or ransom, is paid to the attacker. It typically
encrypts the victim's files, making them inaccessible, and
then demands payment, often in cryptocurrency, in
exchange for a decryption key.
Basic Terminology
● Spyware : It is a type of malicious software designed to
covertly observe and gather information from a user's
computer or device without their knowledge or
consent.

● Adware : Its short for advertising-supported software, is a

type of malicious software that delivers unwanted
advertisements to a user's device. It often comes bundled
with legitimate software, and once installed, it displays
intrusive ads, pop-ups, or banners, disrupting the user
experience.
Phases of Hacking

I III
II
Reconnaissance Gaining Access
Gathering information about Scanning Exploiting vulnerabilities
the target system, such as IP discovered during the
addresses, domain names, Identifying live hosts, open scanning phase to gain
network infrastructure, and ports, and services on the unauthorized access to a
other publicly available data. target network. system.
Phases of Hacking

IV V

Maintaining Access Covering Tracks

After gaining access, the hacker To avoid any evidence that
may take steps to ensure leads back to their malicious
continued access to the system, activity, hackers perform
such as installing backdoors or tasks that erase all traces of
creating additional accounts. their actions.
Why is Cyber Awareness Important?
1. Cyber crime is a growing trend with advancement
of technology.
2. Raise awareness of threats.
3. As with most crimes the police can’t tackle this
problem alone.
4. To encourage reporting of Cyber Crime to
enforcement agencies.
5. Cyber crime is massively under reported.
Common Causes of Cyber attacks
1. Weak or stolen usernames and passwords.
2. Application vulnerabilities.
3. Absence of Antivirus and latest patches.
4. Use of Pirated Operating Systems.
5. System and Network Firewalls disabled.
6. Social engineering (tricking people into breaking security
protocols).
7. Poor access control (Unauthorized users have access).
8. Insider threats (System Password has not set).
9. Improper configuration of WIFI devices and Hotspots.
10. Unnecessary Ports opened on Network for Backdoor Entry.
Let’s Connect to the Real World

1. https://livethreatmap.radware.com
2. https://threatmap.checkpoint.com
Type of Cyber Threats
 Type of Cyber Threats
● Key Logging : Keylogging in cybersecurity refers to the practice of monitoring and recording
keystrokes typed on a computer or mobile device. This technique is often employed by attackers to
capture sensitive information such as passwords, credit card numbers, or personal messages without
the user's knowledge.

● Internal Data Theft : Internal data theft in cybersecurity refers to the unauthorized access, acquisition,
or disclosure of sensitive information by individuals within an organization. This type of threat involves
employees, contractors, or other insiders exploiting their access privileges to compromise data
integrity, confidentiality, or availability.

● Direct Access Attack : A Direct Access Attack in cybersecurity refers to a type of security breach
where an unauthorized individual gains physical access to a computer system, network, or device.
Unlike remote attacks that exploit vulnerabilities over the internet, direct access attacks involve a
perpetrator physically interacting with the targeted infrastructure.
 Type of Cyber Threats
● Clickjacking : Clickjacking, also known as UI redressing or user interface (UI) overlay attack, is a
cybersecurity technique where an attacker tricks a user into clicking on something different from what
the user perceives. This is often achieved by overlaying transparent or opaque elements on top of
legitimate web pages, making the user unwittingly interact with hidden elements.

● Denial of Service : Denial of Service (DoS) refers to a cyber security attack that aims to disrupt the
normal functioning of a computer system, network, or service by overwhelming it with a flood of
illegitimate requests or traffic. The goal of a DoS attack is to make a targeted resource unavailable to its
intended users, causing a loss of service, downtime, or degradation of performance.

● Spoofing : Spoofing in cybersecurity refers to the deceptive practice of disguising one's identity or
manipulating data to appear as someone or something else. Different types of spoofing include email
spoofing, IP spoofing, Website spoofing etc.
 Type of Cyber Threats
● Phishing : Phishing is a type of cyber attack that involves tricking individuals into divulging sensitive
information, such as passwords, usernames, or financial details. Typically carried out through deceptive
emails, messages, or websites, attackers often impersonate trustworthy entities to manipulate users
into taking actions that compromise their security. Phishing attacks exploit human psychology and
often employ urgency or fear tactics to convince individuals to click on malicious links, download
malicious attachments, or provide confidential information.
03 CIA Triad
Confidentiality | Integrity | Availability
The CIA Triad [Backbone]
A simple but widely-applicable security model is the CIA triad standing for:
Confidentiality | Integrity | Availability

● These are the three key principles which should be guaranteed in any
kind of secure system.
● This principle is applicable across the whole subject of Security
Analysis, from access to a user's internet history to security of
encrypted data across the internet.
● If any one of the three can be breached it can have serious
consequences for the parties concerned.
Confidentiality
Confidentiality is the ability to hide information from those people unauthorised to
view it.

It is perhaps the most obvious aspect of the CIA triad when it comes to security;
but correspondingly, it is also the one which is attacked most often.

Cryptography and Encryption methods are an example of an attempt to ensure

confidentiality of data transferred from one computer to another.
Integrity
The ability to ensure that data is an accurate and unchanged representation of the
original secure information.

One type of security attack is to intercept some important data and make changes
to it before sending it on to the intended receiver.
Availability
It is important to ensure that the information concerned is readily accessible to
the authorised viewer at all times.

Some types of security attack attempt to deny access to the appropriate user,
either for the sake of inconveniencing them, or because there is some secondary
effect.

For example, by breaking the web site for a particular search engine, a rival may
become more popular.
04 World Web
Surf Web v/s Deep Web v/s Dark Web
Surf Web
The Surf Web, also known as the
Surface Web, refers to the part of the
internet that is easily accessible and
indexed by search engines. It includes
websites and information that can be
accessed with standard web
browsers. Everyday activities such as
online shopping, news reading, and
social media interactions
predominantly occur on the Surf Web.
Deep Web
The Deep Web comprises parts of the
internet not indexed by traditional
search engines. It includes content
behind paywalls, private databases,
and other password-protected areas.
While legal and legitimate activities,
such as online banking or academic
databases, are often part of the Deep
Web, it is not readily accessible
through standard search engines.
Dark Web
The Dark Web is a hidden portion of the
internet intentionally concealed and
accessible only through specific software,
such as Tor. It hosts websites that often
involve illicit activities, illegal marketplaces,
and anonymous forums. While not all
activities on the Dark Web are unlawful, it is
notorious for being a space where
anonymity is prioritized, making it a hub for
various cyber threats and criminal
enterprises.
World Wide Web
05 Case Studies
A Deep-fake Scam in Hong Kong
Deep Fake Scam
In early February 2024, Hong Kong police
reported a case where deepfake
technology was employed to execute a
multimillion-dollar fraud. The scammers
orchestrated a video conference call,
using deepfakes to impersonate the
chief financial officer and other staff
members of a multinational firm,
convincing a finance worker to transfer
approximately $25 million.
How the Scam Begin?
The scam unfolded when a staff member in the finance
department received a misleading message, pretending to
be from the company's CFO in the United Kingdom. This
deceptive communication led to the initiation of a
confidential financial transaction. To make matters worse,
the victim was lured into participating in a group video
conference where convincing deep fake replicas of key
company figures, with a focus on the CFO, seamlessly
interacted. These fabricated videos heightened the
illusion of credibility, making it even more challenging for
the victim to discern the deceit.
06 OWASP
International non-profit organization
What does OWASP stands for?
Open O
W Web

Application A
S Security
Project P

Open Web Application Security Project

OWASP Top 10 (Web)
1. Broken Access Control
2. Cryptographic Failures
3. Injection
4. Insecure Design
5. Security Misconfiguration
6. Vulnerable & Outdated Components
7. Identification & Authentication Failures
8. Software & Data Integrity Failures
9. Security Logging & Monitoring Failures
10. Server Side Request Forgery
07 Tools
Cyber Security Popular Tools
Popular Tools
Tool Name Description
Wireshark Network Analyzer
Zphisher Phishing
Subfinder Subdomains Enumerator
Spiderfoot Recon
Nmap Open Port Scanning
DirSearch Directory Bruteforcing
Burp Suite Swiss Army Knife
08 Hands-on
Real World Hacking
09 Why Cyber Security as a
Career?
1. Rising Cyber Threats: With the increasing frequency and sophistication of cyber
threats, there is a growing demand for skilled professionals to defend against
cyber-attacks.
2. Digital Transformation: As organizations undergo digital transformation, the need for
cybersecurity experts to secure digital assets, data, and systems becomes crucial.
3. Global Skills Shortage: There is a significant shortage of qualified cybersecurity
professionals globally, creating abundant job opportunities and competitive salaries for
those entering the field. It is expected that by 2025 there would be around 3.5 million
jobs unfilled in cyber security due to shortage of skill labour.
4. Diverse Career Paths: Cybersecurity offers a wide range of career paths, including
ethical hacking, penetration testing, security analysis, incident response, and more,
allowing individuals to specialize based on their interests.
5. High Demand for Skill Sets: Cybersecurity skills are in high demand across various
industries, including finance, healthcare, government, and technology, providing diverse
opportunities for employment.
6. Job Security: As long as digital systems exist, the need for cybersecurity
professionals will persist, providing a sense of job security in a rapidly evolving job
market.
Thanks!
Do you have any questions?
[email protected] [email protected]
+91-8237424001 +91-8698077365
LinkedIn:- Hitesh Ramnani LinkedIn:- Ahad Patel
Instagram:- theanonymouscybersolutions
Feedback