Scribd
Upload
9 views4 pages

Day 4-6 Notes

Uploaded by

khatutran123456
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
9 views4 pages

Day 4-6 Notes

Uploaded by

khatutran123456
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd

Day 4: Cryptography Essentials

� Theory (3 Hours)

🔐 What is Cryptography?

Cryptography is the science of securing information by converting it into a form that only
the intended recipients can understand.

🔒 Types of Cryptography

 Symmetric Encryption – Same key is used to encrypt and decrypt (e.g., AES)
 Asymmetric Encryption – Two keys (public & private) are used (e.g., RSA)
 Hashing – Converts data to a fixed string (one-way function)

Technique Purpose Example


Encryption Confidentiality AES, RSA
Hashing Integrity checking SHA256
Digital Sign. Authentication & Integrity RSA

� Common Attacks

 Brute Force – Trying all possible key combinations


 Dictionary Attack – Using known password lists
 Man-in-the-Middle (MITM) – Intercepting encrypted communication

🌐 Real-World Use Cases

 HTTPS for secure websites


 Encrypting emails and files
 Verifying file downloads (using hashes)

🎯 Activities

 Case study: Why HTTPS is safer than HTTP


 Quiz: Match algorithm types to their categories

� Practical (3 Hours)

Tools: OpenSSL, Python

🔧 Lab 1: Encrypt and Decrypt with OpenSSL

Encrypt a file using AES:

openssl enc -aes-256-cbc -in [Link] -out [Link]

Decrypt the file:


openssl enc -d -aes-256-cbc -in [Link] -out message_decrypted.txt

� Lab 2: File Integrity with SHA256

Generate a hash:

sha256sum [Link]

Change the file and run again to see the difference in hash.

🐍 Lab 3: Python Caesar Cipher

def encrypt(text, shift):


result = ""
for char in text:
if [Link]():
shifted = chr((ord([Link]()) - 97 + shift) % 26 + 97)
result += shifted
else:
result += char
return result

message = input("Enter message: ")


print("Encrypted:", encrypt(message, 3))

Day 5: Malware and Threats

� Theory (3 Hours)

� What is Malware?

Malware is malicious software designed to damage or gain unauthorized access to systems.

� Types of Malware

Type Description
Virus Attaches to files and spreads
Worm Self-replicates and spreads
Trojan Appears useful but is harmful
Ransomware Locks files and demands ransom

📬 Delivery Methods

 Phishing emails
 Infected downloads
 USB drives

🛡� Defense Mechanisms

 Antivirus software
 Firewalls
 Keeping software updated
 Not clicking unknown links

🎯 Activities

 Case study: WannaCry ransomware attack


 Quiz: Identify types of malware

� Practical (3 Hours)

Tools: Python, VirusTotal API, Metasploit

🐍 Lab 1: Simulate harmless “malware”

import shutil
[Link]("[Link]", "[Link]")
print("File copied.")

� Lab 2: Scan with VirusTotal (theory/demo)

Upload suspicious file to: [Link]

🎯 Lab 3: Payload Demo using Metasploit

 Launch Metasploit Framework in Kali:

msfconsole

 Generate a harmless payload for testing (in lab setup only)

Day 6: Web Security

� Theory (3 Hours)

🌐 How the Web Works

 Client (browser) sends requests to a server (website)


 Communication happens over HTTP or HTTPS

🔓 Common Web Vulnerabilities

Type Description
XSS Injecting scripts into websites
SQL Injection Inserting malicious SQL queries
Broken Auth Exploiting weak login mechanisms
🔐 Web Security Practices

 Input validation
 Secure password storage
 Using HTTPS
 Patching vulnerabilities

🎯 Activities

 Case study: SQL injection on a login form


 Quiz: Identify web vulnerability types

� Practical (3 Hours)

Tools: DVWA, OWASP ZAP, Burp Suite Community

� Lab 1: Set up DVWA (Damn Vulnerable Web App)

Access: [Link]

� Lab 2: Test XSS using OWASP ZAP

 Launch ZAP and intercept DVWA forms


 Inject scripts in form fields: <script>alert('XSS')</script>

🛠� Lab 3: Intercept traffic using Burp Suite

 Set browser proxy to Burp Suite


 Capture login form data

You might also like