ACF2320_removed | PDF Host

Applied Cybersecurity Fundamentals B.Tech. ( Third Year) - Semester - V D.Y.P.I.U, Pune 7 Practical 01 Student Name: Dnyandev Rama Zagade Date of Experiment: 12/09/2025 Date of Submission: PRN No: 20230802 320 Aim : To perform network scanning and basic vulnerability assessment using Nmap to identify live hosts, open ports, running services, and operating systems in a given network. Network Scanning and Vulnerability Assessment: Perform network scans using Nmap and identify potential vulnerabilities. Objectives : 1. To understand host discovery techniques using Nmap. 2. To perform different types of port scanning (TCP SYN, TCP Connect, UDP). 3. To detect running services and their versions. 4. To perform OS detection and aggressive scanning for detailed information. 5. To analyze scan results and understand their significance in cybersecurity Software/Tool:  Operating System: Kali Linu x  Tool: Nmap (Network Mapper)  Installation Commands: Theory: Applied Cybersecurity Fundamentals B.Tech. ( Third Year) - Semester - V D.Y.P.I.U, Pune 8 Network scanning is a fundamental step in cybersecurity assessments. It helps identify devices on a network, open ports, running services, and potential vulnerabilities. Nmap (Network Mapper) is a widely used scanning tool that supports host discovery, port scanning, service detection, and OS fingerprinting. 1. Host Discovery Commands nmap 192.168.1.1 → Scans the single host 192.168.1.1 on Nmap’s default common ports. nmap 192.168. 1.1 - 10 → Scans all hosts from 192.168.1.1 to 192.168.1.10 for open ports. nmap 192.168.1.0/24 → Scans every host in the 192.168.1.0/24 subnet (256 addresses). nmap - sn 192.168.1.0/24 → Performs a ping scan to show only which hosts in the subnet are up (no port scan). 2. Port Scanning Commands  nmap - sS 192.168.1.1 → Runs a TCP SYN “stealth” scan on 192.168.1.1 to quickly find open ports.  nmap - sT 192.168.1.1 → Runs a full TCP connect scan using the OS’s connect() call on each port.  nmap - sU 192.168.1.1 → Scans UDP ports on 192.168.1.1 to find open UDP services.  nmap - p 21 - 100 192.168.1.1 → Scans only ports 21 to 100 on 192.168.1.1.  nmap - p - 192.168.1.1 → Scans all 65,535 TCP ports on 192.168.1.1. 3. Service & Version Detection nmap - sV 192.168.1.1 → Detects which services and versions are running on open ports of 192.168.1.1. nmap - sV -- version - all 192.168.1.1 → Uses more aggressive probes to get detailed version info for services. 4. OS Detection & Aggressive Scan nmap - O 192.168.1.1 → Tries to identify the operating system of 192.168.1.1 using TCP/IP fingerprinting. nmap - A 192.168.1.1 → Performs an aggressive scan: OS detection, version detection, scripts, and traceroute Attachment : Results and output 1. Host Discovery Output Applied Cybersecurity Fundamentals B.Tech. ( Third Year) - Semester - V D.Y.P.I.U, Pune 9 a. b. c. Applied Cybersecurity Fundamentals B.Tech. ( Third Year) - Semester - V D.Y.P.I.U, Pune 10 d. Applied Cybersecurity Fundamentals B.Tech. ( Third Year) - Semester - V D.Y.P.I.U, Pune 11 2. Port Scanning Commands a. b. c. Applied Cybersecurity Fundamentals B.Tech. ( Third Year) - Semester - V D.Y.P.I.U, Pune 12 d. 3. Service & Version Detection a. Applied Cybersecurity Fundamentals B.Tech. ( Third Year) - Semester - V D.Y.P.I.U, Pune 13 4. OS Detection & Aggressive Scan b. Conclusion: Applied Cybersecurity Fundamentals B.Tech. ( Third Year) - Semester - V D.Y.P.I.U, Pune 18 Practical 03 - IDS Setup and Configuration (Suricata) Student Name: Dnyandev Rama Zagade Date of Experiment: 26/09/2025 Date of Submission: PRN No: 20230802 320 Aim To install, configure, and test an Intrusion Detection System (IDS) using Suricata on a Linux machine and analyze network traffic for malicious or suspicious activities. Objectives 1. To understand the concept and working of an Intrusion Detection Sy stem. 2. To install and configure Suricata IDS on a Linux environment. 3. To monitor live network traffic using Suricata. 4. To generate different types of traffic to trigger IDS alerts. 5. To analyze Suricata logs and understand the detected alerts. 6. To troubleshoot common issues related to IDS setup. Software / Tools Used  Linux OS (Ubuntu / Debian / Kali)  Terminal  Suricata IDS  Network utilities: ping, nmap, curl Theory Intrusion Detection Systems (IDS) play a crucial role in cybersecurity by monitoring network traffic and detecting abnormal, malicious, or policy - violating activities. Suricata is an open - source, high - performance IDS/IPS/NSM engine capable of detecting network attacks using signature - based and anomaly - based methods. Suricata inspects packets in re al - time, identifies suspicious traffic (e.g., scans, pings, HTTP requests), and logs alerts into files such as fast.log. IDS helps security analysts understand potential threats and take preventive actions. Procedure 1. Check Network Interface To identi fy the active interface: ip a Your Output (Interface used):  Active interface: eth0  IP address: 192.168.144.128 Applied Cybersecurity Fundamentals B.Tech. ( Third Year) - Semester - V D.Y.P.I.U, Pune 19 2. Install Suricata sudo apt update sudo apt install suricata suricata - update - y Check Suricata version: suricata -- version 3. Update Suricata Rules sudo suricata - update Rules updated successfully. 4. Run Suricata in Live Capture Mode Replace eth0 with your active interface: sudo suricata - c /etc/suricata/suricata.yaml - i eth0 Your Output: Suricata version 8.0.2 RELEASE running in SYST EM mode Rule group caching - loaded: 113 Engine started. ✔ IDS engine running ✔ 113 rules loaded successfully 5. Generate Traffic for Suricata to Detect Open a new terminal and run: a) ICMP ping ping - c 4 google.com b) SYN scan using nmap nmap - sS 127.0. 0.1 c) Vulnerability test HTTP request curl http://testphp.vulnweb.com 6. View IDS Alerts Open another terminal: sudo tail - f /var/log/suricata/fast.log Results & Output  Suricata installation Applied Cybersecurity Fundamentals B.Tech. ( Third Year) - Semester - V D.Y.P.I.U, Pune 20  Interface list  Traffic generation Applied Cybersecurity Fundamentals B.Tech. ( Third Year) - Semester - V D.Y.P.I.U, Pune 21  Suricata logs Conclusion: Applied Cybersecurity Fundamentals B.Tech. ( Third Year) - Semester - V D.Y.P.I.U, Pune 22 Practical 04 - Firewall Configuration and Rule Management (UFW) Student Name: Dnyandev Rama Zagade Date of Experiment: 03/10/2025 Date of Submission: PRN No: 20230802 320 Aim To configure, manage, and test firewall rules using UFW (Uncomplicated Firewall) on a Linux system, ensuring proper control of incoming and outgoing network traffic. Objectives 1. To understand the purpose and function of a firewall. 2. To enable and configure UFW on a Linux machine. 3. To create allow/deny rules for specific ports and services. 4. To block network traffic from specific IP addresses. 5. To verify and manage firewall rules. 6. To test firewall effectiveness using network commands. Soft ware / Tools Used  Linux OS (Ubuntu / Debian / Kali)  UFW (Uncomplicated Firewall)  Terminal  Commands: ssh, curl, ufw Theory A firewall is a network security mechanism that monitors and filters incoming and outgoing traffic based on predefined rules. Firewalls help prevent unauthorized access and protect systems from attacks. UFW (Uncomplicated Firewall) is a simplified front - end for iptables, allowing easy management of firewall rules. It supports:  Allowing or blocking ports  Blocking IP addresses  Defa ult policies  Rule deletion and status monitoring Using UFW, users can easily configure policies to secure their Linux systems. Procedure 1. Enable the Firewall o Open the terminal and enable UFW using: sudo ufw enable o Check the firewall status using: sudo ufw status 2. Allow SSH Service o To ensure remote access is not blocked, allow SSH traffic: sudo ufw allow ssh o This permits incoming connections on port 22. 3. Block HTTP Traffic (Port 80) Applied Cybersecurity Fundamentals B.Tech. ( Third Year) - Semester - V D.Y.P.I.U, Pune 23 o Block incoming HTTP requests: sudo ufw deny in http o Block outgoing HTTP reques ts: sudo ufw deny out http o Alternatively, block by port number: sudo ufw deny in 80 sudo ufw deny out 80 4. Block a Specific IP Address o To block all traffic from a particular IP, use: sudo ufw deny from 192.168.1.50 5. View Active Firewall Rules o Display all active rules in numbered format: sudo ufw status numbered o This shows the rules with their index numbers. 6. Delete a Specific Rule o Delete a rule using its rule number: sudo ufw delete <rule - number> o Example: sudo ufw delete 2 o This removes the second rule from the list. 7. Test the Firewall Rules o Test if HTTP traffic is blocked using: curl - I http://testphp.vulnweb.com o If the request fails or is blocked, the firewall rule is working correctly. o If the page loads, the rule needs to be checked. 8. Optional Firewall Manag ement Commands o Disable the firewall temporarily: sudo ufw disable o Reset all rules to default: sudo ufw reset o Reload the firewall rules: sudo ufw reload o Set default policy to deny all incoming traffic: sudo ufw default deny incoming o Allow all outgoing traff ic by default: sudo ufw default allow outgoing Results & Output: 1. UFW enable + status Applied Cybersecurity Fundamentals B.Tech. ( Third Year) - Semester - V D.Y.P.I.U, Pune 24 2. Allow/deny rules 3. UFW numbered output 4. Rule deletion Applied Cybersecurity Fundamentals B.Tech. ( Third Year) - Semester - V D.Y.P.I.U, Pune 25 5. Firewall block test Conclusion: Applied Cybersecurity Fundamentals B.Tech. ( Third Year) - Semester - V D.Y.P.I.U, Pune 27 Practical 06 - Social Engineering Simulation (SET Toolki t) Student Name: Dnyandev Rama Zagade Date of Experiment: 17/10/2025 Date of Submission: PRN No: 20230802 320 Aim To simulate a social engineering attack using the Social - Engineer Toolkit (SET) by cloning a legitimate website and capturing user credentials in a controlled test environment. Objectives 1. To understand the concept of social engineering attacks. 2. To learn how attackers clone legitimate websites for phishing. 3. To configure the SET Toolkit in Kali Linux. 4. To perform a credential harvesting attack simulation. 5. To analyze captured credentials for cybersecurity learning. 6. To understand the importance of awareness and defense mechanisms. Software / Tools Used  Kali Linux / Ubuntu with SET Toolkit installed  Terminal with sudo privileges  Internet c onnection  Test environment (virtual machine recommended)  Web browser on target/test machine Theory Social engineering refers to manipulating individuals into giving away confidential information such as usernames, passwords, or personal details. Phishing is one of the most common social engineering attacks where malicious actors clone legitimate websites to trick users into entering credentials. The Social - Engineer Toolkit (SET) is a powerful open - source framework used by penetration testers to simulate re al - world social engineering attacks in a safe and controlled manner. Applied Cybersecurity Fundamentals B.Tech. ( Third Year) - Semester - V D.Y.P.I.U, Pune 28 In this simulation, SET clones a real website (e.g., Facebook) and harvests login credentials entered by the user. The captured data helps cybersecurity students understand phishing mechanisms and develop mitigation strategies. Procedure 1. Launch the SET Toolkit o Open the terminal. o Run the command: sudo setoolkit o Accept the license agreement if prompted. o Navigate to the main SET menu. 2. Select the Attack Type o Choose the option: 1) Social Engineering Attacks o Then choose: 2) Website Attack Vectors o Then select: 3) Credential Harvester Attack Method 3. Configure the Credential Harvester o Choose the option: Site Cloner o Enter the IP address of your Kali/Linux machine (example: 192.168.0.105 ). o Enter the URL of the target site to clone (example: http://facebook.com ). 4. Execute the Attack Simulation o On the target/test machine, open a browser. o Enter the attacker machine’s IP address into the URL bar. (Example: http://192.168.0.105 ) o A cloned version of the website will load. o When credentials are entered on the fake site, they are captured by SET. 5. Analyze Captured Credentials o Go back to the SET terminal on Kali. o View the harvested credentials in real time. Applied Cybersecurity Fundamentals B.Tech. ( Third Year) - Semester - V D.Y.P.I.U, Pune 29 o The tool will display the username, password, and timestamp. Results  SET Toolkit was successfully launched and configured. Applied Cybersecurity Fundamentals B.Tech. ( Third Year) - Semester - V D.Y.P.I.U, Pune 30  A cloned website was created using the Credential Harvester attack method.  The target/test machine loaded the cloned site through the attacker’s IP address. Conclusion: Applied Cybersecurity Fundamentals B.Tech. ( Third Year) - Semester - V D.Y.P.I.U, Pune 31 Practical 07 Digital Forensics Investigation using Virtual Machines Student Name: Dnyandev Rama Zagade Date of Experiment: 24/10/2025 Date of Submission: PRN No: 20230802 320 Aim To investigate a simulated security incident using forensic tools on a virtual machine, specifically by analyzing a provided disk image to answer forensic questions. Objectives  To understand the principles and methodology of digital forensics investigation  To learn how to use the Autopsy forensic tool.  To import and process a forensic disk image ( System.vhd ).  To extract metadata (timestamps, hashes, sizes) from files and partiti ons.  To identify system artifacts (user RIDs, system uptime, application usage).  To analyze communication data (emails, search history) to uncover malicious activity. Software / Tools Used  Operating System: Linux / Windows / macOS (capable of running Auto psy).  Tool: Autopsy (Digital Forensics Platform).  Resource: Forensic Image file (VHD) provided via link. Procedure 1. Download the forensic disk image (System.vhd) from the provided link. 2. Install and launch the Autopsy tool. 3. Create a new case in Autopsy and add the downloaded disk image as a Data Source.