MIT-WPU / M.Tech / Computer Science and Engineering (Cyber Security) / Semester-II / A.Y.

2024-2025

VULNERABILITY ASSESSMENT AND PENETRATION TESTING (10, 25, 10, 40)

MODULE – 1
Penetration Testing-Principles and Practices
Importance and benefits of Penetration Testing assessments. Penetration testing-Principles and concepts, PT work
flows and examples, blind tests, Function of malware and destructive viruses. Ethical hacking techniques, Ethical
guidelines and industry best practices for performing Penetration Testing assessments.
MODULE – 2
Vulnerability Assessment
Introduction to Metasploit: Metasploit framework, Metasploit Console, Payloads Using Nmap to sweep IP ranges for
live hosts, Performance tuning Nmap scans. Discovering hosts using commonly known ports. Understanding security
posture, cybersecurity issues. Gathering Information about target computer systems – Foot printing and Investigation.
Scanning computers in the Networks. Network infrastructure vulnerabilities. Enumeration- Listing the systems/users
and connecting them. Identifying Vulnerabilities associated with systems. Ethical hacking- penetrate into the security
to locate vulnerabilities.
MODULE – 3
Penetration Testing
Exploring Ethical Hacking, Malware Threats and their Counter measures. Monitoring and Capturing Data Packets
using Sniffing. Restricting the System Access – DoS Attack, Gather Confidential Information – Social Engineering.
Vulnerability Issues: Operating System Vulnerabilities; Application Vulnerabilities; Vulnerability assessment for
natural disaster, technological hazards and terrorist threats; implications for emergency response, vulnerability of
critical infrastructures.
MODULE - 4
VAPT Audit and Uses cases
Discovering patching vulnerabilities, Discovering web server vulnerabilities. Synthetic transactions, interface testing
and fuzzing, SDLC phases and security mandates. Perform Penetration Testing assessments, detect and respond to
network breaches found in a Penetration Testing assessments. Preparation of a Penetration Test report. Auditing the
Systems. Analysis and Reporting. Case Studies of recent vulnerabilities and attacks.
MODULE - 5
Attacks
Exploitation-exploiting default credentials, exploiting buffer overflow in third party software, Password attacks-
online password attacks, offline password attacks, Client side exploitation- bypassing filters with Metasploit payload,
Client side attacks, bypassing antivirus applications, Social Engineering- spear phishing attacks.

TEXTBOOKS / REFERENCE BOOKS:

1. The Art of Network Penetration Testing by Royce Devis, copyright Manning Publications-2020.
2. Penetration Testing: A Hands-On Introduction to Hacking 1st Edition by Georgia Weidman, No-starch Press, ISBN-
13: 978-1593275648.
3. Advanced Infrastructure Penetration Testing by Chiheb Chebbi, Packt Publishing Bermingham – Mumbai, 2018.
4. The basic of Hacking and Penetration testing, second edition on ethical hacking and penetration by Patrick
Engebretson.
5. Hack I.T. - Security Through Penetration Testing, T. J. Klevinsky, Scott Laliberte and Ajay Gupta, Addison-Wesley,
ISBN: 0-201-71956-8.
6. Metasploit: The Penetration Tester's Guide, David Kennedy, Jim O'Gorman, Devon Kearns, Mati Aharoni.
7. Professional Penetration Testing: Creating and Operating a Formal Hacking Lab, Thomas Wilhelm.

MOOCs:
1. https://swayam.gov.in/nd1_noc20_ma24/preview

Ó Extracted and reorganized by Yatin Desai 1|P a g e

MIT-WPU / M.Tech / Computer Science and Engineering (Cyber Security) / Semester-II / A.Y. 2024-2025

DIGITAL FORENSICS ANALYSIS (10, 25, 10, 40)

MODULE – 1
Introduction
Digital Forensics and Modus Operandi, Principles of Digital Forensics, Role of Computers in Crime preparing for
incident, Computer- Digital Crimes and Frauds Computer Security incidents and events- Code Hacking- Input
Validation, Buffer Overflow Attacks, SQL Injection, Cross Side Scripting , Ethical hacking of operating Systems,
Ethical hacking of web, email and mobile Phones.
MODULE – 2
Evidence Collection
Challenges in dealing with Digital Evidence Defining levels of certainty in Digital Evidence, Computer Forensics:
Incident Response Secrets and solutions, Investigations – Covert and remote operations, Search and seizure of digital
evidence, Data Acquisition and disk imaging, Special Forensics Scenarios: Email Forensics Investigation, Data
storage Forensics, Forensic Investigation of mobile devices, Forensic investigation of Wi-Fi Environment.
MODULE – 3
Windows and Linux Forensics
Windows Forensics, Locate and Gather Evidence, File Slack and its Investigations, Interpret the Windows Registry,
Internet Traces, System State Backups, File System Description in Linux, Linux Directories, The Challenges in Disk
Forensics with Linux, Linux Forensics Tool: SMART for Linux, Forensix.
MODULE - 4
Security Tools
Open Source Tools (Forensics tools Suites) TCT (The Coroners Toolkit), TSK (The Sleuth Kit), FTK (Forensics Tool
Kit), EnCase Maresware. Security Software: Antivirus, Email Security, Identify and Access Management, Incidence
response policies, Incidence reporting Forensics & Intrusion Detection, and Prevention. Forensics Software:
Password Cracking Tool, Open Source Tool, Mobile Devices Tool (PDA/ Cell phone), Large Storage Analysis.
MODULE - 5
Case Study and Scenarios
IP Thefts, Corporate Frauds, Digital Frauds, Cyber Crimes, Cyber Porn, Cyber Stalking, Consumer and credit Card
Fraud, Online and Digital Fraud- Phishing Attacks, Spare Attack and other Incident.

TEXTBOOKS / REFERENCE BOOKS:

1. Computer Forensics Jump Start- Michel G. Solomen, Diane Banet and Neil Broom.
2. Hacking Exposed- Computer Forensics Chris Davis, Aaron Phillipp and Davidcowen. Ma-Graw Hill.
3. Cybercrime and Digital Forensics, Anthony Reyes, Jack Wiles, Syngress Publishing.
4. Forensics and Investigative accounting- D.larryCrumbley, Laster E. Heitger and G. Stevenson smith.
5. Code Hacking- Richard Conway and Julian Cordingley

WEB RESOURCES:
1. https://www.forensicfocus.com/Web_Links/l_op=viewlink/cid=1/
2. http://www.forensicfocus.com/Web_Links/l_op=viewlink/cid=1/orderby=ratingd/

MOOCs:
1. https://www.mooc-list.com/course/computer-forensics-edx

Ó Extracted and reorganized by Yatin Desai 2|P a g e

MIT-WPU / M.Tech / Computer Science and Engineering (Cyber Security) / Semester-II / A.Y. 2024-2025

DATA PRIVACY AND COMPLIANCES (15, 30, 15, 40)

MODULE – 1
Introduction to Data Privacy
What is data privacy and its importance, methods for protecting data, balancing between data privacy and utility,
anonymization of design principles, nature of data in enterprise, static data anonymization, classification of data in
multidimensional data set, Group based anonymization, privacy preserving graph data, privacy preserving time series
data.
MODULE – 2
Privacy Preserving Data Mining
Data Mining: key functional areas of data mining, association rule mining, clustering, test data fundamentals, utility
of test data, privacy preserving of test data, quality of test data, insufficiencies of anonymized test data.
MODULE – 3
Introduction to Data Security
Current problems in security, understanding entropy in password security, standards for identity, what data should be
protected? Password encryption, hashing, salting, password attack vectors, password hashing function, key stretching,
recomputing hashes.
MODULE - 4
Identity Security Fundamentals
Identity types, Enhancing User Experience by Utilizing Identity, Introducing Trust Zones, Browser Fingerprinting,
Location-Based Tracking, Device Fingerprinting (Phone/Tablet), Device Fingerprinting (Bluetooth Paired Devices),
Implementing Identity, Device and Browser Fingerprinting, Two-Factor Authentication and n-Factor Authentication,
Biometrics as Username Instead of Password, How to Rate Biometric Effectiveness?
MODULE - 5
Privacy frameworks and Compliances
HIPPA privacy model, NIST Cybersecurity framework, DSCI Privacy Framework, APEC Privacy Framework,
California Privacy Act, Aadhar framework of security and privacy.
Case study: Privacy case studies of social media sites such as Google, Facebook, Privacy Enhancing Technologies.
Instagram Chat bot privacy tool, Privacy policy Generator tools, MS Open-Source Privacy mapping tool, Survey of
Privacy control tools

TEXTBOOKS / REFERENCE BOOKS:

1. Natraj Venkatraman and Ashwin Shriram, Data Privacy: Principles and Practice, First edition, CRC Press, 2017.
2. Richard M. Thompson II, Emily C. Barbour and Alison M. Smith, Understanding Privacy and Data Protection: What
You Need to Know, Nova Publishers New York, 2014
3. Jonathan LeBlanc, Tim Messerschmidt, Identity and Data Security for Web Development Best Practices, Publisher:
O'Reilly Media, 2016
4. Jay Jacobs and Bob Rudis, Data-Driven Security, First edition, Wiley and Sons Publishers, 2014.
5. Information Security Policy Development for Compliance, International Standard Book Number-13: 978-1-4665-
8059-6Barry L. Williams, CRC Press.

WEB RESOURCES:
1. https://www.bsigroup.com/en-GB/our-services/training-courses/Data-Protection/
2. https://www.udemy.com/data-security/
3. https://iapp.org/certify/cipp/
4. https://www.liaison.com/blog/2017/10/23/big-data-machine-learning-data-security/

MOOCs:
1. https://onlinecourses.nptel.ac.in/noc22_cs37/preview
2. https://risk.thomsonreuters.com/en/compliance-training-courses/data-privacy-and-security-training.html
3. https://teamtreehouse.com/library/introduction-to-data-security

Ó Extracted and reorganized by Yatin Desai 3|P a g e

MIT-WPU / M.Tech / Computer Science and Engineering (Cyber Security) / Semester-II / A.Y. 2024-2025

VULNERABILITY ASSESSMENT AND PENETRATION TESTING (LAB) (5, 5, 5)

1. Generate Brute-force password-guessing attacks. Use Password cracking tools – Aircrack-ng.
2. Find sweep IP ranges for live hosts and Performance tuning using Nmap scans.
3. Obtain network services from an attacker’s perspective using Nmap.
4. Discover Network service to Organize and Sort through Nmap scan output.
5. Creating protocol-specific target lists for vulnerability discovery.
6. Obtain threats associated with Web Servers & Applications. i.e. Session Hijacking.
7. Implementation to gather information from any PC’s connected to the LAN using whois, port scanners, network
scanning, Angry IP scanners etc.
8. Implementation of IT Audit, malware analysis and Vulnerability assessment and generate the report.
9. Mini Project.

DIGITAL FORENSICS ANALYSIS (LAB) (5, 5, 5)

1. Demonstrate the use of SQL injection or cross side scripting as a hacking tool.
2. Use any mobile forensic tool and demonstrate the evidence collection procedure and investigate the various
evidences on mobile phone.
3. Investigate the logs of Windows Registry.
4. Investigate the logs of wireless router and perform event correlation.
5. Investigate the various types of system logs and network logs for successful network forensics.
6. Considering email forensics, analyze the various useful elements of email header.
7. Use any open-source tool like FTK and study the process of digital forensics. Create a report of the same.

SOFTWARE LAB I CYBER SECURITY (LAB) (100)

1. Introduction to Anaconda IDE: Jupyter, Spider etc.
2. Introduction to Colab.
3. Basics of Python Programming Constructs.
4. Advanced Data Types in Python: List, Dictionary, Set etc.
5. Data Handling using Python: CSV, Excel file, Text files, Tables etc.
6. Object-Oriented Programming in Python.
7. Cisco Packet Tracer: A comprehensive Networking Technology / Network Management tool.
8. Configuration and demonstration of Intrusion Detection System Tools.
9. Configuration and demonstration of NESSUS tool for vulnerability assessment.
10. NS2/NS3: The Network Simulator Tools for research.

Ó Extracted and reorganized by Yatin Desai 4|P a g e