INSTITUTE OF AERONAUTICAL

ENGINEERING

AN AAT PRESENTATION ON

ETHICAL HACKING
COURSE CODE-ACCD02
BY
STUDENT NAME: V. AKSHAY
ROLL NUMBER: 24955A6201
BRANCH: CS-cyber security ‘A’

INSTITUTE OF AERONAUTICAL ENGINEERING

DUNDIGAL, HYDERABAD-500 043, TELANGANA,
INDIA.
1. Shoulder surfing is a technique for attacking. Justify.

Shoulder surfing is a social engineering attack where someone secretly observes

another person’s private information—usually without them realizing it. This could
happen when someone is entering a PIN at an ATM, typing a password into a
computer or mobile phone, or even filling out personal information on a form. What
makes shoulder surfing dangerous is how low-tech and sneaky it is. The attacker
doesn’t need any software or advanced tools—just a good view and timing. In
crowded places like cafes, airports, or buses, people often forget to shield their
screens or keypads, making it very easy for someone nearby to steal sensitive data.
It’s a reminder that sometimes the biggest threats aren’t from hackers in hoodies
behind a screen, but from ordinary people around us who are silently watching and
waiting for an opportunity.

2. Stages of Footprinting

Footprinting is like the reconnaissance phase of ethical hacking or cyber-attacks. It

involves collecting as much information as possible about a target system or
organization before any real attack begins. The first stage is Passive Footprinting,
where attackers gather information without directly interacting with the target. They
might use public records, job postings, social media, websites, or WHOIS data to
understand the target’s structure, IP addresses, or technologies used. The second
stage is Active Footprinting, where they interact with the system—performing pings,
traceroutes, or port scans—to identify live hosts, open ports, and potential entry
points.
This step is riskier since it can trigger alarms if the target has monitoring systems.
Both stages are essential in building a roadmap for further exploitation. Whether for
good (ethical hacking) or bad (malicious attacks), footprinting sets the stage for what
comes next in the cybersecurity chain.

3. Common Bluetooth-Specific Security Issues

Bluetooth was designed for convenience—connecting wireless headphones, sharing

files, or pairing smart devices. But like all technology, convenience sometimes opens
the door to risk. Over the years, several Bluetooth-specific attacks have emerged.
Bluejacking lets attackers send unsolicited messages to nearby devices, which may
seem harmless but can be used for phishing or spreading panic. Bluesnarfing is more
serious—it involves stealing data like contacts, messages, or files without permission.
Then there’s Bluebugging, where the attacker takes full control of the device,
listening in on calls or accessing sensitive data. Most of these attacks happen when
Bluetooth is left on and the device is discoverable. The scary part is how unnoticed
these attacks can be. People often don’t realize their Bluetooth is vulnerable,
especially when they’re using older software or connecting in public spaces. That’s
why keeping Bluetooth turned off when not in use and regularly updating devices is
essential for personal cybersecurity.

4. Intrusion Prevention System (IPS)

An Intrusion Prevention System (IPS) acts like a security guard for your network that
doesn’t just watch but also reacts. It monitors all incoming and outgoing traffic,
scanning for signs of malicious activity—like viruses, suspicious patterns, or unusual
behavior. The moment it detects a threat, it takes real-time action—like blocking
traffic, alerting admins, or dropping harmful packets. Unlike an Intrusion Detection
System (IDS), which only detects and reports threats, an IPS works proactively,
stepping in before the damage is done. In today’s world where threats evolve fast, IPS
is a key part of defense-in-depth strategies. For example, if a hacker tries to exploit a
software flaw, the IPS can immediately block that traffic. Whether it’s a business
network or a government system, having an IPS in place is like having a guard dog
that doesn’t just bark but bites when needed—keeping networks safe and threats out.
5. Role of HTTP in Web Services

HTTP (Hypertext Transfer Protocol) is the lifeblood of web communication. Every time
we open a website, click a link, or interact with an online service, HTTP is quietly
working in the background, making sure the data flows between the client (like your
browser) and the server. In the world of web services, especially APIs and web
applications, HTTP plays a critical role in sending requests and receiving responses in
a structured way. For instance, when a user logs into a website or makes a payment
online, HTTP ensures that the request reaches the server correctly, and the right
response comes back. It supports various methods like GET (to retrieve data), POST
(to send data), PUT, DELETE, and more, making it versatile for building scalable and
responsive systems.
Without HTTP, there would be no way for the client and server to talk, making it the
backbone of everything we do online—from checking emails to streaming videos to
accessing cloud applications.

6. Security Risks in Social Media Marketing

Social media marketing is a powerful tool for businesses to connect with customers,
build trust, and promote their brand. But with great visibility comes great risk. One of
the biggest threats is account hijacking, where attackers gain access to a brand’s
official social media profile and use it to post false messages, phishing links, or scams.
This can damage brand reputation in seconds. Another major risk is data leakage,
where employees might accidentally post confidential information in updates, photos,
or replies. Also, fake accounts pretending to be your business can mislead customers,
steal information, or conduct fraud. Hackers can also track company activities,
employee behavior, or product strategies through open posts and exploit them later.
That’s why companies need strong social media policies, two-factor authentication,
and constant monitoring. In the digital age, even one tweet can spark a crisis—so
security must be baked into your marketing strategy.

7. Researching ATM Vulnerabilities

ATM machines are a blend of hardware and software, and both can be exploited if
not properly secured. Attackers have developed clever ways to exploit ATMs beyond
just physical break-ins. For example, skimming devices can be attached to card slots
to steal card data. Shimming can steal chip data. Some criminals even install hidden
cameras to capture PINs. But it doesn’t stop there—many ATMs run outdated
software like Windows XP, which no longer receives security updates, making them
vulnerable to malware attacks. In more advanced attacks, hackers use malware
USBs or jackpotting techniques to command the ATM to dispense all its cash. Some
vulnerabilities come from weak network encryption between the ATM and the bank’s
servers, making data interception possible. Researching these vulnerabilities helps
banks stay ahead by implementing patches, upgrading systems, and using
encryption and biometric authentication. In a world where ATMs are everywhere,
keeping them secure is a shared responsibility.

8. Understanding the Cisco ASA Firewall

The Cisco Adaptive Security Appliance (ASA) is more than just a firewall—it’s a
multifunctional security solution trusted by organizations worldwide. It combines
several features like VPN support, packet filtering, antivirus inspection, and intrusion
prevention—all within a single device. What makes ASA powerful is its adaptive
capability—it constantly analyzes incoming and outgoing traffic to adjust and respond
to threats in real time. For example, it can recognize suspicious behavior like a user
suddenly accessing thousands of files and block them instantly. It also supports site-
to-site and remote-access VPNs, which are essential for secure remote work. Admins
can set granular rules about who can access what, and logs help in auditing and
compliance. The ASA acts as a gatekeeper, ensuring only safe and allowed traffic
passes through.
For organizations that take security seriously, Cisco ASA offers both peace of mind
and robust protection against modern cyber threats.

9. Network-Based and Host-Based IDSs and IPSs

Intrusion Detection and Prevention Systems (IDS/IPS) are essential for identifying and
stopping cyber threats—but they come in two main types: Network-Based (NIDS/NIPS)
and Host-Based (HIDS/HIPS). Network-based systems watch over entire networks.
They sit at strategic points like gateways or routers and analyze traffic as it flows
across devices. These are excellent for spotting widespread attacks like DDoS, port
scanning, or unusual traffic spikes. On the other hand, host- based systems live on
individual devices like laptops or servers and monitor internal activity—file access,
process behavior, or login attempts. They’re great for detecting insider threats or
malware that a network system might miss. Using both together gives the best of
both worlds—broad visibility plus deep insight. Think of it as having CCTV cameras
(NIDS) across your house and motion detectors (HIDS) on specific doors. Together,
they build a strong security perimeter.

10. Understanding Public Key Infrastructure (PKI)

Public Key Infrastructure (PKI) is the trust framework that keeps our online world
secure. Every time you visit a website with “https,” send an encrypted email, or
digitally sign a document, PKI is working in the background. It revolves around the
use of public and private keys—one to encrypt and the other to decrypt. These keys
are issued and managed by Certificate Authorities (CAs), trusted entities that verify
identities and provide digital certificates. For example, when you log into a banking
site, your browser checks the site’s certificate to ensure it’s genuine and hasn’t been
tampered with. Without PKI, we couldn’t securely do online shopping, remote work,
or even government transactions. It prevents impersonation, data theft, and fraud.
PKI creates a web of trust, enabling millions of secure transactions every day. It’s
invisible to most users, but it’s the silent guardian behind modern digital security.