1.

Student profile

Roll
S No No Reg No. Student Name Category Contact No.
1 17201 5111-2020-1686 azadvir singh BC 9877712180
2 17202 5111-2020-1687 Mandeep Singh general 8194998360
3 17205 5111-2020-1690 pankaj lohan general 9896523453
4 17207 5111-2020-1692 Udham Singh BC 7888338454
5 17208 5111-2020-1693 Sukhvir Singh BC 7710435329
6 17210 5111-2020-1695 sukhram singh BC 7082615019
7 17213 5111-2020-1698 goldy singh sc 9815720996
8 17218 5111-17.850 sarbjeet singh sc 9914071537
9 17222 5111-2020-1691 parwinder singh BC 9878124743
10 17223 5111-2020-1659 simrandeep singh sc 9729335184
11 17225 5111-2020-1683 sunny kumar sports 9608824392
12 17226 5111-2020-1596 nitish kumar sports 9234945457

2.

2.Time table

Time Table 2022-23

Sr no. Name I II III IV V VI

1 Kiranpal B.Voc(CS+SD)-1 B.Voc(CS)-3 PGDCA+ MCA-1 B.Voc(CS+S B.Voc(CS)-3

Kaur C programming Ethical Msc(IT)-1 Data D)-1 Ethical Hacking
Hacking IT &E- Structure C prog Lab lab
Commerce

3. Syllabus
 B.VOC( Cyber Security) 3rd Year ( 5th and 6th Semester)

2022-23
Componen Credit University Internal Max. Exam.
Code Title of t s Examinatio Assessmen Mark Duratio
Paper n t s n Hours
General
B.VCS Presentation 4.5 60 40 100 3
-311 Skills and
Personality
Developmen
t
General
B.VCS Ethical 4.5 60 40 100 3
-312 Hacking-
Level 3
Skill
B.VCS Penetration 4.5 60 40 100 3
-313 Testing
Skill
B.VCS Cloud 4.5 60 40 100 3
-314 Computing
General
B.VCS Software 4.0 50 50 100 3
-315 Lab – IX
Skill
B.VCS Software 4.0 50 50 100 3
-316 Lab – X
Skill
B.VCS Software 4.0 50 50 100 3
-317 Lab – XI
Total 30 390 310 700

1. The breakup of marks for the practical will be as under:

i. Internal Assessment 50 Marks
ii. Viva Voce (External Evaluation) 20 Marks
iii. Lab Record Program Development and 30 Marks
Execution(External Evaluation)

1. The breakup of marks for the internal assessment for theory Subjects will be as under:
i. Average of Both Mid Semester Tests / Internal 24 Marks
Examinations
i. Attendance 8 Marks
i. Written Assignment/Project Work etc. 8Marks
 B.VCS- 312 Ethical Hacking-Level 3

Max Marks: 60 Maximum Time: 3 Hrs.

Min Pass Marks: 35% Lectures to be delivered: 55-65

INSTRUCTIONS FOR THE PAPER SETTER

The question paper will consist of three sections A, B and C. Each of sections A and B
will have four questions from the respective sections of the syllabus and each question carry 9
marks. Section C will consist of one compulsory question having 12 parts of short-answer type
covering the entire syllabus uniformly and each question will carry 2 marks.

INSTRUCTIONS FOR THE CANDIDATES

Candidates are required to attempt two questions each from section A and B and the entire
section C.

SECTION-A

IDS/IPS and Honey pots: Rules for IDS/IPS, Honey pots Detection, Evasion Techniques, Security
Measures for IDS, Unified Threat Management (UTM), Rules set for UTM, Virtual Private Network
(VPN), Network Vulnerability Assessment Automated & Manually
Android Ethical Hacking & Security: Ethical Hacking Practical on Smartphone, Securing your Android
mobile from being hacked, Cyber Threats for Mobile, Android Rooting and Testing for Exploits,
Securing your family with Android Apps, Smartphone Data Recovery
Web Server Ethical Hacking: Types of Web servers and their Security, Web Server Enumeration,
Attacking a Web server, Directory Traversal attack, Methodology for Web server attack, Using HT Track
to find backdoor in Web server, Testing the Payload on server, Brute force attack, Security and Defending
against Web Server Attacks, Upgrading a Web server
Session Hijacking Ethical Hacking: Session Hijacking, Process of Session Hijacking, Types of Session
Hijacking, Testing for Session Hijacking, Browser Hijacking, Coping with Session Hijacking, Coding
Standards and Session Management, Evaluating the Cookies
Advance Google hacking: Advance Google hacking, Google Hacking Database, Google Dorks for SQL
and Advance SQL Injection, Enumerating the Website’s Security & Publicly Available Data, Deep Web
vs Dark Web
SQL Injection: SQL Injection, Case Studies, SQL Injection Technologies, Types of SQL Injection, Steps
to Perform SQL Injection, Advance SQL Injection, SQL Injection Tool-Kit, Security Methods against
SQL Injection

SECTION-B

Web Application Ethical Hacking: Architecture of a Web Application, Hacking Threats for a Web
Application, Cross Site Scripting (XSS), Cross Site Request Forgery (CSRF), Data Storage and
Functionality testing of a Web Application, Detecting a Web Application Attack, Vulnerability Testing
Tools, Security against Web Application Attack
Shell: Shell Injection, Local File Inclusion (LFI) & Remote File Inclusion (RFI), Live Demonstration of
Shell Injection on Web Server, Evaluating the Coding Standards
Tamper data: Intercepting between Server and Client Side, Understanding the GET and POST, Burp Suit
& OWASP ZAP, Tampering Website’s Data
Securing a Website: Web Application Firewall Introduction, AWS Web Application Firewall and
Another Popular Firewall, Input Validations, Sanitisation the Input, Website Vulnerability Assessment
Automated & Manually
Cloud Computing Ethical Hacking: Services of Cloud Computing, Loop Holes in Cloud Computing,
Attack Methods for Cloud Services, Securing the Cloud (Manually and with Tools), Using Cloud Service
for DDOS Protection and Session Hijacking
Practice Sets for Website Ethical Hacking: Bwap, Word Press Website Hacking, Dam Vulnerable
Application, OWASP Top 10 Vulnerability

Reference Books:

1. Thomas Mathew, Ethical Hacking, 0571 Publisher, 2003. 13

2. Joel SeatnbraV and George Kurtz, Hacking Exposed: Network Security Secrets & Solutions, Stuart
McClure, McGraw-Hill, 2005
4.Lecture Distribution

1. web Server Ethical Hacking.IDS/IPS and Honey pots: Rules for IDS/IPS, Honey pots
Detection
2. Evasion Techniques, Security Measures for IDS
3. Unified Threat Management (UTM), Rules set for UTM
4. Virtual Private Network (VPN)
5. Network Vulnerability Assessment Automated & Manually
6. Android Ethical Hacking & Security: Ethical Hacking Practical on Smartphone
7. Securing your Android mobile from being hacked
8. Cyber Threats for Mobile, Android Rooting and Testing for Exploits
9. : Types of Web servers and their Security, Web Server Enumeration
10. Attacking a Web server, Directory Traversal attack
11. Methodology for Web server attack, Using HT Track to find backdoor in Web server
12. Testing the Payload on server, Brute force attack
13. Security and Defending against Web Server Attacks
14. Upgrading a Web server
15. Session Hijacking Ethical Hacking: Session Hijacking, Process of Session Hijacking, Types
of Session Hijacking, Testing for Session Hijacking
16. Browser Hijacking, Coping with Session Hijacking
17. Coding Standards and Session Management, Evaluating the Cookies
18. Advance Google hacking: Advance Google hacking, Google Hacking Database
19. Google Dorks for SQL and Advance SQL Injection, Enumerating the Website’s Security &
Publicly Available Data, Deep Web vs Dark Web
20. SQL Injection, Case Studies, SQL Injection Technologies
21. Types of SQL Injection, Steps to Perform SQL Injection
22. Advance SQL Injection, SQL Injection Tool-Kit, Security Methods against SQL Injection
23. web Application Ethical Hacking: Architecture of a Web Application
24. Threats for a Web Application, Cross Site Scripting (XSS)
25. Cross Site Request Forgery (CSRF)

26. Hacking Data Storage and Functionality testing of a Web Application

27. Detecting a Web Application Attack,
28. Vulnerability Testing Tools, Security against Web Application Attack
29. Shell: Shell Injection, Local File Inclusion (LFI) & Remote File Inclusion (RFI)
30. Live Demonstration of Shell Injection on Web Server, Evaluating the Coding Standards
31. Tamper data: Intercepting between Server and Client Side
32. Understanding the GET and POST, Burp Suit & OWASP ZAP, Tampering Website’s Data
33. Securing a Website: Web Application Firewall Introduction
34. AWS Web Application Firewall and Another Popular Firewall, Input Validations,
Sanitisation the Input,
35. Website Vulnerability Assessment Automated & Manually
36. Services of Cloud Computing, Loop Holes in Cloud Computing, Attack Methods for Cloud
Services, Securing the Cloud (Manually and with Tools)
37. Using Cloud Service for DDOS Protection and Session Hijacking
 38. Bwap, Word Press Website Hacking, Dam Vulnerable Application, OWASP Top 10
Vulnerability
weekly lesson plan

Weekly Lesson Plan

Teaching
Date Class Subject Topics covered
aids used
web Server Ethical Hacking.IDS/IPS and
B.Voc Ethical White
04-10-2022 Honey pots: Rules for IDS/IPS, Honey pots
(CS)-3 Hacking board
Detection
B.Voc Ethical Evasion Techniques, Security Measures for White
06-10-2022
(CS)-3 Hacking IDS board
B.Voc Ethical Unified Threat Management (UTM), Rules White
07-10-2022
(CS)-3 Hacking set for UTM board
B.Voc Ethical White
08-10-2022 Virtual Private Network (VPN)
(CS)-3 Hacking board
B.Voc Ethical Network Vulnerability Assessment White
10-10-2022
(CS)-3 Hacking Automated & Manually board
B.Voc Ethical Android Ethical Hacking & Security: Ethical White
12-10-2022
(CS)-3 Hacking Hacking Practical on Smartphone board
B.Voc Ethical Securing your Android mobile from being White
13-10-2022
(CS)-3 Hacking hacked board
B.Voc Ethical Cyber Threats for Mobile, Android Rooting White
15-10-2022
(CS)-3 Hacking and Testing for Exploits board
B.Voc Ethical : Types of Web servers and their Security, White
17-10-2022
(CS)-3 Hacking Web Server Enumeration board
B.Voc Ethical Attacking a Web server, Directory Traversal White
18-10-2022
(CS)-3 Hacking attack board
B.Voc Ethical Methodology for Web server attack, Using White
19-10-2022
(CS)-3 Hacking HT Track to find backdoor in Web server board
B.Voc Ethical Testing the Payload on server, Brute force White
20-10-2022
(CS)-3 Hacking attack board
B.Voc Ethical Security and Defending against Web Server White
21-10-2022
(CS)-3 Hacking Attacks board
B.Voc Ethical White
22-10-2022 Upgrading a Web server
(CS)-3 Hacking board
Session Hijacking Ethical Hacking: Session
B.Voc Ethical Hijacking, Process of Session Hijacking, White
27-10-2022
(CS)-3 Hacking Types of Session Hijacking, Testing for board
Session Hijacking
B.Voc Ethical Browser Hijacking, Coping with Session White
28-10-2022
(CS)-3 Hacking Hijacking board
B.Voc Ethical Coding Standards and Session Management, White
29-10-2022
(CS)-3 Hacking Evaluating the Cookies board
 B.Voc Ethical Advance Google hacking: Advance Google White
31-10-2022
(CS)-3 Hacking hacking, Google Hacking Database board
Google Dorks for SQL and Advance SQL
B.Voc Ethical Injection, Enumerating the Website’s Security White
01-11-2022
(CS)-3 Hacking & Publicly Available Data, Deep Web vs Dark board
Web
B.Voc Ethical SQL Injection, Case Studies, SQL Injection White
02-11-2022
(CS)-3 Hacking Technologies board
B.Voc Ethical Types of SQL Injection, Steps to Perform White
04-11-2022
(CS)-3 Hacking SQL Injection board
Advance SQL Injection, SQL
B.Voc Ethical White
05-11-2022 Injection Tool-Kit, Security Methods against
(CS)-3 Hacking board
SQL Injection
B.Voc Ethical web Application Ethical Hacking: White
07-11-2022
(CS)-3 Hacking Architecture of a Web Application board
Threats for a Web Application, Cross Site
B.Voc Ethical White
09-11-2022 Scripting (XSS), Cross Site Request Forgery
(CS)-3 Hacking board
(CSRF)
Hacking Data Storage and Functionality
B.Voc Ethical White
10-11-2022 testing of a Web Application, Detecting a Web
(CS)-3 Hacking board
Application Attack,
B.Voc Ethical Vulnerability Testing Tools, Security against White
11-11-2022
(CS)-3 Hacking Web Application Attack board
B.Voc Ethical Shell: Shell Injection, Local File Inclusion White
12-11-2022
(CS)-3 Hacking (LFI) & Remote File Inclusion (RFI) board
B.Voc Ethical Live Demonstration of Shell Injection on Web White
14-11-2022
(CS)-3 Hacking Server, Evaluating the Coding Standards board
B.Voc Ethical Tamper data: Intercepting between Server and White
15-11-2022
(CS)-3 Hacking Client Side board
B.Voc Ethical Understanding the GET and POST, Burp Suit White
16-11-2022
(CS)-3 Hacking & OWASP ZAP, Tampering Website’s Data board
B.Voc Ethical Securing a Website: Web Application Firewall White
17-11-2022
(CS)-3 Hacking Introduction board
B.Voc Ethical AWS Web Application Firewall and Another White
18-11-2022
(CS)-3 Hacking Popular Firewall, board
B.Voc Ethical White
19-11-2022
(CS)-3 Hacking Input Validations, Sanitisation the Input, board
B.Voc Ethical Website Vulnerability Assessment Automated White
21-11-2022
(CS)-3 Hacking & Manually board
Services of Cloud Computing, Loop Holes in
B.Voc Ethical Cloud Computing, Attack Methods for Cloud White
22-11-2022
(CS)-3 Hacking Services, Securing the Cloud (Manually and board
with Tools)
B.Voc Ethical Using Cloud Service for DDOS Protection and White
23-11-2022
(CS)-3 Hacking Session Hijacking board
24-11-2022 B.Voc Ethical Bwap, Word Press Website Hacking, Dam White
 Vulnerable Application, OWASP Top 10
(CS)-3 Hacking board
Vulnerability

5. Lecture Division (Lecture statement)

Oct(19 Nov(19) Total(38)

S No Roll No Student Name
16
33
1 17201 azadvir singh 17
15
30
2 17202 Mandeep Singh 15
16
32
3 17205 pankaj lohan 16
17
35
4 17207 Udham Singh 18
18
36
5 17208 Sukhvir Singh 18
17
34
6 17210 sukhram singh 17
19
35
7 17213 goldy singh 16
16
33
8 17218 sarbjeet singh 17
15
32
9 17222 parwinder singh 17
17
34
10 17223 simrandeep singh 17
18
37
11 17225 sunny kumar 19
17
32
12 17226 nitish kumar 15
 6. List of brilliant students:

17208, 17210, 17225

List of weak students

17222, 17207

7. Record of internal assessment

Department of Computer Science

B.Voc-CS-3 (Semester- 5) Internal Assessment DEC 2022
SUBJECT:B.VCS-312 Ethical Hacking Level-3
Teacher's Name: Kiranpal Kaur
Average of Attendance Written Tota
Both mid (8) assignment l
semester /Project (40)
tests/Intern work etc.
Colleg al (8)
Sr e Exam Examinatio
No Rollno RollNo Name n (24)
1720 93590 UDHAM
23 7 8 38
1 7 1 SINGH
1722 93590 SUNNY
22 7 7 36
2 5 2 KUMAR
1720 93590 SUKHVIR
24 7 8 39
3 8 3 SINGH
1721 93590 SUKHRAM
24 7 8 39
4 0 4 SINGH
1722 93590 SIMRANDEEP
23 8 7 38
5 3 5 SINGH
1721 93590 SARBJEER
23 7 7 37
6 8 6 SINGH
1722 93590 PARWINDER
22 7 8 37
7 2 7 SINGH
1720 93590 PANKAJ
23 8 7 38
8 5 8 LOHAN
1722 93590 NITISH
22 7 7 36
9 6 9 KUMAR
1720 93591 MANDEEP 22 8 7 37
10
 2 0 SINGH
1721 93591 GOLDY
22 7 7 36
11 3 1 SINGH
1720 93591 AZADVIR
23 7 7 37
12 1 2 SINGH

Test record (MST)

B.VCS-312 Ethical hacking level3

BVOC(CS-III)Semester 5th (session 2022-23)
Max marks 60 Max time 3 hrs
Note: Candidates are required attempt any 2 questions each from section A and section B .Section C is
compulsory.
Section A
Q1. Explain process and types of session hijacking?
Q2.Discuss cyber threats for mobile?
Q3. Explain IDS and IPS?
Q4. Explain SQL injection technologies and its types? 2*9=18
Section B
Q5. Discuss hacking threats for web application?
Q6. Explain (i) Local file inclusion (ii) Remote file inclusion
Q7. Discuss vulnerability testing tools for web application?
Q8. How to tamper Http requests which are mix of GET and POST? 2*9=18
Section C
Q9(a). VPN
(b).Honey pots
(c)Directory traversal attack
(d)Cross site scripting
(e)Brute force attack
(f)Deep web and dark web
(g) What is shell injection?
(h)Unified threat management
(i)Discuss cache poisoning.
(j) Man in middle attack
(k)Website defacement
(l)Discuss session management testing 12*2=24

S No Roll No Student Name Marks

1 17201 azadvir singh 31
2 17202 Mandeep Singh 30
3 17205 pankaj lohan 39
4 17207 Udham Singh 42
5 17208 Sukhvir Singh 28
6 17210 sukhram singh 24
7 17213 goldy singh 30
9 17222 parwinder singh 10
10 17223 simrandeep singh 31
 8. Assignment record

Best assignment