Cyber Security & Ethical Hacking Internship – Comprehensive Notes

Internship Overview

• Institution Context

  • Hosted by Manav Rachna International Institute of Research & Studies (Deemed-to-be University under Section $3$ of the UGC Act, $1956$).

  • Internship titled “Cyber Security & Ethical Hacking” under the guidance of Neela Santhosh.

• Intern’s Academic Profile

  • Name: Abhay Arora

  • Roll No.: 1/24/SET/BCS/158

  • Program: B.Tech

  • Domain of Specialization: Cybersecurity & Ethical Hacking

  • Internship Duration: $4$-week intensive programme.

Company Details

• Organization: CodTech IT Solution’s

• Mode: Online / Remote

• Tenure: $4$ weeks (Unpaid)

• Field of Work: Cybersecurity & Ethical Hacking, concentrating on Python-driven security tooling.

Core Objectives

• Grasp fundamental concepts of cybersecurity (confidentiality–integrity–availability, threat modelling, attack surface, etc.).

• Obtain hands-on experience in building security utilities from scratch.

• Explore and implement real-world Python applications for ethical hacking, automation, and rapid prototyping.

Tasks Executed & Conceptual Foundations

TASK I – File Integrity Checker

• Purpose: Guard data integrity by flagging tampering / corruption.

• Methodology:

  • Compute baseline file hash (default: SHA-$256$).

  • Store baseline in secure manifest (e.g.
    $\text{filename} \rightarrow \text{hash}$).

  • Periodically recompute and compare: \text{new_hash} \stackrel{?}{=} \text{baseline_hash}.

• Significance: Early detection of ransomware, insider manipulation, or silent corruption; maps to Integrity pillar of CIA triad.

TASK II – Web Application Vulnerability Scanner

• Scope of Scan:

  • SQL Injection, XSS, Broken Authentication, Insecure Direct Object References, Misconfigurations, etc.

• Technical Flow:

  • Crawl URLs (using Requests + BeautifulSoup).

  • Inject payload catalogue; observe HTTP responses.

  • Flag anomalies (status codes, reflected payload, DB errors).

• Practical Outcome: Helps DevSecOps remediate in SDLC’s earliest phases → cost reduction & compliance.

TASK III – Penetration Testing Toolkit

• Composition: Collection of scripts wrapping around Sockets, $nmap$, custom exploit modules.

• Philosophy: "Assume breach" → ethically simulate attacker TTPs (Tactics, Techniques, Procedures).

  • Recon → Scanning → Exploitation → Post-exploitation → Reporting.

• Value: Quantifies risk, validates defense-in-depth & blue-team monitoring efficacy.

TASK IV – Advanced File Encryption Tool

• Cryptographic Primitives Implemented:

  • AES-$256$ (symmetric block cipher).

  • RSA (asymmetric key exchange).

  • Blowfish (symmetric cipher alternative).

• Operational Steps:

  1. User selects file(s).

  2. Generates / imports key.

  3. Performs $\text{Enc}(\text{plaintext}) \rightarrow \text{ciphertext}$.

  4. Decryption requires correct key / password – enforcing confidentiality.

• Ethical Angle: Encourages responsible encryption usage, balancing privacy with legal/organizational policies (e.g., key escrow).

Technical Skill Set Acquired

• Python Programming (OOP, argparse, subprocess, multiprocessing).

• Hashing Algorithms: SHA-$256$ fundamentals, avalanche effect, collision resistance.

• Web Scraping: BeautifulSoup parse trees, handling malformed HTML, rate-limiting ethics.

• Network Scanning: Raw Sockets, TCP three-way handshake, $nmap$ Scripting Engine (NSE).

• Cryptography: AES modes (CBC vs. GCM), key management, padding oracles.

Challenges Encountered

• Interpreting complex encryption standards (padding, IVs, PKCS#7).

• Precisely parsing dynamic HTML / JavaScript-rendered pages.

• Modularizing codebase across multiple repositories while preventing dependency hell.

Achievements & Contributions

• Authored $4$ fully functional, documented Python tools.

• Centralized code in public-facing GitHub repos with README, usage demos, MIT license.

• Executed controlled tests on sample datasets, confirming operational integrity and security objectives.

Key Learning & Insights

• Experiential learning > purely theoretical study – trial-and-error solidifies concepts.

• Cybersecurity landscape demands continuous up-skilling (patch cycles, new CVEs daily).

• Python’s versatility (sockets, cryptography, web frameworks) streamlines security automation.

Industry Trends Observed

• Soaring demand for qualified cybersecurity professionals (global shortfall ≈ $3.4$ million).

• Rapid advances in AI-driven threat detection / SOAR.

• Movement toward Zero-Trust Architecture + Endpoint-centric security.

Methodology Followed

1. Research Phase: Literature, tutorials, mentor guidance.

2. Iterative Development: Agile sprints, feature branching.

3. Testing & Debugging: Unit tests, sandbox VMs, OWASP Juice Shop for web exploits.

4. Documentation & Deployment: Markdown docs, code comments, video walkthroughs → GitHub.

Conclusion & Future Scope

• Internship delivered tangible ethical-hacking proficiency and broadened offensive & defensive outlook.

• Tools have roadmap potential: enterprise-grade scalability, CI/CD integration, SIEM data feed.

• Planned certifications: CEH, OSCP, maybe CISSP for managerial trajectory.

References & Supporting Resources

• $\text{https://www.geeksforgeeks.org}$ – algorithm primers.

• YouTube tutorials – Python security libraries, LIVE demos.

• $\text{https://chat.openai.com}$ – conceptual clarifications, pseudocode.

• CodTech WhatsApp guidance videos – mentor-led code reviews.

Gratitude Note

• Appreciation conveyed to mentors, institution, and CodTech for providing infrastructure & guidance enabling skill advancement.