2/8/23, 10:12 PM What is Cryptography?

— An Introduction to Cryptographic Algorithms | by Aryya Paul | Edureka | Medium

Open in app Get unlimited access

Search Medium

Published in Edureka

Aryya Paul Follow

Aug 9, 2018 · 6 min read · Listen

Save

What is Cryptography? — An Introduction to

Cryptographic Algorithms

What is Cryptography? — Edureka

Encryption is essentially important because it secures data and information from

unauthorized access and thus maintains confidentiality. Here’s an article to help you
understand “what is cryptography “ and how can it be used to protect corporate secrets,
secure classified information, and personal information to guard against things like
78
identity theft.
https://medium.com/edureka/what-is-cryptography-c94dae2d5974 1/11
2/8/23, 10:12 PM What is Cryptography? — An Introduction to Cryptographic Algorithms | by Aryya Paul | Edureka | Medium

Here’s what I have covered in this article:

Introduction to Cryptography?

Encryption Algorithms

How various Cryptographic Algorithms Works?

Now, I’m going to take help of an example or a scenario to explain what is cryptography?

Let’s say there’s a person named Andy. Now suppose Andy sends a message to his
friend Sam who is on the other side of the world. Now obviously he wants this message
to be private and nobody else should have access to the message. He uses a public
forum, for example, WhatsApp for sending this message. The main goal is to secure
this communication.

Let’s say there is a smart guy called Eaves who secretly got access to your
communication channel. Since this guy has access to your communication, he can do
much more than just eavesdropping, for example, he can try to change the message.
Now, this is just a small example. What if Eave gets access to your private information?
The result could be catastrophic.

So how can Andy be sure that nobody in the middle could access the message sent to
Sam? That’s where Encryption or Cryptography comes in. Let me tell you ” What is
https://medium.com/edureka/what-is-cryptography-c94dae2d5974 2/11
2/8/23, 10:12 PM What is Cryptography? — An Introduction to Cryptographic Algorithms | by Aryya Paul | Edureka | Medium

Cryptography “.

What Is Cryptography?

Cryptography is the practice and study of techniques for securing communication and data in
the presence of adversaries.

Alright, now that you know ” what is cryptography ” let’s see how cryptography can help
secure the connection between Andy and Sam.

So, to protect his message, Andy first converts his readable message to unreadable
form. Here, he converts the message to some random numbers. After that, he uses a
key to encrypt his message, in Cryptography, we call this ciphertext.

Andy sends this ciphertext or encrypted message over the communication channel, he
won’t have to worry about somebody in the middle of discovering his private messages.
Suppose, Eaves here discover the message and he somehow manages to alter it before
it reaches Sam.

https://medium.com/edureka/what-is-cryptography-c94dae2d5974 3/11
2/8/23, 10:12 PM What is Cryptography? — An Introduction to Cryptographic Algorithms | by Aryya Paul | Edureka | Medium

Now, Sam would need a key to decrypt the message to recover the original plaintext. In
order to convert the ciphertext into plain text, Sam would need to use the decryption
key. Using the key he would convert the ciphertext or the numerical value to the
corresponding plain text.

After using the key for decryption what will come out is the original plaintext message,
is an error. Now, this error is very important. It is the way Sam knows that message sent
by Andy is not the same as the message that he received. Thus, we can say that
encryption is important to communicate or share information over the network.

Encryption Algorithms
Cryptography is broadly classified into two categories: Symmetric key Cryptography and
Asymmetric key Cryptography (popularly known as public key cryptography).

https://medium.com/edureka/what-is-cryptography-c94dae2d5974 4/11
2/8/23, 10:12 PM What is Cryptography? — An Introduction to Cryptographic Algorithms | by Aryya Paul | Edureka | Medium

Now Symmetric key Cryptography is further categorized as Classical Cryptography and

Modern Cryptography.

Further drilling down, Classical Cryptography is divided into Transposition Cipher and
Substitution Cipher. On the other hand, Modern Cryptography is divided into Stream
Cipher and Block Cipher.

So, let’s understand these algorithms with examples.

How various Cryptographic Algorithms Works?

Let’s start with the Symmetric key encryption

Symmetric Key Cryptography

An encryption system in which the sender and receiver of a message share a single, common
key that is used to encrypt and decrypt the message. The most popular symmetric–key system
is the Data Encryption Standard (DES).

https://medium.com/edureka/what-is-cryptography-c94dae2d5974 5/11
2/8/23, 10:12 PM What is Cryptography? — An Introduction to Cryptographic Algorithms | by Aryya Paul | Edureka | Medium

Transposition Ciphers

In Cryptography, a transposition cipher is a method of encryption by which the positions held

by units of plaintext (which are commonly characters or groups of characters) are shifted
according to a regular system, so that the ciphertext constitutes a permutation of the
plaintext.

That is, the order of the units is changed (the plaintext is reordered). Mathematically, a
bijective function is used on the characters’ positions to encrypt and an inverse
function to decrypt.

Example:

https://medium.com/edureka/what-is-cryptography-c94dae2d5974 6/11
2/8/23, 10:12 PM What is Cryptography? — An Introduction to Cryptographic Algorithms | by Aryya Paul | Edureka | Medium

Substitution Cipher

Method of encryption by which units of plaintext are replaced with ciphertext, according to a
fixed system; the “units” may be single letters (the most common), pairs of letters, triplets of
letters, mixtures of the above, and so forth.

Example:

Consider this example shown on the slide: Using the system just discussed, the
keyword “zebras” gives us the following alphabets:

Stream Cipher

Symmetric or secret-key encryption algorithm that encrypts a single bit at a time. With a
Stream Cipher, the same plaintext bit or byte will encrypt to a different bit or byte every time
it is encrypted.

Block Cipher

An encryption method that applies a deterministic algorithm along with a symmetric key to
encrypt a block of text, rather than encrypting one bit at a time as in stream ciphers
https://medium.com/edureka/what-is-cryptography-c94dae2d5974 7/11
2/8/23, 10:12 PM What is Cryptography? — An Introduction to Cryptographic Algorithms | by Aryya Paul | Edureka | Medium

Example: A common block cipher, AES, encrypts 128-bit blocks with a key of
predetermined length: 128, 192, or 256 bits. Block ciphers are pseudorandom
permutation (PRP) families that operate on the fixed size block of bits. PRPs are
functions that cannot be differentiated from completely random permutations and
thus, are considered reliable until proven unreliable.

Asymmetric Key Encryption (or Public Key Cryptography)

The encryption process where different keys are used for encrypting and decrypting
the information. Keys are different but are mathematically related, such that retrieving
the plain text by decrypting ciphertext is feasible.

https://medium.com/edureka/what-is-cryptography-c94dae2d5974 8/11
2/8/23, 10:12 PM What is Cryptography? — An Introduction to Cryptographic Algorithms | by Aryya Paul | Edureka | Medium

RSA is the most widely used form of public key encryption,

RSA Algorithm
RSA stands for Rivest, Shamir, and Adelman, inventors of this technique

Both public and private key are interchangeable

Variable Key Size (512, 1024, or 2048 bits)

Here’s how keys are generated in RSA algorithm

https://medium.com/edureka/what-is-cryptography-c94dae2d5974 9/11
2/8/23, 10:12 PM What is Cryptography? — An Introduction to Cryptographic Algorithms | by Aryya Paul | Edureka | Medium

Alright, this was it for “What is Cryptography” article. To safeguard your information
and data shared over the internet it is important to use strong encryption algorithms,
to avoid any catastrophic situations.

This brings us to the end of our article on What is Cryptography? I hope you found this
article informative and added value to your knowledge.

If you wish to check out more articles on the market’s most trending technologies like
Artificial Intelligence, DevOps, Ethical Hacking, then you can refer to Edureka’s
official site.

Do look out for other articles in this series which will explain the various other aspects
of Cybersecurity.

1. What is Cybersecurity?

2. Cybersecurity Framework

3. Steganography Tutorial

4. What is Network Security?

5. What is Computer Security?

6. What is Application Security?

7. Penetration Testing

8. Ethical Hacking Tutorial

9. Everything You Need To Know About Kali Linux

10. Ethical Hacking using Python

11. DDOS attack

12. MacChanger with Python

13 ARP Spoofing

https://medium.com/edureka/what-is-cryptography-c94dae2d5974 10/11
2/8/23, 10:12 PM What is Cryptography? — An Introduction to Cryptographic Algorithms | by Aryya Paul | Edureka | Medium

14. Proxychains, Anonsurf & MacChange

15. Footprinting

16. Top 50 Cybersecurity Interview Questions and Answers

Originally published at www.edureka.co on August 9, 2018.

Security Cryptography Cybersecurity Encryption Cipher

https://medium.com/edureka/what-is-cryptography-c94dae2d5974 11/11
2/8/23, 10:20 PM Cybersecurity 101 — A Beginner’s Guide to Cybersecurity World | by Aryya Paul | Edureka | Medium

Open in app Get unlimited access

Search Medium

Published in Edureka

Aryya Paul Follow

Jun 20, 2018 · 5 min read · Listen

Save

Cybersecurity 101 — A Beginner’s Guide to

Cybersecurity World

What is Cybersecurity — Edureka

Cybercrime is a global problem that’s been dominating the news cycle. It poses a threat
to individual security and an even bigger threat to large international companies,
banks, and governments. Today’s organized cybercrimes far out shadow lone hackers
of the past now large organized crime rings function like start-ups and often employ
highly-trained developers who are constantly innovating online attacks. With so much
https://medium.com/edureka/what-is-cybersecurity-778feb0da72 1/9
2/8/23, 10:20 PM Cybersecurity 101 — A Beginner’s Guide to Cybersecurity World | by Aryya Paul | Edureka | Medium

data to exploit out there, Cybersecurity has become essential. Hence, I decided to write
up this article on “What is Cybersecurity?”

Before we begin, let me just list out the topics I’ll be covering through the course of this
blog.

Why we need Cybersecurity?

Types of Cyber Attacks

What is Cybersecurity?

The CIA Triad

How is Cybersecurity implemented?

Why we need Cybersecurity?

The golden age of Hackers — What is Cybersecurity?

It can be rightfully said that today’s generation lives on the internet, and we general
users are almost ignorant as to how those random bits of 1’s and 0’s reach securely to
our computer. For a hacker, it’s a golden age. With so many access points, public IP’s
and constant traffic and tons of data to exploit, black hat hackers are having one hell of
time exploiting vulnerabilities and creating malicious software for the same. Above
that, cyber attacks are evolving by the day. Hackers are becoming smarter and more

https://medium.com/edureka/what-is-cybersecurity-778feb0da72 2/9
2/8/23, 10:20 PM Cybersecurity 101 — A Beginner’s Guide to Cybersecurity World | by Aryya Paul | Edureka | Medium

creative with their malware and how they bypass virus scans and firewalls still baffles
many people.

Therefore there has to be some sort of protocol that protects us against all these cyber
attacks and make sure our data doesn’t fall into the wrong hands. This is exactly why
we need cybersecurity.

Let’s see some of the most common cyber attacks that have plagued us as a community
since the beginning of the internet.

Types of Cyber Attacks

Types of Cyberthreats — What is Cybersecurity?

What is Cybersecurity?

Cybersecurity refers to a set of techniques used to protect the integrity of networks, programs
and data from attack, damage or unauthorized access.

From a computing point of view, security comprises cybersecurity and physical

security — both are used by enterprises to protect against unauthorized access to data

https://medium.com/edureka/what-is-cybersecurity-778feb0da72 3/9
2/8/23, 10:20 PM Cybersecurity 101 — A Beginner’s Guide to Cybersecurity World | by Aryya Paul | Edureka | Medium

centers and other computerized systems. Information security, which is designed to

maintain the confidentiality, integrity, and availability of data, is a subset of
cybersecurity. The use of cyber security can help prevent cyber attacks, data breaches,
and identity theft and can aid in risk management.

So when talking about cybersecurity, one might wonder “What are we trying to protect
ourselves against?” Well, there are three main aspects we are trying to control, name:

Unauthorized Access

Unauthorized Deletion

Unauthorized Modification

These three terms are synonymous with the very commonly known CIA triad which
stands for Confidentiality, Integrity, and Availability. The CIA triad is also commonly
referred to as the three pillars of security and most of the security policies of an
organization are built on these three principles.

The CIA Triad

The CIA triad which stands for Confidentiality, Integrity, and Availability is a design
model to guide companies and organizations to form their security policies. It is also
known as the AIC triad to avoid confusion with the Central Intelligence Agency(CIA).
The components of the triad are considered to be the most important and fundamental
components of security. So let me brief you all about the three components

https://medium.com/edureka/what-is-cybersecurity-778feb0da72 4/9
2/8/23, 10:20 PM Cybersecurity 101 — A Beginner’s Guide to Cybersecurity World | by Aryya Paul | Edureka | Medium

CIA Triad — What is Cybersecurity?

Confidentiality
Confidentiality is the protection of personal information. Confidentiality means
keeping a client’s information between you and the client, and not telling others
including co-workers, friends, family, etc.

Integrity
Integrity, in the context of computer systems, refers to methods of ensuring that data
is real, accurate and safeguarded from unauthorized user modification.

Availability
Availability, in the context of a computer system, refers to the ability of a user to access
information or resources in a specified location and in the correct format.

https://medium.com/edureka/what-is-cybersecurity-778feb0da72 5/9
2/8/23, 10:20 PM Cybersecurity 101 — A Beginner’s Guide to Cybersecurity World | by Aryya Paul | Edureka | Medium

Attacks on CIA — What is Cybersecurity?

How is Cybersecurity implemented?

There are numerous procedures for actually implementing cybersecurity, but there
three main steps when actually fixing a security-related issue.

The first step is to recognize the problem that is causing the security issue, for
example, we have to recognize whether there is a denial of service attack or a man in
the middle attack. The next step is to evaluate and analyze the problem. We have to
make sure we isolate all the data and information that may have been compromised in
the attack. Finally, after evaluating and analyzing the problem, the last step is to
develop a patch that actually solves the problem and brings back the organization to a
running state.

https://medium.com/edureka/what-is-cybersecurity-778feb0da72 6/9
2/8/23, 10:20 PM Cybersecurity 101 — A Beginner’s Guide to Cybersecurity World | by Aryya Paul | Edureka | Medium

Steps to treat a Cyberattack — What is Cybersecurity?

When identifying, analyzing and treating a cyber attack, there are three principals that
are kept in mind for various calculations. They are:

Vulnerability, Threat and Risk — What is Cybersecurity?

If you wish to check out more articles on the market’s most trending technologies like
Artificial Intelligence, DevOps, Ethical Hacking, then you can refer to Edureka’s
official site.

Do look out for other articles in this series which will explain the various other aspects
of Cybersecurity.
https://medium.com/edureka/what-is-cybersecurity-778feb0da72 7/9
2/8/23, 10:20 PM Cybersecurity 101 — A Beginner’s Guide to Cybersecurity World | by Aryya Paul | Edureka | Medium

1. What is Cryptography?

2. Cybersecurity Framework

3. Steganography Tutorial

4. What is Network Security?

5. What is Computer Security?

6. What is Application Security?

7. Penetration Testing

8. Ethical Hacking Tutorial

9. Everything You Need To Know About Kali Linux

10. Ethical Hacking using Python

11. DDOS attack

12. MacChanger with Python

13 ARP Spoofing

14. Proxychains, Anonsurf & MacChange

15. Footprinting

16. Top 50 Cybersecurity Interview Questions and Answers

Originally published at www.edureka.co on June 20, 2018.

https://medium.com/edureka/what-is-cybersecurity-778feb0da72 8/9
2/8/23, 10:20 PM Cybersecurity 101 — A Beginner’s Guide to Cybersecurity World | by Aryya Paul | Edureka | Medium

Cybersecurity CIA Cyber Cyber Threat Cyber Attacks

https://medium.com/edureka/what-is-cybersecurity-778feb0da72 9/9
2/8/23, 10:48 PM What is Computer Security? -A Beginner’s Guide To Computer Security | by Aryya Paul | Edureka | Medium

Published in Edureka

Aryya Paul Follow

Jan 23, 2019 · 6 min read · Listen

Save

What is Computer Security? -A Beginner’s Guide

To Computer Security

What is Computer Security — Edureka

The Internet has transformed our lives in many good ways. Unfortunately, this vast
network and its associated technologies also have brought in their wake, the increasing
number of security threats. The most effective way to protect yourself from these
threats and attacks is to be aware of standard cybersecurity practices. This article on

https://medium.com/edureka/what-is-computer-security-c8eb1b38de5 1/8
2/8/23, 10:48 PM What is Computer Security? -A Beginner’s Guide To Computer Security | by Aryya Paul | Edureka | Medium

“What is Computer Security?” presents an introduction to computer security and its

key concepts.

1. What is Computer Security?

2. Computer Security Threats

3. Best computer security practices.

What is computer security?

Computer security basically is the protection of computer systems and information from
harm, theft, and unauthorized use. It is the process of preventing and detecting unauthorized
use of your computer system.

Often people confuse computer security with other related terms like information
security and cybersecurity. One way to ascertain the similarities and differences
among these terms is by asking what is being secured. For example,

Information security is securing information from unauthorized access,

modification & deletion

Computer Security means securing a standalone machine by keeping it updated and

patched

Cybersecurity is defined as protecting computer systems, which communicate over

the computer networks

It’s important to understand the distinction between these words, though there isn’t
necessarily a clear consensus on the meanings and the degree to which they overlap or
are interchangeable.

So, Computer security can be defined as controls that are put in place to provide
confidentiality, integrity, and availability for all components of computer systems.
Let’s elaborate the definition.

Components of computer system

The components of a computer system that needs to be protected are:

https://medium.com/edureka/what-is-computer-security-c8eb1b38de5 2/8
2/8/23, 10:48 PM What is Computer Security? -A Beginner’s Guide To Computer Security | by Aryya Paul | Edureka | Medium

Hardware, the physical part of the computer, like the system memory and disk
drive

Firmware, permanent software that is etched into a hardware device’s nonvolatile

memory and is mostly invisible to the user

Software, the programming that offers services, like operating system, word
processor, internet browser to the user

The CIA Triad

Computer security is mainly concerned with three main areas:

Confidentiality is ensuring that information is available only to the intended

audience

Integrity is protecting information from being modified by unauthorized parties

Availability is protecting information from being modified by unauthorized parties

In simple language, computer security is making sure information and computer

components are usable but still protected from people or software that shouldn’t
access it or modify it.

https://medium.com/edureka/what-is-computer-security-c8eb1b38de5 3/8
2/8/23, 10:48 PM What is Computer Security? -A Beginner’s Guide To Computer Security | by Aryya Paul | Edureka | Medium

Now moving forward with this ‘What is Computer Security?” article let’s look at the
most common security threats.

Computer security threats

Computer security threats are possible dangers that can possibly hamper the normal
functioning of your computer. In the present age, cyber threats are constantly
increasing as the world is going digital. The most harmful types of computer security
are:

Viruses

A computer virus is a malicious program which is loaded into the user’s computer
without user’s knowledge. It replicates itself and infects the files and programs on the
user’s PC. The ultimate goal of a virus is to ensure that the victim’s computer will never
be able to operate properly or even at all.

Computer Worm

A computer worm is a software program that can copy itself from one computer to
another, without human interaction. The potential risk here is that it will use up your
computer hard disk space because a worm can replicate in greate volume and with
great speed.

Phishing
https://medium.com/edureka/what-is-computer-security-c8eb1b38de5 4/8
2/8/23, 10:48 PM What is Computer Security? -A Beginner’s Guide To Computer Security | by Aryya Paul | Edureka | Medium

Disguising as a trustworthy person or business, phishers attempt to steal sensitive

financial or personal information through fraudulent email or instant messages.
Phishing in unfortunately very easy to execute. You are deluded into thinking it’s the
legitimate mail and you may enter your personal information.

Botnet

A botnet is a group of computers connected to the internet, that have been

compromised by a hacker using a computer virus. An individual computer is called
‘zombie computer’. The result of this threat is the victim’s computer, which is the bot
will be used for malicious activities and for a larger scale attack like DDoS.

Rootkit

A rootkit is a computer program designed to provide continued privileged access to a

computer while actively hiding its presence. Once a rootkit has been installed, the
controller of the rootkit will be able to remotely execute files and change system
configurations on the host machine.

https://medium.com/edureka/what-is-computer-security-c8eb1b38de5 5/8
2/8/23, 10:48 PM What is Computer Security? -A Beginner’s Guide To Computer Security | by Aryya Paul | Edureka | Medium

Keylogger

Also known as a keystroke logger, keyloggers can track the real-time activity of a user
on his computer. It keeps a record of all the keystrokes made by user keyboard.
Keylogger is also a very powerful threat to steal people’s login credential such as
username and password.

These are perhaps the most common security threats that you’ll come across. Apart
from these, there are others like spyware, wabbits, scareware, bluesnarfing and many
more. Fortunately, there are ways to protect yourself against these attacks.

Computer Security Practices

Computer security threats are becoming relentlessly inventive these days. There is
much need for one to arm oneself with information and resources to safeguard against
these complex and growing computer security threats and stay safe online. Some
preventive steps you can take include:

Secure your computer physically by:

1. Installing reliable, reputable security and anti-virus software

2. Activating your firewall, because a firewall acts as a security guard between the
internet and your local area network

Stay up-to-date on the latest software and news surrounding your devices and
perform software updates as soon as they become available

Avoid clicking on email attachments unless you know the source

Change passwords regularly, using a unique combination of numbers, letters and

case types

https://medium.com/edureka/what-is-computer-security-c8eb1b38de5 6/8
2/8/23, 10:48 PM What is Computer Security? -A Beginner’s Guide To Computer Security | by Aryya Paul | Edureka | Medium

Use the internet with caution and ignore pop-ups, drive-by downloads while
surfing

Taking the time to research the basic aspects of computer security and educate
yourself on evolving cyber-threats

Perform daily full system scans and create a periodic system backup schedule to
ensure your data is retrievable should something happen to your computer.

Apart from these, there are many ways you can protect your computer system. Aspects
such as encryption and computer cleaners can assist in protecting your computers and
its files.

Unfortunately, the number of cyber threats are increasing at a rapid pace and more
sophisticated attacks are emerging. So, having a good foundation in cybersecurity
concepts will allow you to protect your computer against ever-evolving cyber threats.

This brings us to the end of our article on What is Computer Security? I hope you
found this article informative and added value to your knowledge.

If you wish to check out more articles on the market’s most trending technologies like
Artificial Intelligence, DevOps, Ethical Hacking, then you can refer to Edureka’s
official site.

Do look out for other articles in this series which will explain the various other aspects
of Cybersecurity.

1. What is Cybersecurity?

2. Cybersecurity Framework

3. Steganography Tutorial

4. What is Network Security?

5. What is Cryptography?

6. What is Application Security?

https://medium.com/edureka/what-is-computer-security-c8eb1b38de5 7/8
2/8/23, 10:48 PM What is Computer Security? -A Beginner’s Guide To Computer Security | by Aryya Paul | Edureka | Medium

7. Penetration Testing

8. Ethical Hacking Tutorial

9. Everything You Need To Know About Kali Linux

10. Ethical Hacking using Python

11. DDOS attack

12. MacChanger with Python

13 ARP Spoofing

14. Proxychains, Anonsurf & MacChange

Open in app
15. Footprinting Get unlimited access

Search Medium
16. Top 50 Cybersecurity Interview Questions and Answers

Originally published at www.edureka.co on January 23, 2019.

Cybersecurity Computer Security Security Information Security CIA

https://medium.com/edureka/what-is-computer-security-c8eb1b38de5 8/8
2/8/23, 10:52 PM Application Security — A Comprehensive Guide To Application Security | by Aryya Paul | Edureka | Medium

Published in Edureka

Aryya Paul Follow

Dec 14, 2018 · 6 min read · Listen

Save

Application Security — A Comprehensive Guide

To Application Security

Application Security — Edureka

Network outages, hacking, computer viruses, and similar incidents affect our lives in
ways that range from inconvenient to life-threatening. Akamai found in its research,
for the State of the Internet Security Report that attacks on web applications increased by
59% percent from Q4 2017 to Q1 2018. These grim statistics make it clear that

https://medium.com/edureka/application-security-tutorial-e6a0dda25f5c 1/8
2/8/23, 10:52 PM Application Security — A Comprehensive Guide To Application Security | by Aryya Paul | Edureka | Medium

application security is more important than ever. This article will help you unfold the
concept of application security.

Let’s take a look at the topics covered in this Application Security article:

1. What is cybersecurity?

2. What is application security and why is it important?

3. Application security checklist

4. What is SQL Injection?

What is Cybersecurity?
Today, our entire modern way of life, from communication to e-commerce,
fundamentally depends on the Internet. We exchange money, play games, read the
news, do shopping and a lot of other things using the internet. The Internet informs,
entertains and connects us. But this luxury of using internet comes with a price —
security.

Cybercrime is a global problem that’s been dominating the news. It poses threat to an
individual’s security and an even bigger threat to large enterprises, banks and
government. The past year featured daily news about cyber attacks, data breaches, and
software vulnerabilities. But the good thing is that even with this flawed internet, there
are simple things that we can do to protect ourselves from these attacks. This is where
cybersecurity comes into the picture. Here is a quick definition:

“Cybersecurity is the body of technologies, processes, and practices designed to

protect networks, computers, programs and data from attack, damage or
unauthorized access.”

https://medium.com/edureka/application-security-tutorial-e6a0dda25f5c 2/8
2/8/23, 10:52 PM Application Security — A Comprehensive Guide To Application Security | by Aryya Paul | Edureka | Medium

Ensuring cybersecurity requires the coordinated efforts throughout an information

system and this include:

Network security

Application security

Information security

Operational security

Disaster recovery

End-user education

Let’s explore application security in detail.

What is Application Security & Why is it Important?

Cybercrime has risen exponentially in recent years, exposing a wide range of
vulnerabilities in web and mobile applications. Most of these security issues are
caused due to poor coding practices, which lead to poor application code integrity. In
other words, hackers are exploiting application-layer loopholes in poorly-coded
applications to initiate their attacks.

Web application security is the process of protecting websites and online services against
different security threats that exploit vulnerabilities in an application’s code. Common
https://medium.com/edureka/application-security-tutorial-e6a0dda25f5c 3/8
2/8/23, 10:52 PM Application Security — A Comprehensive Guide To Application Security | by Aryya Paul | Edureka | Medium

targets for web application attacks are content management systems (e.g., WordPress),
database administration tools (e.g., phpMyAdmin) and Software-as-a-Service(SaaS)
applications.

Reasons, why web-applications seem to be the most favorite target, are:

Coding practices
If the code is poorly written hackers can exploit application-layer loopholes to
initiate an attack

If the code is complex, it increases the likelihood of unattended vulnerabilities and

malicious code manipulation

Ease Of Execution
Most attacks can be easily automated and launched indiscriminately against
thousands, or even tens or hundreds of thousands of targets at a time.

Cybercriminals get paid in bulk amount to attack applications

Hence organizations failing to secure their web applications run the risk of being
attacked. And this is mostly due to vulnerabilities present in the application.
Application vulnerabilities are creating havoc in today’s cyberspace giving leeway for
different kinds of attacks.

Let’s take a look at a few leading attacks on web applications:

SQL Injection:
Here, the perpetrator uses malicious SQL code to manipulate a backend database so
that he/she get his/her hands on sensitive information

Cross-site Scripting(XSS):
XSS occurs when the attacker injects malicious code directly into an application,
thereby gaining access to accounts, activate Trojans or modify page content

Remote File Inclusion:

Hacker injects a file onto a web application server. By doing so he can execute
malicious scripts or code within the application, as well as steal data and manipulate it

https://medium.com/edureka/application-security-tutorial-e6a0dda25f5c 4/8
2/8/23, 10:52 PM Application Security — A Comprehensive Guide To Application Security | by Aryya Paul | Edureka | Medium

Cross-site Request Forgery(CSRF):

It’s caused when a malicious web application makes a user’s browser perform an
unwanted action in a site to which he is logged into.

Well, these are few most popular types of attacks, that exploit vulnerabilities in an
application to initiate the attack. OWASP (Open web application security project) lists
top 10 application vulnerabilities along with the risk, impact, and countermeasures,
every 3–4 years.

Application security checklist

‘Prevention is better than cure’. Most of the time organizations have countermeasures
to ensure safety against these attacks. These countermeasures can take the form of
software, hardware, and modes of behavior.

Software countermeasures include:

Web application firewalls: Firewalls are usually designed to examine incoming
traffic to block attack attempts, thereby compensating for any code manipulation

Pop-up blockers: Also known as pop-up killers prevents pop-ups from displaying in
a user’s Web browser

Cryptography: Different kind of encryption and decryption algorithms can be used

to secure all the data transmissions

https://medium.com/edureka/application-security-tutorial-e6a0dda25f5c 5/8
2/8/23, 10:52 PM Application Security — A Comprehensive Guide To Application Security | by Aryya Paul | Edureka | Medium

Spyware detection programs: Variety of spyware detection and spyware removal

programs can be installed to prevent cyber attacks

Hardware countermeasures include:

A router that can prevent the IP address of an individual computer from being
directly visible on the Internet

Biometric authentication systems that identify third-party hosted content, keeping

your application safe

Intrusion detectors and alarms

Behavioral countermeasures include:

Frequent deletion of stored cookies and temporary files from Web browsers

Regular installation of updates and patches for operating systems

Regular scanning for viruses and other malware

Refraining from opening e-mail messages and attachments from unknown senders

Today, cyber threats are so routine and sophisticated that they seem almost impossible
to prevent. Yet security programs continue to evolve new defenses as cyber-security
professionals identify new threats and new ways to combat them.

Earlier, we discussed different types of attacks. Let’s explore one of the attacks in
detail.

What is SQL Injection?

SQL injection, also known as SQLI, is a common attack that uses malicious SQL code for
backend database manipulation to access information that was not intended to be
displayed.

A successful injection attack may result in the unauthorized viewing of user lists, the
deletion of entire tables, and, in certain cases, the attacker gaining administrative
rights to a database, all of which are highly fatal to a business. SQL injection usually
occurs when you ask a user for input, like their username/ userid, and instead of a

https://medium.com/edureka/application-security-tutorial-e6a0dda25f5c 6/8
2/8/23, 10:52 PM Application Security — A Comprehensive Guide To Application Security | by Aryya Paul | Edureka | Medium

name/id, the user gives you an SQL statement that you will unknowingly run on your
database.

Look at the following example:

txtUserId = getRequestString("UserId");
txtSQL = "SELECT * FROM Users WHERE UserId = " + txtUserId;

The original purpose of the code was to create an SQL statement to select a user, with a
given user id. A user with malicious intentions can input this: User Id: 105 OR 1=1

Well, the input is valid, in fact, it will return ALL rows from the “Users” table because
OR 1=1 is always TRUE. This way a hacker might get access to all the usernames and
passwords in a database, by simply inserting random data.

Seems simple and dangerous!

This brings us to the end of our article on What is Application Security? I hope you
found this article informative and added value to your knowledge.

If you wish to check out more articles on the market’s most trending technologies like
Artificial Intelligence, DevOps, Ethical Hacking, then you can refer to Edureka’s
official site.

Do look out for other articles in this series which will explain the various other aspects
of Cybersecurity.

1. What is Cybersecurity?

2. Cybersecurity Framework

3. Steganography Tutorial

4. What is Network Security?

5. What is Computer Security?

https://medium.com/edureka/application-security-tutorial-e6a0dda25f5c 7/8
2/8/23, 10:52 PM Application Security — A Comprehensive Guide To Application Security | by Aryya Paul | Edureka | Medium

6. What is Cryptography?

7. Penetration Testing

8. Ethical Hacking Tutorial

9. Everything You Need To Know About Kali Linux

10. Ethical Hacking using Python

11. DDOS attack

12. MacChanger with Python

13 ARP Spoofing

14. Proxychains, Anonsurf & MacChange

15. Footprinting
Open in app Get unlimited access

16. Top 50 Cybersecurity Interview Questions and Answers

Search Medium

Originally published at www.edureka.co on December 14, 2018.

Security Application Security Sql Injection Sqli Cybersecurity

https://medium.com/edureka/application-security-tutorial-e6a0dda25f5c 8/8
2/8/23, 10:44 PM What is Network Security? — A Beginner’s Guide To Network Security | by Aryya Paul | Edureka | Medium

Published in Edureka

Aryya Paul Follow

Dec 20, 2018 · 6 min read · Listen

Save

What is Network Security? — A Beginner’s Guide

To Network Security

Network Security — Edureka

We live in an age of information. Businesses these days are more digitally advanced
than ever, and as technology improves, organizations’ security postures must be
enhanced as well. Now, with many devices communicating with each other over wired,
wireless, or cellular networks, network security is an important concept. In this article,
we will explore what is a network security and its key features.
https://medium.com/edureka/what-is-network-security-1f659407dcc 1/8
2/8/23, 10:44 PM What is Network Security? — A Beginner’s Guide To Network Security | by Aryya Paul | Edureka | Medium

Let’s take a look at the topics covered in this ‘What is Network Security?’ article:

1. What is network security?

2. What is network security attack?

3. Types of network security

4. Network security jobs

What is Network Security?

Network security is the process of taking preventative measures to protect the underlying
networking infrastructure from unauthorized access, misuse, malfunction, modification,
destruction or improper disclosure.

The Internet has undoubtedly become a huge part of our lives. Many people in today’s
generation rely on the Internet for many of their professional, social and personal
activities. But are you sure your network is secure?

There are many people who attempt to damage our Internet-connected computers,
violate our privacy and make it impossible for the Internet services. Given the
frequency and variety of existing attacks as well as the threat of new and more
destructive future attacks, network security has become a central topic in the field of
cybersecurity. Implementing network security measures allows computers, users and
programs to perform their permitted critical functions within a secure environment.

Now that we know what network security is, let’s take a look at two major categories of
network attacks.

What is network security attack?

A network attack can be defined as any method, process, or means used to maliciously
attempt to compromise network security. Network security is the process of
preventing network attacks across a given network infrastructure, but the techniques
and methods used by the attacker further distinguish whether the attack is an active
cyber attack, a passive type attack, or some combination of the two.

https://medium.com/edureka/what-is-network-security-1f659407dcc 2/8
2/8/23, 10:44 PM What is Network Security? — A Beginner’s Guide To Network Security | by Aryya Paul | Edureka | Medium

Let’s consider a simple network attack example to understand the difference between
active and passive attack.

Active Attacks
An active attack is a network exploit in which attacker attempts to make changes to data on
the target or data en route to the target.

Meet Alice and Bob. Alice wants to communicate to Bob but distance is a problem. So,
Alice sends an electronic mail to Bob via a network which is not secure against attacks.
There is another person, Tom, who is on the same network as Alice and Bob. Now, as
the data flow is open to everyone on that network, Tom alters some portion of an
authorized message to produce an unauthorized effect. For example, a message
meaning “Allow BOB to read confidential file X” is modified as “Allow Smith to read
confidential file X”.

Active network attacks are often aggressive, blatant attacks that victims immediately
become aware of when they occur. Active attacks are highly malicious in nature, often
locking out users, destroying memory or files, or forcefully gaining access to a targeted
system or network.

Passive Attacks
A passive attack is a network attack in which a system is monitored and sometimes
scanned for open ports and vulnerabilities, but does not affect system resources.

https://medium.com/edureka/what-is-network-security-1f659407dcc 3/8
2/8/23, 10:44 PM What is Network Security? — A Beginner’s Guide To Network Security | by Aryya Paul | Edureka | Medium

Let’s consider the example we saw earlier:

Alice sends an electronic mail to Bob via a network which is not secure against attacks.
Tom, who is on the same network as Alice and Bob, monitors the data transfer that is
taking place between Alice and Bob. Suppose, Alice sends some sensitive information
like bank account details to Bob as plain text. Tom can easily access the data and use
the data for malicious purposes.

So, the purpose of the passive attack is to gain access to the computer system or
network and to collect data without detection.

So, network security includes implementing different hardware and software

techniques necessary to guard underlying network architecture. With the proper
network security in place, you can detect emerging threats before they infiltrate your
network and compromise your data.

Types of network security

There are many components to a network security system that work together to
improve your security posture. The most common network security components are
discussed below.

Access Control

https://medium.com/edureka/what-is-network-security-1f659407dcc 4/8
2/8/23, 10:44 PM What is Network Security? — A Beginner’s Guide To Network Security | by Aryya Paul | Edureka | Medium

To keep out potential attackers, you should be able to block unauthorized users and
devices from accessing your network. Users that are permitted network access should
only be able to work with the set of resources for which they’ve been authorized.

Application Security
Application security includes the hardware, software, and processes that can be used
to track and lockdown application vulnerabilities that attackers can use to infiltrate
your network.

Firewalls
A firewall is a device or service that acts as a gatekeeper, deciding what enters and
exits the network. They use a set of defined rules to allow or block traffic. A firewall
can be hardware, software, or both.

Virtual Private Networks(VPN)

A virtual private network encrypts the connection from an endpoint to a network,
often over the Internet. This way it authenticates the communication between a device
and a secure network, creating a secure, encrypted “tunnel” across the open internet.

Behavioral Analytics
You should know what normal network behavior looks like so that you can spot
anomalies or network breaches as they happen. Behavioral analytics tools
automatically identify activities that deviate from the norm.

Wireless Security
Wireless networks are not as secure as wired ones. Cybercriminals are increasingly
targeting mobile devices and apps. So, you need to control which devices can access
your network.

Intrusion Prevention System

These systems scan network traffic to identify and block attacks, often by correlating
network activity signatures with databases of known attack techniques.

So, these are some ways of implementing network security. Apart from these, you’ll
need a variety of software and hardware tools in your toolkit to ensure network
security, those are:
https://medium.com/edureka/what-is-network-security-1f659407dcc 5/8
2/8/23, 10:44 PM What is Network Security? — A Beginner’s Guide To Network Security | by Aryya Paul | Edureka | Medium

Firewalls

Packet crafters

Web scanners

Packet sniffers

Intrusion detection system

Penetration testing software

Network security is essential for overall cybersecurity because the network is a

significant line of defense against external attack. Given that, virtually all data and
applications are connected to the network, robust network security protects against
data breaches.

Network Security Jobs

With the widely reported success of popular cyberattacks, like WannaCry and
Adylkuzz, companies are paying more than ever to land highly qualified cybersecurity
professionals to secure their most vulnerable assets. Network security analyst and
network security engineer are listed as two of the highest paid cybersecurity jobs.
While network security engineer is more likely to be building out security systems, a
network security analyst is more likely to be tasked with scanning the network for
plausible vulnerabilities. Both the positions earn an average between $90,000 and
$150,000.

This brings us to the end of our article on What is Network Security? I hope you found
this article informative and added value to your knowledge.

If you wish to check out more articles on the market’s most trending technologies like
Artificial Intelligence, DevOps, Ethical Hacking, then you can refer to Edureka’s
official site.

Do look out for other articles in this series which will explain the various other aspects
of Cybersecurity.

https://medium.com/edureka/what-is-network-security-1f659407dcc 6/8
2/8/23, 10:44 PM What is Network Security? — A Beginner’s Guide To Network Security | by Aryya Paul | Edureka | Medium

1. What is Cybersecurity?

2. Cybersecurity Framework

3. Steganography Tutorial

4. What is Cryptography?

5. What is Computer Security?

6. What is Application Security?

7. Penetration Testing

8. Ethical Hacking Tutorial

9. Everything You Need To Know About Kali Linux

10. Ethical Hacking using Python

11. DDOS attack

12. MacChanger with Python

13 ARP Spoofing

14. Proxychains, Anonsurf & MacChange

15. Footprinting

16. Top 50 Cybersecurity Interview Questions and Answers

Originally published at www.edureka.co on December 20, 2018.

https://medium.com/edureka/what-is-network-security-1f659407dcc 7/8
2/8/23, 10:44 PM What is Network Security? — A Beginner’s Guide To Network Security | by Aryya Paul | Edureka | Medium

Open in app
Cybersecurity Security Network Security Network Networking Get unlimited access

Search Medium

https://medium.com/edureka/what-is-network-security-1f659407dcc 8/8
2/8/23, 10:26 PM Cybersecurity Framework 101 — A Comprehensive Guide To Cybersecurity Framework | by Aryya Paul | Edureka | Medium

Published in Edureka

Open in app Get unlimited access

Aryya Paul Follow

Search Medium
Jun 28, 2018 · 7 min read · Listen

Save

Cybersecurity Framework 101 — A

Comprehensive Guide To Cybersecurity
Framework

Cybersecurity Frameworks — Edureka

Data is the most valuable asset, which is the reason why data security has become an
international agenda. Data breaches and security failures can put the world economy
at risk. Realizing the need for national and economic security, the President of US

https://medium.com/edureka/cybersecurity-framework-89bbab5aaf17 1/12
2/8/23, 10:26 PM Cybersecurity Framework 101 — A Comprehensive Guide To Cybersecurity Framework | by Aryya Paul | Edureka | Medium

issued an Executive Order to develop a Cybersecurity Framework to help reduce cyber

risks. Dive deeper into the feed to know more about the Frame.

Here’s what I have covered in this article:

Why Cybersecurity Framework?

What Is Cybersecurity Framework?

5
Types of Cybersecurity Framework

Components of Framework

Cybersecurity Framework’s Five Functions

Using Cybersecurity Framework

Steps to Implement Cybersecurity Framework

I hope that gets your attention. Let’s begin with the first topic.

Why Cybersecurity Framework?

Implementing the Framework is effective because:

It Results in a shift from compliance to action and specific outcomes

It has built-in maturity model and gap analysis so you don’t need additional
maturity model on top of CSF

It gives you a measure of where you are and where you need to go

It can be implemented in stages or degrees which makes it more appealing to

business

What is Cybersecurity Framework?

The Framework is voluntary guidance, based on existing guidelines, and practices for
organizations to better manage and reduce cybersecurity risk.

https://medium.com/edureka/cybersecurity-framework-89bbab5aaf17 2/12
2/8/23, 10:26 PM Cybersecurity Framework 101 — A Comprehensive Guide To Cybersecurity Framework | by Aryya Paul | Edureka | Medium

Developed through coordinated effort amongst business and government, the

intentional Framework comprises of measures, rules, and practices to showcase the
safety of imperative foundation. The organized, adaptable, repeatable, and effective
approach of the Framework helps house proprietors and administrators of critical
foundation to oversee cybersecurity-related hazard.

Objectives of Cybersecurity Framework

Besides helping associations oversee and decrease probable risks, it was intended to
cultivate risk and Cybersecurity administration communications among both inner
and outer authoritative partners.

Types of Cybersecurity Framework

The most frequently adopted frameworks are:

PCI DSS (Payment Card Industry Data Security Standard):

It is a set of security controls required to implement to protect payment account
security. It is designed to protect credit card, debit card, and cash card transactions

ISO 27001/27002 (International Organization for Standardization ):

Best practice recommendations for information security management and
information security program elements.

https://medium.com/edureka/cybersecurity-framework-89bbab5aaf17 3/12
2/8/23, 10:26 PM Cybersecurity Framework 101 — A Comprehensive Guide To Cybersecurity Framework | by Aryya Paul | Edureka | Medium

CIS Critical Security Controls:

A prescribed arrangement of activities for cyber protection that give particular and
noteworthy approaches to stop the present most inescapable and perilous attacks. A
key advantage of the Controls is that they organize and center fewer activities with
high outcomes

NIST Framework:
A Framework for improving critical infrastructure Cybersecurity with a goal to
improve the organization’s readiness for managing cybersecurity risk by leveraging
standard methodologies and processes

Components of Cybersecurity Framework

There are three key components:

Framework Core:
It gives an arrangement of required Cybersecurity exercises and results utilizing
normal understandable language. The Core guides associations in overseeing and
decreasing their Cybersecurity chances in a way that supplements an association’s
current Cybersecurity and risk management processes.

Implementation tiers:
It helps associations by giving setting on how an association sees Cybersecurity risk
management. The tiers manage associations to consider the suitable level of
thoroughness for their cybersecurity program and are regularly utilized as a
specialized device to talk about hazard hunger, mission need, and spending plan.

https://medium.com/edureka/cybersecurity-framework-89bbab5aaf17 4/12
2/8/23, 10:26 PM Cybersecurity Framework 101 — A Comprehensive Guide To Cybersecurity Framework | by Aryya Paul | Edureka | Medium

Profiles:
Profiles are an association’s novel arrangement of their organizational prerequisites
and goals, and assets against the coveted results of the Framework Core. Profiles are
principally used to recognize and organize open doors for enhancing Cybersecurity at
an association.

Cybersecurity Framework’s Five Functions

The Functions are the largest amount of deliberation incorporated into the
Framework. They go about as the foundation of the Framework Core that every single
other component is sorted out around. The five functions included in the framework
are:

1. Identify: The Identify Function helps with building up a hierarchical

comprehension in overseeing cybersecurity to frameworks, individuals, resources,
information, and capacities.

2. Protect: The Protect Function diagrams proper shields to guarantee conveyance of

basic foundation administrations. The Protect Function underpins the capacity to
restrict or contain the effect of a potential Cybersecurity occasion.

3. Detect: The Detect Function characterizes the fitting exercises to recognize the
event of a Cybersecurity occasion. The Detect Function empowers opportune

https://medium.com/edureka/cybersecurity-framework-89bbab5aaf17 5/12
2/8/23, 10:26 PM Cybersecurity Framework 101 — A Comprehensive Guide To Cybersecurity Framework | by Aryya Paul | Edureka | Medium

revelation of Cybersecurity occasions.

4. Respond: The Respond Function incorporates proper activities to make a move in

regards to a distinguished Cybersecurity occurrence. The Respond Function
bolsters the capacity to contain the effect of a potential Cybersecurity occurrence.

5. Recover: The Recover Function distinguishes proper exercises to keep up plans for
versatility and to reestablish any abilities or administrations that were impeded
because of a Cybersecurity event.

Requirement Categories of each function

Alright, having discussed the functions and components of the framework, let’s see
how these frameworks are used.

Using Cybersecurity Framework

Using the framework could improve the critical infrastructure of an organization. The
Framework can be implemented in stages and hence can be tailored to meet any
organization’s needs. The Framework is intended to supplement, not replace, an
association’s cybersecurity program and risk administration forms.

Who Should Use the Framework?

https://medium.com/edureka/cybersecurity-framework-89bbab5aaf17 6/12
2/8/23, 10:26 PM Cybersecurity Framework 101 — A Comprehensive Guide To Cybersecurity Framework | by Aryya Paul | Edureka | Medium

The Cybersecurity Framework is for associations of all sizes, divisions, and

developments. The framework was designed to be extremely adaptable. With built-in
customization option available the framework can be modified to be used by any
organizations.

A small association with a low cybersecurity spending plan, or an extensive enterprise

with a major spending plan, are each ready to approach the result in a way that is
attainable for them. It is this adaptability that enables the Framework to be utilized by
associations which are simply beginning in setting up a cybersecurity program, while
additionally offering some incentive to associations with develop programs.

How Are Organizations Using the Framework?

In the course of recent years, NIST has been watching how the network has been
utilizing the Framework. These are some regular examples that we have seen develop:

Authority has grabbed the vocabulary of the Framework and can have educated
discussions about cybersecurity chance

Associations have utilized the levels to decide ideal levels of hazard administration

Associations are finding the way toward making profiles to a great degree powerful
in understanding the present cybersecurity hones in their business condition

Profiles and execution designs are being utilized in organizing and planning for
cybersecurity change exercises
https://medium.com/edureka/cybersecurity-framework-89bbab5aaf17 7/12
2/8/23, 10:26 PM Cybersecurity Framework 101 — A Comprehensive Guide To Cybersecurity Framework | by Aryya Paul | Edureka | Medium

Steps to Implement Cybersecurity Framework

The Cybersecurity Framework defines 7 steps for establishing a cybersecurity
program:

Example of Organization’s Using the Cybersecurity Framework

Nuclear Sector Cybersecurity Framework Implementation:

Atomic reactors in the United States have a solid reputation of cooperating to create
and execute digital security principles, devices, and procedures that guarantee
wellbeing, security, and unwavering quality.

Framework Implementation Benefits:

The Framework is intended to be sufficiently adaptable to be utilized both by
associations with developing digital security and risk administration programs and by
those with less-created programs.

https://medium.com/edureka/cybersecurity-framework-89bbab5aaf17 8/12
2/8/23, 10:26 PM Cybersecurity Framework 101 — A Comprehensive Guide To Cybersecurity Framework | by Aryya Paul | Edureka | Medium

As a rule, implementing the Framework gives an instrument to associations to:

Evaluate and particularly depict its current and focused on digital security pose

Identify gaps in its present projects, procedures, and workforce

Identify and organize open doors for development utilizing a persistent and
repeatable process

Assess advance toward achieving its objective digital security act

Demonstrate the association’s arrangement with the Framework’s broadly

perceived accepted procedures

Highlight any present practices that may outperform the Framework’s prescribed
practices

Communicate its digital security act in a typical, perceived dialect to inside and
outside partners — including clients, controllers, financial specialists, and
approach producers

Here’s how the Cybersecurity Framework was used to demonstrate how cybersecurity
practices at U.S. nuclear power plants align to the Framework.

https://medium.com/edureka/cybersecurity-framework-89bbab5aaf17 9/12
2/8/23, 10:26 PM Cybersecurity Framework 101 — A Comprehensive Guide To Cybersecurity Framework | by Aryya Paul | Edureka | Medium

This brings us to the end of our article on CybersecurityFrameworks. I hope you found this
article informative and added value to your knowledge.

If you wish to check out more articles on the market’s most trending technologies like
Artificial Intelligence, DevOps, Ethical Hacking, then you can refer to Edureka’s
official site.

Do look out for other articles in this series which will explain the various

1. What is Cryptography?

2. What is Cybersecurity?

3. Steganography Tutorial

4. What is Network Security?

https://medium.com/edureka/cybersecurity-framework-89bbab5aaf17 10/12
2/8/23, 10:26 PM Cybersecurity Framework 101 — A Comprehensive Guide To Cybersecurity Framework | by Aryya Paul | Edureka | Medium

5. What is Computer Security?

6. What is Application Security?

7. Penetration Testing

8. Ethical Hacking Tutorial

9. Everything You Need To Know About Kali Linux

10. Ethical Hacking using Python

11. DDOS attack

12. MacChanger with Python

13 ARP Spoofing

14. Proxychains, Anonsurf & MacChange

15. Footprinting

16. Top 50 Cybersecurity Interview Questions and Answers

Originally published at www.edureka.co on June 28, 2018.

Cybersecurity Cybersecurity Framework Security Cyber Security Awareness

Cyber Security Training

https://medium.com/edureka/cybersecurity-framework-89bbab5aaf17 11/12
2/8/23, 10:26 PM Cybersecurity Framework 101 — A Comprehensive Guide To Cybersecurity Framework | by Aryya Paul | Edureka | Medium

https://medium.com/edureka/cybersecurity-framework-89bbab5aaf17 12/12
2/8/23, 11:16 PM ARP Spoofing — Automating Ethical Hacking with Python | by Aryya Paul | Edureka | Medium

Published in Edureka

Aryya Paul Follow

Mar 4, 2019 · 6 min read · Listen

Save

ARP Spoofing — Automating Ethical Hacking

with Python

When you tell someone you’re an Ethical Hacker, they look at you like you are some
kind of a Wizard. Well, that’s what it is to be an Ethical Hacker: Knowledgeable,
Powerful and Conscience to do the right thing! Like a Wand to a Wizard, Python makes
an Ethical Hacker more powerful. In the previous tutorial, you saw how you can write
a MacChanger using Python. In this tutorial, you will see how Python can be used for
ARP Spoofing.
https://medium.com/edureka/python-arp-spoofer-for-ethical-hacking-58b0bbd81272 1/8
2/8/23, 11:16 PM ARP Spoofing — Automating Ethical Hacking with Python | by Aryya Paul | Edureka | Medium

I will cover the following topics:

What is ARP Spoofing?

Writing an ARP Spoofer

I know you are all hyped up to automate Ethical Hacking, but first, you should know
what ARP Spoofing is.

What is ARP Spoofing?

It is common that everyone uses WiFi these days and you are one of them. Do you
know how the data flows when you are connected to the router? Your system and the
router have IP addresses attached to them. When you are connected to the router, the
data flow is between 2 IP addresses. The router sends data to the IP address of your
system and your system sends data to the IP address of the router.

ARP Spoofing is the technique of redirecting the network traffic to the hacker by
faking the IP address. Too technical? Let me make it simple for you. When there is a
connection between a system and the router (basically between two IP addresses), the
hacker will fake his/her IP address. The hacker will tell 1) The Router that he/she is the
system and 2) The System that he/she is the router. Now, the router will send the data
to the hacker instead of the system, and the system will send the data to the hacker
instead of the router. Hence the network flows through the hacker.

https://medium.com/edureka/python-arp-spoofer-for-ethical-hacking-58b0bbd81272 2/8
2/8/23, 11:16 PM ARP Spoofing — Automating Ethical Hacking with Python | by Aryya Paul | Edureka | Medium

Now that we know what an ARP Spoofer is, let’s build these using Python!

Writing an ARP Spoofer

When I was explaining to you about ARP Spoofing, I told you that it redirects the
traffic. To conduct ARP Spoofing, we need 3 nodes. One will be the hacker node and
the other two are systems between which there’s some communication going on.

For this tutorial, I am using Virtual Machines to create nodes. I will run two Virtual
Machines of which one will be the hacker and the other will be the victim. What about
the 3rd node? Well, that will be the router that the Virtual Machines are connected to.

My setup is as follows: I have two Virtual Machines which are connected to a router.

Before we write an ARP Spoofer, we need to get some data. Because the hacker system
will be faking it’s IP address, we should know the IP address and the MAC address of
the router and the victim system.

To find the IP addresses of the victim and the Router, run the following command from
the hacker’s machine:

https://medium.com/edureka/python-arp-spoofer-for-ethical-hacking-58b0bbd81272 3/8
2/8/23, 11:16 PM ARP Spoofing — Automating Ethical Hacking with Python | by Aryya Paul | Edureka | Medium

$ arp -a

This will list the IP address and the MAC address of all the systems in that network.

Here, the gateway is the Router and for this demo, I will choose the system with the IP
address 192.168.111.157 as the Victim.

After we run the ARP Spoofer, we need a way to verify whether our ARP Spoofer
worked or not. In the real-world scenario, the success/failure of the ARP Spoofing is
determined by the output on the hacker’s system. But for this demo, we will make it
easy. As we are running Virtual Machines, I will switch to the Victim system and check
the MAC address of the Router.

For that, run the following command in the terminal of the Victim’s system:

$ arp -a

Look at the MAC address of the router, this will change after we run the script.

Now that we have the required data for spoofing, we are ready to write an ARP Spoofer.

To write a Spoofer for ARP Spoofing, let’s run PyCharm. To start PyCharm, go to the
directory where PyCharm was extracted and run the shell script.

https://medium.com/edureka/python-arp-spoofer-for-ethical-hacking-58b0bbd81272 4/8
2/8/23, 11:16 PM ARP Spoofing — Automating Ethical Hacking with Python | by Aryya Paul | Edureka | Medium

$ cd pycharm-community-2018.3.4/
$ cd bin/
$ ./pycharm.sh

You will see the Welcome Screen of PyCharm. Click on “Create New Project”

Enter a name for your project. I will name this arp_spoof. And then click “Create“.

You will now see the workplace. Next, let’s create a Python file. To do this, right click
on the project name, go to “New” and click on “Python file“. You can now write the
Python script here.

https://medium.com/edureka/python-arp-spoofer-for-ethical-hacking-58b0bbd81272 5/8
2/8/23, 11:16 PM ARP Spoofing — Automating Ethical Hacking with Python | by Aryya Paul | Edureka | Medium

The ARP Spoofer I am writing will use the Scapy module of Python, that is a packet
manipulation tool.

Below is the Python script for ARP Spoofer:

import scapy.all as scap

while True:
packet = scap.ARP(op=1, pdst="192.168.111.157",
hwaddr="00:0c:29:1e:76:af", psrc="192.168.111.2")
scap.send(packet) #Packet telling the Victim (with ip address
192.168.111.157) that the hacker is the Router.
packet = scap.ARP(op=1, pdst="192.168.111.2",
hwaddr="00:50:56:e7:86:57", psrc="192.168.111.157")
scap.send(packet) #Packet telling the Router (with ip address
192.168.111.2) that the hacker is the Victim.

Run this script and the network will be redirected. Let’s verify whether it actually
worked or not. In the Victim’s system, run this command:

$ arp -a

You can see that the MAC address of the Router’s IP is changed to the MAC address of
the hacker’s system. This means that the network is getting redirected to the hacker
and the data from the Victim’s system is going to the hacker’s system thinking that it is
the Router.

Congratulations! You have written an ARP Spoofer in Python and seen it in action. If
you wish to check out more articles on the market’s most trending technologies like
Artificial Intelligence, DevOps, Cloud, then you can refer to Edureka’s official site.

https://medium.com/edureka/python-arp-spoofer-for-ethical-hacking-58b0bbd81272 6/8
2/8/23, 11:16 PM ARP Spoofing — Automating Ethical Hacking with Python | by Aryya Paul | Edureka | Medium

Do look out for other articles in this series which will explain the various other aspects
of Cybersecurity.

1. What is Cybersecurity?

2. Cybersecurity Framework

3. Steganography Tutorial

4. What is Network Security?

5. What is Computer Security?

6. What is Application Security?

7. Penetration Testing

8. Ethical Hacking Tutorial

9. Everything You Need To Know About Kali Linux

10. Ethical Hacking using Python

11. DDOS attack

12. MacChanger with Python

13 What is Cryptography?

14. Proxychains, Anonsurf & MacChange

15. Footprinting

16. Top 50 Cybersecurity Interview Questions and Answers

Originally published at www.edureka.co on March 4, 2019.

https://medium.com/edureka/python-arp-spoofer-for-ethical-hacking-58b0bbd81272 7/8
2/8/23, 11:16 PM ARP Spoofing — Automating Ethical Hacking with Python | by Aryya Paul | Edureka | Medium

Networking Ethical Hacking Python Arp Spoofing Arp Spoof

Open in app Get unlimited access

Search Medium

https://medium.com/edureka/python-arp-spoofer-for-ethical-hacking-58b0bbd81272 8/8
2/8/23, 11:23 PM Footprinting - The Understructure of Ethical Hacking | by Aryya Paul | Edureka | Medium

Published in Edureka

Aryya Paul Follow

Mar 26, 2019 · 5 min read · Listen

Save

Footprinting - The Understructure of Ethical

Hacking

Footprinting - Edureka

In the previous article, I told you how you can increase your Anonymity online. This
article will be about how to start with Ethical Hacking. I will be discussing the phase of
Footprinting, and some ways to gather information about the application you want to
test for Vulnerabilities.

https://medium.com/edureka/footprinting-in-ethical-hacking-6bea07de4362 1/8
2/8/23, 11:23 PM Footprinting - The Understructure of Ethical Hacking | by Aryya Paul | Edureka | Medium

The topics covered in this article are:

What is Footprinting?

Why is Footprinting Important?

Types of Footprinting

How to Gather Information in Footprinting?

What is Footprinting?
Imagine you are a well known Ethical Hacker and you get a job to check a Web
Application for vulnerabilities. You get the name of the organization whose website
you have to test. How would you start testing the website for vulnerabilities? You would
start by gathering information about that website. This is what Footprinting is.

Footprinting is a part of the Reconnaissance phase of Ethical Hacking in which you

gather information about the system/ application. The main aim of Footprinting is to
gather as much information as possible about the system/ application to narrow down
the areas and techniques of attack.

Most of the people find Footprinting boring, but it is a very important part of Ethical
Hacking. And the next section will tell you why.

Why is Footprinting Important?

Footprinting is considered one of the most important phases of Ethical Hacking. Let’s
take a movie plot for example. Suppose you are watching a Bank robbery movie, there
are people who have planned to rob a bank. Movies like Ocean’s Eleven, The Italian
Job, or Fast and Furious, do the characters directly buy guns and masks and enter the
bank to rob it? No! If they did this, they wouldn’t be able to rob the bank successfully.

So what do they do before robbing the bank? They make a proper plan on how to enter
the bank, how to handle the security, and prepare an escape plan. And to plan the
robbery, they need to observe certain things about the bank, the way it operates, how
the security works, etc. Knowing about the bank plays an important role in making the
plan.

https://medium.com/edureka/footprinting-in-ethical-hacking-6bea07de4362 2/8
2/8/23, 11:23 PM Footprinting - The Understructure of Ethical Hacking | by Aryya Paul | Edureka | Medium

Similarly, knowing about the system/ application is very important for ethical hacking
because it will let you know what type of vulnerabilities can be found and what attacks
are suitable.

Now that you’ve got an idea of what Footprinting is and why it is important, it’s time to
understand a little about the different types of Footprinting.

Types of Footprinting
Similar to Reconnaissance, Footprinting can be divided into two types:

1. Active Footprinting

2. Passive Footprinting

Active Footprinting
Active Footprinting is the type of Footprinting where you gather information about the
system/ application by directly interacting with the system. When you use Active
Footprinting, there is a high chance that some information like your IP address is
saved by the system you are trying to gather the information about.

Passive Footprinting
In the case of Passive Footprinting, you gather information without interacting with
the system/ application you are trying to know about. You gather information through
search engines or public records. When you use Passive Footprinting, there is no way
that the system would save your IP address.

Now that you have understood the basics of Footprinting, without further delay, let’s
get to the hands-on part of Footprinting

How to Gather Information in Footprinting?

In this section, I will show you some methods to gather information. I will be using
Kali Linux Operating System for this.

In this article, we will try to gather information about Edureka Community. Suppose
you don’t know anything about Edureka Community, how would you start gathering
information? The first step is to use a search engine.

https://medium.com/edureka/footprinting-in-ethical-hacking-6bea07de4362 3/8
2/8/23, 11:23 PM Footprinting - The Understructure of Ethical Hacking | by Aryya Paul | Edureka | Medium

Footprinting using Search Engine

Open a browser and search for “Edureka Community”.

You will find the URL of Edureka Community i.e., www.edureka.co/community. This
is the first piece of information you have found.

Using the URL of the website, you can find the IP address of the website by pinging to
it.

Ping to find the IP address

To find the IP address of Edureka Community website, open the terminal and run the
below command:

$ ping www.edureka.co

Wait, we wanted to find the IP address of www.edureka.co/community, then why did

we ping to www.edureka.co?

That is because Edureka Community is under the www.edureka.co domain and this
web application is structured such that the IP address of the community is the same as
that of the domain.

https://medium.com/edureka/footprinting-in-ethical-hacking-6bea07de4362 4/8
2/8/23, 11:23 PM Footprinting - The Understructure of Ethical Hacking | by Aryya Paul | Edureka | Medium

Run the above-mentioned command and you should see a similar output.

You can see that we found the IP address of Edureka Community. The IP address is
54.218.30.250.

The IP address is just a tiny piece of information about the website. To get more
information, we will use Whois Lookup.

Whois Lookup
Whois Lookup is a tool used to find out information such as DNS, domain names,
name servers, IP addresses, etc. Let’s use Whois Lookup to find some more
information about the Edureka Community website, open a browser and go to
http://whois.domaintools.com/

Enter the website name (or IP address) and click “Search“

This search will display various information about the website.

https://medium.com/edureka/footprinting-in-ethical-hacking-6bea07de4362 5/8
2/8/23, 11:23 PM Footprinting - The Understructure of Ethical Hacking | by Aryya Paul | Edureka | Medium

You can see in the above screenshot that the Server type being used by Edureka
Community is Apache/2.4.27. This gives a point for an Ethical Hacker to start testing.
And also, you can limit your attacks only to those that are applicable to Apache/2.4.27
Server.

This is how Footprinting helps an Ethical Hacker. The more information you gather
using Footprinting, the more places you get to look for vulnerabilities. Explore some
more ways to find information and see what other information you can gather using
Footprinting. If you wish to check out more articles on the market’s most trending
technologies like Artificial Intelligence, DevOps, Cloud, then you can refer to Edureka’s
official site.
https://medium.com/edureka/footprinting-in-ethical-hacking-6bea07de4362 6/8
2/8/23, 11:23 PM Footprinting - The Understructure of Ethical Hacking | by Aryya Paul | Edureka | Medium

Do look out for other articles in this series which will explain the various other aspects
of Cybersecurity.

1. What is Cybersecurity?

2. Cybersecurity Framework

3. Steganography Tutorial

4. What is Network Security?

5. What is Computer Security?

6. What is Application Security?

7. Penetration Testing

8. Ethical Hacking Tutorial

9. Everything You Need To Know About Kali Linux

10. Ethical Hacking using Python

11. DDOS attack

12. MacChanger with Python

13 ARP Spoofing

14. Proxychains, Anonsurf & MacChange

15. What is Cryptography?

16. Top 50 Cybersecurity Interview Questions and Answers

Originally published at www.edureka.co on March 26, 2019.

O i G t li it d
https://medium.com/edureka/footprinting-in-ethical-hacking-6bea07de4362 7/8
2/8/23, 11:23 PM Footprinting - The Understructure of Ethical Hacking | by Aryya Paul | Edureka | Medium
Open in app Get unlimited access

DNS Ethical Hacking Footprinting Ethical Hacking Training

Search Medium

https://medium.com/edureka/footprinting-in-ethical-hacking-6bea07de4362 8/8
2/8/23, 10:36 PM Steganography Tutorial — A Complete Guide For Beginners | by Aryya Paul | Edureka | Medium

Published in Edureka

Aryya Paul Follow

Jan 21, 2019 · 6 min read · Listen

Save

Steganography Tutorial — A Complete Guide For

Beginners

Open in app Get unlimited access

Search Medium

Steganography Tutorial — Edureka

Given the amount of data that is being generated and transmitted electronically in the
world today, it’s no surprise that numerous methods of protecting that data have
evolved. One of the rapidly growing methods is steganography. In this steganography
tutorial, we will cover steganography in detail.

https://medium.com/edureka/steganography-tutorial-1a3c5214a00f 1/8
2/8/23, 10:36 PM Steganography Tutorial — A Complete Guide For Beginners | by Aryya Paul | Edureka | Medium

Before we begin, let me just list out the topics I’ll be covering through the course of this
article.

What is Steganography?

How is Steganography different from Cryptography?

Steganography Techniques

Best tools to perform Steganography

Let’s get started!

What is Steganography?

Steganography is the art and science of embedding secret messages in a cover message in such
a way that no one, apart from the sender and intended recipient, suspects the existence of the
message

The diagram below depicts a basic steganographic model.

As the image depicts, both cover file(X) and secret message(M) are fed into
steganographic encoder as input. Steganographic Encoder function, f(X,M,K) embeds
the secret message into a cover file. Resulting Stego Object looks very similar to your
cover file, with no visible changes. This completes encoding. To retrieve the secret
message, Stego Object is fed into Steganographic Decoder.

https://medium.com/edureka/steganography-tutorial-1a3c5214a00f 2/8
2/8/23, 10:36 PM Steganography Tutorial — A Complete Guide For Beginners | by Aryya Paul | Edureka | Medium

Historical Background
Steganography is the practice of concealing a secret message behind a normal
message. It stems from two Greek words, which are steganos, means covered and
graphia, means writing. Steganography is an ancient practice, being practiced in
various forms for thousands of years to keep communications private. For Example:

The first use of steganography can be traced back to 440 BC when ancient Greece, people
wrote messages on wood and covered it with wax, that acted as a covering medium

Romans used various forms of Invisible Inks, to decipher those hidden messages light or heat
were used

During World War II the Germans introduced microdots, which were complete documents,
pictures, and plans reduced in size to the size of a dot and were attached to normal
paperwork

Null Ciphers were also used to hide unencrypted secret messages in an innocent looking
normal message

Now, we have a lot of modern steganographic techniques and tools to make sure that
knows our data remains secret. Now you might be wondering if steganography is same
as cryptography. No, they are two different concepts and this steganography tutorial
presents you the main differences between them.

How is Steganography different from Cryptography?

At their core, both of them have almost the same goal, which is protecting a message
or information from the third parties. However, they use a totally different mechanism
to protect the information.

Cryptography changes the information to ciphertext which cannot be understood

without a decryption key. So, if someone were to intercept this encrypted message,
they could easily see that some form of encryption had been applied. On the other
hand, steganography does not change the format of the information but it conceals the
existence of the message.

https://medium.com/edureka/steganography-tutorial-1a3c5214a00f 3/8
2/8/23, 10:36 PM Steganography Tutorial — A Complete Guide For Beginners | by Aryya Paul | Edureka | Medium

So, in other words, steganography is more discreet than cryptography when we want to
send confidential information. The downside being, the hidden message is easier to
extract if the presence of secret is discovered. For the remainder of this steganography
tutorial, we will learn about different steganography techniques and tools.

Steganography Techniques
Depending on the nature of the cover object(actual object in which secret data is
embedded), steganography can be divided into five types:

1. Text Steganography

2. Image Steganography

3. Video Steganography

4. Audio Steganography

5. Network Steganography

Let’s explore each of them in detail.

Text Steganography
Text Steganography is hiding information inside the text files. It involves things like
changing the format of existing text, changing words within a text, generating random

https://medium.com/edureka/steganography-tutorial-1a3c5214a00f 4/8
2/8/23, 10:36 PM Steganography Tutorial — A Complete Guide For Beginners | by Aryya Paul | Edureka | Medium

character sequences or using context-free grammars to generate readable texts.

Various techniques used to hide the data in the text are:

Format Based Method

Random and Statistical Generation

Linguistic Method

Image Steganography
Hiding the data by taking the cover object as the image is known as image
steganography. In digital steganography, images are widely used cover source because
there are a huge number of bits present in the digital representation of an image.
There are a lot of ways to hide information inside an image. Common approaches
include:

Least Significant Bit Insertion

Masking and Filtering

Redundant Pattern Encoding

Encrypt and Scatter

Coding and Cosine Transformation

Audio Steganography
In audio steganography, the secret message is embedded into an audio signal which
alters the binary sequence of the corresponding audio file. Hiding secret messages in
digital sound is a much more difficult process when compared to others, such as
Image Steganography. Different methods of audio steganography include:

Least Significant Bit Encoding

Parity Encoding

Phase Coding

Spread Spectrum

https://medium.com/edureka/steganography-tutorial-1a3c5214a00f 5/8
2/8/23, 10:36 PM Steganography Tutorial — A Complete Guide For Beginners | by Aryya Paul | Edureka | Medium

This method hides the data in WAV, AU, and even MP3 sound files.

Video Steganography
In Video Steganography you can hide kind of data into digital video format. The
advantage of this type is a large amount of data can be hidden inside and the fact that it
is a moving stream of images and sounds. You can think of this as the combination of
Image Steganography and Audio Steganography. Two main classes of Video
Steganography include:

Embedding data in uncompressed raw video and compressing it later

Embedding data directly into the compressed data stream

Network Steganography (Protocol Steganography)

It is the technique of embedding information within network control protocols used in
data transmission such TCP, UDP, ICMP etc. You can use steganography in some covert
channels that you can find in the OSI model. For Example, you can hide information in
the header of a TCP/IP packet in some fields that are either optional.

In today’s digitalized world, various software tools are available for Steganography. In
the remainder of this Steganography Tutorial, we will explore some of the popular
steganographic tools and their capabilities.

Best Tools to Perform Steganography

There are many software available that offer steganography. Some offer normal
steganography, but a few offer encryption before hiding the data. These are the
steganography tools which are available for free:

Stegosuite is a free steganography tool which is written in Java. With Stegosuite you
can easily hide confidential information in image files.

Steghide is an open source Steganography software that lets you hide a secret file in
image or audio file.

Xiao Steganography is a free software that can be used to hide data in BMP images
or in WAV files.

https://medium.com/edureka/steganography-tutorial-1a3c5214a00f 6/8
2/8/23, 10:36 PM Steganography Tutorial — A Complete Guide For Beginners | by Aryya Paul | Edureka | Medium

SSuite Picsel is another free portable application to hide text inside an image file
but it takes a different approach when compared to other tools.

OpenPuff is a professional steganographic tool where you can store files in image,
audio, video or flash files

Well, these are few tools to perform steganography. There are many other different
tools with different capabilities. However, you will get the desired results from these
tools.

So, we have reached the end of Steganographic Tutorial. Steganography was developed
for secure communication. However, criminals and terrorist organizations are using
this for their own purpose. So, understanding how to hide data steganography, and
prevent that data from being misused, can be very helpful for both attack and defense.

If you wish to check out more articles on the market’s most trending technologies like
Artificial Intelligence, DevOps, Ethical Hacking, then you can refer to Edureka’s
official site.

Do look out for other articles in this series which will explain the various other aspects
of Cybersecurity.

1. What is Cybersecurity?

2. Cybersecurity Framework

3. What is Cryptography?

4. What is Network Security?

5. What is Computer Security?

6. What is Application Security?

7. Penetration Testing

8. Ethical Hacking Tutorial

https://medium.com/edureka/steganography-tutorial-1a3c5214a00f 7/8
2/8/23, 10:36 PM Steganography Tutorial — A Complete Guide For Beginners | by Aryya Paul | Edureka | Medium

9. Everything You Need To Know About Kali Linux

10. Ethical Hacking using Python

11. DDOS attack

12. MacChanger with Python

13 ARP Spoofing

14. Proxychains, Anonsurf & MacChange

15. Footprinting

16. Top 50 Cybersecurity Interview Questions and Answers

Originally published at www.edureka.co on January 21, 2019.

Security Cryptography Cybersecurity Steganography

Steganography Techniques

https://medium.com/edureka/steganography-tutorial-1a3c5214a00f 8/8
2/8/23, 10:56 PM What is Penetration Testing? — A Comprehensive Guide To Methodologies and Tools | by Aryya Paul | Edureka | Medium

Published in Edureka

Aryya Paul Follow

Jan 10, 2019 · 8 min read

Save

What is Penetration Testing? — A

Comprehensive Guide To Methodologies and
Tools

What is Penetration Testing? — Edureka

You can find the essence of technology everywhere. As businesses increase their
dependency on Information Technology including Cloud, IOT, mobile devices, and
social media, their cyber risk continues to rise at an alarming rate. Almost every day,

https://medium.com/edureka/what-is-penetration-testing-f91668e2291a 1/10
2/8/23, 10:56 PM What is Penetration Testing? — A Comprehensive Guide To Methodologies and Tools | by Aryya Paul | Edureka | Medium

you can find a new headline regarding the latest cybersecurity attack. Hackers are
improving their methods and are still stealing millions of records and billions of
dollars at an alarming frequency. One way to combat these attacks is through
Penetration Testing. In this article, we will explore what is Penetration Testing and its
types. It will answer all the following questions regarding Penetration Testing:

1. What is Penetration Testing?

2. What are the phases of a Penetration Test?

3. What are different types of Penetration Testing?

4. What tools are used for Penetration Testing?

Let’s get started!

What is Penetration Testing?

Penetration Testing is answering a simple question: “What would a cybercriminal do to
harm my organization’ computer systems, applications, and network?“. It is the practice
of testing a computer system, network or web application to find vulnerabilities that
an attacker could exploit, simulating an attack against an organization’s IT assets.

Vulnerabilities could be due to multiple reasons, few basic ones being:

Flaws in the design of hardware and software

Usage of unsecured network

Poorly configured computer systems, networks & applications

Complex architecture of computer systems

Plausible human errors

So, an efficient penetration testing helps in finding the gaps in the security tools that
an organization is using, finds multiple attack vectors and misconfigurations. So an
organization can prioritize the risk, fix it and improve the overall security response
time. Moving forward, with this article we will learn how a typical penetration test is
carried out.
https://medium.com/edureka/what-is-penetration-testing-f91668e2291a 2/10
2/8/23, 10:56 PM What is Penetration Testing? — A Comprehensive Guide To Methodologies and Tools | by Aryya Paul | Edureka | Medium

What are the phases of a penetration test?

Penetration tester usually begins by gathering as much information about the target as
possible. Then he identifies the possible vulnerabilities in the system by scanning.
After which he launches an attack. Post-attack he analyses each vulnerability and the
risk involved. Finally, a detailed report is submitted to higher authorities summarizing
the results of the penetration test.

Penetration testing can be broken down into multiple phases, this will vary depending
on the organization and the type of penetration test.

Let’s discuss each phase:

Reconnaissance & Planning

The first phase is planning. Here, the attacker gathers as much information about the
target as possible. The data can be IP addresses, domain details, mail servers, network
topology, etc. In this phase, he also defines the scope and goals of a test, including the
systems to be addressed and the testing methods to be used. An expert penetration
tester will spend most of the time in this phase, this will help with further phases of
the attack.

Scanning
Based on the data collected in the first step, the attacker will interact with the target
with an aim to identify the vulnerabilities. This helps a penetration tester to launch
attacks using vulnerabilities in the system. This phase includes the use of tools such as
port scanners, ping tools, vulnerability scanners, and network mappers.

While testing web applications, the scanning part can be either dynamic or static.

In static scanning, the aim is to identify the vulnerable functions, libraries, and
logic implementation

Dynamic analysis is the more practical way of scanning compared to static analysis
where the tester will pass various inputs to the application and record the
responses

Actual Exploit

https://medium.com/edureka/what-is-penetration-testing-f91668e2291a 3/10
2/8/23, 10:56 PM What is Penetration Testing? — A Comprehensive Guide To Methodologies and Tools | by Aryya Paul | Edureka | Medium

This is the crucial phase that has to be performed with due care. This is the step where
the actual damage is done. Penetration Tester needs to have some special skills and
techniques to launch an attack on the target system. Using these techniques an
attacker will try to get the data, compromise the system, launch dos attacks, etc. to
check to what extent the computer system or application or a network can be
compromised.

Risk Analysis & Recommendations

After the penetration test is complete, the final goal is to collect the evidence of the
exploited vulnerabilities. This step mostly considers all the steps discussed above and
an evaluation of the vulnerabilities present in the form of potential risks. Sometimes,
in this step pen-tester also provides some useful recommendations to implement in
order to improve security levels.

Report Generation
Now, this is the final and the most important step. In this step, the results of the
penetration test are compiled into a detailed report. This report usually has the
following details:

Recommendations made in the previous phase

Vulnerabilities that were discovered and the risk levels they posses

Overall summary of the penetration test

Suggestions for future security

These phases may sometimes vary depending on the organization and the type of
penetration test being conducted. This article further explores different Penetration
Testing types.

What are different types of Penetration Testing?

Penetration testing can be categorized based on different parameters like the
knowledge of the target or the position of the penetration tester or the areas where it is
performed.

Penetration testing types based on knowledge of the target:

https://medium.com/edureka/what-is-penetration-testing-f91668e2291a 4/10
2/8/23, 10:56 PM What is Penetration Testing? — A Comprehensive Guide To Methodologies and Tools | by Aryya Paul | Edureka | Medium

Black Box

When the attacker has no knowledge of the target, it is referred to as a black box
penetration test. This type requires a lot of time and the pen tester uses automated
tools in order to find vulnerabilities and weak spots.

White Box

When the penetration tester is given the complete knowledge of the target, it is called a
white box penetration test. The attacker has complete knowledge of the IP addresses,
controls in place, code samples, operating system details etc. It requires less time
when compared to black box penetration testing.

Grey Box

When the tester is having partial information about the target, it is referred to as gray
box penetration testing. In this case, the attacker will have some knowledge of the
target information like URLs, IP addresses, etc., butwill not have complete knowledge
or access.

Penetration testing types based on the position of tester:

If the penetration test is conducted from outside the network, it is referred to as
external penetration testing

https://medium.com/edureka/what-is-penetration-testing-f91668e2291a 5/10
2/8/23, 10:56 PM What is Penetration Testing? — A Comprehensive Guide To Methodologies and Tools | by Aryya Paul | Edureka | Medium

Suppose, the attacker is present inside the network, simulation of this scenario is
referred to as internal penetration testing

Targeted testing is usually performed by the organization’s IT team and the

Penetration Testing team working together

In a blind penetration test, the penetration tester is provided with no prior

information except the organization name

In a double-blind test, at max, only one or two people within the organization might
be aware that a test is being conducted

Penetration testing types based on where it is performed:

Network Penetration Testing

Network Penetration Testing activity aims at discovering weaknesses and

vulnerabilities related to the network infrastructure of the organization. It involves,

https://medium.com/edureka/what-is-penetration-testing-f91668e2291a 6/10
2/8/23, 10:56 PM What is Penetration Testing? — A Comprehensive Guide To Methodologies and Tools | by Aryya Paul | Edureka | Medium

firewall configuration & bypass testing, Stateful analysis testing, DNS attacks etc. Most
common software packages which are examined during this test include:

Secure Shell(SSH)

SQL Server

MySQL

Simple Mail Transfer Protocol(SMTP)

File Transfer Protocol

Application Penetration Testing

In Application Penetration Testing, penetration tester checks, if any security

vulnerabilities or weaknesses are discovered in web-based applications. Core
application components such as ActiveX, Silverlight, and Java Applets, and APIs are all
examined. Therefore this kind of testing requires a lot of time.

Wireless Penetration Testing

In Wireless Penetration Testing, all of the wireless devices which are used in a
corporation are tested. It includes items such as tablets, notebooks, smartphones, etc.
This test spots vulnerabilities in terms of wireless access points, admin credentials,
and wireless protocols.

Social Engineering

Social Engineering Test involves attempting to get confidential or sensitive information

by purposely tricking an employee of the organization. You have two subsets here.

Remote testing — involves tricking an employee to reveal sensitive information via

an electronic means

Physical testing — involves the use of a physical means to gather sensitive

information, like threaten or blackmail an employee

Client-Side Penetration Testing

https://medium.com/edureka/what-is-penetration-testing-f91668e2291a 7/10
2/8/23, 10:56 PM What is Penetration Testing? — A Comprehensive Guide To Methodologies and Tools | by Aryya Paul | Edureka | Medium

The purpose of this type of testing is to identify security issues in terms of software
running on the customer’s workstations. Its primary goal is to search and exploit
vulnerabilities in client-side software programs. For example, web browsers (such as
Internet Explorer, Google Chrome, Mozilla Firefox, Safari), content creation software
packages (such as Adobe Framemaker and Adobe RoboHelp), media players, etc.

So, these are different types of penetration test based on different parameters. Now, in
the remaining of this article, we will talk about the tools that a penetration tester can
use to conduct a penetration test.

What tools are used for Penetration Testing?

Penetration testers take the aid of different kinds of penetration tools to make the
penetration test much faster, efficient, easy, and reliable. There are a lot of popular
Penetration Testing tools, where most of them are free or open source software. Some
of the most widely used pen testing tools include:

Nessus — It is a network and web application vulnerability scanner, it can perform

different types of scans and help a penetration tester identify vulnerabilities.

Metasploit — It is an exploitation framework that has been packed with various

capabilities. A skilled attacker can generate payloads, shellcodes, gain access, and
perform privilege escalation attacks using Metasploit.

Nmap or network mapper — A port scanner that scans systems and networks for
vulnerabilities linked to open ports.

Wireshark — It is a tool for profiling network traffic and for analyzing network
packets.

Apart from the above ones, there are others like John the Ripper, Burp Suite, Cain and
Abel, and many more popular tools.

Well, we have reached the end of this article. So, know you know what is Penetration
Testing, its phases, types, and tools.

If you wish to check out more articles on the market’s most trending technologies like
Artificial Intelligence, DevOps, Cloud, then you can refer to Edureka’s official site.

https://medium.com/edureka/what-is-penetration-testing-f91668e2291a 8/10
2/8/23, 10:56 PM What is Penetration Testing? — A Comprehensive Guide To Methodologies and Tools | by Aryya Paul | Edureka | Medium

Do look out for other articles in this series which will explain the various other aspects
of Ethical Hacking.

1. What is Cybersecurity?

2. Cybersecurity Framework

3. Steganography Tutorial

4. What is Network Security?

5. What is Computer Security?

6. What is Application Security?

7. What is Cryptography?

8. Ethical Hacking Tutorial

9. Everything You Need To Know About Kali Linux

10. Ethical Hacking using Python

11. DDOS attack

12. MacChanger with Python

13 ARP Spoofing

14. Proxychains, Anonsurf & MacChange

15. Footprinting

16. Top 50 Cybersecurity Interview Questions and Answers

Originally published at www.edureka.co on January 10, 2019.

https://medium.com/edureka/what-is-penetration-testing-f91668e2291a 9/10
2/8/23, 10:56 PM What is Penetration Testing? — A Comprehensive Guide To Methodologies and Tools | by Aryya Paul | Edureka | Medium

Security Ethical Hacking Ethical Hacking Training Penetration Testing

Ethical Hacking Tools

Open in app Get unlimited access

Search Medium

https://medium.com/edureka/what-is-penetration-testing-f91668e2291a 10/10
2/8/23, 11:20 PM Proxychains, Anonsurf & MacChanger - Enhance your Anonymity! | by Aryya Paul | Edureka | Medium

Published in Edureka

Aryya Paul Follow

Mar 15, 2019 · 7 min read · Listen

Save

Proxychains, Anonsurf & MacChanger - Enhance

your Anonymity!

Proxychains, Anosurf & MacChanger — Edureka

Ethical Hacking is considered to be the bright side of Hacking because it is used for the
purpose of making the Security better. But even if Ethical Hacking is legal, it is not
completely safe for an Ethical Hacker, and hence, Anonymity is like a shield. In this
article, I will tell you why Anonymity is important for an Ethical Hacker and how one
can increase their Anonymity.
https://medium.com/edureka/proxychains-anonsurf-macchanger-ethical-hacking-53fe663b734 1/12
2/8/23, 11:20 PM Proxychains, Anonsurf & MacChanger - Enhance your Anonymity! | by Aryya Paul | Edureka | Medium

These are the topics I will be covering in this article:

Why is Anonymity important for Ethical Hacking?

Proxychains for Anonymity

Anonsurf for Anonymity

MacChanger for Anonymity

Why is Anonymity important for Ethical Hacking?

“Why should I be anonymous while Ethically Hacking?

This is a common question I have been asked when I tell someone about being
anonymous for Ethical Hacking. The answer to this is, “Because you are not alone”.

Let me explain this in brief. If you are an Ethical Hacker, then the organization has
given you permission and due to this, you might think that you are not in trouble. But
keep in mind that while you are trying to find a vulnerability, there might be some
other hacker in the network. And to protect yourself from that hacker, you need to be
Anonymous.

You never know who else is in the same network that you are in. And if a Black hat
hacker finds that there is someone else in the network, then he might try to hack your
system. This is why Anonymity is important even for Ethical Hackers.

Now, that you know why Anonymity is necessary, let’s see how you can be anonymous.
I will discuss 3 ways to protect your identity using Anonsurf, Proxychains, and
MacChanger for ethical hacking.

Proxychains for Anonymity

Before understanding about Proxychains for ethical hacking, let me tell you what
Proxies are. Do you know what happens when you request a server for some web page?
The request is sent from your system to the server. The server processes the request
and responds with the data that you requested for. And then, this response is sent to
your system.
https://medium.com/edureka/proxychains-anonsurf-macchanger-ethical-hacking-53fe663b734 2/12
2/8/23, 11:20 PM Proxychains, Anonsurf & MacChanger - Enhance your Anonymity! | by Aryya Paul | Edureka | Medium

Well, how do you think the server identifies your system? Through your IP address!

The IP address can be used to identify the hacker’s system and the proxy is a way to
avoid this. A proxy redirects the requests from your system to the main server through
the proxy server. Using this, the IP address of your system is hidden because the
request made to the main server is through the proxy server.

When you use Proxychain for ethical hacking, instead of one proxy server, your
request gets redirected through multiple proxy servers. This makes tracing back the IP
difficult. Now that you know what Proxychains are, let’s see how to use Proxychain for
ethical hacking.

To install Proxychain, open the terminal and run the following command:

$ sudo apt-get install proxychains

https://medium.com/edureka/proxychains-anonsurf-macchanger-ethical-hacking-53fe663b734 3/12
2/8/23, 11:20 PM Proxychains, Anonsurf & MacChanger - Enhance your Anonymity! | by Aryya Paul | Edureka | Medium

Next, you need to make some changes in the configuration file. Open the
proxychains.conf file.

$ sudo nano /etc/proxychains.conf

In this file, by default, the line dynamic_chain is commented and the line strict_chain
is not commented. Remove the comment from dynamic_chain and comment out
strict_chain. This is to make Proxychain work even if few proxy servers are not online.

To make Proxychain for ethical hacking more effective, let us add some more proxy
servers. Scroll down to the end of the file and you will see a default proxy server. Add
the following lines at the end of the file:

socks4 36.66.210.159 44034

socks4 182.52.51.19 32591
socks4 167.249.78.22 4145
socks4 91.195.158.171 4145

https://medium.com/edureka/proxychains-anonsurf-macchanger-ethical-hacking-53fe663b734 4/12
2/8/23, 11:20 PM Proxychains, Anonsurf & MacChanger - Enhance your Anonymity! | by Aryya Paul | Edureka | Medium

socks4 45.4.255.168 4145

socks4 31.145.166.28 4145

I suggest you add more such proxy servers. You’ll find the details of proxy servers with
a simple “proxy server list” search on the internet.

Save (Ctrl+O) and exit (Ctrl+X) the file.

Before using Proxychain, check if your IP address is traceable. To check this, open any
Internet Browser and open the following URL: https://www.dnsleaktest.com. This
website will display your IP address. Close the browser. Now let’s try Proxychain.

The syntax to run proxychain is: $ proxychains <application/command>

Let’s run Proxychain and see if it works. Open the terminal and run the following
command:

$ proxychains firefox www.dnsleaktest.com

You can now see that the IP address has changed.

https://medium.com/edureka/proxychains-anonsurf-macchanger-ethical-hacking-53fe663b734 5/12
2/8/23, 11:20 PM Proxychains, Anonsurf & MacChanger - Enhance your Anonymity! | by Aryya Paul | Edureka | Medium

Now, click on Standard Test. If the proxy servers you are using are online, then you will
be shown different IP addresses that hide your actual IP address.

Proxychain is a great way to hide the IP address. But it is not enough. To add another
layer of anonymity, you can use Anonsurf.

Anonsurf for Anonymity

Anonsurf is a tool that will help you stay anonymous by routing every packet through
TOR relay. When you use Anonsurf for ethical hacking, all the traffic from your system
goes through a TOR proxy server due to which your IP address is changed.

Now let’s see how to install and use Anonsurf for ethical hacking on Ubuntu.

To download Anonsurf, run the below command in the terminal:

$ git clone https://github.com/Und3rf10w/kali-anonsurf.git

https://medium.com/edureka/proxychains-anonsurf-macchanger-ethical-hacking-53fe663b734 6/12
2/8/23, 11:20 PM Proxychains, Anonsurf & MacChanger - Enhance your Anonymity! | by Aryya Paul | Edureka | Medium

Next, you will have to install Anonsurf. To do this, run the following commands in the
terminal:

$ cd kali-anonsurf/

$ ./installer.sh

Now that Anonsurf is installed, let’s see how it works. But before that, let’s check if
your IP is traceable. To check this, open any internet browser and open the following
URL: https://www.dnsleaktest.com

This website will display your IP address. Now close the browser and run Anonsurf.

To start Anonsurf, run the below command in the terminal:

$ anonsurf start

Now, open the browser again and goto https://www.dnsleaktest.com. You will see that
your IP address is changed. This means that the traffic from your system is being
routed through another server.

https://medium.com/edureka/proxychains-anonsurf-macchanger-ethical-hacking-53fe663b734 7/12
2/8/23, 11:20 PM Proxychains, Anonsurf & MacChanger - Enhance your Anonymity! | by Aryya Paul | Edureka | Medium

To know about other options of Anonsurf for ethical hacking, run the following
command in the terminal:

$ anonsurf

https://medium.com/edureka/proxychains-anonsurf-macchanger-ethical-hacking-53fe663b734 8/12
2/8/23, 11:20 PM Proxychains, Anonsurf & MacChanger - Enhance your Anonymity! | by Aryya Paul | Edureka | Medium

Anonsurf and Proxychains help you hide your IP address. But is hiding the IP address
enough? Not at all! The next level of Anonymity can be achieved by changing the MAC
address.

MacChanger for Anonymity

Every device has a unique MAC address assigned to it by the manufacturer. This MAC
address is stored in the router’s table when you are connected to it. Because the MAC
address is unique to every device, it can be used to identify the system/ device that was
used by the hacker, which might result in revealing your identity.

To avoid getting identified by your MAC address, you can temporarily change it. This is
where you can use MacChanger for ethical hacking. MacChanger is a tool that will
change the MAC address of a device to a fake MAC address until the device is rebooted.

To install MacChanger, run the below command in your terminal:

$ sudo apt install macchanger

Now, let me tell you how you can change the MAC address of a network device.

To check which devices are available on your system, run the below command in your
terminal:

$ ifconfig

https://medium.com/edureka/proxychains-anonsurf-macchanger-ethical-hacking-53fe663b734 9/12
2/8/23, 11:20 PM Proxychains, Anonsurf & MacChanger - Enhance your Anonymity! | by Aryya Paul | Edureka | Medium

Look at the MAC address of the interface ens33, I will be changing this to some
random MAC address. To change the MAC address, I will run the following command
in the terminal:

$ sudo macchanger -r ens33

Note: You might have different interfaces on your system, make the changes in the
above command accordingly.

You can see that the MAC address has been changed. MacChanger is a simple, but
important tool to hide the hacker’s identity.

You have learned 3 ways to maintain your anonymity. There are many such tools
hackers use to keep themselves anonymous. I suggest you research more on how else
you can increase your anonymity. If you wish to check out more articles on the
market’s most trending technologies like Artificial Intelligence, DevOps, Cloud, then
you can refer to Edureka’s official site.

https://medium.com/edureka/proxychains-anonsurf-macchanger-ethical-hacking-53fe663b734 10/12
2/8/23, 11:20 PM Proxychains, Anonsurf & MacChanger - Enhance your Anonymity! | by Aryya Paul | Edureka | Medium

Do look out for other articles in this series which will explain the various other aspects
of Cybersecurity.

1. What is Cybersecurity?

2. Cybersecurity Framework

3. Steganography Tutorial

4. What is Network Security?

5. What is Computer Security?

6. What is Application Security?

7. Penetration Testing

8. Ethical Hacking Tutorial

9. Everything You Need To Know About Kali Linux

10. Ethical Hacking using Python

11. DDOS attack

12. MacChanger with Python

13 ARP Spoofing

14. What is Cryptography?

15. Footprinting

16. Top 50 Cybersecurity Interview Questions and Answers

Originally published at www.edureka.co on March 15, 2019.

https://medium.com/edureka/proxychains-anonsurf-macchanger-ethical-hacking-53fe663b734 11/12
2/8/23, 11:20 PM Proxychains, Anonsurf & MacChanger - Enhance your Anonymity! | by Aryya Paul | Edureka | Medium

Ethical Hacking Proxychains Anonsurf Macchanger Ethical Hacker

Open in app Get unlimited access

Search Medium

17

https://medium.com/edureka/proxychains-anonsurf-macchanger-ethical-hacking-53fe663b734 12/12
2/8/23, 11:08 PM What is DDOS Attack? — A Comprehensive Guide To DDOS | by Aryya Paul | Edureka | Medium

Published in Edureka

Aryya Paul Follow

Jan 30, 2019 · 7 min read · Listen

Save

What is DDOS Attack? — A Comprehensive

Guide To DDOS

What is DDOS Attack? — Edureka

Distributed Denial of Service, also commonly abbreviated to DDOS, is a cyber attack,

made infamous by movies and the internet. Simply put, it is a situation where any sort
of service is being denied. In this article, I will give a comprehensive explanation of
how this particular attack works and also go over its different types. I will also

https://medium.com/edureka/what-is-ddos-attack-9b73bd7b9ba1 1/11
2/8/23, 11:08 PM What is DDOS Attack? — A Comprehensive Guide To DDOS | by Aryya Paul | Edureka | Medium

demonstrate how you could perform your very own DOS attack on a wireless network.
Below are the topics covered in this article:

What is DOS & DDOS?

How does it Work?

Types of DDOS Attacks

Your Very Own DOS Attack

What is DOS & DDOS?

To understand what DDOS attack is, it is essential to understand the fundamentals of a
DOS attack.

DOS — Simply stands for Denial Of Service. This service could be of any kind, for
example, imagine your mother confiscates your cell phone when you are preparing for
your exams to help you study without any sort of distraction. While the intention of
your mother is truly out of care and concern, you are being denied the service of
calling and any other services offered by your cell phone.

With respect to a computer and computer networks or during an ethical hacking

engagement, a denial of service could in the form of:

Hijacking web-servers

Overloading ports with requests rendering them unusable

Denying wireless authentication

Denying any sort of service that is provided on the internet

Attacks of such intent can be performed from a single machine. While single machine
attacks are much easier to execute and monitor, they are also easy to detect and
mitigate too. To solve this issue, the attack could be executed from multiple devices
spread across a wide area. Not only does this make it difficult to stop the attack, but it
also becomes near impossible to point out the main culprit. Such attacks are called
Distributed Denial of Service or DDOS attacks.

https://medium.com/edureka/what-is-ddos-attack-9b73bd7b9ba1 2/11
2/8/23, 11:08 PM What is DDOS Attack? — A Comprehensive Guide To DDOS | by Aryya Paul | Edureka | Medium

How Does it Work?

The main idea of a DOS attack as explained is making a certain service unavailable.
Since everything that is attacked is, in reality, running on a machine, the service can be
made unavailable if the performance on the machine can be brought down. This is the
fundamental behind DOS and DDOS.

Some DOS attacks are executed by flooding servers with connection requests until the
server is overloaded and is deemed useless. Others are executed by sending
unfragmented packets to a server which they are unable to handle. These methods
when executed by a botnet, exponentially increase the amount of damage that they are
doing, and their difficulty to mitigate increases in leaps and bounds.

To understand more about how the attack works, let us take a look at the different
types.

Types of DDOS Attacks

While there are plenty of ways to perform a DDOS attack, I’ll be listing down the more
famous ones. These methodologies have become famous due to their success rate and
the damage they have caused. It is important to note that with the advancement in
technology, the more creative minds have devised more devious ways to perform DOS
attacks.

Below are the types of attacks:

Ping of Death
According to the TCP/IP protocol, the maximum size of a packet can be 65,535 bytes.
The ping of death attack exploits this particular fact. In this type of attack, the attacker
sends packets that are more than the max packet size when the packet fragments are
added up. Computers generally do not know what to do with such packets and end up
freezing or sometimes completely crashing.

Reflected Attacks
This type of attack is performed with the help of a botnet also called reflectors in this
case. The attacker sends a host of innocent computers a connection request using a
botnet, that looks like it came from the victim machine (this is done by spoofing the
source in the packet header). This makes the host of computer send an
https://medium.com/edureka/what-is-ddos-attack-9b73bd7b9ba1 3/11
2/8/23, 11:08 PM What is DDOS Attack? — A Comprehensive Guide To DDOS | by Aryya Paul | Edureka | Medium

acknowledgment to the victim computer. Since there are multiple such requests from
different computers to the same machine, this overloads the computer and crashes it.
This type is also called a smurf attack.

Mailbomb
Mailbomb attacks generally attack email servers. In this type of attacks instead of
packets, oversized emails filled with random garbage values are sent to a targeted
email server. This generally crashes the email server due to a sudden spike in load and
renders them useless until fixed.

https://medium.com/edureka/what-is-ddos-attack-9b73bd7b9ba1 4/11
2/8/23, 11:08 PM What is DDOS Attack? — A Comprehensive Guide To DDOS | by Aryya Paul | Edureka | Medium

Teardrop
In this type of attack, the fragmentation offset field of a packet is abused. One of the
fields in an IP header is the “fragment offset” field, indicating the starting position, or
offset, of the data contained in a fragmented packet relative to the data in the original
packet. If the sum of the offset and size of one fragmented packet differs from that of
the next fragmented packet, the packets overlap. When this happens, a server
vulnerable to teardrop attacks is unable to reassemble the packets — resulting in a
denial-of-service condition.

Your Very Own DOS Attack

https://medium.com/edureka/what-is-ddos-attack-9b73bd7b9ba1 5/11
2/8/23, 11:08 PM What is DDOS Attack? — A Comprehensive Guide To DDOS | by Aryya Paul | Edureka | Medium

In this section of this article, I’ll be demonstrating how you could perform a denial of
service attack on a wireless network and practically deny them any sort of access to the
internet from that specific access point. This attack is illegal and you could be
prosecuted if caught, so I urge you to perform this with permission only for
educational purposes and not cause any sort of unnecessary chaos. It is the job of an
ethical hacker to mitigate these attacks and not cause them.

For this particular attack, you will need a Linux machine which you could set up on a
virtual box or dual boot your machine. The following tools also need to be installed:

aircrack-ng (apt-get install aircrack-ng)

macchanger (apt-get install macchanger)

Step 1: Start up your Linux machine and log in as root. After you have logged in, check
the name of your network interface card which is wlo1 for my case. You can find out
your network card name by typing in ‘ifconfig’.

Step 2: Now that we know our network interface card name, we need to set it up into
monitor mode. See the picture below for the commands.

https://medium.com/edureka/what-is-ddos-attack-9b73bd7b9ba1 6/11
2/8/23, 11:08 PM What is DDOS Attack? — A Comprehensive Guide To DDOS | by Aryya Paul | Edureka | Medium

Step 3: After you have successfully set up your interface card in monitor mode, check
for processes that might interfere with our scan. Kill them using their PID. Check
picture for commands. Keep killing processes until none left.

https://medium.com/edureka/what-is-ddos-attack-9b73bd7b9ba1 7/11
2/8/23, 11:08 PM What is DDOS Attack? — A Comprehensive Guide To DDOS | by Aryya Paul | Edureka | Medium

Step 4: Now we need to scan for available access points. We need to choose an access
point from this list by choosing their BSSID. To run the scan, you have to type
‘airodump-ng wlo1‘. You will have to use your interface name instead of wlo1.

https://medium.com/edureka/what-is-ddos-attack-9b73bd7b9ba1 8/11
2/8/23, 11:08 PM What is DDOS Attack? — A Comprehensive Guide To DDOS | by Aryya Paul | Edureka | Medium

Step 5: After you have selected the wireless access point you would want to run a DOS
attack on, copy down the BSSID and open a new terminal window. Here we will de-
authenticate all devices continuously and they will not be able to connect to the
internet using that particular access point, in short, denying them any service on the
internet and the internet itself. Make sure your network card is also running on the
same channel. Check the screenshot for the code.

https://medium.com/edureka/what-is-ddos-attack-9b73bd7b9ba1 9/11
2/8/23, 11:08 PM What is DDOS Attack? — A Comprehensive Guide To DDOS | by Aryya Paul | Edureka | Medium

This brings us to the end of our article on “What is DDOS Attack?”. I hope you found
this article informative and added value to your knowledge. If you wish to check out
more articles on the market’s most trending technologies like Artificial Intelligence,
DevOps, Cloud, then you can refer to Edureka’s official site.

Do look out for other articles in this series which will explain the various other aspects
of Cybersecurity.

1. What is Cybersecurity?

2. Cybersecurity Framework

3. Steganography Tutorial

4. What is Network Security?

5. What is Computer Security?

6. What is Application Security?

7. Penetration Testing

8. Ethical Hacking Tutorial

9. Everything You Need To Know About Kali Linux

https://medium.com/edureka/what-is-ddos-attack-9b73bd7b9ba1 10/11
2/8/23, 11:08 PM What is DDOS Attack? — A Comprehensive Guide To DDOS | by Aryya Paul | Edureka | Medium

10. Ethical Hacking using Python

11. What is Cryptography?

12. MacChanger with Python

13 ARP Spoofing

14. Proxychains, Anonsurf & MacChange

15. Footprinting

16. Top 50 Cybersecurity Interview Questions and Answers

Open in app
Originally published at www.edureka.co on January 30, 2019. Get unlimited access

Search Medium

Cybersecurity Ddos Ddos Protection Ethical Hacking Dos Attack

https://medium.com/edureka/what-is-ddos-attack-9b73bd7b9ba1 11/11
2/8/23, 10:59 PM Ethical Hacking 101 — A Comprehensive Guide To Ethical Hacking | by Aryya Paul | Edureka | Medium

Published in Edureka

Aryya Paul Follow

Jan 3, 2019 · 12 min read · Listen

Save

Ethical Hacking 101 — A Comprehensive Guide

To Ethical Hacking

Ethical Hacking Tutorial — Edureka

Ethical Hacking is a discipline widely followed by major big-wigs of the tech industry
to protect their organization against any forthcoming probes from black hat hackers.
In this Ethical Hacking Tutorial, I’ll be discussing some key points of this discipline
that is being followed around the globe. The following topics will be discussed:

https://medium.com/edureka/ethical-hacking-tutorial-1081f4aacc53 1/21
2/8/23, 10:59 PM Ethical Hacking 101 — A Comprehensive Guide To Ethical Hacking | by Aryya Paul | Edureka | Medium

What is Ethical Hacking?

Ethical Hacker Roles

Why is Ethical Hacking Important?

What is a Security Threat?

Types of Security Threats

Security Threats: Preventive Measures

Ethical Hacker Skills

Why Learn Programming?

Ethical Hacking Tools

What is Social Engineering?

Social Engineering Techniques

Cryptography

Standard Cryptographic Algorithms

RC4 Decryption Demonstration

What is Ethical Hacking?

The act of hacking is defined as the process of finding a set of vulnerabilities in a
target system and systematically exploiting them. Ethical Hacking as a discipline
discerns itself from hacking by adding a vital element to the process — ‘consent’. The
addition of ‘consent’ to this process serves two objectives –

The process becomes a legal activity

Since the ethical hacker takes permission prior to hacking into a system, it is
legally made sure that he has no malicious intent. This is normally performed by
making the ethical hacker sign contracts that legally bind him to work towards the
improvement of the security of the company
https://medium.com/edureka/ethical-hacking-tutorial-1081f4aacc53 2/21
2/8/23, 10:59 PM Ethical Hacking 101 — A Comprehensive Guide To Ethical Hacking | by Aryya Paul | Edureka | Medium

Ergo, an ethical hacker is a computer security specialist, who hacks into a system with
the consent or permission of the owner to disclose vulnerabilities in the security of the
system in order to improve it. Now, let us go over the roles of an ethical hacker in this
ethical hacking tutorial.

Ethical Hacker Roles

Ethical hackers have various roles in the organization they work for. Considering the
fact that ethical hacking is adopted by public and private organizations alike, goals
may end up being diverse, but they can be boiled down to a few key points –

Protect the privacy of the organization the ethical hacker is working for.

Immaculately report any sort of discrepancy in the system to the corresponding

division with the responsibility of mending the vulnerability.

Update hardware and software vendors regarding any sort of vulnerabilities found
in their product, that is being used to orchestrate business.

Why is Ethical Hacking Important?

Data has become an invaluable resource. Accordingly, the preservation of privacy, and
integrity of data has also increased in importance. In essence, this makes ethical
hacking extremely important today! This is primarily due to the fact that almost every
business out there has an internet-facing side. Whether it be public relations, content
marketing or sales, the internet is being used as a medium. This makes any endpoint
that is being used to serve the medium, a possible vulnerability.

Furthermore, hackers of the present age, have proven themselves to be creative

geniuses when it comes to penetrating into a system. Fighting fire with fire might not
work in the real world, but to fight off a hacker so smart, an organization needs
someone who has the same train of thought. Recent hacking outages have to lead to
losses amounting to millions of dollars. These incidents have cautioned businesses
around the globe and made them rethink their stance on the importance of ethical
hacking and cybersecurity.

Having laid down the grounds for ethical hackers after specifying their roles and

https://medium.com/edureka/ethical-hacking-tutorial-1081f4aacc53 3/21
2/8/23, 10:59 PM Ethical Hacking 101 — A Comprehensive Guide To Ethical Hacking | by Aryya Paul | Edureka | Medium

importance to an organization, let us move forward and discuss some key elements of
ethical hacking in this ethical hacking tutorial.

What is a Security Threat?

As an ethical hacker, your daily routine will include dealing with a bunch of security
threats.

Any risk that has the potential to harm a system or an organization as a whole is a security
threat. Let’s go over the types of security threats.

Types of Security Threats

Threats are of two types:

Physical Threats
Physical threats are further divided into three categories.

Internal e.g. hardware fire, faulty power supply, internal hardware failures etc

External e.g. floods, fires, earthquakes etc

Human e.g. vandalism, arson, accidental errors etc

Non-Physical Threats
Non-physical threats include every threat that has no physical manifestation. They are
also known as logical threats. Below is a picture of the most common non-physical
threats:

https://medium.com/edureka/ethical-hacking-tutorial-1081f4aacc53 4/21
2/8/23, 10:59 PM Ethical Hacking 101 — A Comprehensive Guide To Ethical Hacking | by Aryya Paul | Edureka | Medium

An ethical hacker generally deals with non-physical threats on a daily basis, and it is
his responsibility, to come up with preventive measures for these threats.

Security Threats: Preventive Measures

While most preventive measures adopted by ethical hackers tend to differ for every
organization due to customized needs, they can be boiled down to some key
methodologies that are ubiquitously followed –

Every organization must have a logical security measure in place. This could also
include cognitive cybersecurity measures adopted by an organization which
operates on an incident response system.

Authentication can be improved and made more efficient by using multi-factor

authentication systems. Authentication methods can be in the form of user IDs and
strong passwords, smart cards, captchas, biometric, etc.

For protection against entities like worms, trojans, viruses etc. organizations
sometimes use specially curated anti-viruses that are made keeping the company’s
special needs in mind. Additionally, an organization may also find it beneficial to
use control measures on the use of external storage devices and visiting the

https://medium.com/edureka/ethical-hacking-tutorial-1081f4aacc53 5/21
2/8/23, 10:59 PM Ethical Hacking 101 — A Comprehensive Guide To Ethical Hacking | by Aryya Paul | Edureka | Medium

website that is most likely to download unauthorized programs onto the target
computer.

Intrusion-detection/prevention systems can be used to protect against denial of

service attacks. There are other measures too that can be put in place to avoid
denial of service attacks.

Having discussed the types of threats an ethical hacker deals with regularly, let’s go
over the skills that are required to be able to deal with the discussed threats in this
ethical hacking tutorial.

Ethical Hacker Skills

An ethical hacker is a computer expert, who specializes in networking and penetration

testing. This generally entails the following skillset –

Expertise in various operating systems, primarily Linux and its various

distribution. This is because a good portion of vulnerability testing includes
invading the target system and sifting through their system. This is impossible
without a good grasp on operating systems.

In-depth knowledge of networking is also key to a successful ethical hacking

career. This involves packet tracking, packet sniffing, intrusion detection &
prevention, scanning subnets etc.

Programming: Now programming is a vast topic with nuances in every language.

As an ethical hacker, it is not expected of you to be a master-coder, but rather be a
jack-of-all-trades.

https://medium.com/edureka/ethical-hacking-tutorial-1081f4aacc53 6/21
2/8/23, 10:59 PM Ethical Hacking 101 — A Comprehensive Guide To Ethical Hacking | by Aryya Paul | Edureka | Medium

Below is a table of the major/commonly used programming languages. They mainly

are HTML, Javascript, SQL, PHP, Ruby, and Bash. Knowing these will definitely help
you as an ethical hacker:

Why Learn Programming?

Whenever I’ve mentioned that programming is an ethical hacking essential, I’ve been
asked why. This is mostly because people do not have the slightest clue about the roles
and responsibilities of an ethical hacker. Here are a few reasons that make
programming knowledge crucial for an ethical hacking career:

Ethical hackers are the problem solver and tool builders, learning how to program
will help you implement solutions to problems.

Programming also helps automate tasks that would generally take up precious time
to complete

Writing programs can also help you identify and exploit programming errors in
applications that you will be targeting

Programming knowledge also helps customize pre-existing tools to cater to your

needs. For example, Metasploit is written in Ruby and you can add a new exploit to
it if you know how to write one in Ruby

Talking about tools used in ethical hacking, let us go over a few of them.
https://medium.com/edureka/ethical-hacking-tutorial-1081f4aacc53 7/21
2/8/23, 10:59 PM Ethical Hacking 101 — A Comprehensive Guide To Ethical Hacking | by Aryya Paul | Edureka | Medium

Ethical Hacking Tools

It is impossible to go over every ethical hacking tool out there in a single article, hence,
I’ll just be going over some of the really famous ones in this section:

Nmap
Nmap, short for Network Mapper, is a reconnaissance tool that is widely used by
ethical hackers to gather information about a target system. This information is key to
deciding the proceeding steps to attack the target system. Nmap is cross-platform and
works on Mac, Linux, and Windows. It has gained immense popularity in the hacking
community due to its ease of use and powerful searching & scanning abilities.

Netsparker

Netsparker is a web application security testing tool. Netsparker finds and reports web
application vulnerabilities such as SQL Injection and Cross-site Scripting (XSS) on all
types of web applications, regardless of the platform and technology they are built
with. Netsparker’s unique and dead accurate Proof-Based Scanning technology does
not just report vulnerabilities, it also produces a Proof-of-Concept to confirm they are
not false positives. Freeing you from having to double check the identified
vulnerabilities.

Burpsuite

https://medium.com/edureka/ethical-hacking-tutorial-1081f4aacc53 8/21
2/8/23, 10:59 PM Ethical Hacking 101 — A Comprehensive Guide To Ethical Hacking | by Aryya Paul | Edureka | Medium

Burp Suite is a Java-based Web Penetration Testing framework. It has become an

industry standard suite of tools used by information security professionals. Burp Suite
helps you identify vulnerabilities and verify attack vectors that are affecting web
applications. Burp Suit’s unquestionable acceptance and fame can be attributed to the
fantastic web application crawler. It can –

Accurately map content and functionality

Automatically handling sessions

Handles all sorts of state changes, volatile content, and application logins

Metasploit
Metasploit is an open-source pen-testing framework written in Ruby. It acts as a public
resource for researching security vulnerabilities and developing code that allows a
network administrator to break into his own network to identify security risks and
document which vulnerabilities need to be addressed first. It is also one of the few
tools used by beginner hackers to practice their skills. It also allows you to replicate
websites for phishing and other social engineering purposes.

Talking about social engineering, let us take a moment to discuss the same.

What is Social Engineering?

Social engineering has proven itself to be a very effective mode of hacking amongst
other malicious activities. The term encapsulates a broad range of malicious activities
accomplished through human interactions. It uses psychological manipulation to trick
users into committing security mistakes or giving away sensitive information.

https://medium.com/edureka/ethical-hacking-tutorial-1081f4aacc53 9/21
2/8/23, 10:59 PM Ethical Hacking 101 — A Comprehensive Guide To Ethical Hacking | by Aryya Paul | Edureka | Medium

Social engineering is a multi-step process. A perpetrator first investigates the intended

victim to gather necessary background information, such as potential points of entry
and weak security protocols, needed to proceed with the attack. Then, the attacker
moves to gain the victim’s trust and provide stimuli for subsequent actions that break
security practices, such as revealing sensitive information or granting access to critical
resources.

The image below depicts the various phases of a social engineering attack:

Social Engineering Techniques

Moving forward in this ethical hacking tutorial, let us discuss the various methods
used for social engineering.

Familiarity Exploit

https://medium.com/edureka/ethical-hacking-tutorial-1081f4aacc53 10/21
2/8/23, 10:59 PM Ethical Hacking 101 — A Comprehensive Guide To Ethical Hacking | by Aryya Paul | Edureka | Medium

You always trust someone you are familiar with, don’t you? That’s exactly what social
engineering evangelists take advantage of! The perpetrator might get themselves
familiarized with the chosen target with day to day methodologies which have a facade
of friendliness painted all over it. These can include activities like joining someone for
a smoke, going out for drinks, playing video games etc.

Phishing

Phishing has proven itself to be a fantastic approach to social engineering. Phishing

involves creating counterfeit websites that have the look and feel of a legitimate
website. People who visit the website are tricked into entering their credentials that are
then stored and redirected to the hacker’s system.

Exploiting Human Emotions

https://medium.com/edureka/ethical-hacking-tutorial-1081f4aacc53 11/21
2/8/23, 10:59 PM Ethical Hacking 101 — A Comprehensive Guide To Ethical Hacking | by Aryya Paul | Edureka | Medium

Exploiting human emotions is probably the easiest craft of social engineering. Feelings
like greed and pity are very easily triggered. A social engineer may deliberately drop a
virus infected flash disk in an area where the users can easily pick it up. The user will
most likely plug the flash disk into the computer. The drive may be infested with all
sorts of nonphysical threats which may actually be an infected file.

It is an ethical hacker’s job to spread awareness about such techniques in the

organization he/ she works for. Now let’s take a moment to talk about cryptography and
cryptanalysis in this ethical hacking tutorial.

Cryptography
Cryptography is the art of ciphering text into an unreadable format. Just in case your
data falls into the wrong hand, you can stay at ease as long as it is well encrypted. Only
the person with the decryption key will be able to see the data. An ethical hacker is
more interested in the working of algorithms that let him decipher the data without
the key. This is called cryptanalysis.

https://medium.com/edureka/ethical-hacking-tutorial-1081f4aacc53 12/21
2/8/23, 10:59 PM Ethical Hacking 101 — A Comprehensive Guide To Ethical Hacking | by Aryya Paul | Edureka | Medium

Cryptanalysis
Cryptanalysis is the study of analyzing information systems in order to study the
hidden aspects of the systems. Cryptanalysis is used to breach cryptographic security
systems and gain access to the contents of encrypted messages, even if the
cryptographic key is unknown. Methodologies like Brute force, Dictionary attacks,
Rainbow table attacks have all stemmed from cryptanalysis. The success of
cryptanalysis depends on the time one has, the computing power available and also
the storage.

Standard Cryptographic Algorithms

Let’s discuss some of the most common cryptographic algorithms used till date:

MD5
This is the acronym for Message-Digest 5. It is used to create 128-bit hash values.
Theoretically, hashes cannot be reversed into the original plain text. MD5 is used to
encrypt passwords as well as check data integrity. MD5 is not collision-resistant.
Collision resistance is the difficulties in finding two values that produce the same hash
values.

SHA

https://medium.com/edureka/ethical-hacking-tutorial-1081f4aacc53 13/21
2/8/23, 10:59 PM Ethical Hacking 101 — A Comprehensive Guide To Ethical Hacking | by Aryya Paul | Edureka | Medium

This is the acronym for Secure Hash Algorithm. SHA algorithms are used to generate
condensed representations of a message (message digest). It has various versions such
as;

SHA-0: produces 120-bit hash values. It was withdrawn from use due to significant
flaws and replaced by SHA-1.

SHA-1: produces 160-bit hash values. It is similar to earlier versions of MD5. It has
a cryptographic weakness and is not recommended for use since the year 2010.

SHA-2: it has two hash functions namely SHA-256 and SHA-512. SHA-256 uses 32-bit
words while SHA-512 uses 64-bit words.

SHA-3: this algorithm was formally known as Keccak.

RC4
This algorithm is used to create stream ciphers. It is mostly used in protocols such as
Secure Socket Layer (SSL) to encrypt internet communication and Wired Equivalent
Privacy (WEP) to secure wireless networks.

Hacktivity — RC4 Decryption Demonstration

In this practical application of decryption, we are going to try and decrypt an RC4
encrypted text using a tool called Cryptool. We are going to encrypt a piece of text
using RC4 and then try to decrypt it.

Step 1: After installing Cryptool, launch it on your system. An identical window should
pop-up.

https://medium.com/edureka/ethical-hacking-tutorial-1081f4aacc53 14/21
2/8/23, 10:59 PM Ethical Hacking 101 — A Comprehensive Guide To Ethical Hacking | by Aryya Paul | Edureka | Medium

Step 2: Replace the text you see in the window with whatever you want. For this
particular example, I’ll be using the phrase:

‘ The quick brown fox jumped over the lazy dog’

https://medium.com/edureka/ethical-hacking-tutorial-1081f4aacc53 15/21
2/8/23, 10:59 PM Ethical Hacking 101 — A Comprehensive Guide To Ethical Hacking | by Aryya Paul | Edureka | Medium

Step 3: Choose the RC4 encryption algorithm to encrypt your text.

Step 4: Set the key length to 24 bits and the value to ’00 00 00′.

Step 5: Encrypt!

https://medium.com/edureka/ethical-hacking-tutorial-1081f4aacc53 16/21
2/8/23, 10:59 PM Ethical Hacking 101 — A Comprehensive Guide To Ethical Hacking | by Aryya Paul | Edureka | Medium

You should get an output like this. This is the ciphertext of the plain text you entered.

Step 6: On the analysis tab choose RC4.

https://medium.com/edureka/ethical-hacking-tutorial-1081f4aacc53 17/21
2/8/23, 10:59 PM Ethical Hacking 101 — A Comprehensive Guide To Ethical Hacking | by Aryya Paul | Edureka | Medium

Step 7: Set the key length to 24 bits.

Step 8: Wait for it Decrypt!

https://medium.com/edureka/ethical-hacking-tutorial-1081f4aacc53 18/21
2/8/23, 10:59 PM Ethical Hacking 101 — A Comprehensive Guide To Ethical Hacking | by Aryya Paul | Edureka | Medium

Step 9: The value with the lowest entropy should be the original plain text.

This brings us to the end of our article on Ethical Hacking Tutorial. I hope you found
this article informative and added value to your knowledge. If you wish to check out
more articles on the market’s most trending technologies like Artificial Intelligence,
DevOps, Cloud, then you can refer to Edureka’s official site.

https://medium.com/edureka/ethical-hacking-tutorial-1081f4aacc53 19/21
2/8/23, 10:59 PM Ethical Hacking 101 — A Comprehensive Guide To Ethical Hacking | by Aryya Paul | Edureka | Medium

Do look out for other articles in this series which will explain the various other aspects
of Ethical Hacking.

1. What is Cybersecurity?

2. Cybersecurity Framework

3. Steganography Tutorial

4. What is Network Security?

5. What is Computer Security?

6. What is Application Security?

7. Penetration Testing

8. What is Cryptography?

9. Everything You Need To Know About Kali Linux

10. Ethical Hacking using Python

11. DDOS attack

12. MacChanger with Python

13 ARP Spoofing

14. Proxychains, Anonsurf & MacChange

15. Footprinting

16. Top 50 Cybersecurity Interview Questions and Answers

Originally published at www.edureka.co on January 3, 2019.

https://medium.com/edureka/ethical-hacking-tutorial-1081f4aacc53 20/21
2/8/23, 10:59 PM Ethical Hacking 101 — A Comprehensive Guide To Ethical Hacking | by Aryya Paul | Edureka | Medium

Ethical Hacking Ethical Hacking Training Ethical Hacker Security Cryptography

Open in app Get unlimited access

Search Medium

https://medium.com/edureka/ethical-hacking-tutorial-1081f4aacc53 21/21
2/8/23, 11:06 PM Ethical hacking using Python — A Collaboration Between the Two | by Aryya Paul | Edureka | Medium

Published in Edureka

Aryya Paul Follow

Feb 6, 2019 · 4 min read · Listen

Save

Ethical hacking using Python — A Collaboration

Between the Two

It is common practice amongst ethical hackers to write nifty scripts and automate any
structured process, ranging from small network scans to wide area network packet
sniffing. In recent years, Python has become the language of choice for such tasks, and
there are good reasons for this. In this article on ethical hacking using Python, we will
discuss the reasons that make these two such a brilliant couple

https://medium.com/edureka/ethical-hacking-using-python-c489dfe77340 1/5
2/8/23, 11:06 PM Ethical hacking using Python — A Collaboration Between the Two | by Aryya Paul | Edureka | Medium

Below is the list of topics we shall be going over:

What is ethical hacking?

What is Python?

Why use Python for ethical hacking?

Simple dictionary attack using Python

What is Ethical Hacking?

The term hacking goes a long way back. To be exact, it all started at the Railroad Club of
MIT, where both the term ‘hacking’ and ‘hacker’ were first coined. It’s been almost 50
years now, and hacking has evolved into a discipline in the current day and age. With
the increase in awareness regarding data protection and data privacy, hacking has
been deemed as an illegal activity today. If caught, there’s a good chance that you will
be prosecuted for quite some time depending on the degree of harm caused.

None the less, to protect themselves from hackers of all sorts, employment of Ethical
Hackers has become a common practice amongst organizations. Ethical hackers are
given the responsibility of finding and fixing security flaws for a certain organization
before black hat hackers find them.

What is Python?

Python is a general-purpose scripting language that has gained immense popularity

amongst professionals and beginners for its simplicity and powerful libraries. Python
is insanely versatile and can be used for almost any kind of programming. From

https://medium.com/edureka/ethical-hacking-using-python-c489dfe77340 2/5
2/8/23, 11:06 PM Ethical hacking using Python — A Collaboration Between the Two | by Aryya Paul | Edureka | Medium

building small scale scripts that are meant to do banal tasks, to large scale system
applications — Python can be used anywhere and everywhere. In fact, NASA actually
uses Python for programming their equipment and space machinery.

Python can also be used to process text, display numbers or images, solve scientific
equations, and save data. In short, Python is used behind the scenes to process a lot of
elements you might need or encounter on your devices.

Why use Python for Ethical Hacking?

Python has gained its popularity mostly because of its super powerful yet easy to use
libraries. Sure Python has awesome readability and it is really simple and all but
nothing really beats the fact your job as a developer is made super simple with these
libraries. These libraries find uses in all sorts of domains, for example, artificial
intelligence has Pytorch and Tensorflow while Data Science has Pandas, Numpy,
Matplotlib.

Similarly, Python is brilliant for ethical hacking for the following reasons:

Nifty python libraries like Pulsar, NAPALM, NetworkX etc make developing
network tools a breeze

Ethical hackers generally develop small scripts and python being a scripting
language provides amazing performance for small programs

Python has a huge community, hence any doubt related programming is quickly
solved by the community

Learning Python also opens up your doors to several other career opportunities

Demo: Dictionary Attack using Python

Let me give you guys a small demonstration as to how an ethical hacker may use
Python in his day to day job. Suppose you were scanning for a 3-way handshake
between an FTP server and a client and you were successful in doing so too. But as you
guys might already know, passwords are never really stored in plain text. They are
always hashed before being stored in a database and normally the hash itself is
compared for verification purposes. Let us create a small Python program that can be
used to crack a password using the dictionary attack method.
https://medium.com/edureka/ethical-hacking-using-python-c489dfe77340 3/5
2/8/23, 11:06 PM Ethical hacking using Python — A Collaboration Between the Two | by Aryya Paul | Edureka | Medium

import hashlib

flag = 0

pass_hash = input("md5 hash: ")

wordlist = input("File name: ")

try:
pass_file = open(wordlist,"r")
except:
print("No file found :(")
quit()

for word in pass_file:

enc_wrd =word.encode('utf-8')
digest =hashlib.md5(enc_wrd.strip()).hexdigest()
# print(word)
# print(digest)
# print(pass_hash)
if digest.strip() == pass_hash.strip():
print("password found")
print("Password is " + word)
flag = 1
break

if flag == 0:
print("password not in list")

This brings us to the end of our article on Ethical Hacking using Python. I hope you
found this article informative and added value to your knowledge. If you wish to check
out more articles on the market’s most trending technologies like Artificial
Intelligence, DevOps, Cloud, then you can refer to Edureka’s official site.

Do look out for other articles in this series which will explain the various other aspects
of Cybersecurity.

1. What is Cybersecurity?

2. Cybersecurity Framework

3. Steganography Tutorial

4. What is Network Security?

https://medium.com/edureka/ethical-hacking-using-python-c489dfe77340 4/5
2/8/23, 11:06 PM Ethical hacking using Python — A Collaboration Between the Two | by Aryya Paul | Edureka | Medium

5. What is Computer Security?

6. What is Application Security?

7. Penetration Testing

8. Ethical Hacking Tutorial

9. Everything You Need To Know About Kali Linux

10. What is Cryptography?

11. DDOS attack

12. MacChanger with Python

Open in app
13 ARP Spoofing Get unlimited access

Search
14. Proxychains, Medium& MacChange
Anonsurf

15. Footprinting

16. Top 50 Cybersecurity Interview Questions and Answers

Originally published at www.edureka.co on February 6, 2019.

Python Ethical Hacking Ethical Hacking Training Python 3 Dictionary Attack

https://medium.com/edureka/ethical-hacking-using-python-c489dfe77340 5/5
2/8/23, 11:02 PM Ethical Hacking using Kali Linux — A Beginner’s Guide To Kali Linux | by Aryya Paul | Edureka | Medium

Published in Edureka

Aryya Paul Follow

Jan 24, 2019 · 8 min read · Listen

Save

Ethical Hacking using Kali Linux — A Beginner’s

Guide To Kali Linux

Ethical Hacking with Kali Linux — Edureka

More often than not, specific operating systems get tied to certain tasks. Anything
related to graphics or content creation brings up macOS in our mind. Similarly, any
instance of hacking or just generally fiddling around with network utilities is also
mapped to a particular operating system and that is Kali Linux. In this article, I’ll be
writing a general introduction to Kali Linux and how it can be used for ethical hacking.
https://medium.com/edureka/ethical-hacking-using-kali-linux-fc140eff3300 1/14
2/8/23, 11:02 PM Ethical Hacking using Kali Linux — A Beginner’s Guide To Kali Linux | by Aryya Paul | Edureka | Medium

The following topics are discussed in this write up regarding ‘Ethical Hacking Using
Kali Linux’:

What is Kali Linux?

Development of Kali Linux

Why Use Kali Linux?

System Requirements for Kali Linux

List of Tools

Demonstration of Power — aircrack-ng and crunch

What is Kali Linux?

Kali Linux is a Debian-based Linux distribution. It is a meticulously crafted OS that

specifically caters to the likes of network analysts & penetration testers. The presence
of a plethora of tools that come pre-installed with Kali transforms it into an ethical
hacker’s swiss-knife. Previously known as Backtrack, Kali Linux advertises itself as a
more polished successor with more testing-centric tools, unlike Backtrack which had
multiple tools that would serve the same purpose, in turn, making it jampacked with
unnecessary utilities. This makes ethical hacking using Kali Linux a simplified task.

https://medium.com/edureka/ethical-hacking-using-kali-linux-fc140eff3300 2/14
2/8/23, 11:02 PM Ethical Hacking using Kali Linux — A Beginner’s Guide To Kali Linux | by Aryya Paul | Edureka | Medium

Development of Kali Linux

Mati Aharoni and Deavon Kearns are the core developers of Kali Linux. It was a rewrite
of Backtrack Linux, which was another penetration testing centric Linux distribution.
The development of Kali is set according to the Debian standards as it imports the
majority of its code from Debian repositories. The development began in early March
2012, amongst a small group of developers. Only a very selected few developers were
allowed to commit packages, that too in a protected environment. Kali Linux came out
of development with its first release in 2013. Since then, Kali Linux has been through a
number of major updates. The development of these updates is handled by Offensive
Security.

Why Use Kali Linux?

There are a wide array of reasons as to why one should use Kali Linux. Let me list
down a few of them:

1. As free as it can get — Kali Linux has been and will always be free to use.

2. More tools than you could think of — Kali Linux comes with over 600 different
penetration testing and security analytics related tool.

3. Open-source — Kali, being a member of the Linux family, follows the widely
appreciated open-source model. Their development tree is publicly viewable on Git
and all of the code is available for your tweaking purposes.

4. Multi-language Support — Although penetration tools tend to be written in

English, it has been ensured that Kali includes true multilingual support, allowing
more users to operate in their native language and locate the tools they need for
the job.

5. Completely customizable — The developers at offensive security understand that

not everyone will agree with their design model, so they have made it as easy as
possible for the more adventurous user to customize Kali Linux to their liking, all
the way down to the kernel.

System Requirements for Kali Linux

https://medium.com/edureka/ethical-hacking-using-kali-linux-fc140eff3300 3/14
2/8/23, 11:02 PM Ethical Hacking using Kali Linux — A Beginner’s Guide To Kali Linux | by Aryya Paul | Edureka | Medium

Installing Kali is a piece of cake. All you have to make sure is that you have the
compatible hardware. Kali is supported on i386, amd64, and ARM (both ARMEL and
ARMHF) platforms. The hardware requirements are minimal as listed below, although
better hardware will naturally provide better performance.

A minimum of 20 GB disk space for the Kali Linux install.

RAM for i386 and amd64 architectures, minimum: 1GB, recommended: 2GB or
more.

CD-DVD Drive / USB boot support/ VirtualBox

List of Tools
Below is a list of tools that come pre-installed for ethical hacking using Kali Linux. This
list is by no means expansive as Kali has a plethora of tools, all of which cannot be
listed and explained in one article.

Aircrack-ng

Aircrack-ng is a suite of tools used to assess WiFi network security. It focuses on key
areas of WiFi security:

https://medium.com/edureka/ethical-hacking-using-kali-linux-fc140eff3300 4/14
2/8/23, 11:02 PM Ethical Hacking using Kali Linux — A Beginner’s Guide To Kali Linux | by Aryya Paul | Edureka | Medium

Monitoring: Packet capture and export of data to text files for further processing
by third-party tools.

Attacking: Replay attacks, de-authentication, fake access points, and others via
packet injection.

Testing: Checking WiFi cards and driver capabilities (capture and injection).

Cracking: WEP and WPA PSK (WPA 1 and 2).

All tools are command line which allows for heavy scripting. A lot of GUIs have taken
advantage of this feature. It works primarily Linux but also Windows, OS X, FreeBSD,
OpenBSD, NetBSD, as well as Solaris.

Nmap

Network Mapper, also commonly known as Nmap, is a free and open source utility for
network discovery and security auditing. Nmap uses raw IP packets in stealthy ways to
determine what hosts are available on the network, what services (application name
and version) those hosts are offering, what operating systems they are running, what
type of packet filters/firewalls are in use, and dozens of other characteristics.

Many systems and network administrators also find it useful for tasks like:

network inventory

managing service upgrade schedules

monitoring host or service uptime

https://medium.com/edureka/ethical-hacking-using-kali-linux-fc140eff3300 5/14
2/8/23, 11:02 PM Ethical Hacking using Kali Linux — A Beginner’s Guide To Kali Linux | by Aryya Paul | Edureka | Medium

THC Hydra

When you need to brute force crack a remote authentication service, Hydra is often
the tool of choice. It can perform rapid dictionary attacks against more than 50
protocols, including telnet, FTP, HTTP, HTTPs, SMB, several databases, and much
more. it can be used to crack into web scanners, wireless networks, packet crafters,
etc.

Nessus

Nessus is a remote scanning tool that you can use to check computers for security
vulnerabilities. It does not actively block any vulnerabilities that your computers have
but it will be able to sniff them out by quickly running 1200+ vulnerability checks and
throwing alerts when any security patches need to be made.

WireShark

https://medium.com/edureka/ethical-hacking-using-kali-linux-fc140eff3300 6/14
2/8/23, 11:02 PM Ethical Hacking using Kali Linux — A Beginner’s Guide To Kali Linux | by Aryya Paul | Edureka | Medium

WireShark is an open-source packet analyzer that you can use free of charge. With it,
you can see the activities on a network from a microscopic level coupled with pcap file
access, customizable reports, advanced triggers, alerts, etc. It is reportedly the world’s
most widely-used network protocol analyzer for Linux.

Demonstration of Power: Aircrack-ng and Crunch

Step 1: Check the name of your wireless interface and put it into monitor mode.

ifconfig wlo1 down

iwconfig wlo1 mode monitor
ifconfig wlo1 up

https://medium.com/edureka/ethical-hacking-using-kali-linux-fc140eff3300 7/14
2/8/23, 11:02 PM Ethical Hacking using Kali Linux — A Beginner’s Guide To Kali Linux | by Aryya Paul | Edureka | Medium

Step 2: Kill any processes that might interfere with the scan process. Always kill
network administrator first. You might need to run the shown command more than
once.

airmon-ng check kill

https://medium.com/edureka/ethical-hacking-using-kali-linux-fc140eff3300 8/14
2/8/23, 11:02 PM Ethical Hacking using Kali Linux — A Beginner’s Guide To Kali Linux | by Aryya Paul | Edureka | Medium

Step 3: After you have successfully killed all process, run the command — airodump-
ng <interface-name>. It should produce a list of access points as shown below:

airodump-ng wlo1

Step 4: Choose the access point and run it along with the -w flag to write the result into
a file. Our file is called capture.

https://medium.com/edureka/ethical-hacking-using-kali-linux-fc140eff3300 9/14
2/8/23, 11:02 PM Ethical Hacking using Kali Linux — A Beginner’s Guide To Kali Linux | by Aryya Paul | Edureka | Medium

airodump-ng -w capture -c 11 --bssid [mac-addr]

Step 5: Running the above command should show you the MAC address of the devices
connected to that access point under ‘stations’.

Step 6 — This is the most important step in ethical hacking using Kali Linux. Here we
will broadcast a de-authentication signal to the access point we have chosen to attack.
This disconnects the devices connected to the access point. Since these devices will
most likely have the password stored they will try to auto reconnect. This will start a 4-
way handshake between the device and the access point and will be captured in the
scan going on from step 4 (yes, that scan is still running in the background).

aireplay-ng -0 0 -a [mac] wlo1

https://medium.com/edureka/ethical-hacking-using-kali-linux-fc140eff3300 10/14
2/8/23, 11:02 PM Ethical Hacking using Kali Linux — A Beginner’s Guide To Kali Linux | by Aryya Paul | Edureka | Medium

Step 7: Now we will use crunch along with aircrack-ng. Crunch is a wordlist generator.
This process to crack passwords assumes you know a little about the password, for
example, the length, some specific characters etc. The more you know the faster the
process. Here I have tried to generate a list of words that begin with ‘sweetship’ as I
know that password contains that phrase. The result is piped into the aircrack
command which takes the capture files and compares the key values.

crunch 12 12 -t sweetship@@@ | aircrack-ng -w - capture-01.cap -e

Nestaway_C105

Step 8: The scan results should look something like this depending on the parameters
you have input.

https://medium.com/edureka/ethical-hacking-using-kali-linux-fc140eff3300 11/14
2/8/23, 11:02 PM Ethical Hacking using Kali Linux — A Beginner’s Guide To Kali Linux | by Aryya Paul | Edureka | Medium

Step 9: When the password is matched. It shows it in the bracket following ‘key found’.

https://medium.com/edureka/ethical-hacking-using-kali-linux-fc140eff3300 12/14
2/8/23, 11:02 PM Ethical Hacking using Kali Linux — A Beginner’s Guide To Kali Linux | by Aryya Paul | Edureka | Medium

This brings us to the end of our article on Ethical Hacking using Kali Linux. I hope you
found this article informative and added value to your knowledge. If you wish to check
out more articles on the market’s most trending technologies like Artificial
Intelligence, DevOps, Cloud, then you can refer to Edureka’s official site.

Do look out for other articles in this series which will explain the various other aspects
of Ethical Hacking.

1. What is Cybersecurity?

2. Cybersecurity Framework

3. Steganography Tutorial

4. What is Network Security?

5. What is Computer Security?

6. What is Application Security?

7. Penetration Testing

8. Ethical Hacking Tutorial

9. What is Cryptography?

10. Ethical Hacking using Python

11. DDOS attack

12. MacChanger with Python

13 ARP Spoofing

14. Proxychains, Anonsurf & MacChange

15. Footprinting

16. Top 50 Cybersecurity Interview Questions and Answers

https://medium.com/edureka/ethical-hacking-using-kali-linux-fc140eff3300 13/14
2/8/23, 11:02 PM Ethical Hacking using Kali Linux — A Beginner’s Guide To Kali Linux | by Aryya Paul | Edureka | Medium

Originally published at www.edureka.co on January 24, 2019.

Hacking Kali Linux Ethical Hacking Ethical Hacking Training Kali Linux Tools
Open in app Get unlimited access

Search Medium

https://medium.com/edureka/ethical-hacking-using-kali-linux-fc140eff3300 14/14
2/8/23, 11:13 PM MacChanger with Python- Your first step to Ethical hacking | by Aryya Paul | Edureka | Medium

Published in Edureka

Aryya Paul Follow

Feb 27, 2019 · 6 min read · Listen

Save

MacChanger with Python- Your first step to

Ethical hacking

Ethical Hacking is fun and interesting, but there are a lot of things an Ethical hacker
should be aware of. Such as, covering his tracks. And, one of the ways to do this is
using a MacChanger. In this tutorial, I will teach you how to write a MacChanger with
Python.

I will cover the following topics:

https://medium.com/edureka/macchanger-with-python-ethical-hacking-7551f12da315 1/9
2/8/23, 11:13 PM MacChanger with Python- Your first step to Ethical hacking | by Aryya Paul | Edureka | Medium

Why Python for Ethical Hacking?

What is a MacChanger?

Installing PyCharm on Ubuntu

Writing a MacChanger

Before writing a MacChanger, let’s see why we should use Python for Ethical Hacking.

Why Python for Ethical Hacking?

Ethical Hacking is the process of finding vulnerabilities in a system that an attacker
can exploit and cause damage. And then, these results are used to improve the security
of the network and the system. We already have many Ethical Hacking Tools available,
so what’s the need for Python?

Python is used to Automate the process of Ethical Hacking. Ethical Hacking is not a
one-step process. There are different Phases of Ethical Hacking and some of which you
will have to conduct more than once. Ethical Hacking with Python makes this easy.

Suppose you want to test a website for vulnerabilities, you will have to run tests on the
website. After you are done with this project, you might have to test another website.
Now, you will have to follow the same steps from scratch. Python can be used here to
automate these testing steps. So, you write the code once and use it every time you
want to test a website.

Now that we know what we are dealing with, let’s understand what a MacChanger is!

What is a MacChanger?
Every networking device is assigned a MAC address by the device manufacturer which
is helpful to communicate with other devices. A MAC address is hard-coded on the
device and it is not possible to permanently change it. But, we can change it
temporarily using a MacChanger. A MacChanger is a tool that changes the MAC
address to the desired (or random) address until that device is rebooted. Once, the
device is rebooted, the MAC address of that device will be set to its original MAC
address.
https://medium.com/edureka/macchanger-with-python-ethical-hacking-7551f12da315 2/9
2/8/23, 11:13 PM MacChanger with Python- Your first step to Ethical hacking | by Aryya Paul | Edureka | Medium

Now that we know what a MacChanger is, let’s build this using Python!

For this tutorial on writing a MacChanger with Python, we will run our Python scripts
in PyCharm, which is an integrated development environment. So, to run our Python
Script, we need to install PyCharm first. Let’s see how to install PyCharm on Ubuntu.

Installing PyCharm on Ubuntu

To install PyCharm on Ubuntu, first go to this link:
https://www.jetbrains.com/pycharm/download/#section=linux

Here, you will find two Editions, and for this tutorial, we will use the Community
Edition.

When you click on the download button, the download should start. After the
download is completed, we will have to install PyCharm. By default, this file will be
downloaded in the “Downloads” directory. Open a terminal and run the following
commands:

https://medium.com/edureka/macchanger-with-python-ethical-hacking-7551f12da315 3/9
2/8/23, 11:13 PM MacChanger with Python- Your first step to Ethical hacking | by Aryya Paul | Edureka | Medium

$ cd Downloads
$ tar -xvf pycharm-community-2018.3.4.tar.gz

Remember to replace the name of the file in the above command with the name of the
file that is downloaded in your system.

The above command will extract the PyCharm files. And now, to run PyCharm, you
will have to go into the pycharm-community-2018.3.4/bin folder and run the
pycharm.sh file. To do this, run the following commands:

$ cd pycharm-community-2018.3.4/
$ cd bin/
$ ./pycharm.sh

When you run it for the first time, you will have to accept the Terms and Conditions.
Once done, PyCharm will be up and running.

Now that we have installed PyCharm, let’s move on to writing a MacChanger.

Writing a MacChanger
You will write the MacChanger script in PyCharm. To start PyCharm, go to the
directory where PyCharm was extracted and run the shell script.

$ cd pycharm-community-2018.3.4/
$ cd bin/

https://medium.com/edureka/macchanger-with-python-ethical-hacking-7551f12da315 4/9
2/8/23, 11:13 PM MacChanger with Python- Your first step to Ethical hacking | by Aryya Paul | Edureka | Medium

$ ./pycharm.sh

You will see the welcome screen of PyCharm. Click on “Create New Project”.

Enter a name for your project. I will name this Mac_changer. And then click “Create“.

You will now see the workplace. Next, let’s create a Python file. To do this, right click
on the project name, go to “New” and click on “Python file“.

https://medium.com/edureka/macchanger-with-python-ethical-hacking-7551f12da315 5/9
2/8/23, 11:13 PM MacChanger with Python- Your first step to Ethical hacking | by Aryya Paul | Edureka | Medium

You can now write the python script here. But first, you should decide which network
device you want to change the MAC address for. For this, open the terminal and run
the following command:

$ ifconfig

You should see a list of the network interfaces and their respective MAC address. You
might have different interface names or MAC addresses. When using the scripts in this
blog, make sure you change the interface name to the one in your system. For this
tutorial, I will change the MAC address of “ens33“.

The script to change the MAC Address is as follows:

import subprocess
subprocess.call(["sudo","ifconfig","ens33","down"])
subprocess.call(["sudo","ifconfig","ens33","hw","ether","00:11:22:33:4
4:55"])
subprocess.call(["sudo","ifconfig","ens33","up"])

I will be changing the MAC address to 00:11:22:33:44:55. Now run this script. To run
the script, click on the “Run” tab at the top and click on “Run“.

https://medium.com/edureka/macchanger-with-python-ethical-hacking-7551f12da315 6/9
2/8/23, 11:13 PM MacChanger with Python- Your first step to Ethical hacking | by Aryya Paul | Edureka | Medium

After running the script, to check whether the MAC address of the interface has
changed or not, we will check the details again. Just run the ifconfig command in the
terminal.

Do you see the change in the MAC address? The new MAC address is 00:11:22:33:44:55.
That’s how simple it is. Now whenever you need to change the MAC address, all you
have to do is update the MAC address and/or the interface name in the Python script.

But this doesn’t make any difference or save much time right? I mean, it’s just 3
commands, we can do it manually. Why write a Python script for this?

Let me tell you how it can make a difference. Just think of the scenario where you will
have to change the MAC address every 5 minutes. And suppose you are working for an
hour, you will have to run these 3 commands 12 times. So, you will have to run 3 * 12 =
36 commands in total. Okay, now it seems too much, isn’t it?

Well, when you write the Python script, you can just run this script in a loop to change
the MAC address every 5 minutes. Now you see how much time and effort you can
save.

Congratulations! You have written a MacChanger in Python and seen it in action. If you
wish to check out more articles on the market’s most trending technologies like
Artificial Intelligence, DevOps, Cloud, then you can refer to Edureka’s official site.

Do look out for other articles in this series which will explain the various other aspects
of Cybersecurity.

https://medium.com/edureka/macchanger-with-python-ethical-hacking-7551f12da315 7/9
2/8/23, 11:13 PM MacChanger with Python- Your first step to Ethical hacking | by Aryya Paul | Edureka | Medium

1. What is Cybersecurity?

2. Cybersecurity Framework

3. Steganography Tutorial

4. What is Network Security?

5. What is Computer Security?

6. What is Application Security?

7. Penetration Testing

8. Ethical Hacking Tutorial

9. Everything You Need To Know About Kali Linux

10. Ethical Hacking using Python

11. DDOS attack

12. What is Cryptography?

13 ARP Spoofing

14. Proxychains, Anonsurf & MacChange

15. Footprinting

16. Top 50 Cybersecurity Interview Questions and Answers

Originally published at www.edureka.co on February 27, 2019.

https://medium.com/edureka/macchanger-with-python-ethical-hacking-7551f12da315 8/9
2/8/23, 11:13 PM MacChanger with Python- Your first step to Ethical hacking | by Aryya Paul | Edureka | Medium

Open in app
Technology Ethical Hacking Python Macchanger With Python Get unlimited access
Pycharm

Search Medium

18

https://medium.com/edureka/macchanger-with-python-ethical-hacking-7551f12da315 9/9
2/12/23, 11:22 AM Cryptography and its Types - GeeksforGeeks

Data Structures and Algorithms Interview Preparation Data Science Topic-wise Practice C C+

Cryptography and its Types

Difficulty Level : Easy ● Last Updated : 22 Nov, 2022

Read Discuss

Cr yptography is technique of securing information and communications through use of

codes so that only those person for whom the information is intended can understand it

and process it. Thus preventing unauthorized access to information. The prefix “cr ypt ”

means “hidden” and suffix graphy means “writing”. In Cr yptography the techniques

which are use to protect information are obtained from mathematical concepts and a set

of rule based calculations known as algorithms to conver t messages in ways that make it

hard to decode it. These algorithms are used for cr yptographic key generation, digital

signing, verification to protect data privacy, web browsing on internet and to protect

confidential transactions such as credit card and debit card transactions. 

Techniques used For Cr yptography: In today ’s age of computers cr yptography is of ten

associated with the process where an ordinar y plain text is conver ted to cipher text

which is the text made such that intended receiver of the text can only decode it and

hence this process is known as encr yption. The process of conversion of cipher text to

plain text this is known as decr yption. 

Features Of Cr yptography are as follows :

1. Confidentiality: Information can only be accessed by the person for whom it is

intended and no other person except him can access it.

2. Integrity: Information cannot be modified in storage or transition between sender

and intended receiver without any addition to information being detected.

3. Non-repudiation: The creator/sender of information cannot deny his intention to

send information at later stage.

Start Your Coding Journey Now! Login Register

https://www.geeksforgeeks.org/cryptography-and-its-types/ 1/5
2/12/23, 11:22 AM Cryptography and its Types - GeeksforGeeks

4. Authentication: The identities of sender and receiver are confirmed. A s well as

destination/origin of information is confirmed.

Types Of Cr yptography: In general there are three types Of cr yptography:

1. Symmetric Key Cr yptography: It is an encr yption system where the sender and

receiver of message use a single common key to encr ypt and decr ypt messages.

Symmetric Key Systems are faster and simpler but the problem is that sender and

receiver have to somehow exchange key in a secure manner. The most popular

symmetric key cr yptography system is Data Encr yption System(DES).

2. Hash Functions : There is no usage of any key in this algorithm. A hash value with

fixed length is calculated as per the plain text which makes it impossible for contents

of plain text to be recovered. Many operating systems use hash functions to encr ypt

passwords.

3. A symmetric Key Cr yptography: Under this system a pair of keys is used to encr ypt

and decr ypt information. A public key is used for encr yption and a private key is used

for decr yption. Public key and Private Key are different. Even if the public key is

known by ever yone the intended receiver can only decode it because he alone knows

the private key.

Applications Of Cr yptography:

1. Computer passwords

2. Digital Currencies

Start Your Coding Journey Now!

3. Secure web browsing

4. Electronic Signatures

https://www.geeksforgeeks.org/cryptography-and-its-types/ 2/5
2/12/23, 11:22 AM Cryptography and its Types - GeeksforGeeks

5. Authentication

6. Cr yptocurrencies

7. End-to-end encr yption

Like 119

Previous Next

Related Articles

1. Classical Cryptography and Quantum Cryptography

2. Custom Building Cryptography Algorithms (Hybrid Cryptography)

3. Differences between Classical and Quantum Cryptography

4. Difference between Steganography and Cryptography

5. Difference between Cryptography and Cryptology

6. Difference between Encryption and Cryptography

7. Difference between Cryptography and Cyber Security

Start Your Coding Journey Now!

https://www.geeksforgeeks.org/cryptography-and-its-types/ 3/5
2/12/23, 11:22 AM Cryptography and its Types - GeeksforGeeks

8. Cryptography and Network Security Principles

9. The CIA triad in Cryptography

10. Cryptography Introduction

Ar ticle Contributed By :

JASHKOTHARI1
@JASHKOTHARI1

Vote for difficulty

Current difficulty : Easy

Easy Normal Medium Hard Expert

Improved By : GauravK1, ifrahshaxil8

Article Tags : cryptography, Computer Networks, GATE CS

Practice Tags : Computer Networks, cryptography

Improve Article Report Issue

A-143, 9th Floor, Sovereign Corporate Tower,

Sector-136, Noida, Uttar Pradesh - 201305
[email protected]
Start Your Coding Journey Now!
https://www.geeksforgeeks.org/cryptography-and-its-types/ 4/5
2/12/23, 11:22 AM Cryptography and its Types - GeeksforGeeks

Company Learn
About Us DSA
Careers Algorithms
In Media Data Structures
Contact Us SDE Cheat Sheet
Privacy Policy Machine learning
Copyright Policy CS Subjects
Advertise with us Video Tutorials
Courses

News Languages
Top News
Python
Technology
Java
Work & Career
CPP
Business
Golang
Finance
C#
Lifestyle
SQL
Knowledge
Kotlin

Web Development Contribute

Web Tutorials Write an Article
Django Tutorial Improve an Article
HTML Pick Topics to Write
JavaScript Write Interview Experience
Bootstrap Internships
ReactJS Video Internship
NodeJS

@geeksforgeeks , Some rights reserved

Start Your Coding Journey Now!

https://www.geeksforgeeks.org/cryptography-and-its-types/ 5/5
2/12/23, 11:36 AM Cryptography for Absolute Beginners | by parserite | Medium

parserite Follow

Oct 17, 2018 · 11 min read · Listen

Save

Cryptography for Absolute Beginners

We live in a post-snowden world. For many, that means assuming none of your digital
assets are safe from surveillance.

There are ways, however, to use the internet with insane mathematics in your favor to
ensure that no one can see whatever it is that you’re sending to someone else.

I’ll be trying to explain in detail how all of this works.Feel free to skim over the theory and
play with the fun stuff.

Cryptography is an ancient mathematical science that was originally used for military
communications, and designed to conceal the contents of a message should it fall into
the hands of the enemy. Recent developments in cryptography have added additional
uses, including mechanisms for authenticating users on a network, ensuring the
integrity of transmitted information and preventing users from repudiating (i.e.
rejecting ownership of) their transmitted messages.

Today, encryption is an integral part of many of the tools and protocols we rely on to
protect the security of our everyday transactions and online communications.
Encryption can be used on the physical layer of the Internet to scramble data that’s

https://hashelse.medium.com/cryptography-for-absolute-beginners-3e274f9d6d66 1/11
2/12/23, 11:36 AM Cryptography for Absolute Beginners | by parserite | Medium

being transmitted via cable or radio communications. It adds support for secure
communications to plaintext protocols like the Hypertext Transfer Protocol (HTTP),
which enables Web browsing, and can protect the integrity of data exchanged through
applications like email and mobile messengers. You can also encrypt data that is stored
on devices like cellphones or computers, shielding the local copies of emails, text
messages, documents, and photos from unauthorized snooping.

How and at what layer your data is encrypted makes a huge difference. Just because a
product or service uses encryption doesn’t necessarily mean that everything that’s
stored on or sent over that platform is completely private. For example, Google now
makes the HTTPS protocol (HTTP over an encrypted connection) the default for all
Gmail traffic, which prevents unauthorized users from reading emails while they
travel between Google’s email servers and end users’ computers — but it does nothing
to stop Google itself from accessing plaintext copies of those conversations. If you don’t
want your email provider to be able to read your messages, you have to take additional
steps to implement end-to-end encryption, which refers to a system in which
“messages are encrypted in a way that allows only the unique recipient of a message to
decrypt it, and not anyone in between.” With end-to-end encryption, you encrypt the
contents of a message on your local machine or device. That data is then transmitted
as ciphertext by the email provider to the intended recipient, who is the only person
who can decrypt and read it.

Is all of law enforcement and US government against encryption?

Not necessarily. Law enforcement and intelligence officials have often said they
appreciate the benefits of encryption when it comes to protecting data from threats
such as hackers or foreign governments. They just want to be sure there’s a way to
access encrypted data — especially communications — for their investigations.

First, how does encryption protect my data?

Encryption algorithms use math to “scramble” data so it can’t be read by an

unauthorized person — such as a hacker or government seeking to break in.

Data can be encrypted in two places: First, it can be encrypted “in transit,” such as
when you send information from your browser to a website. Second, data can be

https://hashelse.medium.com/cryptography-for-absolute-beginners-3e274f9d6d66 2/11
2/12/23, 11:36 AM Cryptography for Absolute Beginners | by parserite | Medium

encrypted when it’s “at rest,” such as when it is stored on a computer or on a server.

Data that can be read and understood without any special measures is called plaintext
or cleartext. The method of disguising plaintext in such a way as to hide its substance
is called encryption. Encrypting plaintext results in unreadable gibberish called
ciphertext. You use encryption to ensure that information is hidden from anyone for
whom it is not intended, even those who can see the encrypted data. The process of
reverting ciphertext to its original plaintext is called decryption.

Ciphertext

If this article was encrypted, anyone who intercepts the encrypted version of it would
instead see a very long string of unintelligible numbers and letters, such as:
“SNaqi82xleab92lkafdtuijgjf0dgfdojtkr8vcp2dso”

Symmetric-key encryption

To unscramble the encrypted data, you will need an encryption “key.”(kinda like a
Password) The key is a very large number that an encryption algorithm uses to change
the data back into a readable form. Without the key, no one but the owner of the
encrypted data will be able to access a readable version. This unscrambling process is
called “decryption.”This is what’s known as symmetric-key encryption.

Symmetric-key encryption has benefits. It is very fast. It is especially useful for

encrypting data that is not going anywhere. However, conventional encryption alone
as a means for transmitting secure data can be quite expensive simply due to the
difficulty of secure key distribution.

Recall a character from your favorite spy movie: the person with a locked briefcase
handcuffed to his or her wrist. What is in the briefcase, anyway? It’s probably not the

https://hashelse.medium.com/cryptography-for-absolute-beginners-3e274f9d6d66 3/11
2/12/23, 11:36 AM Cryptography for Absolute Beginners | by parserite | Medium

missile launch code/ biotoxin formula/ invasion plan itself. It’s the key that will decrypt
the secret data.

For a sender and recipient to communicate securely using Symmetric-key encryption,

they must agree upon a key and keep it secret between themselves. If they are in
different physical locations, they must trust a courier, the Bat Phone, or some other
secure communication medium to prevent the disclosure of the secret key during
transmission. Anyone who overhears or intercepts the key in transit can later read,
modify, and forge all information encrypted or authenticated with that key. From DES
to Captain Midnight’s Secret Decoder Ring, the persistent problem with Symmetric-key
encryption is key distribution: how do you get the key to the recipient without
someone intercepting it?

Public key cryptography (Also known as Asymmetric encryption)

The problems of key distribution are solved by public key cryptography. Public key
cryptography is an asymmetric scheme that uses a pair of keys for encryption: a public
key, which encrypts data, and a corresponding private, or secret key for decryption.
You publish your public key to the world while keeping your private key secret. Anyone
with a copy of your public key can then encrypt information that only you can read.
Even people you have never met.

It is computationally infeasible to deduce the private key from the public key. Anyone
who has a public key can encrypt information but cannot decrypt it. Only the person
who has the corresponding private key can decrypt the information.

https://hashelse.medium.com/cryptography-for-absolute-beginners-3e274f9d6d66 4/11
2/12/23, 11:36 AM Cryptography for Absolute Beginners | by parserite | Medium

The primary benefit of public key cryptography is that it allows people who have no
preexisting security arrangement to exchange messages securely. The need for sender
and receiver to share secret keys via some secure channel is eliminated; all
communications involve only public keys, and no private key is ever transmitted or
shared. Some examples of public-key cryptosystems are Elgamal (named for its
inventor, Taher Elgamal), RSA (named for its inventors, Ron Rivest, Adi Shamir, and
Leonard Adleman), Diffie-Hellman (named, you guessed it, for its inventors), and DSA,
the Digital Signature Algorithm (invented by David Kravitz).

Because conventional cryptography was once the only available means for relaying
secret information, the expense of secure channels and key distribution relegated its
use only to those who could afford it, such as governments and large banks (or small
children with secret decoder rings). Public key encryption is the technological
revolution that provides strong cryptography to the adult masses. Remember the
courier with the locked briefcase handcuffed to his wrist? Public-key encryption puts
him out of business (probably to his relief).

PGP combines some of the best features of both conventional and public key
cryptography. PGP is a hybrid cryptosystem. When a user encrypts plaintext with PGP,
PGP first compresses the plaintext. Data compression saves modem transmission time
and disk space and, more importantly, strengthens cryptographic security. Most
cryptanalysis techniques exploit patterns found in the plaintext to crack the cipher.
Compression reduces these patterns in the plaintext, thereby greatly enhancing
resistance to cryptanalysis. (Files that are too short to compress or which don’t
compress well aren’t compressed.)

PGP then creates a session key, which is a one-time-only secret key. This key is a
random number generated from the random movements of your mouse and the
keystrokes you type. This session key works with a very secure, fast conventional
encryption algorithm to encrypt the plaintext; the result is ciphertext. Once the data is
encrypted, the session key is then encrypted to the recipient’s public key. This public
key-encrypted session key is transmitted along with the ciphertext to the recipient.

If you did’nt get this it’s okay, watch this video

https://hashelse.medium.com/cryptography-for-absolute-beginners-3e274f9d6d66 5/11
2/12/23, 11:36 AM Cryptography for Absolute Beginners | by parserite | Medium

Decryption works in the reverse. The recipient’s copy of PGP uses his or her private key
to recover the temporary session key, which PGP then uses to decrypt the
conventionally-encrypted ciphertext.

The combination of the two encryption methods combines the convenience of public
key encryption with the speed of symmetric encryption. symmetric encryption is
about 1,000 times faster than public key encryption. Public key encryption in turn
provides a solution to key distribution and data transmission issues. Used together,
performance and key distribution are improved without any sacrifice in security.

Keys

A key is a value that works with a cryptographic algorithm to produce a specific

ciphertext. Keys are basically really, really, really big numbers. Key size is measured in
bits; the number representing a 1024-bit key is darn huge. In public key cryptography,
the bigger the key, the more secure the ciphertext.

https://hashelse.medium.com/cryptography-for-absolute-beginners-3e274f9d6d66 6/11
2/12/23, 11:36 AM Cryptography for Absolute Beginners | by parserite | Medium

While the public and private keys are mathematically related, it’s very difficult to
derive the private key given only the public key; however, deriving the private key is
always possible given enough time and computing power. This makes it very important
to pick keys of the right size; large enough to be secure, but small enough to be applied
fairly quickly. Additionally, you need to consider who might be trying to read your
files, how determined they are, how much time they have, and what their resources
might be.

Larger keys will be cryptographically secure for a longer period of time. If what you
want to encrypt needs to be hidden for many years, you might want to use a very large
key. Of course, who knows how long it will take to determine your key using
tomorrow’s faster, more efficient computers? There was a time when a 56-bit
symmetric key was considered extremely safe.

Digital signatures

A major benefit of public key cryptography is that it provides a method for employing
digital signatures. Digital signatures enable the recipient of information to verify the
authenticity of the information’s origin, and also verify that the information is intact.
Thus, public key digital signatures provide authentication and data integrity. A digital
signature also provides non-repudiation, which means that it prevents the sender from
claiming that he or she did not actually send the information. These features are every
bit as fundamental to cryptography as privacy, if not more.

A digital signature serves the same purpose as a handwritten signature. However, a

handwritten signature is easy to counterfeit. A digital signature is superior to a
handwritten signature in that it is nearly impossible to counterfeit, plus it attests to the
contents of the information as well as to the identity of the signer.

Some people tend to use signatures more than they use encryption. For example, you
may not care if anyone knows that you just deposited $1000 in your account, but you do
want to be darn sure it was the bank teller you were dealing with.

Instead of encrypting information using someone else’s public key, you encrypt it with
your private key. If the information can be decrypted with your public key, then it must
have originated with you.

https://hashelse.medium.com/cryptography-for-absolute-beginners-3e274f9d6d66 7/11
2/12/23, 11:36 AM Cryptography for Absolute Beginners | by parserite | Medium

Note that you will need to have GnuPG (GPG) installed before starting the tutorial.

GPG (PGP) Command Line — Basic Tutorial

It’s called PGP, which stands for “pretty good privacy,” and it’s a way to encrypt your
messages. Encryption, at its most basic form, is a way to cypher a message so that if
anyone that sees the data in transit they have no way to know what the message says.
OpenPGP is the most popular standard for digital encryption.

In fact, Edward Snowden first contacted journalist Laura Poitras to inform her of his
trove of documents using PGP.

So let’s take a look at what PGP is and how easy it is to use.

Quick recap (if you skipped the theory):

Encryption is basically a way of jumbling digital data so that no one can see what it
really says while it’s being sent. For the purposes of this explainer, we’re going to focus
on what’s called “public key encryption”. This uses a multitude of cryptographic
techniques to cipher every message using two factors that are constant to every person
using PGP: a public key and a private key.

A public key is the information that is needed to encrypt a message. People wishing to
receive encrypted messages make their public key readily available, as it’s the only way
for sources to begin the process of sending secure messages

How it works

Note: There are gui apps to do this process simpler and easier, but here we are using
the Command Line to achieve the same. (We’ll be using the Linux Command Line to
achieve this, Windows users can check out a tutorial on GUI Application which does
the same)

https://hashelse.medium.com/cryptography-for-absolute-beginners-3e274f9d6d66 8/11
2/12/23, 11:36 AM Cryptography for Absolute Beginners | by parserite | Medium

First, you’ll want to generate a key for yourself:

gpg --gen-key

You’ll be asked to enter a few details. Don’t forget these details.

To list your public keys:

gpg --list-keys

Now, let’s say your name is John Doe, and you want to send a message to Jane Doe. This
is how you would do it (note that all names used must be the names you see when
listing the keys).

First, export your public key:

gpg --export --armor [email protected] > publickey.asc

or

gpg --export --armor yourname > publickey.asc

Send this file to Jane Doe. Get her to do the same.

To import someone else’s public key:

gpg --import publickey.asc

https://hashelse.medium.com/cryptography-for-absolute-beginners-3e274f9d6d66 9/11
2/12/23, 11:36 AM Cryptography for Absolute Beginners | by parserite | Medium

Now that you’ve imported Jane Doe’s key, let’s send her an encrypted message.

To encrypt a file to send to Jane Doe:

gpg --encrypt --recipient receiversname filename.txt

Example:

gpg --encrypt --recipient Jane Doe secretmessage.txt

or, if the previous command doesn’t work:

gpg -e -u “sender’s name (you)” -r “name of the receiver’s key”

filename.txt

Example:

gpg -e -u “John Doe” -r “Jane Doe” secretmessage.txt

This will create a file called secretmessage.txt.pgp. Send this to Jane Doe.

Now Jane has received your file. This is how she decrypts it:

To decrypt to command line (meaning that you’ll only see the message in the
command line, and it won’t be saved decrypted to your hard drive):

gpg --decrypt filename.txt.gpg

To decrypt to disk:

https://hashelse.medium.com/cryptography-for-absolute-beginners-3e274f9d6d66 10/11
2/12/23, 11:36 AM Cryptography for Absolute Beginners | by parserite | Medium

gpg filename.txt.gpg

Done!

In the next article we’ll be learning How to sign and verify a document or file using
PGP/GPG.

Security Privacy Cybersecurity

Open in app Sign up Sign In

Search Medium
450 2

About Help Terms Privacy

Get the Medium app

https://hashelse.medium.com/cryptography-for-absolute-beginners-3e274f9d6d66 11/11
2/12/23, 11:30 AM Cryptography in Blockchain (Part 6- Blockchain Series) | by Techskill Brew | Blockchain 101 by Techskill Brew | Medium

Published in Blockchain 101 by Techskill Brew

Techskill Brew Follow

Jan 16, 2022 · 10 min read · Listen

Save

Cryptography in Blockchain (Part 6- Blockchain

Series)

Welcome to the sixth part of the 100 part series on Blockchain.

Part 1: What is Blockchain technology?

Part 2: Components of a Block in the Blockchain

https://medium.com/techskill-brew/cryptography-in-blockchain-part-6-blockchain-basics-129ec058c574 1/13
2/12/23, 11:30 AM Cryptography in Blockchain (Part 6- Blockchain Series) | by Techskill Brew | Blockchain 101 by Techskill Brew | Medium

Part 3: Hash Functions in Blockchain

Part 4: Types of Blockchain

Part 5: Merkle Tree in Blockchain

The function of cryptography is to protect the users’ identities, ensure secure

transactions, and protect all sorts of valuable information on the network. Thanks to
cryptography, because of which information recorded on Blockchain is valid and
secure. But what is cryptography? Cryptography is a technique of securing and
transmitting data so that only those individuals for whom the data is intended can read
it and access it. Thus, preventing unauthorized access to the data. In the word
cryptography, the prefix “crypt” means “hidden,” and the suffix “graphy means
“writing.”

Encryption and Decryption

Encryption and decryption are the two critical functionalities of cryptography.

Encryption: Encryption is the process of transforming the original information

(plaintext) into random numbers that appear to be meaningless (ciphertext).

Decryption: Decryption is the process of converting ciphertext into its original form of
plaintext.

Encryption and decryption of data

https://medium.com/techskill-brew/cryptography-in-blockchain-part-6-blockchain-basics-129ec058c574 2/13
2/12/23, 11:30 AM Cryptography in Blockchain (Part 6- Blockchain Series) | by Techskill Brew | Blockchain 101 by Techskill Brew | Medium

Plaintext refers to any information that humans or a machine can directly read and
understand. This may be English sentences, a script, or Java code. If one can make
sense of what is written, it is said to be in plaintext. On the other hand, ciphertext or
encrypted text is a series of random letters and numbers which humans cannot make
any sense of.

An encryption algorithm takes in a plaintext message, and the key (a string of

characters) within the encryption algorithm locks and encrypts data to convert it into
ciphertext. Only someone with the right decryption key can unlock or decrypt the
ciphertext and convert it into plaintext.

There are various ways by which plain text can be modified to obtain ciphertext. For
instance,

(a) Substitution: It involves replacing characters of plaintext with other letters,

numbers, or symbols. For example, with a shift of +1, A would be replaced by B, B by C,
and so on. Therefore,

Plaintext: BLOCKCHAIN IS THE FUTURE

Ciphertext: CMPDLDIBJO JT UIF GVUVSF

In this case, the encryption key will be +1.

(b) Transposition: In the transposition technique, the positions of the characters of

plaintext are changed to create the ciphertext. For example, in the below figure,
“HCLBCOKHIIATNSETFERUU” is the ciphertext for the plaintext “BLOCKCHAIN IS
THE FUTURE” using the encryption key 7421635.

https://medium.com/techskill-brew/cryptography-in-blockchain-part-6-blockchain-basics-129ec058c574 3/13
2/12/23, 11:30 AM Cryptography in Blockchain (Part 6- Blockchain Series) | by Techskill Brew | Blockchain 101 by Techskill Brew | Medium

Transposition technique to convert plaintext into ciphertext

Although the above examples illustrate how cryptographic keys can turn plaintext into
ciphertext, cryptographic keys actually used are far more complex and can scramble a
text beyond human recognition to generate the ciphertext.

Types of cryptography
Based on the types of key and encryption algorithms used, cryptography can be
divided into three types:

(i) Symmetric cryptography: Symmetric cryptography, also known as secret-key

cryptography, is an encryption system where the same secret key is used to both
encrypt and decrypt the data. The entities/parties communicating via symmetric
encryption must exchange the key with recipients so that it can be used in the
decryption process. Symmetric cryptography is faster and simpler, but the problem is
that the sender and receiver have to somehow exchange the secret key securely.

https://medium.com/techskill-brew/cryptography-in-blockchain-part-6-blockchain-basics-129ec058c574 4/13
2/12/23, 11:30 AM Cryptography in Blockchain (Part 6- Blockchain Series) | by Techskill Brew | Blockchain 101 by Techskill Brew | Medium

Symmetric cryptography uses the same secret-key

(ii) Asymmetric cryptography: Asymmetric cryptography, also known as public-key

cryptography, is an encryption system that uses two keys- one is used for encrypting
data, while the other key is used for decrypting the data. Unlike symmetric
cryptography, if one key is used to encrypt, that same key cannot decrypt the data;
instead, the other key shall be used.

Out of two keys used, one key is kept private and is called the “private key,” while the
other key is shared publicly and is open to be used by anyone; hence it is known as the
“public key.” Therefore, the private key must be kept secret and should not be shared
with anyone to keep it from becoming compromised. So, only the authorized person,
server, or machine has access to the private key. On the contrary, the public key can be
shared with any other entity. For ease of understanding, consider your public key as
your bank account number and private key as your bank account password. For
someone to send you money, they just need to know your public (bank account)
address. However, only you can access the funds in your bank account because you are
the only one who knows your password or has access to your private key.

https://medium.com/techskill-brew/cryptography-in-blockchain-part-6-blockchain-basics-129ec058c574 5/13
2/12/23, 11:30 AM Cryptography in Blockchain (Part 6- Blockchain Series) | by Techskill Brew | Blockchain 101 by Techskill Brew | Medium

Asymmetric cryptography uses different keys

The mathematical relation of the keys is that the private key cannot be derived from
the public key, but the public key can be derived from the private key because a public
key is a mathematical result of its associated private key. This leads to a more robust
level of security for the data.

How asymmetric cryptography works?

Let’s assume A wants to send an encrypted message to B; then, he can encrypt the
message with the intended recipient B’s public key before sending it. After receiving
the message, B can decrypt the message using his related private key.

And on the other hand, sender A can also encrypt the message with his own private
key before sending it to B. In this case, B uses sender A’s public key to decrypt the
message. This proves that the message originates from A, and nobody else. Since
anyone can access A’s public key, the message encrypted by A’s private key won’t be a
secret per se, but it can be used to prove the authorship of that message or
information. This is also called digitally signing the message.

https://medium.com/techskill-brew/cryptography-in-blockchain-part-6-blockchain-basics-129ec058c574 6/13
2/12/23, 11:30 AM Cryptography in Blockchain (Part 6- Blockchain Series) | by Techskill Brew | Blockchain 101 by Techskill Brew | Medium

Encrypting information with (a) receiver B’s public key and (b) sender A’s private key

Therefore, encrypting the information with the receiver’s public key makes the
information readable only by the receiver. On the other hand, encrypting the
information with the sender’s private key proves the identity of the sender.

(iii) Cryptographic Hashing/Hashing: Both symmetric and asymmetric cryptographic

functions are two-way functions meaning that you can encrypt some data, and then
the person who receives the encrypted data can decrypt it to obtain the original data.
But now, we need to understand that cryptographic Hashing is a one-way function.
Hashing is a technique or process of generating a fixed-length output “hash” for any
input data irrespective of its size and length. This is done by the hash functions/
algorithms like MD5, BLAKE2, SHA-1, SHA-256, etc. The input can be a single
character, an MP3 file, an entire book, or an excel sheet of your banking history. But
the hash function generates a fixed length of the output. This type of encryption
doesn’t use keys, unlike symmetric and asymmetric cryptography.

B lockchain uses two types of cryptographies: asymmetric cryptography and

cryptographic hashing.

Importance of Cryptographic Hashing/Hashing in Blockchain

https://medium.com/techskill-brew/cryptography-in-blockchain-part-6-blockchain-basics-129ec058c574 7/13
2/12/23, 11:30 AM Cryptography in Blockchain (Part 6- Blockchain Series) | by Techskill Brew | Blockchain 101 by Techskill Brew | Medium

Provides security and immutability: A slight change in the data can result in a
significantly different output, i.e., Hash. For instance, “Blockchain is the Future” and
“Blockchain is the Future!” (with just one extra exclamation mark) will have
completely different hashes. This property of hashing makes the data reliable and
secure on the Blockchain because any changes in the data will lead to the changes in
hash value of the block to which it belongs and subsequently changes the hashes of the
following blocks, making the Blockchain invalid. Thus, hashing is essential in keeping
an immutable record of transactions/data on Blockchain.

Different hashes for different inputs

Additionally, cryptographic hash functions work as one-way functions that encrypt the
data. It is mathematically impossible to decrypt the data in any other method other
than randomly guessing input until you’re able to recreate that hash output. In simple
words, if you have a hash, you can not decrypt it to find the corresponding input. So in
a real-life scenario, even if a hacker gets access to a hash output, it is completely
useless as he can’t decrypt it to get the input. The hash is used to agree between all
parties that no transaction/data in the history has been tampered with because any
alteration in the block data can lead to inconsistency and break the blockchain,
making it INVALID.

Therefore, cryptographic hashing is one of the key components which enables security
and immutability on the Blockchain.

https://medium.com/techskill-brew/cryptography-in-blockchain-part-6-blockchain-basics-129ec058c574 8/13
2/12/23, 11:30 AM Cryptography in Blockchain (Part 6- Blockchain Series) | by Techskill Brew | Blockchain 101 by Techskill Brew | Medium

Digital signature in Blockchain

In addition, blockchain relies on digital signatures, as they are primarily used to verify
the authenticity of transactions. It is common in the real world to use handwritten
signatures on paper to bind a person to an agreement. For example, say Steve buys a
car for $15,000 and writes a cheque as payment. The signature guarantees that only
Steve could have signed the cheque. Therefore, Steve’s bank must pay the cheque.

Similarly, a digital signature binds a person to the digital data, i.e., provides
verification that the transaction was created by a known person and was not altered in
transit. Each digital signature is unique to the transaction being signed. After a digital
signature is used once, it can never be reused or repurposed.

How does digital signature work?

Digital signatures in Blockchain can be created using asymmetric cryptography
algorithms and cryptographic hashing. All participating users on the Blockchain
network must have a Private-Public key pair, generated mathematically by the
algorithms.

Let’s understand digital signature through certain examples. Every transaction that is
executed on the Blockchain is digitally signed by the sender using his private key.

Example 1: Suppose Phil wants to send a document/message to Jane on Blockchain.

(i) To create a digital signature, the signer Phil has to feed the document data to the
hash function, which generates the one-way hash of the electronic data to be signed.
The value of this hash is unique to the document.

(ii) The private key of the Phil is used to encrypt the hash. For this, the hash value and
private key are fed to the signature algorithm (e.g., ECDSA), which produces the digital
signature on a given hash.

(iii) Phil then sends the data with the digital signature to the intended receiver Jane.
Additionally, the digital signature + the public key of Phil are enough for nodes to
verify that the private key associated with Phil has been used to make such a signature.
Hence, it can be proved that the transaction is authenticated and the document has
been sent by Phil.

https://medium.com/techskill-brew/cryptography-in-blockchain-part-6-blockchain-basics-129ec058c574 9/13
2/12/23, 11:30 AM Cryptography in Blockchain (Part 6- Blockchain Series) | by Techskill Brew | Blockchain 101 by Techskill Brew | Medium

(a) Signing the data with the signer’s private key and (b) verifying the data with the signer’s public key

(iv) After receiving the data and signature on it, the receiver, Jane can verify it. This
would involve two steps, generating the hash of the sent data and decrypting the
encrypted hash. By using the signer’s public key, the hash can be decrypted. If the
decrypted hash matches a second recomputed hash of the same data, it proves that the
data hasn’t changed since it was signed. On the other hand, if the two hashes don’t
match, it indicates that the data has been tampered with.

Example 2: Suppose Phil wants to send 1 Bitcoin (BTC) to Jane. To achieve this, each
account owner in the network needs to have a digital wallet that assigns them a
public/private key pair. The public key is the address of the digital wallet. You are safe
sharing it with others when you want them to send you bitcoin/cryptocurrency. On the
other hand, the private key is used to assign and authorize the cryptocurrency to be
spent or sent elsewhere.

To send 1 BTC to Jane,

https://medium.com/techskill-brew/cryptography-in-blockchain-part-6-blockchain-basics-129ec058c574 10/13
2/12/23, 11:30 AM Cryptography in Blockchain (Part 6- Blockchain Series) | by Techskill Brew | Blockchain 101 by Techskill Brew | Medium

(i) The transaction details, including the amount to be sent (1BTC), recipient (Jane)
address, etc., are hashed, and the hashed transaction is then signed using Phil’s private
key. The signed transaction is then sent to nodes on the network.

(ii) The miners, who know his public key, will then check the transaction conditions
and validate the authenticity of the signature.

(iii) Once validity is confirmed, the block containing that transaction will be created by
a validator/miner. Thus, the receiver, i.e., Jane, receives 1BTC from Phil in her wallet.

Therefore, the digital signature ensures that only the account owner can move money
out of the account.

Digitally signed bitcoin transaction on Blockchain

Advantages of digital signature

1. Authenticity: Digital signature enables the receiver to confirm data authentication
by validating the digital signature with the sender’s public key. Also, the receiver can
be sure that he/she is communicating with the person they intend to.
https://medium.com/techskill-brew/cryptography-in-blockchain-part-6-blockchain-basics-129ec058c574 11/13
2/12/23, 11:30 AM Cryptography in Blockchain (Part 6- Blockchain Series) | by Techskill Brew | Blockchain 101 by Techskill Brew | Medium

2. Data integrity: Digital signatures ensure that the data has not been illegally accessed
and modified by any hacker. For instance, if a hacker has access to the document and
alters it, the hash of the modified document and the output hash provided by the
decrypting digital signature will not match. Hence, the receiver can safely deny the
document assuming that data integrity has been breached.

3. Non-repudiation: Digital signatures also provide non-repudiation of the data. Non-

repudiation means that participants cannot deny the transaction in the Blockchain. For
example, A sent a signed document to B, so A cannot deny that he didn’t send the
document to B. And at the same time, B cannot claim that he did not receive this
document. This is because the person who sent the document had to be in possession
of a private key to sign the document. Therefore, the receiver can present the
document and digital signature to a third party as evidence if any dispute arises in the
future.

If you liked this article and want to know more about Blockchain, NFTs, Metaverse, and
their applications, click the below link.

50+ Real World Applications of Blockchain: A beginner’s complete

guide to Blockchain Fundamentals…
50+ Real World Applications of Blockchain: A beginner’s complete
guide to Blockchain Fundamentals, Consensus…
www.amazon.com

Happy learning!

Blockchain Blockchain Technology Blockchain Startup Cryptocurrency

Cryptography

https://medium.com/techskill-brew/cryptography-in-blockchain-part-6-blockchain-basics-129ec058c574 12/13
2/12/23, 11:30 AM Cryptography in Blockchain (Part 6- Blockchain Series) | by Techskill Brew | Blockchain 101 by Techskill Brew | Medium

Get an email whenever Techskill Brew publishes.

Your email

Subscribe

By signing up, you will create a Medium account if you don’t already have one. Review our Privacy Policy for more information about our privacy
practices.

About Help Terms Privacy

Get the Medium app

Open in app Sign up Sign In

Search Medium

https://medium.com/techskill-brew/cryptography-in-blockchain-part-6-blockchain-basics-129ec058c574 13/13
2/12/23, 11:32 AM Cryptography in Blockchain?. An introduction to how the ancient… | by Simran Ghera | DataDrivenInvestor

Published in DataDrivenInvestor

Simran Ghera Follow

Feb 19, 2022 · 3 min read · Listen

Save

BLOCKCHAIN SIMPLIFIED

Cryptography in Blockchain?
An introduction to how the ancient style of keeping secrets is still
relevant

https://medium.datadriveninvestor.com/cryptography-in-blockchain-5c7dd500ca77 1/5
2/12/23, 11:32 AM Cryptography in Blockchain?. An introduction to how the ancient… | by Simran Ghera | DataDrivenInvestor

Photo by cottonbro from Pexels

Cryptography (noun):

Known as the art form which encrypts important messages so that no one between the
sender and the receiver can read the message.

It was used in the past between militaries and their generals to pass critical
information without enemy forces deciphering what was being communicated. Little
did they know that we would science it all up to make a complicated version of
ourselves.

What’s its use in Blockchain?

Since the network is distributed and used by almost everyone around the globe, your
information is bound to be at the risk of being stolen or manipulated, especially
sensitive ones such as bank account details or where you have stashed that extra cash
in your house (hint: it’s always under the mattress).

Enter Public Key Cryptography. It is one of the techniques of Cryptography and forms
the foundation upon which the decentralised system of Blockchain relies. We can
create and store verifiable records of transactions on the network with the use of
Public Key Cryptography.

Now onto the best part. Learning how it works.

How to use it in Blockchain?

https://medium.datadriveninvestor.com/cryptography-in-blockchain-5c7dd500ca77 2/5
2/12/23, 11:32 AM Cryptography in Blockchain?. An introduction to how the ancient… | by Simran Ghera | DataDrivenInvestor

Photo by olieman.eth on Unsplash

You will have two keys. A Public key and a Private key. They function as a lock and key.
The public key encrypts any message sent on the network and the private key (you
guessed it right) decrypts it. However, only those messages encrypted by your Public
key are decrypted by your Private key.

The public key can be shared with anyone to encrypt messages. Thus the reason why
it’s called that. But a Private key can’t be shared with anyone as it can be misused, so
you have to keep it as hidden as you can.

Keys in action
So let’s create a scenario where you want to ask your friend when they are going to
return your expensive watch they borrowed for an occasion. But for fun purposes, you
decide to send them a message through the Blockchain network.

Now, you would write your message and then use your friend’s public key, which they
shared with you, to encrypt the message. This would result in a ciphertext or
something that your kid types when he gets hold of your phone. After receiving the
https://medium.datadriveninvestor.com/cryptography-in-blockchain-5c7dd500ca77 3/5
2/12/23, 11:32 AM Cryptography in Blockchain?. An introduction to how the ancient… | by Simran Ghera | DataDrivenInvestor

message, your friend would decode it with their private key and would find your
message in its original form.

This is how important communication travels back and forth on the network.
Everyone else only sees some gibberish but only you two what’s being said. Like only
you knew from the message sent back, that your beloved buddy broke your watch,
being the clumsy guy that he is.

In a Nutshell
So if I had to form a chain outlining the events, it would proceed something like this:

Message ⇒ ⇒ ⇒ Public Key (encrypts) ⇒ ⇒ ⇒ Ciphertext ⇒ ⇒ ⇒ Sent publicly on

open network ⇒ ⇒ ⇒ Private Key (decrypts) ⇒ ⇒ ⇒ Message

It would be safe to end it here as to not cause an information overload. Would be glad to
answer any queries in the comments. You can also connect with me on LinkedIn for a casual
chat on the wonder that is Blockchain. I will see you next time where we discuss
Cryptographic hash functions. Can’t wait!

Schedule a DDIChat Session in Blockchain and Cryptocurrency:

Experts - Blockchain and Cryptocurrency - DDIChat

DDIChat allows individuals and businesses to speak directly with
subject matter experts. It makes consultation fast…
app.ddichat.com

Apply to be a DDIChat Expert here.

Ways to work with DDI: https://datadriveninvestor.com/collaborate
Visit us at https://www.datadriveninvestor.com/

https://medium.datadriveninvestor.com/cryptography-in-blockchain-5c7dd500ca77 4/5
2/12/23, 11:32 AM Cryptography in Blockchain?. An introduction to how the ancient… | by Simran Ghera | DataDrivenInvestor

Gain Access to Expert View — Subscribe to DDI Intel:

https://ddintel.datadriveninvestor.com/
Open in app Sign up Sign In

Search Medium

Simple Cryptography Blockchain Simplified Fintech

About Help Terms Privacy

Get the Medium app

https://medium.datadriveninvestor.com/cryptography-in-blockchain-5c7dd500ca77 5/5
2/12/23, 11:26 AM Cryptography, Encryption, Hash Functions and Digital Signature | by Eray ALTILI | DataDrivenInvestor

Published in DataDrivenInvestor

You have 2 free member-only stories left this month. Sign up for Medium and get an extra one

Eray ALTILI Follow

Feb 18, 2018 · 15 min read · · Listen

Save

Cryptography, Encryption, Hash Functions and

Digital Signature
https://medium.datadriveninvestor.com/cryptography-encryption-hash-functions-and-digital-signature-101-298a03eb9462 1/17
2/12/23, 11:26 AM Cryptography, Encryption, Hash Functions and Digital Signature | by Eray ALTILI | DataDrivenInvestor

Cryptography is at the heart of Blockchain technology. At this post, I will try to explain
some of the basics of Cryptography, Encoding,Encryption and Digital Signature.

Encoding is the process of applying a specific code, such as letters, symbols and
numbers, to data for conversation into an equivalent cipher.

The difference between encoding and encryption is that encryption needs a key to
encrypt/decrypt.

Cryptography

Cryptography is the practice and study of secure communication in the presence of

third parties.[1] In the past cryptography referred mostly to encryption. Encryption is
the process of converting plain text information to cipher text. Reverse is the
decryption. Encryption is a mechanism to make the information confidential to
anyone except the wanted recipients. Cipher is the pair of algorithm that creates
encryption and decryption. Cipher operation is depends on algorithm and the key. Key
is the secret that known by communicants. In addition, there are two types of
encryption by keys used:

Symmetric Key Algorithms

Symmetric key algorithms (Private-key cryptography): same key used for encryption
and decryption. (AES, DES etc.) (AWS KMS uses Symmetric Key Encryption to perform
encryption and decryption of the digital data)

https://medium.datadriveninvestor.com/cryptography-encryption-hash-functions-and-digital-signature-101-298a03eb9462 2/17
2/12/23, 11:26 AM Cryptography, Encryption, Hash Functions and Digital Signature | by Eray ALTILI | DataDrivenInvestor

Symmetric key ciphers implemented as either block ciphers or stream ciphers by type
of input data. A block cipher enciphers input in blocks of plaintext as opposed to
individual characters, the input form used by a stream cipher.

Block Ciphers: encrypt block of data of fixed size. (DES, AES etc.)
Stream Ciphers: encrypt continuous streams of data. (RC4, etc.)

Entropy measures how random data is when used in cryptography.

Asymmetric Key Algorithms

Asymmetric key algorithms (Public-key cryptography): two different keys (private and
public) used for encryption and decryption. (RSA, Elliptic Curve etc.)(AWS EC2 key
pairs uses asymmetric encryption.)

https://medium.datadriveninvestor.com/cryptography-encryption-hash-functions-and-digital-signature-101-298a03eb9462 3/17
2/12/23, 11:26 AM Cryptography, Encryption, Hash Functions and Digital Signature | by Eray ALTILI | DataDrivenInvestor

Data manipulation in symmetric systems is faster than asymmetric systems as they

generally use shorter key lengths. Asymmetric systems use a public key to encrypt a
message and a private key to decrypt it. Use of asymmetric systems enhances the
security of communication however; it consumes CPU resources heavily.

Cryptographic Hash Functions

Cryptographic hash functions are a third type of cryptographic algorithm. A message

of any length taken as input, and output to a short, fixed length hash. (MD5, SHA etc.)
It is a mathematical algorithm that maps data of arbitrary size to a bit string of a fixed
size (a hash) and designed to be a one-way function, that is infeasible to invert.
Integrity checking is the mechanism to verify if the information has not changed. To
validate the integrity, a thumbprint (also called hash or digest) of the information
created. Thumbprint created by an algorithm that create a shorter bit string from an
information.

https://medium.datadriveninvestor.com/cryptography-encryption-hash-functions-and-digital-signature-101-298a03eb9462 4/17
2/12/23, 11:26 AM Cryptography, Encryption, Hash Functions and Digital Signature | by Eray ALTILI | DataDrivenInvestor

SALT

Random string, or salt, is added to the password (to make the password more secure)
and then hashed. This prevents rainbow table attacks. Salting should be used with
Cryptographically Secure Pseudo Random Number Generator aka CSPRNG. Salts needs
to have high entropy. However RSA used Dual_EC_DRBG standard for CSPRNG which
has been shown not be cryptographically secure and is believed to have a
kleptographic NSA backdoor. Backdoor was confirmed in 2013 and RSA Security
received a $10 million payment from the NSA to do so.

Key Stretching

A cryptographic hash function or a block cipher may be repeatedly applied in a loop.

Modern password-based key derivation functions, such as PBKDF2, use a
cryptographic hash, such as SHA-2, a longer salt (e.g. 64 bits) and a high iteration count
(tens or hundreds of thousands).

Authenticated Encryption

https://medium.datadriveninvestor.com/cryptography-encryption-hash-functions-and-digital-signature-101-298a03eb9462 5/17
2/12/23, 11:26 AM Cryptography, Encryption, Hash Functions and Digital Signature | by Eray ALTILI | DataDrivenInvestor

Authenticated encryption provides confidentiality, data integrity, and authenticity

assurances on encrypted data. Authenticated encryption can be generically constructed
by combining an encryption scheme and a message authentication code (MAC). For
example AWS KMS Encrypt API takes plaintext, a customer master key (CMK)
identifier, and an encryption context ( Encryption context is a set of non-secret key-
value pairs that you can pass to AWS KMS when you call the Encrypt , Decrypt ,

ReEncrypt , GenerateDataKey , or GenerateDataKeyWithoutPlaintext APIs.) and returns

ciphertext. The encryption context represents additional authenticated data (AAD).
The encryption process uses the AAD only to generate an authentication tag. The tag is
included with the output ciphertext and used as input to the decryption process. This
means that the encryption context that you supply to the Decrypt API must be the
same as the encryption context you supply to the Encrypt API. Otherwise, the
encryption and decryption tags will not match, and the decryption process will fail to
produce plaintext. Further, if any one of the parameters has been tampered with —
specifically if the ciphertext has been altered — the authentication tag will not
compute to the same value that it did during encryption. The decryption process will
fail and the ciphertext will not be decrypted.

Digital Signature
Digital signature is a mathematical scheme for demonstrating the authenticity of digital
messages or documents. A valid digital signature enables information integrity (using
hash algorithm) to ensure message is not altered, message created by the sender
(authentication) and sender cannot deny having sent the message (non-repudiation).
The digital signature has to be authentic, unfalsifiable, non-reusable, unalterable and
irrevocable. When all this property are gathered, the authenticity and the integrity of
an information can verified.

https://medium.datadriveninvestor.com/cryptography-encryption-hash-functions-and-digital-signature-101-298a03eb9462 6/17
2/12/23, 11:26 AM Cryptography, Encryption, Hash Functions and Digital Signature | by Eray ALTILI | DataDrivenInvestor

The signature operation is based on asymmetric cryptography. First a digest of the

initial information is created and this last is encrypted with the private key. This
operation is called the signature.

To validate the signature, the recipient extracts the encrypted digest from the message
and use his public key to unencrypt it. Next the recipient creates a digest from the
received information and compare it with the previously unencrypted digest. This is
the signature checking process.

A good way to remember when the private key is used is to know what information is
important in each operation. In signature process, the critical information is the digest
so the private key is used to sign. In encryption process, the critical information is
encrypted: so the private key is used to unencrypt.

Modern Encryption[2]

https://medium.datadriveninvestor.com/cryptography-encryption-hash-functions-and-digital-signature-101-298a03eb9462 7/17
2/12/23, 11:26 AM Cryptography, Encryption, Hash Functions and Digital Signature | by Eray ALTILI | DataDrivenInvestor

Each encryption algorithm has advantages and convenient therefore Modern

Encryption associates both symmetric and asymmetric techniques. Modern algorithm
uses a session key (temporarily key) to encrypt information with symmetric
cryptography. Next, the session key encrypted with the public key of the recipient. To
unencrypt information, first the recipient unencrypt the session key with his private
key and unencrypt information with the session key [2].

On the sender side, following actions performed:

1. A temporarily key called session key (Ks) generated;

2. Information encrypted with session key (Ks);

3. (Ks) Encrypted with the public key (Kpu) of the recipient. This key called Kse;

4. Kse added to the encrypted information file. This file sent to the recipient.

On the recipient side, the below action performed:

https://medium.datadriveninvestor.com/cryptography-encryption-hash-functions-and-digital-signature-101-298a03eb9462 8/17
2/12/23, 11:26 AM Cryptography, Encryption, Hash Functions and Digital Signature | by Eray ALTILI | DataDrivenInvestor

1. The encrypted information and Kse are separated;

2. The Kse key is unencrypt with the private key (Kpr) of the recipient and becomes
the Ks;

3. The document is unencrypted with Ks.

Encryption and Digital Signature Operation

Now that we are aware about encryption, hash algorithm and signature, let have a look
how these elements interact together to make an information confidential, authentic
and honest.

https://medium.datadriveninvestor.com/cryptography-encryption-hash-functions-and-digital-signature-101-298a03eb9462 9/17
2/12/23, 11:26 AM Cryptography, Encryption, Hash Functions and Digital Signature | by Eray ALTILI | DataDrivenInvestor

When the signature and encryption used together, the signing process done first.
Following steps performed:

1. A digest is created from the initial information;

https://medium.datadriveninvestor.com/cryptography-encryption-hash-functions-and-digital-signature-101-298a03eb9462 10/17
2/12/23, 11:26 AM Cryptography, Encryption, Hash Functions and Digital Signature | by Eray ALTILI | DataDrivenInvestor

2. This thumbprint is encrypted with the private key (Kprg);

3. The thumbprint is added to the initial information (in the same file);

4. A temporarily session key is generated (Ks) It will be used to encrypt initial

information;

5. The session key is encrypted (Kse) with the public key of the rececipient (Kpub);

6. Kse added to encrypted information file. So this file is contains the encrypted
information, the Kse and the signature.

When the recipient receives the file from the issuer, it begins by unencrypt file and
next to verify the signature:

1. The recipient extract the Kse from the received file. This key is unencrypt with the
private key (Kprb) to obtain session key (Ks);

2. Ks is used to unencrypt information;

3. Next recipient extract the encrypted thumbprint;

4. The public key (Kpug) is used to unencrypt the thumbprint;

5. In the same time, the recipient creates a digest from the previously unencrypted
information;

6. To finish, the recipient compares the unencrypted thumbprint with the digest
generated from unencrypted information. If they match, the signature verified.

Proxy Reencryption

A proxy re-encryption is generally used when one party, say Bob, wants to reveal the
contents of messages sent to him and encrypted with his public key to a third party,
Chris, without revealing his private key to Chris. Bob does not want the proxy to be
able to read the contents of his messages. Bob could designate a proxy to re-encrypt
one of his messages that is to be sent to Chris. This generates a new key that Chris can
use to decrypt the message. Now if Bob sends Chris a message that was encrypted

https://medium.datadriveninvestor.com/cryptography-encryption-hash-functions-and-digital-signature-101-298a03eb9462 11/17
2/12/23, 11:26 AM Cryptography, Encryption, Hash Functions and Digital Signature | by Eray ALTILI | DataDrivenInvestor

under Bob’s key, the proxy will alter the message, allowing Chris to decrypt it. This
method allows for a number of applications such as e-mail forwarding, law-
enforcement monitoring, and content distribution.

An unidirectional multi-use proxy re-encryption (UM-PRE) scheme allows a semi-

trusted proxy to transform a message encrypted under the key of party A into another
ciphertext, containing the initial plaintext, such that another party B can decrypt the
ciphertext with its key. The proxy neither gets access to the plaintext nor to the
decryption keys. The proxy can only transform in one direction and one ciphertext can
be transformed multiple times.

Proxy re-encryption is a form of public-key encryption that allows a user Alice to

“delegate” her decryption rights to another user Bob.

In a proxy re-encryption scheme, Alice delegates a semi-trusted proxy to translate

cyphertexts encrypted under her key into cyphertexts encrypted under Bob’s key. Once
delegated, the proxy operates independently of Alice. The proxy is considered “semi-
trusted” because it does not see the content of the messages being translated, nor can
it re-encrypt Alice’s messages to users for whom Alice has not granted decryption
rights.

To delegate her decryption rights to Bob, Alice generates a “delegation key” (or “re-
encryption key”), and sends this key to the proxy server. The proxy server uses this key
to translate messages from Alice’s key to Bob’s key. The schemes implemented by
Proxy server are unidirectional. In a unidirectional scheme, delegations are “one-way”,
i.e., the proxy can re-encrypt Alice’s messages to Bob, but cannot re-encrypt Bob’s
messages to anyone. Furthermore, Alice can generate a delegation key (to Bob) using
only Bob’s public key (and her secret key). It is not necessary that Bob be online or
even know that delegation has taken place.

Proxy Reencryption Functions

Proxy re-encryption schemes are similar to traditional symmetric or asymmetric

encryption schemes, with the addition of two functions:

Delegation — allows a message recipient (keyholder) to generate a re-encryption key

based on his secret key and the key of the delegated user. This re-encryption key is
https://medium.datadriveninvestor.com/cryptography-encryption-hash-functions-and-digital-signature-101-298a03eb9462 12/17
2/12/23, 11:26 AM Cryptography, Encryption, Hash Functions and Digital Signature | by Eray ALTILI | DataDrivenInvestor

used by the proxy as input to the re-encryption function, which is executed by the
proxy to translate ciphertexts to the delegated user’s key. Asymmetric proxy re-
encryption schemes come in bi-directional and uni-directional varieties.

In a bi-directional scheme, the re-encryption scheme is reversible — that is, the re-
encryption key can be used to translate messages from Bob to Charlie, as well as from
Charlie to Bob. This can have various security consequences, depending on the
application. One notable characteristic of bi-directional schemes is that both the
delegator and delegated party (e.g., Charlie and Bob) must combine their secret keys to
produce the re-encryption key.

A uni-directional scheme is effectively one-way; messages can be re-encrypted from

Bob to Charlie, but not the reverse. Uni-directional schemes can be constructed such
that the delegated party need not reveal its secret key. For example, Bob could delegate
to Charlie by combining his secret key with Charlie’s public key.

Transitivity — Transitive proxy re-encryption schemes allow for a ciphertext to be re-

encrypted an unlimited number of times. For example, a ciphertext might be re-
encrypted from Bob to Charlie, and then again from Charlie to David and so on. Non-
transitive schemes allow for only one (or a limited number) of re-encryptions on a
given ciphertext. Currently, the only known uni-directional, transitive proxy re-
encryption is done through the use of Homomorphic Encryption which allows
computation on encrypted data.

Identity-based conditional proxy re-encryption (IBCPRE)

Proxy re-encryption (PRE) is a useful cryptographic primitive in which a semi-trusted

proxy agent is given delegation power to transform a ciphertext for Alice into a
ciphertext for Bob without viewing the underlying plaintext. Attribute Based
Encryption (ABE) is a promising cryptographic algorithm that provides confidentiality
of data along with owner-enforced fine-grained access control. With attribute-based
encryption, a data owner can use a set of attribute values (i.e., access policy) for
encrypting a message such that only authorized entity who possesses the required set
of attribute values can decrypt the ciphertext. A proxy re-encryption scheme using the
merits of ciphertext-policy anonymous attribute-based encryption. The scheme,
termed as PRE-AABE, reduces the computation burden significantly for updating the

https://medium.datadriveninvestor.com/cryptography-encryption-hash-functions-and-digital-signature-101-298a03eb9462 13/17
2/12/23, 11:26 AM Cryptography, Encryption, Hash Functions and Digital Signature | by Eray ALTILI | DataDrivenInvestor

access policy of a ciphertext to a semi-trusted proxy agent (e.g., cloud server). The PRE-
AABE scheme hides the access policy inside the ciphertext, so that parties except the
intended receiver will not be able to figure out the purpose of the ciphertext. At the
same time, the proxy agent is able to perform the re-encryption successfully without
learning anything about the plaintext contents or the access policy.

An IBCPRE scheme is a natural extension of proxy re-encryption on two aspects. The

first aspect is to extend the proxy re-encryption notion to the identity-based public key
cryptographic setting. The second aspect is to extend the feature set of proxy re-
encryption to support conditional proxy re-encryption. By conditional proxy re-
encryption, a proxy can use an IBCPRE scheme to re-encrypt a ciphertext but the
ciphertext would only be well-formed for decryption if a condition applied onto the
ciphertext together with the re-encryption key is satisfied. This allows fine-grained
proxy re-encryption and can be useful for applications such as secure sharing over
encrypted cloud data storage.

Under the identity-based cryptographic setting, the public key of the user can be an
arbitrary string of bits provided that the string can uniquely identify the user in the
system. The unique string, for example, can be an email address, a phone number, and
a staff ID (if used only internally within an organization). However, the corresponding
private key is no longer generated by the user. From the public key, which is a unique
binary string, there is a key generation center (KGC), which generates and issues the
private key to the user. The KGC has a public key, which is assumed to be publicly
known, and the encryption and decryption then work under the unique binary string
defined public key and the corresponding private key, respectively, with respect to the
KGC’s public key.

Proxy Re-encryption allows a ciphertext, which originally can only be decrypted by a

user, to be transformed by a public entity, called proxy, to another ciphertext so that
another user can also decrypt. Suppose the two users are Alice and Bob. Alice has
some messages: M1, M2, … Mn. She intends to encrypt them under her public key, and
then upload the encrypted messages to some server.

Now when Alice wants to share these n encrypted messages with Bob, Alice can use a
proxy re-encryption scheme to allow the server to re-encrypt these n encrypted

https://medium.datadriveninvestor.com/cryptography-encryption-hash-functions-and-digital-signature-101-298a03eb9462 14/17
2/12/23, 11:26 AM Cryptography, Encryption, Hash Functions and Digital Signature | by Eray ALTILI | DataDrivenInvestor

messages so that Bob can decrypt these re-encrypted messages directly using his own
private key.

To do so in the proxy re-encryption scheme, Alice uses her private key and the public
key of Bob to generate a re-encryption key. Alice then sends the re-encryption key to
the server. Upon receiving this re-encryption key, the server uses the key to transform
all the n encrypted messages C1, C2, …, Cn to a new form denoted as D1, D2, …, Dn.
Bob can then download D1, D2, …, Dn, decrypt them, and recover the messages M1,
M2, … Mn using his private key.

In an identity-based conditional proxy re-encryption (IBCPRE) system, users set their

public keys as unique identities of the users. One of the main advantages of using
identity-based cryptographic algorithms is the elimination of public key certificates
which can help enhance the usability of the target security applications. The term
‘Conditional’ in IBCPRE refers to an additional feature, which allows each encrypted
message to have a ‘tag’ associated with. In addition to the tag, each re-encryption key
also has a ‘tag’ attached. The IBCPRE is designed so that only if the tag of an encrypted
message matches with the tag of a re-encryption key can the encrypted message be re-
encrypted.

One of the key features of IBCPRE is that when Alice as a data owner encrypts
messages, the encryption is done for herself and only Alice herself can decrypt the
encrypted messages using her secret key. There is no need for Alice to know in
advance about who that she would like to share the encrypted messages with. In other
words, picking the friends to share with by Alice can be done after she encrypts the
messages and uploads to the Server.

Another feature of IBCPRE is that it supports end-to-end encryption. The server which
stores the encrypted messages cannot decrypt the messages both before and after the
re-encryption.

IBCPRE supports one-to-many encryption. The data owner Alice can choose multiple
friends to share her data with. For multiple friends to share the encrypted messages
with, Alice simply needs to generate a re-encryption key for each of her friends and
sends all the re-encryption keys to the server for carrying out the re-encryption. The
number of re-encryption keys that Alice needs to generate depends on the number of

https://medium.datadriveninvestor.com/cryptography-encryption-hash-functions-and-digital-signature-101-298a03eb9462 15/17
2/12/23, 11:26 AM Cryptography, Encryption, Hash Functions and Digital Signature | by Eray ALTILI | DataDrivenInvestor

friends that Alice wants to share the encrypted messages with. It does not depend on
the number of encrypted messages. One re-encryption key will allow the Server to
convert all the encrypted messages provided the tag of the encrypted messages and the
tag of the re-encryption key matches.

The conditional ‘tag’ of the IBCPRE facilitates the fine-grained access of encrypted
messages. By setting different tag values onto different encrypted messages, the data
owner Alice can control the exact set of encrypted messages that she wants to share
with any particular friends of her with great flexibility.

Consider a user Alice who encrypts some messages M1, M2, …, Mt with a tag ‘Private’,
Mt+1, Mt+2, …, Mm with a tag ‘toShareWithFamily’, Mm+1, Mm+2, …, Mn with a tag
‘toShareWithFriend’, using IBCPRE under her unique identity, which is considered as
the public key of Alice. Alice then uploads the corresponding encrypted messages C1,
C2, …, Ct, Ct+1, …, Cm, Cm+1, …, Cn to a server.

When Alice is about to share Mm+1, Mm+2, …, Mn with another user Bob, who
becomes her friend recently, Alice generates a re-encryption key using IBCPRE with an
associated tag ‘toShareWithFriend’. This generation is done by taking as input Alice’s
private key and Bob’s identity. Then Alice sends the re-encryption key to the server. By
using the re-encryption key, the server runs the IBCPRE re-encryption function on
Cm+1, Cm+2, …, Cn for transforming them into another form, Dm+1, Dm+2, …, Dn so
that Bob can decrypt them directly using his private key. This transformation can be
done as the tag associated with the encrypted messages, namely ‘toShareWithFriend’,
matches with the tag associated with the re-encryption key.

Note that the server cannot transform C1, C2, …, Ct, Ct+1, …, Cm to another form for
Bob to decrypt using the re-encryption key because the tag of these m encrypted
messages, namely ‘Private’ or ‘toShareWithFamily’, does not match with the tag of the
re-encryption key.

Originally published at https://www.linkedin.com on February 17, 2018.

References:

[1] “Cryptography”. In J. Van Leeuwen. Handbook of Theoretical Computer Science

https://medium.datadriveninvestor.com/cryptography-encryption-hash-functions-and-digital-signature-101-298a03eb9462 16/17
2/12/23, 11:26 AM Cryptography, Encryption, Hash Functions and Digital Signature | by Eray ALTILI | DataDrivenInvestor

[2] Romain Serre Introduction to Encryption and Signature

Security Cryptography Blockchain Encryption Cryptocurrency

About Help Terms Privacy

Open in app Sign up Sign In

Get the Medium app

Search Medium

https://medium.datadriveninvestor.com/cryptography-encryption-hash-functions-and-digital-signature-101-298a03eb9462 17/17
2/12/23, 11:38 AM Let’s understand Cryptography. Communication has become a more… | by Dulaj Dilshan | Nerd For Tech | Medium

Published in Nerd For Tech

Dulaj Dilshan Follow

Aug 1, 2021 · 11 min read · Listen

Save

Let’s understand Cryptography

C ommunication has become a more extensive area from old-school letters to

quick chat applications. Data security is another separate subfield in the
communication area. Communication system requires to be fully protected to avoid

https://medium.com/nerd-for-tech/lets-understand-cryptography-6584309a30af 1/13
2/12/23, 11:38 AM Let’s understand Cryptography. Communication has become a more… | by Dulaj Dilshan | Nerd For Tech | Medium

criminal and privacy-breaching activities. The literature review conducted an

observation of how research being done in the field of cryptography to achieve
security requirements in network and application security. This review compares
earlier and modern studies related to cryptography with the impact that has been
done. By reviewing both scholarly and non-scholarly works, the objective is to make a
case that continuing research into the use of cryptography is supreme in preserving
data security and privacy.

First thing First

https://medium.com/nerd-for-tech/lets-understand-cryptography-6584309a30af 2/13
2/12/23, 11:38 AM Let’s understand Cryptography. Communication has become a more… | by Dulaj Dilshan | Nerd For Tech | Medium

https://medium.com/nerd-for-tech/lets-understand-cryptography-6584309a30af 3/13
2/12/23, 11:38 AM Let’s understand Cryptography. Communication has become a more… | by Dulaj Dilshan | Nerd For Tech | Medium

The first use for cryptography used for the systems is to enable two people, Alice and
Bob, to keep their communications secure over an insecure channel in a manner that
prevents an attacker, Eve, from being able to understand the conversation. Today’s
cryptography is vastly more complicated than its earlier versions. However, all the
sophisticated methods have been built underneath the basics. Cryptography today,
even though it still has far-reaching military implications, has expanded domains. The
novel approaches of systems are designed to provide cost-effective means of securing
and thus protecting large amounts of electronic data using cryptography. Cryptography
offers methods for data privacy.

Let's understand the communication model

The communication model is used to demonstrate security in communication. Alice is
a message conveyer who sends data; Bob is the receiver of this data. In this scenario,
we assume that the communication channel used to send the data is an insecure
channel.

https://medium.com/nerd-for-tech/lets-understand-cryptography-6584309a30af 4/13
2/12/23, 11:38 AM Let’s understand Cryptography. Communication has become a more… | by Dulaj Dilshan | Nerd For Tech | Medium

Communication Model

Early Cryptography
Cryptography is as long as the first writings happen in the communication process.
The fascinating history of cryptography extends up to 4000 years back. The first known
evidence, which is accounted as Kahn’s The Code Breakers (‘Involutory commutants
with some applications to algebraic cryptography. II’, 1967), traces cryptography from
its initial and limited use by the Egyptians (4000 years ago) to the twentieth century.
Cryptography had a more significant improvement in world war I and II (Callahan,
2014). Though it gives hints about the first usages of cryptography, it isn’t
straightforward to pinpoint the exact origin of cryptography. However,

https://medium.com/nerd-for-tech/lets-understand-cryptography-6584309a30af 5/13
2/12/23, 11:38 AM Let’s understand Cryptography. Communication has become a more… | by Dulaj Dilshan | Nerd For Tech | Medium

The inscriptions carved into the walls of the main chamber of the tomb of the
nobleman Khnumhotep II, inscriptions date to approximately 1900 BC

The Arthashastra is a classic work on statecraft that is attributed to Kautilya and

was written sometime between 321BC and 300BC. This work reminds that of
espionage communication with their spies via secret writing (Gebbie, 2009).

The first record of active cryptanalysis comes from the Arabs during the 700s

Later, research moved on to using simple mono-alphabetic substitution ciphers from

500 to 600 BC. This involved replacing the letters of the message with other letters of a
different alphabet following some secret rule. This rule is the key to retrieve the
original message back from the garbled message (Gebbie, 2009).

It is a turning point in launching cryptography research and modern cryptography. By

the time, in 1980, the DES algorithm, which was adopted by the American National
Standards Institute (ANSI), was used commercially. Following this milestone was yet
another when a new concept was proposed to develop Public Key Cryptography (PKC),
which is still experiencing research development today (Levy, 2001).

Simple Plaintext Cryptography (Simple Ciphers)

As mentioned in the introduction section, simple encryption algorithms were invented
4000 years ago. These ciphers are based on substitution and transposition of characters
in a single plaintext. While, the operations performed in modern encryption
algorithms are usually a bit similar, but they affect individual bits and bytes. So, we can
agree that modern cryptography schemes are more secure than earlier systems. The
substitution ciphers are about substituting each group of plaintext letters with another
predefined group according to an alphabet. For decrypting, the user should use a
reverse substitution. There are several substitution ciphers: Caesar cipher,
Monoalphabetic Ciphers, etc.

Vigenère Tableaux is also another simple plaintext cipher. It is easy to understand and
implement. It is encrypting alphabetic text by using a series of interwoven Caesar
ciphers. It employs a form of polyalphabetic substitution (Bruen 2011) (Bruen and
Forcinito, 2011).

https://medium.com/nerd-for-tech/lets-understand-cryptography-6584309a30af 6/13
2/12/23, 11:38 AM Let’s understand Cryptography. Communication has become a more… | by Dulaj Dilshan | Nerd For Tech | Medium

Polyalphabetic Substitution Ciphers is more cryptographically secure compared to

basic substitution ciphers. It displays a rather flat distribution, which gives no
information to a cryptanalyst. In monoalphabetic ciphers’ their frequency distribution
reflects the distribution of the underlying alphabet, So that, easily breakable.
Polyalphabetic substitutions are more secure than monoalphabetic It uses
substitutions, but still insecure because of the key length

Symmetric key cryptosystem

There are two forms of cryptosystems: symmetric and asymmetric. Symmetric
cryptosystems involve the use of a single key known as the secret key to encrypt and
decrypt data or messages. Asymmetric cryptosystems, on the other hand, use one key
(the public key) to encrypt messages or data, and a second key (the secret key) to
decipher or decrypt those messages or data (Fujisaki 2011) (Fujisaki and Okamoto,
2013).

In symmetric cryptosystems, both parties communicating with each other use only
one key for encryption and decryption. The entities communicating using symmetric
encryption must exchange the secret key. The main difference from asymmetric
cryptosystems is the key used here should be kept secret. There are several symmetric
key algorithms such as AES, DES, TRIPLE DES, RC4, BLOWFISH (Diaa Salama 2008)
(Elminaam, Abdul Kader and Hadhoud, 2009).

Symmetric encryption allows efficient communication between the two parties in a

closed environment. Compared to asymmetric symmetric algorithms work incredibly
fast, since computations are relatively simple operations. Therefore, symmetric-key
based algorithms perform better in relatively inexpensive hardware. The key size of
128-bit is sufficient to achieve adequate security features. Generally, there is no
difference in security. Security is basically based on the strength of the algorithm and
the size of the key. Both symmetric and asymmetric have different kinds of algorithms.
Good algorithm methods and key size effectiveness should be considered in order to
design a better security solution.

Block Ciphers & Stream Ciphers

There are two types of symmetric encryption algorithms: Block ciphers and Stream
ciphers.

https://medium.com/nerd-for-tech/lets-understand-cryptography-6584309a30af 7/13
2/12/23, 11:38 AM Let’s understand Cryptography. Communication has become a more… | by Dulaj Dilshan | Nerd For Tech | Medium

Block cipher performs as blocks in both plaintext and ciphertext. The user has to set
lengths of bits for encryption in blocks of data with the use of a specific secret key. For
example, DES and Rijndael algorithm uses a block size of 64-bit and 128-bit,
respectively. The level of security mainly depends on the data and the key size.
Examples of Block ciphers are DES, DESL, AES.

In the Stream-ciphers’ data is encrypted as a stream. Individual characters of plaintext

are encrypted simultaneously. The memory needed for the computation is lesser than
in the block ciphers’. However, the major drawback of the stream cipher is its lengthy
initialization phase in the first usage. Communication protocols do not identify stream
cipher. Stream cipher has a simple structure and speedy hardware (Debdeep
Mukhopadhyay 2007) (Kohda and Tsuneda, 1995). They are used in applications where
the size of the plaintext is unknown. Examples of stream ciphers are RC4, E0, and AES.

Different kinds of symmetric-key cryptosystems: DES, AES, and Blowfish

The DES, as the result of the contest, was developed at IBM as an adjustment for the
previous system (Davis, 1978). The DES is widely used for the encryption of PIN
numbers, bank transactions, and the likes. The DES is an example of a block cipher
that operates on blocks of 64 bits at a time, with an input key of 64 bits. Every 8th bit in
the input key is a parity check bit, which means that, in fact, the key size is effectively
reduced to 56 bits (Abomhara et al., 2010a) (Mohamed Abomhara et al., 2010).

3DES (aka Triple DES) was developed based on the DES algorithm to address the
obvious flaws in DES. 3DES simply extends the key size of DES by applying the
algorithm three times in sequence with three distinct keys

Advanced Encryption Standard (AES), which came in 1997, is a replacement for DES.
Rijndael cryptosystem is used as the AES after the NIST contest (Naji, Zaidan and
Zaidan, 2009). AES cryptosystem operates on 128-bit blocks, arranged as 4x4 matrices
with 8-bit entries. Variable block length and key length can be used according to the
latest configurations such as 128, 192, or 256 bits (Taqa, Zaidan and Zaidan, 2009).

Blowfish is a symmetric key block cipher with variable key length from 32 to 448-bits
and a block size of 64 bits. It executes above the Feistel network. Bruce Schneier
designed blowfish as a fast, free alternative to existing encryption algorithms.

https://medium.com/nerd-for-tech/lets-understand-cryptography-6584309a30af 8/13
2/12/23, 11:38 AM Let’s understand Cryptography. Communication has become a more… | by Dulaj Dilshan | Nerd For Tech | Medium

However, it suffers from weak keys’ problem; no attack is known to be successful

(KumarVerma and Singh, 2012).

As a comparison, In default usage, DES and Blowfish have the same block size of 64-bit
while AES has a 128-bit block size. Not like DES, asymmetric algorithms such as AES
and Blowfish have variable key sizes. DES, 3DES, and Blowfish are structure on the
Feistel Network algorithm. AES deals with substitution and permutation. DES is
vulnerable to Brute Force attacks and AES is vulnerable to Side-Channel Attacks.
Blowfish is a commercially used algorithm and however, no attack identified yet (Patil
et al., 2016).

Asymmetric key cryptosystem

Asymmetric-key cryptography, known as the Public-Key Cryptography (PKC), was
proposed by Diffie and Hellman (Diffie and Hellman, 1976). The idea is that
encryption/decryption is done using two keys: a private key and a public key. The
plaintext is encrypted by performing modular operations and provide the ciphertext
and the public key with other public parameters to the receiver to decrypt it (M.
Abomhara et al., 2010).

Diffie-Hellman Key exchange

The simplest public-key algorithm is the Diffie-Hellman key exchange (Diffie and
Hellman, 1976). This protocol allows two users to set up a secret key using a public-key
scheme based on discrete logarithms. The protocol is secure only if the two parties
agree on establishing authenticity. DH is used for secret-key key exchange only, and
not for authentication or digital signatures (Li, 2010).

DSA
Digital signatures are also be generated for stored data and programs so that the
integrity of the data and programs may be verified at any later time. One method for
sending low size and capacity data by using DSA is proposed by Erfaneh Noroozi.
“Hash function” is used in this method and it generates dynamic and smaller size bits
that depend on each byte of data (Noroozi, Daud and Sabouhi, 2013). Generating
signatures is now involved with several encryption algorithms such as RSA, Elgamal.

Elgamal

https://medium.com/nerd-for-tech/lets-understand-cryptography-6584309a30af 9/13
2/12/23, 11:38 AM Let’s understand Cryptography. Communication has become a more… | by Dulaj Dilshan | Nerd For Tech | Medium

Elgamal is an encryption model which deals with the Discrete Logarithm Problem
(Huang and Tso, 2012). The main idea is that the discrete logarithms cannot be found
in a practical time frame for a given number, while the inverse operation of the power
can be computed efficiently. The digital signing process is a bit different from the
encryption and decryption in the Elgamal.

RSA
The most used public key-cryptography implementation is RSA. Ronald Rivest, Adi
Shamir, and Leonard Adleman developed it at MIT (Rivest, Shamir and Adleman,
1978). RSA today is used in hundreds of software products and can be used for key
exchange, digital signatures, or encryption of small blocks of data. RSA can be used
with variable block size and key size. The key-pair, the public key, and the private key
are derived using a modular operation. The prime number used here is very large.
Here user uses two values, p, q. These p, q values are the values that are used in RSA
Public-key cryptography. P and q are prime numbers. The signing with RSA is the same
as in the encryption with RSA.

Elliptic Curve in Cryptography

The elliptic curve algorithm is not an encryption algorithm, but it is an analogy used to
build different kinds of cryptography (ECC) schemes. Elliptic curve arithmetic involves
the use of an elliptic curve equation defined over a finite field. Here the central
concept of Elliptic curve arithmetic dealing with is ECDLP i.e., Elliptic Curve Discrete
Logarithm Problem (Miller, no date; Koblitz, 1987).

Conclusion
The application associated with cryptosystems provides reliable security. However, the
extension of the overall security of an encryption scheme depends on the parameters
used (i.e., block size, key size). It is a user’s responsibility to keep the cipher keys
secret. The plaintext simple ciphers such as Caesar and Vigenère ciphers provide less
security. Modern-day applications such as Pretty Good Privacy (PGP) absorb the
cryptography power to provide privacy and data protection. Even though cryptography
is based on mathematical complexity and time complexity, affords the user the strong
security that is required and that they demand.

Some useful literatures

https://medium.com/nerd-for-tech/lets-understand-cryptography-6584309a30af 10/13
2/12/23, 11:38 AM Let’s understand Cryptography. Communication has become a more… | by Dulaj Dilshan | Nerd For Tech | Medium

Abomhara, M. et al. (2010) ‘Suitability of Using Symmetric Key to Secure Multimedia Data:
An Overview’, Journal of Applied Sciences, pp. 1656–1661. doi: 10.3923/jas.2010.1656.1661.

Abomhara, M. et al. (2010) ‘Video Compression Techniques: An Overview’, Journal of

Applied Sciences, pp. 1834–1840. doi: 10.3923/jas.2010.1834.1840.

Bruen, A. A. and Forcinito, M. A. (2011) Cryptography, Information Theory, and Error-

Correction: A Handbook for the 21st Century. John Wiley & Sons.

Callahan, K. M. (2014) ‘The Impact of the Allied Cryptographers on World War II :

Cryptanalysis of the Japanese and German Cipher Machines’. Available at:
https://pdfs.semanticscholar.org/c7cf/0c41932d61457dd943dc4dffca2c8bb92e95.pdf
(Accessed: 4 January 2020).

Davis, R. (1978) ‘The data encryption standard in perspective’, IEEE Communications

Society Magazine, pp. 5–9. doi: 10.1109/mcom.1978.1089771.

Diffie, W. and Hellman, M. (1976) ‘New directions in cryptography’, IEEE Transactions on

Information Theory, pp. 644–654. doi: 10.1109/tit.1976.1055638.

Elminaam, D. S. A., Abdul Kader, H. M. and Hadhoud, M. M. (2009) ‘Performance

Evaluation of Symmetric Encryption Algorithms on Power Consumption for Wireless Devices’,
International Journal of Computer Theory and Engineering, pp. 343–351. doi:
10.7763/ijcte.2009.v1.54.

Fujisaki, E. and Okamoto, T. (2013) ‘Secure Integration of Asymmetric and Symmetric

Encryption Schemes’, Journal of Cryptology, pp. 80–101. doi: 10.1007/s00145–011–9114–1.

Gebbie, S. (2009) A survey of the mathematics of cryptology. Available at:

http://hdl.handle.net/10539/6608 (Accessed: 4 January 2020).

Huang, K. and Tso, R. (2012) ‘A commutative encryption scheme based on ElGamal

encryption’, 2012 International Conference on Information Security and Intelligent Control.
doi: 10.1109/isic.2012.6449730.

‘Involutory commutants with some applications to algebraic cryptography. II’ (1967) Journal
für die reine und angewandte Mathematik (Crelles Journal), pp. 1–24. doi:

https://medium.com/nerd-for-tech/lets-understand-cryptography-6584309a30af 11/13
2/12/23, 11:38 AM Let’s understand Cryptography. Communication has become a more… | by Dulaj Dilshan | Nerd For Tech | Medium

10.1515/crll.1967.227.1.

Koblitz, N. (1987) ‘Elliptic curve cryptosystems’, Mathematics of Computation, pp. 203–203.

doi: 10.1090/s0025–5718–1987–0866109–5.

Kohda, T. and Tsuneda, A. (1995) ‘Chaotic bit sequences for stream cipher cryptography and
their correlation functions’, Chaotic Circuits for Communication. doi: 10.1117/12.227907.

KumarVerma, H. and Singh, R. K. (2012) ‘Performance Analysis of RC5, Blowfish and DES
Block Cipher Algorithms’, International Journal of Computer Applications, pp. 8–14. doi:
10.5120/5774–6004.

Levy, S. (2001) Crypto: How the Code Rebels Beat the Government — Saving Privacy in the
Digital Age. Penguin.

Li, N. (2010) ‘Research on Diffie-Hellman key exchange protocol’, 2010 2nd International
Conference on Computer Engineering and Technology. doi: 10.1109/iccet.2010.5485276.

Miller, V. S. (no date) ‘Use of Elliptic Curves in Cryptography’, Lecture Notes in Computer
Science, pp. 417–426. doi: 10.1007/3–540–39799-x_31.

Naji, A. W., Zaidan, A. A. and Zaidan, B. B. (2009) ‘Challenges of Hidden Data in the
Unused Area Two within Executable Files’, Journal of Computer Science, pp. 890–897. doi:
10.3844/jcssp.2009.890.897.

Noroozi, E., Daud, S. B. M. and Sabouhi, A. (2013) ‘New Algorithm with Bandwidth
Reduction for Smaller Size Digital Signature’, 2013 International Conference on Informatics
and Creative Multimedia. doi: 10.1109/icicm.2013.47.

Patil, P. et al. (2016) ‘A Comprehensive Evaluation of Cryptographic Algorithms: DES, 3DES,

AES, RSA and Blowfish’, Procedia Computer Science, pp. 617–624. doi:
10.1016/j.procs.2016.02.108.

Rivest, R. L., Shamir, A. and Adleman, L. (1978) ‘A Method for Obtaining Digital Signatures
and Public-Key Cryptosystems’. doi: 10.21236/ada606588.

Taqa, A., Zaidan, A. A. and Zaidan, B. B. (2009) ‘New Framework for High Secure Data
Hidden in the MPEG Using AES Encryption Algorithm’, International Journal of Computer
https://medium.com/nerd-for-tech/lets-understand-cryptography-6584309a30af 12/13
2/12/23, 11:38 AM Let’s understand Cryptography. Communication has become a more… | by Dulaj Dilshan | Nerd For Tech | Medium

and Electrical Engineering, pp. 566–571. doi: 10.7763/ijcee.2009.v1.87.

Cryptography Encryption Cipher Web Security Cybersecurity

Sign up for NFT Weekly Digest

By Nerd For Tech

Subscribe to our weekly News Letter to receive top stories from the Industry Professionals around the world Take a look.

Open in app
Your email Sign up Sign In

Search Medium
Get this newsletter

By signing up, you will create a Medium account if you don’t already have one. Review our Privacy Policy for more information about our privacy
practices.

About Help Terms Privacy

Get the Medium app

https://medium.com/nerd-for-tech/lets-understand-cryptography-6584309a30af 13/13
2/12/23, 11:40 AM RSA Algorithm in Cryptography - GeeksforGeeks

Data Structures and Algorithms Interview Preparation Data Science Topic-wise Practice C C+

RSA Algorithm in Cryptography

Difficulty Level : Medium ● Last Updated : 23 Jan, 2023

Read Discuss(30+)

RSA algorithm is an asymmetric cr yptography algorithm. A symmetric actually means

that it works on two different keys i.e. Public Key and Private Key. As the name

describes that the Public Key is given to ever yone and the Private key is kept private.

An example of asymmetric cr yptography: 

1. A client (for example browser) sends its public key to the ser ver and requests some

data.

2. The ser ver encr ypts the data using the client ’s public key and sends the encr ypted

data.

3. The client receives this data and decr ypts it.

Since this is asymmetric, nobody else except the browser can decr ypt the data even if a

third par ty has the public key of the browser.

The idea! The idea of RS A is based on the fact that it is difficult to factorize a large

integer. The public key consists of two numbers where one number is a multiplication of

two large prime numbers. And private key is also derived from the same two prime

numbers. So if somebody can factorize the large number, the private key is

compromised. Therefore encr yption strength totally lies on the key size and if we double

or triple the key size, the strength of encr yption increases exponentially. RS A keys can

be typically 1024 or 2048 bits long, but exper ts believe that 1024-bit keys could be

broken in the near future. But till now it seems to be an infeasible task.

Start Your Coding Journey Now! Login Register

https://www.geeksforgeeks.org/rsa-algorithm-cryptography/ 1/15
2/12/23, 11:40 AM RSA Algorithm in Cryptography - GeeksforGeeks

Let us learn the mechanism behind the RSA algorithm : >> Generating Public Key: 

Select two prime no's. Suppose P = 53 and Q = 59.

Now First part of the Public key : n = P*Q = 3127.
We also need a small exponent say e :
But e Must be
An integer.
Not be a factor of n.
1 < e < Φ(n) [Φ(n) is discussed below],
Let us now consider it to be equal to 3.
Our Public Key is made of n and e

>> Generating Private Key: 

We need to calculate Φ(n) :

Such that Φ(n) = (P-1)(Q-1)
so, Φ(n) = 3016
Now calculate Private Key, d :
d = (k*Φ(n) + 1) / e for some integer k
For k = 2, value of d is 2011.

Now we are ready with our – Public Key ( n = 3127 and e = 3) and Private Key(d = 2011)

Now we will encr ypt “HI” :

Start Your Coding Journey Now!

https://www.geeksforgeeks.org/rsa-algorithm-cryptography/ 2/15
2/12/23, 11:40 AM RSA Algorithm in Cryptography - GeeksforGeeks

Convert letters to numbers : H = 8 and I = 9

Thus Encrypted Data c = 89e mod n.

Thus our Encrypted Data comes out to be 1394

Now we will decrypt 1394 :

Decrypted Data = cd mod n.

Thus our Encrypted Data comes out to be 89

8 = H and I = 9 i.e. "HI".

Below is the implementation of the RS A algorithm for 

Method 1: Encr ypting and decr ypting small numeral values:

C++

// C program for RSA asymmetric cryptographic

// algorithm. For demonstration values are
// relatively small compared to practical
// application
#include <bits/stdc++.h>
using namespace std;
 
// Returns gcd of a and b
int gcd(int a, int h)
{
    int temp;
    while (1) {
        temp = a % h;

Start Your Coding Journey Now!

        if (temp == 0)
            return h;
https://www.geeksforgeeks.org/rsa-algorithm-cryptography/ 3/15
2/12/23, 11:40 AM RSA Algorithm in Cryptography - GeeksforGeeks

        a = h;
        h = temp;
    }
}
 
// Code to demonstrate RSA algorithm
int main()
{
    // Two random prime numbers
    double p = 3;
    double q = 7;
 
    // First part of public key:
    double n = p * q;
 
    // Finding other part of public key.
    // e stands for encrypt
    double e = 2;
    double phi = (p - 1) * (q - 1);
    while (e < phi) {
        // e must be co-prime to phi and
        // smaller than phi.
        if (gcd(e, phi) == 1)
            break;
        else
            e++;
    }
 
    // Private key (d stands for decrypt)
    // choosing d such that it satisfies
    // d*e = 1 + k * totient
    int k = 2; // A constant value
    double d = (1 + (k * phi)) / e;
 
    // Message to be encrypted
    double msg = 12;
 
    printf("Message data = %lf", msg);
 
    // Encryption c = (msg ^ e) % n
    double c = pow(msg, e);
    c = fmod(c, n);
    printf("\nEncrypted data = %lf", c);
 
    // Decryption m = (c ^ d) % n
    double m = pow(c, d);
    m = fmod(m, n);
    printf("\nOriginal Message Sent = %lf", m);
 
Start Your Coding Journey Now!
    return 0;
https://www.geeksforgeeks.org/rsa-algorithm-cryptography/ 4/15
2/12/23, 11:40 AM RSA Algorithm in Cryptography - GeeksforGeeks

}
// This code is contributed by Akash Sharan.

Java

/*package whatever //do not write package name here */

import java.io.*;
import java.math.*;
import java.util.*;
/*
 * Java program for RSA asymmetric cryptographic algorithm.
 * For demonstration, values are
 * relatively small compared to practical application
 */
public class GFG {
  public static double gcd(double a, double h)
  {
    /*
         * This function returns the gcd or greatest common
         * divisor
         */
    double temp;
    while (true) {
      temp = a % h;
      if (temp == 0)
        return h;
      a = h;
      h = temp;
    }
  }
  public static void main(String[] args)
  {
    double p = 3;
    double q = 7;
 
    // Stores the first part of public key:
    double n = p * q;
 
    // Finding the other part of public key.
    // double e stands for encrypt
    double e = 2;
    double phi = (p - 1) * (q - 1);
    while (e < phi) {
      /*
             * e must be co-prime to phi and
             * smaller than phi.
             */
Start Your Coding Journey Now!
      if (gcd(e, phi) == 1)

https://www.geeksforgeeks.org/rsa-algorithm-cryptography/ 5/15
2/12/23, 11:40 AM RSA Algorithm in Cryptography - GeeksforGeeks

        break;
      else
        e++;
    }
    int k = 2; // A constant value
    double d = (1 + (k * phi)) / e;
 
    // Message to be encrypted
    double msg = 12;
 
    System.out.println("Message data = " + msg);
 
    // Encryption c = (msg ^ e) % n
    double c = Math.pow(msg, e);
    c = c % n;
    System.out.println("Encrypted data = " + c);
 
    // Decryption m = (c ^ d) % n
    double m = Math.pow(c, d);
    m = m % n;
    System.out.println("Original Message Sent = " + m);
  }
}
 
// This code is contributed by Pranay Arora.

P ython3

# Python for RSA asymmetric cryptographic algorithm.

# For demonstration, values are
# relatively small compared to practical application
import math
 
 
def gcd(a, h):
    temp = 0
    while(1):
        temp = a % h
        if (temp == 0):
            return h
        a = h
        h = temp
 
 
p = 3
q = 7
n = p*q
eStart Your Coding Journey Now!
= 2

https://www.geeksforgeeks.org/rsa-algorithm-cryptography/ 6/15
2/12/23, 11:40 AM RSA Algorithm in Cryptography - GeeksforGeeks

phi = (p-1)*(q-1)
 
while (e < phi):
 
    # e must be co-prime to phi and
    # smaller than phi.
    if(gcd(e, phi) == 1):
        break
    else:
        e = e+1
 
# Private key (d stands for decrypt)
# choosing d such that it satisfies
# d*e = 1 + k * totient
 
k = 2
d = (1 + (k*phi))/e
 
# Message to be encrypted
msg = 12.0
 
print("Message data = ", msg)
 
# Encryption c = (msg ^ e) % n
c = pow(msg, e)
c = math.fmod(c, n)
print("Encrypted data = ", c)
 
# Decryption m = (c ^ d) % n
m = pow(c, d)
m = math.fmod(m, n)
print("Original Message Sent = ", m)
 
 
# This code is contributed by Pranay Arora.

C#

/*
 * C# program for RSA asymmetric cryptographic algorithm.
 * For demonstration, values are
 * relatively small compared to practical application
 */
 
using System;
 
public class GFG {
 Start Your Coding Journey Now!
https://www.geeksforgeeks.org/rsa-algorithm-cryptography/ 7/15
2/12/23, 11:40 AM RSA Algorithm in Cryptography - GeeksforGeeks

  public static double gcd(double a, double h)

  {
    /*
         * This function returns the gcd or greatest common
         * divisor
         */
    double temp;
    while (true) {
      temp = a % h;
      if (temp == 0)
        return h;
      a = h;
      h = temp;
    }
  }
  static void Main()
  {
    double p = 3;
    double q = 7;
 
    // Stores the first part of public key:
    double n = p * q;
 
    // Finding the other part of public key.
    // double e stands for encrypt
    double e = 2;
    double phi = (p - 1) * (q - 1);
    while (e < phi) {
      /*
             * e must be co-prime to phi and
             * smaller than phi.
             */
      if (gcd(e, phi) == 1)
        break;
      else
        e++;
    }
    int k = 2; // A constant value
    double d = (1 + (k * phi)) / e;
 
    // Message to be encrypted
    double msg = 12;
 
    Console.WriteLine("Message data = "
                      + String.Format("{0:F6}", msg));
 
    // Encryption c = (msg ^ e) % n
    double c = Math.Pow(msg, e);

Start Your Coding Journey Now!

    c = c % n;
    Console.WriteLine("Encrypted data = "
https://www.geeksforgeeks.org/rsa-algorithm-cryptography/ 8/15
2/12/23, 11:40 AM RSA Algorithm in Cryptography - GeeksforGeeks

                      + String.Format("{0:F6}", c));

 
    // Decryption m = (c ^ d) % n
    double m = Math.Pow(c, d);
    m = m % n;
    Console.WriteLine("Original Message Sent = "
                      + String.Format("{0:F6}", m));
  }
}
// This code is contributed by Pranay Arora.

Output

Message data = 12.000000

Encrypted data = 3.000000
Original Message Sent = 12.000000

Method 2: Encr ypting and decr ypting plain text messages containing alphabets and

numbers using their A SCII value:

C++

#include <bits/stdc++.h>
using namespace std;
set<int>
    prime; // a set will be the collection of prime numbers,
           // where we can select random primes p and q
int public_key;
int private_key;
int n;
// we will run the function only once to fill the set of
// prime numbers
void primefiller()
{
    // method used to fill the primes set is seive of
    // eratosthenes(a method to collect prime numbers)
    vector<bool> seive(250, true);
    seive[0] = false;
    seive[1] = false;
    for (int i = 2; i < 250; i++) {
        for (int j = i * 2; j < 250; j += i) {
            seive[j] = false;
        }
    } // filling the prime numbers
Start Your Coding Journey Now!
    for (int i = 0; i < seive.size(); i++) {

https://www.geeksforgeeks.org/rsa-algorithm-cryptography/ 9/15
2/12/23, 11:40 AM RSA Algorithm in Cryptography - GeeksforGeeks

        if (seive[i])
            prime.insert(i);
    }
}
// picking a random prime number and erasing that prime
// number from list because p!=q
int pickrandomprime()
{
    int k = rand() % prime.size();
    auto it = prime.begin();
    while (k--)
        it++;
    int ret = *it;
    prime.erase(it);
    return ret;
}
void setkeys()
{
    int prime1 = pickrandomprime(); // first prime number
    int prime2 = pickrandomprime(); // second prime number
    // to check the prime numbers selected
    // cout<<prime1<<" "<<prime2<<endl;
    n = prime1 * prime2;
    int fi = (prime1 - 1) * (prime2 - 1);
    int e = 2;
    while (1) {
        if (__gcd(e, fi) == 1)
            break;
        e++;
    } // d = (k*Φ(n) + 1) / e for some integer k
    public_key = e;
    int d = 2;
    while (1) {
        if ((d * e) % fi == 1)
            break;
        d++;
    }
    private_key = d;
}
// to encrypt the given number
long long int encrypt(double message)
{
    int e = public_key;
    long long int encrpyted_text = 1;
    while (e--) {
        encrpyted_text *= message;
        encrpyted_text %= n;
    }

Start Your Coding Journey Now!

    return encrpyted_text;
}
https://www.geeksforgeeks.org/rsa-algorithm-cryptography/ 10/15
2/12/23, 11:40 AM RSA Algorithm in Cryptography - GeeksforGeeks

// to decrypt the given number

long long int decrypt(int encrpyted_text)
{
    int d = private_key;
    long long int decrypted = 1;
    while (d--) {
        decrypted *= encrpyted_text;
        decrypted %= n;
    }
    return decrypted;
}
// first converting each character to its ASCII value and
// then encoding it then decoding the number to get the
// ASCII and converting it to character
vector<int> encoder(string message)
{
    vector<int> form;
    // calling the encrypting function in encoding function
    for (auto& letter : message)
        form.push_back(encrypt((int)letter));
    return form;
}
string decoder(vector<int> encoded)
{
    string s;
    // calling the decrypting function decoding function
    for (auto& num : encoded)
        s += decrypt(num);
    return s;
}
int main()
{
    primefiller();
    setkeys();
    string message = "Test Message";
    // uncomment below for manual input
    // cout<<"enter the message\n";getline(cin,message);
    // calling the encoding function
    vector<int> coded = encoder(message);
    cout << "Initial message:\n" << message;
    cout << "\n\nThe encoded message(encrypted by public "
            "key)\n";
    for (auto& p : coded)
        cout << p;
    cout << "\n\nThe decoded message(decrypted by private "
            "key)\n";
    cout << decoder(coded) << endl;
    return 0;
}
Start Your Coding Journey Now!
https://www.geeksforgeeks.org/rsa-algorithm-cryptography/ 11/15
2/12/23, 11:40 AM RSA Algorithm in Cryptography - GeeksforGeeks

Output

Initial message:
Test Message

The encoded message(encrypted by public key)

863312887135951593413927434912887135951359583051879012887

The decoded message(decrypted by private key)

Test Message

This ar ticle is contributed by Mohit Gupta_OMG. If you like GeeksforGeeks and would

like to contribute, you can also write an ar ticle using write.geeksforgeeks.org or mail

your ar ticle to [email protected]. See your ar ticle appearing on the

GeeksforGeeks main page and help other Geeks. Please write comments if you find

anything incorrect, or if you want to share more information about the topic discussed

above.

Like 157

Previous Next

Related Articles
Start Your Coding Journey Now!
https://www.geeksforgeeks.org/rsa-algorithm-cryptography/ 12/15
2/12/23, 11:40 AM RSA Algorithm in Cryptography - GeeksforGeeks

1. Custom Building Cryptography Algorithms (Hybrid Cryptography)

2. Classical Cryptography and Quantum Cryptography

3. RSA Algorithm using Multiple Precision Arithmetic Library

4. How to solve RSA Algorithm Problems?

5. How to generate Large Prime numbers for RSA Algorithm

6. Difference between RSA algorithm and DSA

7. Shamir's Secret Sharing Algorithm | Cryptography

8. Knapsack Encryption Algorithm in Cryptography

9. One Time Password (OTP) algorithm in Cryptography

10. CAST Algorithm in Cryptography

Ar ticle Contributed By :

GeeksforGeeks

Vote for difficulty

Current difficulty : Medium

Easy Normal Medium Hard Expert

Start Your
Improved By : Coding
aniketbote, Journey
arorapranay,Now!
harendrakumar123, namananand891,

https://www.geeksforgeeks.org/rsa-algorithm-cryptography/ 13/15
2/12/23, 11:40 AM RSA Algorithm in Cryptography - GeeksforGeeks

sagartomar9927, rkbhola5

Article Tags : cryptography, number-theory, Computer Networks

Practice Tags : Computer Networks, cryptography, number-theory

Improve Article Report Issue

A-143, 9th Floor, Sovereign Corporate Tower,

Sector-136, Noida, Uttar Pradesh - 201305

[email protected]

Company Learn
About Us DSA
Careers Algorithms
In Media Data Structures
Contact Us SDE Cheat Sheet
Privacy Policy Machine learning
Copyright Policy CS Subjects
Advertise with us Video Tutorials
Courses

News Languages
Top News
Python
Technology
Java
Work & Career
CPP
Business
Golang
Finance
C#
Start Your Coding
Lifestyle Journey Now!
https://www.geeksforgeeks.org/rsa-algorithm-cryptography/ 14/15
2/12/23, 11:40 AM RSA Algorithm in Cryptography - GeeksforGeeks

Knowledge SQL
Kotlin

Web Development Contribute

Web Tutorials Write an Article
Django Tutorial Improve an Article
HTML Pick Topics to Write
JavaScript Write Interview Experience
Bootstrap Internships
ReactJS Video Internship
NodeJS

@geeksforgeeks , Some rights reserved

Start Your Coding Journey Now!

https://www.geeksforgeeks.org/rsa-algorithm-cryptography/ 15/15
2/8/23, 11:26 PM Top 50 Cybersecurity Interview Questions and Answers | by Omkar Hiremath | Edureka | Medium

Published in Edureka

Omkar Hiremath Follow

Aug 7, 2019 · 20 min read

Save

Top 50 Cybersecurity Interview Questions and

Answers

Cybersecurity jobs have become one of the most in-demand jobs in the IT industry
today. With demand, there is also competition, and to get a job in Cybersecurity, you
need to be one of the best. While having the necessary Cybersecurity skills is half job
done, cracking the interview is another chapter altogether. And to help you crack the
interview, we’ve compiled this list of top Cybersecurity interview questions and
answers.
https://medium.com/edureka/cybersecurity-interview-questions-233fbdb928d3 1/23
2/8/23, 11:26 PM Top 50 Cybersecurity Interview Questions and Answers | by Omkar Hiremath | Edureka | Medium

This article is divided into two parts:

Part A-Theoretical Questions and Part B-Scenario Based Questions. Let’s get started!

Part A-Theoretical Questions

1. What is Cryptography?
Cryptography is the practice and study of techniques for securing information and
communication mainly to protect the data from third parties that the data is not
intended for.

2. What is the difference between Symmetric and Asymmetric encryption?

3. What is the difference between IDS and IPS?

IDS is Intrusion Detection System and it only detects intrusions and the administrator
has to take care of preventing the intrusion. Whereas, in IPS i.e., Intrusion Prevention
System, the system detects the intrusion and also takes actions to prevent the
intrusion.

4. Explain CIA triad.

CIA stands for Confidentiality, Integrity, and Availability. CIA is a model that is
designed to guide policies for Information Security. It is one of the most popular
models used by organizations.

Confidentiality

The information should be accessible and readable only to authorized personnel. It

should not be accessible by unauthorized personnel. The information should be
https://medium.com/edureka/cybersecurity-interview-questions-233fbdb928d3 2/23
2/8/23, 11:26 PM Top 50 Cybersecurity Interview Questions and Answers | by Omkar Hiremath | Edureka | Medium

strongly encrypted just in case someone uses hacking to access the data so that even if
the data is accessed, it is not readable or understandable.

Integrity

Making sure the data has not been modified by an unauthorized entity. Integrity
ensures that data is not corrupted or modified by unauthorized personnel. If an
authorized individual/system is trying to modify the data and the modification wasn’t
successful, then the data should be reversed back and should not be corrupted.

Availability

The data should be available to the user whenever the user requires it. Maintaining of
Hardware, upgrading regularly, Data Backups and Recovery, Network Bottlenecks
should be taken care of.

5. How is Encryption different from Hashing?

Both Encryption and Hashing are used to convert readable data into an unreadable
format. The difference is that the encrypted data can be converted back to original
data by the process of decryption but the hashed data cannot be converted back to
original data.

6. What is a Firewall and why is it used?

A Firewall is a network security system set on the boundaries of the system/network
that monitors and controls network traffic. Firewalls are mainly used to protect the
system/network from viruses, worms, malware, etc. Firewalls can also be to prevent
remote access and content filtering.

7. What is the difference between VA(Vulnerability Assessment) and PT(Penetration Testing)?

Vulnerability Assessment is the process of finding flaws on the target. Here, the
organization knows that their system/network has flaws or weaknesses and want to
find these flaws and prioritize the flaws for fixing.

Penetration Testing is the process of finding vulnerabilities on the target. In this case,
the organization would have set up all the security measures they could think of and
would want to test if there is any other way that their system/network can be hacked.

https://medium.com/edureka/cybersecurity-interview-questions-233fbdb928d3 3/23
2/8/23, 11:26 PM Top 50 Cybersecurity Interview Questions and Answers | by Omkar Hiremath | Edureka | Medium

8. What is a three-way handshake?

A three-way handshake is a method used in a TCP/IP network to create a connection
between a host and a client. It’s called a three-way handshake because it is a three-step
method in which the client and server exchanges packets. The three steps are as
follows:

1. The client sends an SYN(Synchronize) packet to the server check if the server is up
or has open ports

2. The server sends SYN-ACK packet to the client if it has open ports

3. The client acknowledges this and sends an ACK(Acknowledgment) packet back to

the server

9. What are the response codes that can be received from a Web Application?
-> 1xx — Informational responses
-> 2xx — Success
->3xx — Redirection
->4xx — Client-side error
->5xx — Server-side error

10. What is traceroute? Why is it used?

Traceroute is a tool that shows the path of a packet. It lists all the points (mainly
routers) that the packet passes through. This is used mostly when the packet is not
reaching its destination. Traceroute is used to check where the connection stops or
breaks to identify the point of failure.

11. What is the difference between HIDS and NIDS?

HIDS(Host IDS) and NIDS(Network IDS) are both Intrusion Detection System and work
for the same purpose i.e., to detect the intrusions. The only difference is that the HIDS
is set up on a particular host/device. It monitors the traffic of a particular device and
suspicious system activities. On the other hand, NIDS is set up on a network. It
monitors the traffic of all device of the network.

12. What are the steps to set up a firewall?

Following are the steps to set up a firewall:

https://medium.com/edureka/cybersecurity-interview-questions-233fbdb928d3 4/23
2/8/23, 11:26 PM Top 50 Cybersecurity Interview Questions and Answers | by Omkar Hiremath | Edureka | Medium

1. Username/password: modify the default password for a firewall device

2. Remote administration: Disable the feature of the remote administration

3. Port forwarding: Configure appropriate port forwarding for certain applications to

work properly, such as a web server or FTP server

4. DHCP server: Installing a firewall on a network with an existing DHCP server will
cause conflict unless the firewall’s DHCP is disabled

5. Logging: To troubleshoot firewall issues or potential attacks, ensure that logging is

enabled and understand how to view logs

6. Policies: You should have solid security policies in place and make sure that the
firewall is configured to enforce those policies.

13. Explain SSL Encryption

SSL(Secure Sockets Layer) is the industry-standard security technology creating
encrypted connections between Web Server and a Browser. This is used to maintain
data privacy and to protect the information in online transactions. The steps for
establishing an SSL connection is as follows:

1. A browser tries to connect to the webserver secured with SSL

2. The browser sends a copy of its SSL certificate to the browser

3. The browser checks if the SSL certificate is trustworthy or not. If it is trustworthy,

then the browser sends a message to the webserver requesting to establish an
encrypted connection

4. The web server sends an acknowledgment to start an SSL encrypted connection

5. SSL encrypted communication takes place between the browser and the webserver

14. What steps will you take to secure a server?

Secure servers use the Secure Sockets Layer (SSL) protocol for data encryption and
decryption to protect data from unauthorized interception.

https://medium.com/edureka/cybersecurity-interview-questions-233fbdb928d3 5/23
2/8/23, 11:26 PM Top 50 Cybersecurity Interview Questions and Answers | by Omkar Hiremath | Edureka | Medium

Here are four simple ways to secure server:

Step 1: Make sure you have a secure password for your root and administrator users

Step 2: The next thing you need to do is make new users on your system. These will be
the users you use to manage the system

Step 3: Remove remote access from the default root/administrator accounts

Step 4: The next step is to configure your firewall rules for remote access

15. Explain Data Leakage

Data Leakage is an intentional or unintentional transmission of data from within the
organization to an external unauthorized destination. It is the disclosure of
confidential information to an unauthorized entity. Data Leakage can be divided into 3
categories based on how it happens:

1. Accidental Breach: An entity unintentionally send data to an unauthorized person

due to a fault or a blunder

2. Intentional Breach: The authorized entity sends data to an unauthorized entity on

purpose

3. System Hack: Hacking techniques are used to cause data leakage

Data Leakage can be prevented by using tools, software, and strategies known as
DLP(Data Leakage Prevention) Tools.

16. What are some of the common Cyberattacks?

Following are some common cyber attacks that could adversely affect your system.

https://medium.com/edureka/cybersecurity-interview-questions-233fbdb928d3 6/23
2/8/23, 11:26 PM Top 50 Cybersecurity Interview Questions and Answers | by Omkar Hiremath | Edureka | Medium

17. What is a Brute Force Attack? How can you prevent it?
Brute Force is a way of finding out the right credentials by repetitively trying all the
permutations and combinations of possible credentials. In most cases, brute force
attacks are automated where the tool/software automatically tries to login with a list of
credentials. There are various ways to prevent Brute Force attacks. Some of them are:

Password Length: You can set a minimum length for password. The lengthier the
password, the harder it is to find.

Password Complexity: Including different formats of characters in the password

makes brute force attacks harder. Using alpha-numeric passwords along with
special characters, and upper and lower case characters increase the password
complexity making it difficult to be cracked.

Limiting Login Attempts: Set a limit on login failures. For example, you can set the
limit on login failures as 3. So, when there are 3 consecutive login failures, restrict
the user from logging in for some time, or send an Email or OTP to use to log in the
next time. Because brute force is an automated process, limiting login attempts
will break the brute force process.

18. What is Port Scanning?

https://medium.com/edureka/cybersecurity-interview-questions-233fbdb928d3 7/23
2/8/23, 11:26 PM Top 50 Cybersecurity Interview Questions and Answers | by Omkar Hiremath | Edureka | Medium

Port Scanning is the technique used to identify open ports and service available on a
host. Hackers use port scanning to find information that can be helpful to exploit
vulnerabilities. Administrators use Port Scanning to verify the security policies of the
network. Some of the common Port Scanning Techniques are:

1. Ping Scan

2. TCP Half-Open

3. TCP Connect

4. UDP

5. Stealth Scanning

19. What are the different layers of the OSI model?

An OSI model is a reference model for how applications communicate over a network.
The purpose of an OSI reference is to guide vendors and developers so the digital
communication products and software programs can interoperate.

Following are the OSI layers:

https://medium.com/edureka/cybersecurity-interview-questions-233fbdb928d3 8/23
2/8/23, 11:26 PM Top 50 Cybersecurity Interview Questions and Answers | by Omkar Hiremath | Edureka | Medium

Physical Layer: Responsible for transmission of digital data from sender to receiver
through the communication media,

Data Link Layer: Handles the movement of data to and from the physical link. It is also
responsible for encoding and decoding of data bits.

Network Layer: Responsible for packet forwarding and providing routing paths for
network communication.

Transport Layer: Responsible for end-to-end communication over the network. It

splits the data from the above layer and passes it to the Network Layer and then
ensures that all the data has successfully reached at the receiver’s end.

Session Layer: Controls connection between the sender and the receiver. It is
responsible for starting, ending, and managing the session and establishing,
maintaining and synchronizing interaction between the sender and the receiver.

https://medium.com/edureka/cybersecurity-interview-questions-233fbdb928d3 9/23
2/8/23, 11:26 PM Top 50 Cybersecurity Interview Questions and Answers | by Omkar Hiremath | Edureka | Medium

Presentation Layer: It deals with presenting the data in a proper format and data
structure instead of sending raw datagrams or packets.

Application Layer: It provides an interface between the application and the network. It
focuses on process-to-process communication and provides a communication
interface.

20. What is a VPN?

VPN stands for Virtual Private Network. It is used to create a safe and encrypted
connection. When you use a VPN, the data from the client is sent to a point in the VPN
where it is encrypted and then sent through the internet to another point. At this point,
the data is decrypted and sent to the server. When the server sends a response, the
response is sent to a point in the VPN where it is encrypted and this encrypted data is
sent to another point in the VPN where it is decrypted. And finally, the decrypted data
is sent to the client. The whole point of using a VPN is to ensure encrypted data
transfer.

21. What do you understand by Risk, Vulnerability & Threat in a network?

Threat: Someone with the potential to harm a system or an organization

Vulnerability: Weakness in a system that can be exploited by a potential hacker

Risk: Potential for loss or damage when threat exploits a vulnerability

22. How can identity theft be prevented?

Here’s what you can do to prevent identity theft:

Ensure strong and unique password

Avoid sharing confidential information online, especially on social media

Shop from known and trusted websites

Use the latest version of the browsers

Install advanced malware and spyware tools

Use specialized security solutions against financial data

https://medium.com/edureka/cybersecurity-interview-questions-233fbdb928d3 10/23
2/8/23, 11:26 PM Top 50 Cybersecurity Interview Questions and Answers | by Omkar Hiremath | Edureka | Medium

Always update your system and the software

Protect your SSN (Social Security Number)

23. What are the black hat, white hat, and grey hat hackers?
Black hat hackers are known for having vast knowledge about breaking into computer
networks. They can write malware which can be used to gain access to these systems.
This type of hackers misuse their skills to steal information or use the hacked system
for malicious purpose.

White hat hackers use their powers for good deeds and so they are also called Ethical
Hackers. These are mostly hired by companies as a security specialist that attempts to
find and fix vulnerabilities and security holes in the systems. They use their skills to
help make the security better.

Grey hat hackers are an amalgamation of a white hat and black hat hacker. They look
for system vulnerabilities without the owner’s permission. If they find any
vulnerabilities, they report it to the owner. Unlike Black hat hackers, they do not
exploit the vulnerabilities found.

24. How often should you perform Patch management?

Patch management should be done as soon as it is released. For windows, once the
patch is released it should be applied to all machines, not later than one month. Same
goes for network devices, patch it as soon as it is released. Proper patch management
should be followed.

25. How would you reset a password-protected BIOS configuration?

Since BIOS is a pre-boot system it has its own storage mechanism for settings and
preferences. A simple way to reset is, by popping out the CMOS battery so that the
memory storing the settings lose its power supply and as a result, it will lose its setting.

26. Explain the MITM attack and how to prevent it?

A MITM(Man-in-the-Middle) attack is a type of attack where the hacker places himself
in between the communication of two parties and steal the information. Suppose there
are two parties A and B having a communication. Then the hacker joins this
communication. He impersonates as party B to A and impersonates as party A in front
https://medium.com/edureka/cybersecurity-interview-questions-233fbdb928d3 11/23
2/8/23, 11:26 PM Top 50 Cybersecurity Interview Questions and Answers | by Omkar Hiremath | Edureka | Medium

of B. The data from both the parties are sent to the hacker and the hacker redirects the
data to the destination party after stealing the data required. While the two parties
think that they are communicating with each other, in reality, they are communicating
with the hacker.

You can prevent MITM attack by using the following practices:

Use VPN

Use strong WEP/WPA encryption

Use Intrusion Detection Systems

Force HTTPS

Public Key Pair Based Authentication

27. Explain the DDOS attack and how to prevent it?

A DDOS(Distributed Denial of Service) attack is a cyberattack that causes the servers
to refuse to provide services to genuine clients. A DDOS attack can be classified into
two types:

1. Flooding attacks: In this type, the hacker sends a huge amount of traffic to the
server which the server can not handle. And hence, the server stops functioning.
This type of attack is usually executed by using automated programs that
continuously send packets to the server.

2. Crash attacks: In this type, the hackers exploit a bug on the server resulting in the
system to crash and hence the server is not able to provide service to the clients.

You can prevent DDOS attacks by using the following practices:

Use Anti-DDOS services

Configure Firewalls and Routers

Use Front-End Hardware

Use Load Balancing

https://medium.com/edureka/cybersecurity-interview-questions-233fbdb928d3 12/23
2/8/23, 11:26 PM Top 50 Cybersecurity Interview Questions and Answers | by Omkar Hiremath | Edureka | Medium

Handle Spikes in Traffic

28. Explain the XSS attack and how to prevent it?

XSS(Cross-Site Scripting) is a cyberattack that enables hackers to inject malicious
client-side scripts into web pages. XSS can be used to hijack sessions and steal cookies,
modify DOM, remote code execution, crash the server, etc.

You can prevent XSS attacks by using the following practices:

Validate user inputs

Sanitize user inputs

Encode special characters

Use Anti-XSS services/tools

Use XSS HTML Filter

29. What is an ARP and how does it work?

Address Resolution Protocol (ARP) is a protocol for mapping an Internet Protocol
address (IP address) to a physical machine address that is recognized in the local
network.

When an incoming packet destined for a host machine on a particular local area
network arrives at a gateway, the gateway asks the ARP program to find a physical host
or MAC address that matches the IP address.

The ARP program looks in the ARP cache and, if it finds the address, provides it so that
the packet can be converted to the right packet length and format and sent to the
machine.

If no entry is found for the IP address, ARP broadcasts a request packet in a special
format to all the machines on the LAN to see if one machine knows that it has that IP
address associated with it.

30. What is port blocking within LAN?

https://medium.com/edureka/cybersecurity-interview-questions-233fbdb928d3 13/23
2/8/23, 11:26 PM Top 50 Cybersecurity Interview Questions and Answers | by Omkar Hiremath | Edureka | Medium

Restricting the users from accessing a set of services within the local area network is
called port blocking.

Stopping the source to not to access the destination node via ports. As the application
works on the ports, so ports are blocked to restricts the access filling up the security
holes in the network infrastructure.

31. What protocols fall under TCP/IP internet layer?

32. What is a Botnet?

A Botnet is a number of devices connected to the internet where each device has one
or more bots running on it. The bots on the devices and malicious scripts used to hack
a victim. Botnets can be used to steal data, send spams and execute a DDOS attack.

33. What are salted hashes?

Salt is a random data. When a properly protected password system receives a new
password, it creates a hash value of that password, a random salt value, and then the
combined value is stored in its database. This helps to defend against dictionary
attacks and known hash attacks.

Example: If someone uses the same password on two different systems and they are
being used using the same hashing algorithm, the hash value would be same, however,
if even one of the system uses salt with the hashes, the value will be different.

34. Explain SSL and TLS

SSL is meant to verify the sender’s identity but it doesn’t search for anything more than
that. SSL can help you track the person you are talking to but that can also be tricked at

https://medium.com/edureka/cybersecurity-interview-questions-233fbdb928d3 14/23
2/8/23, 11:26 PM Top 50 Cybersecurity Interview Questions and Answers | by Omkar Hiremath | Edureka | Medium

times.

TLS is also an identification tool just like SSL, but it offers better security features. It
provides additional protection to the data and hence SSL and TLS are often used
together for better protection.

35. What is data protection in transit vs data protection at rest?

36. What is 2FA and how can it be implemented for public websites?
An extra layer of security that is known as “multi-factor authentication”.

Requires not only a password and username but also something that only, and only,
that user has on them, i.e. a piece of information only they should know or have
immediately to hand — such as a physical token.

Authenticator apps replace the need to obtain a verification code via text, voice call or
email.

37. What is Cognitive Cybersecurity?

Cognitive Cybersecurity is an application of AI technologies patterned on human
thought processes to detect threats and protect physical and digital systems.

Self-learning security systems use data mining, pattern recognition, and natural
language processing to simulate the human brain, albeit in a high-powered computer
model.

38. What is the difference between VPN and VLAN?

https://medium.com/edureka/cybersecurity-interview-questions-233fbdb928d3 15/23
2/8/23, 11:26 PM Top 50 Cybersecurity Interview Questions and Answers | by Omkar Hiremath | Edureka | Medium

39. Explain Phishing and how to prevent it?

Phishing is a Cyberattack in which a hacker disguises as a trustworthy person or
business and attempt to steal sensitive financial or personal information through
fraudulent email or instant message.

You can prevent Phishing attacks by using the following practices:

Don’t enter sensitive information in the webpages that you don’t trust

Verify the site’s security

Use Firewalls

Use AntiVirus Software that has Internet Security

Use Anti-Phishing Toolbar

40. Explain SQL Injection and how to prevent it?

SQL Injection (SQLi) is a code injection attack where an attacker manipulates the data
being sent to the server to execute malicious SQL statements to control a web
application’s database server, thereby accessing, modifying and deleting unauthorized
data. This attack is mainly used to take over database servers.

You can prevent SQL Injection attacks by using the following practices:

https://medium.com/edureka/cybersecurity-interview-questions-233fbdb928d3 16/23
2/8/23, 11:26 PM Top 50 Cybersecurity Interview Questions and Answers | by Omkar Hiremath | Edureka | Medium

Use prepared statements

Use Stored Procedures

Validate user input

Part B — Scenario Based Questions

1. Here’s a situation- You receive the following email from the help desk:
Dear XYZ Email user,

To create space for more users we’re deleting all inactive email accounts. Here’s what you have
to send to save your account from getting deleted:

Name (first and last):

Email Login:

Password:

Date of birth:

Alternate email

If we don’t receive the above information from you by the end of the week, your email
account will be terminated.

If you're a user what do you do? Justify your answer.

This email is a classic example of "phishing" - trying to trick you into "biting". The
justification is the generalized way of addressing the receiver which is used in mass
spam emails.

Above that, a corporate company will never ask for personal details on mail.

They want your information. Don't respond to email, instant messages (IM), texts,
phone calls, etc., asking you for your password or other private information.

https://medium.com/edureka/cybersecurity-interview-questions-233fbdb928d3 17/23
2/8/23, 11:26 PM Top 50 Cybersecurity Interview Questions and Answers | by Omkar Hiremath | Edureka | Medium

You should never disclose your password to anyone, even if they say they work for
UCSC, ITS, or other campus organizations.

2. A friend of yours sends an e-card to your mail. You have to click on the attachment to get the
card.

What do you do? Justify your answer

There are four risks here:

Some attachments contain viruses or other malicious programs, so just in general,

it's risky to open unknown or unsolicited attachments.

Also, in some cases just clicking on a malicious link can infect a computer, so
unless you are sure a link is safe, don't click on it.

Email addresses can be faked, so just because the email says it is from someone
you know, you can't be certain of this without checking with the person.

Finally, some websites and links look legitimate, but they're really hoaxes designed
to steal your information.

3. One of the staff members in XYZ subscribes to many free magazines. Now, to activate her
subscriptions one of the magazines asked for her month of birth, second asked for her year of
birth, the other one asked for her maiden name.

What do you infer from this situation? Justify.

All three newsletters probably have the same parent company or are distributed
through the same service. The parent company or service can combine individual
pieces of seemingly-harmless information and use or sell it for identity theft

It is even possible that there is a fourth newsletter that asks for a day of birth as one of
the activation questions

Often questions about personal information are optional. In addition to being

suspicious about situations like the one described here, never provide personal
information when it is not legitimately necessary, or to people or companies, you don't
personally know.

https://medium.com/edureka/cybersecurity-interview-questions-233fbdb928d3 18/23
2/8/23, 11:26 PM Top 50 Cybersecurity Interview Questions and Answers | by Omkar Hiremath | Edureka | Medium

4. In our computing labs, print billing is often tied to the user's login. Sometimes people call to
complain about bills for printing they never did only to find out that the bills are, indeed,
correct.

What do you infer from this situation? Justify.

Sometimes they realize they loaned their account to a friend who couldn't remember
his/her password, and the friend did the printing. Thus the charges. It's also possible
that somebody came in behind them and used their account

This is an issue with shared or public computers in general. If you don't log out of the
computer properly when you leave, someone else can come in behind you and retrieve
what you were doing, use your accounts, etc. Always log out of all accounts, quit
programs, and close browser windows before you walk away.

5. There is this case that happened in my computer lab. A friend of mine used their yahoo
account at a computer lab on campus. She ensured that her account was not left open before
she left the lab. Someone came after her and used the same browser to re-access her account.
and they started sending emails from it.

What do you think might be going on here?

The first person probably didn't log out of her account, so the new person could just go
to history and access her account.

Another possibility is that she did log out, but didn't clear her web cache. (This is done
through the browser menu to clear pages that the browser has saved for future use.)

6. Two different offices on campus are working to straighten out an error in an employee's
bank account due to a direct deposit mistake.
Office #1 emails the correct account and deposit information to office #2, which promptly
fixes the problem. The employee confirms with the bank that everything has, indeed, been
straightened out.

The employee confirms with the bank that everything has, indeed, been straightened out.

What is wrong here?

Account and deposit information is sensitive data that could be used for identity theft.
Sending this or any kind of sensitive information by email is very risky because email

https://medium.com/edureka/cybersecurity-interview-questions-233fbdb928d3 19/23
2/8/23, 11:26 PM Top 50 Cybersecurity Interview Questions and Answers | by Omkar Hiremath | Edureka | Medium

is typically not private or secure. Anyone who knows how can access it anywhere along
its route.

As an alternative, the two offices could have called each other or worked with ITS to
send the information a more secure way.

7. The mouse on your computer screen starts to move around on its own and click on things on
your desktop. What do you do?
a) Call your co-workers over so they can see

b) Disconnect your computer from the network

c) Unplug your mouse

d) Tell your supervisor

e) Turn your computer off

f) Run anti-virus

g) All of the above

Select all the options that apply.

The right answer is B & D.

This is definitely suspicious. Immediately report the problem to your supervisor and
the ITS Support Center: itrequest.ucsc.edu, 459-HELP (4357), [email protected] or Kerr
Hall room 54, M-F 8AM-5PM

Also, since it seems possible that someone is controlling the computer remotely, it is
best if you can disconnect the computer from the network (and turn off wireless if you
have it) until help arrives. If possible, don't turn off the computer.

8. Below is a list of passwords pulled out a database.

A. @#$)*&^%

B. akHGksmLN

https://medium.com/edureka/cybersecurity-interview-questions-233fbdb928d3 20/23
2/8/23, 11:26 PM Top 50 Cybersecurity Interview Questions and Answers | by Omkar Hiremath | Edureka | Medium

C.UcSc4Evr!

D.Password1

Which of the following passwords meets UCSC's password requirements?

The answer is UcSc4Evr!

This is the only choice that meets all of the following UCSC requirements:

At least 8 characters in length

Contains at least 3 of the following 4 types of characters: lower case letters, upper case
letters, numbers, special characters

Not a word preceded or followed by a digit

9. You receive an email from your bank telling you there is a problem with your account. The
email provides instructions and a link so you can log into your account and fix the problem.

What should you do?

Delete the email. Better yet, use the web client (e.g. Gmail, yahoo mail, etc.) and report
it as spam or phishing, then delete it.

Any unsolicited email or phone call asking you to enter your account information,
disclose your password, financial account information, social security number, or
other personal or private information is suspicious - even if it appears to be from a
company you are familiar with. Always contact the sender using a method you know is
legitimate to verify that the message is from them.

10. A while back, the IT folks got a number of complaints that one of our campus computers
was sending out Viagra spam. They checked it out, and the reports were true: a hacker had
installed a program on the computer that made it automatically send out tons of spam email
without the computer owner's knowledge.

How do you think the hacker got into the computer to set this up?
This was actually the result of a hacked password. Using passwords that can't be easily
guessed, and protecting your passwords by not sharing them or writing them down

https://medium.com/edureka/cybersecurity-interview-questions-233fbdb928d3 21/23
2/8/23, 11:26 PM Top 50 Cybersecurity Interview Questions and Answers | by Omkar Hiremath | Edureka | Medium

can help to prevent this. Passwords should be at least 8 characters in length and use a
mixture of upper and lower case letters, numbers, and symbols.

Even though in this case it was a hacked password, other things that could possibly
lead to this are:

Out of date patches/updates

No anti-virus software or out of date anti-virus software

I hope these Cybersecurity Interview Questions will help you perform well in your interview.
And I wish you all the best! If you wish to check out more articles on the market’s most
trending technologies like Artificial Intelligence, DevOps, Ethical Hacking, then you
can refer to Edureka’s official site.

Do look out for other articles in this series which will explain the various other aspects
of Cybersecurity.

1. What is Cybersecurity?

2. Cybersecurity Framework

3. Steganography Tutorial

4. What is Network Security?

5. What is Computer Security?

6. What is Application Security?

7. Penetration Testing

8. Ethical Hacking Tutorial

9. Everything You Need To Know About Kali Linux

10. Ethical Hacking using Python

11. DDOS attack

https://medium.com/edureka/cybersecurity-interview-questions-233fbdb928d3 22/23
2/8/23, 11:26 PM Top 50 Cybersecurity Interview Questions and Answers | by Omkar Hiremath | Edureka | Medium

12. MacChanger with Python

13 ARP Spoofing

14. Proxychains, Anonsurf & MacChange

15. Footprinting

16. What is Cryptography?

Originally published at https://www.edureka.co.

Open in app Get unlimited access

Security Cybersecurity CIA Cryptography Cyberattack

Search Medium

https://medium.com/edureka/cybersecurity-interview-questions-233fbdb928d3 23/23