Sessions Duration

19^th January to 23^rd January, 2026

10:00 A.M to 4:30 P.M

Venue: M.C.A Conference

Resource Person

1.      Mr. DhanoopR(CYBERSECURITY ANALYST)

2.      Mr. Asadbabu(CYBERSECURITY ANALYST)

• Mr.Shazin Shahul (CYBERSECURITY ANALYST)

Convener

Mrs. Reena Mol V U, Head, Dept. of MCA

Event Coordinators

1. Mrs. Bindushree K
2. Mr. Shiva Kumar C
3. Mr. Roshan Roy D’Souza

Faculty Coordinators

Ms. HariniS

Mr. Mohammed Maaz Pasha

Student Coordinators

1. Melvin S Moses
2. Harshini. M
3. Hameed. S

“NATIONAL LEVEL FACULTY DEVELOPMENT PROGRAMME (FDP)ON ETHICAL HACKING”

A “NATIONAL LEVELFACULTY DEVELOPMENT PROGRAMME (FDP) ON ETHICAL HACKING”was successfully conducted from January 19, 2026 to January 23, 2026 in the MCA Conference Hall, 2^ndFloor, PG Block, St. Philomena’s College. The session was organized by the Department of MCA, St. Philomena’s College (Autonomous), Mysore, and was led in Collaboration with Mar Ivanios College, Thiruvananthapuram, Kerala & Course Experts from Techbyheart.

Objective 

The primary goal of the Program was to equip participants with essential theoretical knowledge and practical skills in ethical hacking and cybersecurity, enabling them to understand real-world cyber threats, apply penetration testing techniques and integrate industry-relevant practices into academic and professional settings.

Introduction 

The Faculty Development Programme on Ethical Hacking by Techbyheart is an industry aligned initiative designed to equip faculty members with practical knowledge on modern cybersecurity practices. The programme combines core theoretical concepts with hands on training, covering the ethical hacking lifecycle including reconnaissance, vulnerability assessment, exploitation and reporting. Participants gain real world exposure through live demonstrations, simulations, and tool-based learning using industry standard platforms. Delivered by industry certified experts, the FDP enhances teaching capability, supports curriculum enrichment, and enables institutions to deliver industry ready cybersecurity education.

The participants of the programme included faculty members from the Departments of Computer Science, Computer Applications, Information Technology, and allied disciplines from various institutions including,Mar Ivanios College-Thiruvananthapuram, Kerala, Sri Jayachamarajendra College of Engineering (SJCE) Mysore,ATME College of Engineering Mysuru, MRIT Mysuru, Victory First Grade College Mysuru, JSS Science and Technology University Mysuru, JSS College of Arts Commerce & Science Mysuru, GSSS Institute of Engineering and Technology for Women Mysuru, MIT Thandavapura, along with final-year Post Graduate (PG) and Under Graduate (UG) students from  St Philomena’s College Mysuru and other neighbouring colleges who aspire to pursue careers in Cybersecurity and Ethical Hacking. The programme attracted participants who were keen on gaining hands-on exposure, industry-relevant knowledge, and enhancing their employability and research readiness. A total of 79 participants took part in the programme, of which 72 participants attended in offline mode and 7 participants joined through online mode.

Day – 01: 19-01-2026 (Monday).

Inaugural Session(10:00 – 10:30AM)

The session began with a formal inauguration, graced by the presence of esteemed dignitaries including: 

• Rev. Fr. Dr. Lourdu Prasad Joseph, Rector & Manager
• Dr. Ravi J.D Saldhana, Principal
• Rev. Fr. Gnanapragasam, Campus Administrator
• Rev. Fr. David Sagayaraj, Assistant to the Rector
• Mr. Ronald Prakash Cutinha, Vice Principal
• Dr. Noor Mubasheer C A, PG Coordinator

The session was gracefully hosted by HarshiniM Sommaiah, student, final year MCA, with the welcome address delivered byMrs. Reena Mol V U,Assistant Professor &Head, Department of MCA, who emphasized the importance of the FDP. The Faculty Development Programme on Ethical Hacking commenced with the rendition of the Philo’s Anthem, setting a dignified tone for the event.The Esteemed guest and resource personswere introduced by Mr. Shiva Kumar C, Assistant Professor, Department of MCA.

Presidential Address delivered by Rev. Fr. Dr. Lourdu Prasad Joseph, Rector, inspired students to explore beyond borders and embrace continuous learning, followed byDr.Ravi JD Saldhana, Principal, addressing the gathering.

The overview of the objectives, relevance and expected outcomes of the Faculty Development Programme on Ethical Hacking, was delivered by Mrs. Bindushree K, Assistant Professor, Department of MCA.

The inaugural session concluded with a Vote of thanks proposed by Mr. Roshan Roy D Souza, Assistant Professor, Department of MCA, expressing gratitude to all dignitaries, organizers, and participants for their valuable contributions. The programme formally came to an end with the National Anthem.

Forenoon Session (10:30AM -1:00PM)

Mr. Shazin Shahul, Cybersecurity Analyst, Techbyheart, began a Theory session with explanation on hacker behaviour and mindset, which included how ethical hackers think like attackers to identify vulnerabilities but use their skills responsibly to protect systems. We were also introduced to the importance of maintaining anonymity during testing by using tools such as VPNs and secure networks to protect identity. 

• Ethical Hacking Process

 Ethical hacking is a legal process of finding security weaknesses in systems. It helps organizations fix vulnerabilities before attackers exploit them.

• Hacker Behaviour& Mindset

Hackers think creatively to find system loopholes. Ethical hackers use the same thinking to improve security in a responsible way.

• Maintaining Anonymity

Anonymity is maintained using tools like VPNs and proxies to hide identity. This helps in safe and secure testing during hacking activities.

• Hacking Methodology

Hacking methodology is a step-by-step approach to test security. It includes reconnaissance, scanning, exploitation, and reporting.

• Information Gathering

Information gathering is the first step of hacking where basic target details are collected. This helps in planning further security testing.

Afternoon Session (1:45 -4:30 PM)

In the afternoon session, the workshop started with practical activities that provided hands-on experience to the participants. We learned about information gathering tools such as WHOIS and basic Nmap, which are used to collect domain details, IP information, and open ports of a target system. The session also included passive reconnaissance using OSINT tools, where information was gathered from publicly available sources without directly interacting with the target system. This helped participants understand real-world reconnaissance techniques along with the basics of packet capturing and network trafficanalysis. This practical session clearly explained how data travels across a network and how unsecured data can be intercepted.

Day -02: 20-01-2026 (Tuesday)

Forenoon Session (10:00AM -1:00PM)

The Day 2 morning session started by welcoming resource person Mr. Asadbabu (Cyber security Analyst), and the participants were introduced to important concepts of social engineering attacks and network security. The session covered social engineering attacks and countermeasures, password attacks, and privilege escalation to build a strong theoretical foundation for cybersecurity practices.

• Social Engineering Attacks

These attacks exploit human trust to steal confidential information like passwords or OTPs. They are often carried out through emails, calls, or fake websites.

• Countermeasures

User awareness and security policies help reduce the risk of social engineering attacks. Always verify the source before sharing any information.

• Password Attacks

Attackers use different techniques to guess or capture passwords to access systems. Strong, unique passwords and MFA are the best defences.

• Privilege Escalation

It is a method used by attackers to gain admin or root access after initial entry. Proper patching and least-privilege access help prevent this.

• Network Infrastructure Vulnerabilities

Network infrastructure vulnerabilities are weaknesses in devices, configurations, or protocols that can be exploited by attackers. These include insecure routers, outdated systems, and misconfigured firewalls.

• IP Spoofing & DNS Spoofing

IP spoofing is an attack where the attacker disguises their identity by using a fake IP address. DNS spoofing redirects users to malicious websites by manipulating DNS responses.

• Wireless Hacking Concepts (WEP, WPA, WPA2)

Wireless hacking targets weaknesses in Wi-Fi security protocols to gain unauthorized access. WEP is outdated and insecure, while WPA and WPA2 provide stronger encryption and better protection

Afternoon Session (1:45 -4:30 PM)

During the afternoon’s practical session, participants gained hands-on experience with ethical hacking tools and techniques. The Social Engineering Toolkit (SET) was demonstrated to show how social engineering attacks like phishing are created and analysed in a controlled environment.

Additionally, password attack demonstrations using John the Ripper and Hydra helped participants understand how weak or reused passwords can be cracked. The session emphasized the importance of strong passwords, secure authentication methods, and ethical use of these tools for security testing purposes only.

As part of the afternoon practical session, participants performed wireless scanning using Kali Linux tools to identify nearby Wi-Fi networks and analyse their security configurations. Participants learned how wireless networks can be assessed for vulnerabilities in a controlled and ethical manner.

A DNS spoofing practical was conducted on a live system using Ettercap to demonstrate a Man-in-the-Middle (MITM) attack. This exercise showed how attackers can intercept and manipulate network traffic, emphasizing the importance of secure network configurations and encryption.

`

Day -03: 21-01-2026 (Wednesday)

Forenoon Session (10:00 AM -1:00 PM)

In the Day 3 morning session, participants were introduced to key cybersecurity threats such as Denial of Service (DoS) attacks, web server and application vulnerabilities, and SQL injection attacks. The session explained how DoS attacks disrupt system availability by overwhelming servers with traffic. It also highlighted common web vulnerabilities caused by insecure coding and misconfigurations. SQL injection techniques and their impact on database security were discussed. The importance of vulnerability analysis in identifying and mitigating security risks was emphasized to strengthen overall system security.

• Denial of Service (DoS) Attacks

A Denial of Service (DoS) attack is a cyberattack where an attacker attempts to make a system, server, or network unavailable to legitimate users by overwhelming it with excessive traffic or requests.

• Web Server and Application Vulnerabilities

Web server and application vulnerabilities are weaknesses in software, configurations, or code that attackers can exploit to gain unauthorized access or disrupt services.

• SQL Injection Attacks

SQL Injection (SQLi) is a technique where attackers insert malicious SQL queries into input fields to manipulate a database.

• Vulnerability Analysis

Vulnerability Analysis is the process of identifying, evaluating, and prioritizing security weaknesses in systems and applications.

• Reverse Engineering Basics

Analysing software to understand its internal structure without source code.

• Buffer Overflow Concepts

Occurs when excess data overwrites memory, leading to crashes or attacks.

• Client-Side Browser Exploits

Attacks that exploit browser or plugin vulnerabilities through malicious web pages.

• Mobile Application Vulnerabilities

Security weaknesses in mobile apps that can cause data leakage or unauthorized access.

Afternoon Session (1:45 -4:30 PM)

During the practical session, participants were provided with extensive hands-on exposure to various cybersecurity attack techniques and defensive tools in a controlled and ethical lab environment. The session began with a demonstration of SQL Injection attacks using DVWA (Damn Vulnerable Web Application), where participants learned how poorly validated user inputs can be exploited to bypass authentication and gain unauthorized access to databases. This helped them understand the importance of input sanitization, prepared statements, and secure coding practices.

A Denial of Service (DoS) attack simulation was then performed in a safe local setup to demonstrate how continuous and excessive requests can overload a server, leading to performance degradation or complete service unavailability. Participants observed how system resources such as CPU, memory, and bandwidth are affected during an attack and were introduced to basic mitigation techniques like rate limiting and firewall rules.

Next, vulnerability scanning exercises were conducted using industry-standard tools such as Nessus and OpenVAS. Participants learned how to scan systems and networks to identify security weaknesses, outdated software, misconfigurations, and known vulnerabilities. The session also covered how to analyse scan reports, assess risk levels, and prioritize remediation actions based on severity.

A buffer overflow demonstration was presented to explain how improper memory handling in applications can be exploited by attackers to crash programs or execute arbitrary malicious code. This demonstration helped participants understand the importance of secure memory management, bounds checking, and the use of modern security mechanisms such as ASLR and DEP.

Additionally, mobile application vulnerability scanning tools were demonstrated to highlight common flaws in mobile apps, such as insecure data storage, improper authentication, and weak API security. Participants were made aware of the importance of regular security testing, secure coding guidelines, and adherence to mobile security standards like OWASP Mobile Top 10.

The session also included a brief introduction to log monitoring, intrusion detection, and incident response, where participants learned how attacks can be identified through system logs and network traffic analysis using tools like Wireshark. This helped them understand the importance of continuous monitoring in enterprise environments.

Overall, the practical session provided a comprehensive understanding of offensive and defensive cybersecurity techniques, enabling participants to connect theoretical knowledge with real-world security scenarios. The hands-on approach significantly improved participants’ awareness of cyber threats, ethical hacking methodologies, and best practices for securing systems, networks, web applications, and mobile platforms.

Day -04: 22-01-2026 (Thursday)

Forenoon Session (10:00 AM -1:00 PM)

On Day 4, participants were introduced to system hacking techniques and steganography concepts, focusing on how attackers gain deeper control over compromised systems and hide their activities to avoid detection. The session provided hands-on exposure in a controlled and ethical environment, helping participants understand both offensive and defensive aspects of cybersecurity.

• System Hacking

Participants were trained in password cracking techniques, including brute-force and dictionary attacks, to demonstrate how weak passwords can be exploited. This activity emphasized the importance of strong password policies, account lockout mechanisms, and multi-factor authentication.

The session continued with privilege escalation techniques, where participants learned how attackers exploit vulnerabilities and system misconfigurations to gain administrator or root-level access. Preventive measures such as regular patching, least-privilege access, and secure system configuration were also discussed.

Participants were also shown how attackers execute applications and commands after gaining access to a system, demonstrating post-exploitation activities and the importance of endpoint monitoring and application control.

• Covering Tracks & Steganography

The session further covered hiding files and covering tracks, where techniques like clearing logs, hiding directories, and removing command history were explained. This highlighted the role of auditing and centralized logging in digital forensics.

Finally, steganography methods and detection tools were demonstrated, showing how secret information can be hidden inside image, audio, or video files. Participants learned how forensic tools can be used to detect hidden data, emphasizing the importance of steganography analysis in cybercrime investigations.

Afternoon Session (1:45 – 4:30 PM)

During the afternoon session, participants were introduced to footprinting and reconnaissance techniques, which form the initial and most critical phase of ethical hacking and penetration testing. The session focused on gathering maximum information about a target system or network before launching any attacks.

The session began with footprinting, where participants learned how attackers collect publicly available information about organizations and systems using both passive and active reconnaissance techniques. Tools such as WHOIS, DNS lookup, and search engine–based OSINT methods were demonstrated to identify domain details, IP ranges, email addresses, and network structure.

Next, participants performed network scanning to discover live hosts, open ports, running services, and operating systems within a network. Scanning techniques were demonstrated using ethical tools to help participants understand how attackers map network topology and identify potential entry points. The importance of firewall configuration and intrusion detection systems in preventing unauthorized scanning was also explained.

In the system hacking lab, participants practiced password cracking, privilege escalation, and basic post-exploitation activities in a controlled environment. They observed how attackers maintain access to compromised systems and learned the importance of monitoring, patching, and secure system configuration as defensive measures.

The session concluded with hands-on steganography exercises using tools such as OpenStego and Steghide. Participants learned how to hide confidential data within image and audio files and later extract it using proper keys or passwords. They were also introduced to basic steganalysis techniques to detect hidden data, highlighting how such methods are used in both secure communication and cybercrime investigations.

Day -05: 23-01-2026 (Friday)

Forenoon Session (10:00 AM -1:00 PM)

On Day 5, participants were introduced to the Metasploit Framework, a powerful penetration testing tool used for developing and executing exploits. The session covered payloads and Meterpreter, explaining how attackers gain remote access, maintain control, and perform post-exploitation activities on target systems.

An overview of Armitage was provided, demonstrating how it simplifies Metasploit usage through a graphical interface and helps visualize targets and attacks. Participants also explored Kali Linux penetration testing tools, gaining an understanding of tools used for scanning, exploitation, password attacks, and wireless testing.

The session concluded with recent real-world vulnerability case studies, helping participants understand how security flaws are exploited in practice and highlighting the importance of timely patching and secure configurations.

Afternoon Session (1:45 – 4:30 PM)

In the afternoon session, participants were introduced to Metasploit Basic Exploitation using the Armitage GUI, where they learned how to identify vulnerabilities and exploit target systems using the Metasploit Framework. This hands-on practical session enabled participants to gain real-time experience in launching exploits, managing active sessions, and understanding how attackers take advantage of system weaknesses in a controlled and ethical environment.

This was followed by a Kali Linux penetration testing lab, where participants performed real-time attack simulations on vulnerable machines. The session demonstrated the complete penetration testing process, including exploitation, privilege escalation, and post-exploitation activities, helping participants gain a clear understanding of real-world cyberattack scenarios and defensive measures.

The workshop concluded with a valedictory session and certificate distribution, marking the successful completion of the program. Participants reflected on their learning outcomes and were awarded certificates in recognition of their active participation and successful completion of the workshop.

Valedictory (4:30 – 5:30 PM)

The valedictory session was graced by the presence of esteemed dignitaries including: 

• Dr. Ravi J.D Saldhana, Principal
• Mr. Ronald Prakash Cutinha, Vice Principal
• Mr. Anand, Dean Academics
• Mr. Thomas A Gunaseelan, IQAC Coordinator

The session was gracefully hosted by Umme Kulsum, student, first year MCA. The session commenced with the rendition of the Philo’s Anthem, setting a dignified tone for the event, followed by a formal welcome speech delivered by Mr. Roshan Roy D’Souza, Assistant Professor, Dept. of MCA. A brief FDP report was vocally delivered by Mrs. Reena Mol V U, Assistant Professor & Head, Department of MCA and Convener summarized the five days FDP. It was followed by certificates distribution led by Mrs. Bindushree K, Mr. Shiva Kumar C & Ms. Harini S, faculty coordinators, Dept. of MCA.

The session was concluded with a Vote of thanks proposed by Mr. Mohammaed Maaz Pasha, Assistant Professor, Department of MCA, expressing gratitude to all dignitaries, organizers, and participants for their active participation. The programme formally came to an end with the National Anthem.