Training Session on “Nmap, Passive Reconnaissance, and Hands-on CTF”
6th October 2025
Cyber security Club, Dronacharya College of Engineering, Gurugram, organized an engaging Training Session on “Nmap, Passive Reconnaissance, and Hands-on CTF” on 6th October 2025. The workshop was led and coordinated by student coordinators Mr. Abhishek Prasad, Mr. Aditya Singh, Mr. Praveen Rawat and Mr. Daksh Sharma from the Department of CSE (IoT & Cybersecurity).
It aimed to provide students with practical exposure to information gathering, vulnerability assessment, and ethical exploitation techniques through a safe and controlled Capture-The-Flag (CTF) Environment. The session was designed to help participants understand the complete process of reconnaissance and exploitation, emphasizing the importance of ethical hacking as a defensive learning practice.
The session commenced with Mr. Abhishek Prasad, who set the tone by explaining the significance of reconnaissance in cybersecurity and how it forms the foundation of any security assessment. He highlighted that ethical hacking is not about attacking systems but about understanding vulnerabilities to strengthen defenses. Following this, Mr. Aditya Singh demonstrated practical applications of tools like Nmap, showing how to identify open ports, services, and vulnerabilities in web applications. His hands-on guidance transformed theoretical knowledge into an interactive learning experience.
Mr. Praveen Rawat added another dimension to the session by focusing on passive reconnaissance and OSINT (Open-Source Intelligence) techniques. He explained how vital information can be gathered without directly interacting with the target, thus complementing active scanning results. Throughout the session, Mr. Daksh Sharma provided seamless technical support, ensuring smooth execution of the live demonstrations and participant activities.
The highlight of the training was the hands-on CTF challenge, where students explored an intentionally vulnerable web server to identify and exploit simulated flaws like weak credentials, misconfigurations, and input validation errors. The participants worked enthusiastically in teams, applying what they learned to capture flags, analyze vulnerabilities, and understand real-world attack vectors. This practical exercise gave them firsthand experience of how small security oversights can lead to major breaches and how timely defensive actions can prevent them.