1) What is CSRF attack & how it is done? 5) Explain the term SYN Flooding.

e term SYN Flooding. 7) Give a complete description of Rootkits with

> Cross-Site Request Forgery (CSRF) is a type of web > SYN flooding is a type of denial-of-service (DoS) example
attack where an attacker exploits the trust that a attack that exploits the three-way handshake used to >A rootkit is a type of malware that gives an attacker
website has in a user's browser. The attacker tricks the establish TCP connections. In a SYN flood attack, the remote access and control over a computer system
user's browser into sending a forged HTTP request to attacker sends a large number of SYN (synchronize) without the user's knowledge or consent. It can be
a trusted website, with the intention of carrying out an packets to the target server. The server responds to used to steal personal information, install other
unwanted action on the user's behalf. CSRF attacks each SYN packet with a SYN-ACK (synchronize- malware, or disrupt the system's operation. Rootkits
are typically carried out by sending a victim a specially acknowledge) packet. However, the attacker never are typically installed by exploiting a vulnerability in
crafted link or email. When the victim clicks on the link sends the final ACK (acknowledge) packet, which the system's software. Once installed, they can be very
or opens the email, their browser is tricked into causes the server to hold open a half-open connection difficult to detect and remove, as they are designed to
sending a forged HTTP request to the trusted website. for each SYN packet it receives. After a while, the hide their presence from the operating system and
The website then performs the action specified in the server will run out of resources to allocate to new security software. Here is an example of how a rootkit
request, without the user's consent. There are a connections, and it will no longer be able to respond to could be used: An attacker creates a rootkit and sends
number of ways to protect against CSRF attacks, legitimate traffic. This can make the server unavailable it to a victim in an email attachment. The victim opens
including: Using anti-CSRF tokens: Anti-CSRF to legitimate users, or it can significantly degrade its the attachment and the rootkit is installed on their
tokens are unique values that are generated by the performance. SYN flooding attacks are relatively easy computer. The rootkit then hides itself from the
server and sent to the browser in each response. The to launch, and they can be very effective at disrupting operating system and security software. The attacker
browser then includes the token in all subsequent a server's operation. This makes them a popular choice can then use the rootkit to steal the victim's personal
requests to the server. If the server does not receive for attackers who want to launch DoS attacks against information, install other malware, or disrupt the
the token in a request, it knows that the request is websites and other online services. system's operation. For example, the attacker could
forged and rejects it. Using same-origin policy: The steal the victim's credit card numbers, install
same-origin policy prevents scripts from one website B) Denial of Service (DoS /DDoS) ransomware, or launch a denial-of-service attack
from accessing resources on another website. This can > Denial-of-service (DoS) and distributed denial-of- against the victim's computer.
help to protect against CSRF attacks, as it prevents service (DDoS) attacks are types of cyberattacks that
attackers from embedding malicious scripts on other aim to make a computer or network unavailable to its 8) Write a short note on CIA triad.
websites. Educating users: Users should be educated intended users. A DoS attack is launched from a single > The CIA triad is a cybersecurity model that
about the dangers of CSRF attacks and should be source, while a DDoS attack is launched from multiple describes three core components of information
taught how to identify and avoid them. Here is an distributed sources. This makes DDoS attacks more security: confidentiality, integrity, and availability.
example of how a CSRF attack could be carried difficult to defend against, as they can overwhelm a Confidentiality refers to the protection of data from
out: An attacker creates a malicious website that server's resources with a flood of traffic from many unauthorized access. This is important because data
contains a link to a trusted website, such as a bank different locations. DoS and DDoS attacks can be used often contains sensitive or confidential information,
website. The attacker tricks the victim into visiting to target a variety of systems, including websites, such as customer records, financial data, or trade
their malicious website. When the victim clicks on the servers, and networks. They can be used to disrupt secrets. Integrity refers to the accuracy and
link to the trusted website, their browser is tricked business operations, extort money from victims, or completeness of data. This is important because
into sending a forged HTTP request to the trusted simply cause chaos. inaccurate or incomplete data can lead to bad
website. The trusted website then performs the action decisions and other problems. Availability refers to
specified in the request, without the user's consent the accessibility of data to authorized users. This is
B) brute force
> Brute force is a method of cryptography in which an important because data is often needed for business
2) Write a short note on URL Obfuscation attacker tries out all possible combinations of keys operations, decision-making, and other essential
> URL obfuscation is the process of making a URL until the correct one is found. This is a very time- purposes. The CIA triad is a fundamental principle of
more difficult to read or understand. This can be done consuming process, but it is possible to break any cybersecurity, and it is used to guide the development
for a variety of reasons, such as to prevent users from encryption algorithm if the attacker has enough time and implementation of security policies and
knowing the true destination of a link, to avoid and resources. Brute force attacks are often used to procedures. For example, a company might implement
detection by security tools, or to bypass content filters. crack passwords. This is because passwords are access controls to protect the confidentiality of its
There are a number of different techniques that can be typically short and easy to guess. For example, a brute data, data integrity checks to ensure the accuracy of
used to obfuscate URLs. Some common techniques force attack could be used to crack a 4-digit PIN code its data, and redundancy measures to ensure the
include: Using URL shortening services: URL in just 10,000 attempts. Brute force attacks can also be availability of its data.
shortening services, such as Bitly and TinyURL, can be used to break encryption algorithms, such as AES and
used to create shorter, more obfuscated URLs. Using RSA. However, this is much more difficult, as the key 9) What is malware? Explain Worms and Trojan
URL encoding: URL encoding is a technique that space for these algorithms is much larger. For with suitable examples.
converts special characters in a URL to hexadecimal example, a brute force attack would take millions of > Malware is any software that is designed to damage
codes. This can make the URL more difficult to read years to crack a 256-bit AES key. or disable a computer system. It can include viruses,
and understand. Using JavaScript: JavaScript can be worms, trojans, spyware, ransomware, and other types
used to dynamically generate or modify URLs. This can of malicious software. Worms are a type of malware
C) Eavesdropping
make it difficult for security tools to track and analyze that can self-replicate and spread to other computers
> Eavesdropping is the act of secretly listening to a
URLs. Using homoglyphs: Homoglyphs are without user intervention. They often exploit
private conversation or communication without the
characters that look similar to other characters. For vulnerabilities in operating systems or software to
consent of the participants. It can be done in person or
example, the Cyrillic letter "a" looks similar to the spread. Once a worm is installed on a computer, it can
electronically. Eavesdropping is often used to gain
Latin letter "a". Attackers can use homoglyphs to steal data, damage files, or disrupt network traffic.
information for personal gain, such as to spy on a
create URLs that look like legitimate URLs, but Examples of worms: Morris worm: The Morris worm
competitor or to blackmail someone. It can also be
actually redirect to malicious websites. used for malicious purposes, such as to steal trade was the first major worm to be released on the internet
secrets or to commit identity theft. There are a number in 1988. It infected over 6,000 computers and caused
3) Explain the term Keystroke logging. of ways to eavesdrop on private conversations, millions of dollars in damage. Code Red worm: The
Keystroke logging, also known as keylogging, is the including: Listening in on a conversation: This can Code Red worm was released in 2001 and infected
act of recording the keys struck on a keyboard, be done by being close to the people who are talking, over 360,000 computers. It defaced web pages and
typically covertly, so that a person using the keyboard or by using a listening device, such as a bug or a launched denial-of-service attacks against websites.
is unaware that their actions are being monitored. parabolic microphone. Intercepting electronic Trojans are a type of malware that disguises itself as
Data can then be retrieved by the person operating the communications: This can be done by intercepting legitimate software in order to trick users into
logging program. A keystroke recorder or keylogger phone calls, emails, or text messages. Hacking into installing it. Once a trojan is installed on a computer, it
can be either software or hardware. Software-based computer systems: This can be used to steal personal can steal data, install other malware, or allow
keyloggers are computer programs designed to information or to gain access to private conversations attackers to remotely control the computer.
record any input from the keyboard. Keyloggers are that are stored on the computer. Examples of trojans: Emotet trojan: The Emotet
used in IT organizations to troubleshoot technical trojan is a sophisticated trojan that is designed to steal
problems with computers and business networks. data and install other malware. It is often spread
D) Man-in-the-middle
Families and businesspeople use keyloggers legally to through phishing emails. Qbot trojan: The Qbot trojan
> A man-in-the-middle (MitM) attack is a type of
monitor network usage without their users' direct is another sophisticated trojan that is designed to steal
cyberattack where the attacker secretly relays and
knowledge. Microsoft publicly stated that Windows 10 data and install other malware. It is often spread
possibly alters the communications between two
has a built-in keylogger in its final version "to improve through phishing emails and malicious attachments.
parties who believe that they are directly
typing and writing services". However, malicious Worms and trojans can be very damaging to computer
communicating with each other. The attacker's goal is
individuals can use keyloggers on public computers to systems and networks. It is important to have a good
to steal data that is being transmitted between the two
steal passwords or credit card information. Hardware- security solution in place to protect yourself from
parties, such as login credentials, credit card numbers,
based keyloggers are physical devices that are these types of malware.
or other sensitive information. MitM attacks can be
attached to a keyboard or computer. Hardware-based
carried out in a variety of ways, but some of the most
keyloggers are more difficult to detect than software- 10) What is malware? Explain in brief concept of
common methods include: Wi-Fi spoofing: The
based keyloggers, but they are also more expensive. Virus.
attacker creates a fake Wi-Fi access point that has the
Keyloggers can be used for a variety of purposes, > Malware is any software that is designed to damage
same name as a legitimate access point. When a user
including: Stealing passwords, credit card numbers, or disable a computer system. It can include viruses,
connects to the fake access point, the attacker can
and other sensitive information Monitoring employee worms, trojans, spyware, ransomware, and other types
intercept and monitor all of the user's traffic. ARP
activity Spying on someone's online activity Recording of malicious software. Viruses are a type of malware
poisoning: The attacker sends spoofed ARP (Address
keystrokes for gameplay or educational purposes that can self-replicate and spread to other computers.
Resolution Protocol) packets to the victim's computer.
This causes the victim's computer to believe that the They typically attach themselves to other programs
4) Write a short note on VOIP Vulnerabilities. attacker's computer is the legitimate gateway to the and then replicate themselves when the program is
> VoIP vulnerabilities are weaknesses in the VoIP network. The attacker can then intercept and monitor executed. Viruses can damage files, steal data, or
protocol or its implementations that expose users to all of the victim's traffic. SSL stripping: The attacker disrupt computer operations. Here is a brief
privacy violations and other problems. VoIP is a group downgrades the victim's connection from HTTPS to explanation of how a virus works: The virus is attached
of technologies that enable voice calls online. VoIP HTTP. This allows the attacker to intercept and to a legitimate program, such as an email attachment
contains similar vulnerabilities to those of other monitor all of the victim's traffic, even if it is or a downloadable file. The user opens the file, which
internet use. Risks are not usually mentioned to encrypted. executes the virus. The virus replicates itself and
potential customers. VoIP provides no specific spreads to other programs on the computer.
protections against fraud and illicit practices. Here are The virus may then damage files, steal data, or disrupt
15) Describe the terms Internal & External
some of the most common VoIP vulnerabilities: computer operations. Examples of viruses: Conficker
Penetration testing
Eavesdropping: Attackers can eavesdrop on VoIP virus: The Conficker virus was released in 2008 and
> Internal penetration testing, also known as red
calls by intercepting the traffic between the caller and infected over 9 million computers. It created botnets
teaming, is a type of penetration testing that is
the recipient. This can be done by using a variety of that were used to launch denial-of-service attacks and
performed from within an organization's network. The
techniques, such as packet sniffing or spoofing. Call steal data. CryptoLocker virus: The CryptoLocker
goal of internal penetration testing is to identify
tampering: Attackers can tamper with VoIP calls by virus was released in 2013 and infected over 500,000
security vulnerabilities that could be exploited by an
injecting malicious traffic into the call or by modifying computers. It encrypted users' files and demanded a
insider threat, such as a disgruntled employee or a
the existing traffic. This can cause the call to be ransom payment to decrypt them.
malicious actor who has gained access to the network
dropped, or it can be used to inject noise or other
from the inside. External penetration testing, also
unwanted audio into the call. Denial of service (DoS)
known as black box testing, is a type of penetration
attacks: Attackers can launch DoS attacks against
testing that is performed from outside of an
VoIP systems to make them unavailable to users. This
organization's network. The goal of external
can be done by flooding the system with traffic or by
penetration testing is to identify security
exploiting vulnerabilities in the system's software.
vulnerabilities that could be exploited by an attacker
Fraud: VoIP fraud can occur when attackers gain
who does not have any authorized access to the
unauthorized access to a VoIP system and use it to
network.
make calls without paying for them. This can also
occur when attackers impersonate legitimate users
and make calls in their name.
11) Write a short note on Crawling/Spidering with 15) Explain SQL Injection attack. 17) Explain Black, Bray, & White Box Penetration
suitable example. A SQL injection attack is a type of cyberattack in which Testing methods in detail.
> Crawling/Spidering is the process of automatically an attacker injects malicious SQL code into a SQL > Black Box Penetration Testing: Black box
accessing and downloading a large number of web query. This can allow the attacker to execute arbitrary penetration testing is a type of penetration testing in
pages on the internet. Crawlers are also known as SQL commands, which can give them access to which the tester has no prior knowledge of the target
spiders or web robots. They are used by search sensitive data, modify or delete data, or disrupt the system or network. This simulates the perspective of
engines to index the web so that users can find the operation of a database. SQL injection attacks can be an attacker who is trying to break into the system from
information they are looking for. Crawlers can also be carried out against any database that is accessible scratch. Black box penetration testing is the most
used for other purposes, such as gathering data or over the internet. This includes databases that are challenging type of penetration testing, but it is also
monitoring websites. Crawlers work by following links used to power websites, web applications, and other the most realistic. To perform a black box penetration
from one page to another. They start at a seed URL, online services. SQL injection attacks are often carried test, the tester will typically start by gathering
which is a known web page. The crawler then out by sending malicious SQL code to a website or web information about the target system or network. This
downloads the seed URL and follows all of the links on application in the form of a parameter in a URL or can be done through a variety of means, such as social
the page. The crawler continues this process until it HTTP request body. For example, an attacker might engineering, open source intelligence (OSINT), and
has downloaded and indexed all of the pages that it send the following malicious SQL code in a parameter reconnaissance tools. Once the tester has gathered
can reach. Crawlers are an important part of the in a URL: SQL enough information, they will begin to probe the
internet ecosystem. They help to make the web ?name=admin' AND password IS NULL system for vulnerabilities. Gray Box Penetration
accessible and searchable for everyone. Here is an Use code with caution. Learn more Testing: Gray box penetration testing is a type of
example of how crawling/spidering is used by search If the website or web application is not properly penetration testing in which the tester has some prior
engines: A user enters a search query into a search sanitized, this malicious SQL code will be executed knowledge of the target system or network. This
engine. The search engine uses a crawler to index the when the database query is processed. This will allow simulates the perspective of an attacker who has
web and create a database of all of the pages that it the attacker to log in to the database as the admin gained some limited access to the system, such as
has found. When the user submits their search query, user, even if they do not know the admin user's through a phishing attack or a compromised employee
the search engine uses the database of indexed pages password. account. Gray box penetration testing is more realistic
to find the most relevant results. than black box testing, but it is also less challenging.
16) Define the Term Footprinting. Explain how To perform a gray box penetration test, the tester will
12) Write a short note on Session Hijacking Whois and traceroute is used in footprinting typically start by gathering information about the
> Session hijacking is a type of cyberattack in which > Footprinting is the process of gathering information target system or network. This information can be
an attacker takes control of a user's active session with about a target computer system or network. This obtained from a variety of sources, such as the target
a website or web application. This can be done by information can be used for a variety of purposes, organization's website, social media accounts, and
stealing the user's session ID or cookie, or by including penetration testing, competitive intelligence, employees. The tester will also likely have some
exploiting a vulnerability in the website or web and social engineering. Whois is a tool that can be limited access to the system, such as through a user
application. Once the attacker has control of the used to query the Domain Name System (DNS) to account or a test environment. White Box
session, they can perform any actions that the obtain information about domain names. This Penetration Testing: White box penetration testing is
legitimate user could perform, such as accessing their information can include the domain name's registrant, a type of penetration testing in which the tester has
account, making purchases, or sending messages. contact information, and creation date. Traceroute is a full knowledge of the target system or network. This
Session hijacking can be a very serious attack, as it tool that can be used to trace the path that network includes having access to the system's source code,
can allow attackers to steal sensitive information, packets take from a source computer to a destination network diagrams, and configuration information.
commit fraud, or disrupt the operations of a business. computer. This information can be used to identify the White box penetration testing is the least realistic type
Here are some examples of how session hijacking can intermediate networks and devices that are involved in of penetration testing, but it is also the most
be carried out: Packet sniffing: An attacker can use a the communication. How Whois and traceroute are comprehensive. To perform a white box penetration
packet sniffer to intercept the traffic between a user used in footprinting: Whois can be used to gather test, the tester will typically start by reviewing the
and a website or web application. This can allow the information about the target's domain name, such as system's documentation. This will give the tester a
attacker to steal the user's session ID or cookie. the registrant, contact information, and creation date. good understanding of the system's architecture,
Cross-site scripting (XSS) attacks: An XSS attack This information can be used to identify the target's components, and configuration. The tester will then
can be used to inject malicious code into a website or organization, physical location, and contact use this information to identify potential
web application. This code can then be executed when information. Traceroute can be used to identify the vulnerabilities.
a user visits the website or web application, and it can intermediate networks and devices that are involved in
be used to steal the user's session ID or cookie. the communication between the source computer and 18) Define Threat. Explain iterative process in
Man-in-the-middle attacks: A man-in-the-middle the target computer. This information can be used to Threat Modelling
attack is a type of attack in which an attacker identify the target's network topology and identify > Threat: A threat is any entity or event that has the
intercepts the traffic between two parties and potential vulnerabilities in the target's network. potential to cause harm to an asset. Threats can be
impersonates one of the parties. This can allow the 19) Describe Honeypots and Evasion techniques internal or external, and they can be intentional or
attacker to steal the user's session ID or cookie. > Honeypots: A honeypot is a security resource that unintentional. Iterative Process in Threat
is intentionally designed to be vulnerable to attack. Modelling: Threat modelling is an iterative process
13) Define Ethical Hacking & explain its need? Honeypots are used to attract and trap attackers, so that involves the following steps: Identify assets: The
> Ethical hacking, also known as penetration testing, that organizations can learn more about their attack first step is to identify the assets that need to be
is the practice of authorized simulated attacks on techniques and mitigate future attacks. Honeypots can protected. Assets can be tangible (e.g., hardware,
computer systems, networks, or applications to find be deployed in a variety of ways, such as: Network software, data) or intangible (e.g., brand reputation,
security vulnerabilities that could be exploited by honeypots: Network honeypots are devices or systems intellectual property). Identify threats: Once the
malicious actors. Ethical hackers use the same tools that are designed to appear to be legitimate targets on assets have been identified, the next step is to identify
and techniques as malicious hackers, but they do so a network. When an attacker targets a network the threats that could potentially harm them. Threats
with the permission of the organization they are honeypot, the organization can monitor the attacker's can be identified through a variety of methods, such as
testing. Need for ethical hacking: Ethical hacking is activity and learn more about their attack techniques. brainstorming, risk assessments, and industry best
needed to help organizations identify and fix security Application honeypots: Application honeypots are practices. Analyze threats: Once the threats have
vulnerabilities before they can be exploited by software programs that are designed to appear to be been identified, the next step is to analyze them to
malicious hackers. In today's digital world, legitimate applications. When an attacker targets an understand their likelihood and impact. This will help
organizations of all sizes are at risk of cyberattacks. application honeypot, the organization can monitor the to prioritize the threats and focus on the most critical
Ethical hackers can help organizations to: Identify attacker's activity and learn more about their attack ones. Identify vulnerabilities: Vulnerabilities are
security vulnerabilities in their systems, networks, and techniques. Data honeypots: Data honeypots are files weaknesses in the system that could be exploited by
applications Assess the risks posed by these or databases that are designed to appear to contain threats. Vulnerabilities can be identified through a
vulnerabilities Recommend and implement mitigation valuable data. When an attacker targets a data variety of methods, such as code reviews, security
measures to reduce these risks By engaging ethical honeypot, the organization can monitor the attacker's audits, and penetration testing. Assess risks: Risk is
hackers to test their security systems, organizations activity and learn more about their data exfiltration the likelihood of a threat exploiting a vulnerability to
can be more confident that they are protected from techniques. Evasion techniques: Evasion techniques cause harm to an asset. The risk of each threat should
cyberattacks are methods that attackers use to avoid detection and be assessed to determine the level of mitigation
analysis by security systems. Evasion techniques can required. Identify and implement mitigation strategies:
be used to: Hide malicious code: Attackers can use a Mitigation strategies are actions that can be taken to
14) What is meant by packet sniffing? Explain
variety of techniques to hide malicious code, such as reduce the likelihood or impact of a threat. Mitigation
Packet sniffing is the process of capturing and
encryption, compression, and obfuscation. Exploit strategies can include technical controls (e.g.,
monitoring data packets that are traveling across a
vulnerabilities: Attackers can exploit vulnerabilities firewalls, intrusion detection systems), administrative
computer network. Packet sniffers can be used to
in security systems to bypass them. Abuse legitimate controls (e.g., security policies, procedures), and
capture a wide variety of data, including email, web
functionality: Attackers can abuse legitimate training. Monitor and maintain: The threat
traffic, and file transfers. Packet sniffers can be used
functionality in security systems to evade detection. modelling process is an iterative process, so it is
for a variety of purposes, both legitimate and
important to monitor the system and environment for
malicious. For example, network administrators may
changes that could introduce new threats or
use packet sniffers to monitor network traffic for 20) Explain a Smurf Attack
vulnerabilities. The threat model should also be
troubleshooting or security purposes. However, packet > A Smurf attack is a type of denial-of-service (DoS)
updated regularly to reflect changes in the system and
sniffers can also be used by attackers to steal sensitive attack that exploits the Internet Control Message
environment. The iterative nature of threat modelling
data or launch attacks against networks. There are two Protocol (ICMP). In a Smurf attack, the attacker sends
allows for a more comprehensive and accurate
main types of packet sniffers: Hardware packet a large number of ICMP echo requests (pings) to a
understanding of the threats to a system. By iteratively
sniffers: These packet sniffers are typically installed network of broadcast addresses. Broadcast addresses
refining the threat model, organizations can identify
on a network interface card (NIC). They capture all are special IP addresses that are used to send
and mitigate threats more effectively.
packets that pass through the NIC. Software packet messages to all devices on a network. When a device
sniffers: These packet sniffers are installed on a receives an ICMP echo request, it is obligated to
computer and use the computer's operating system to respond with an ICMP echo reply (pong). In a Smurf
capture packets. Packet sniffers can be difficult to attack, the attacker spoofs the source address of the
detect, as they do not typically require any interaction ICMP echo requests to be the address of the victim.
with the user. However, there are a number of things This means that the victim's IP address will be used as
that users can do to protect themselves from packet the source address in all of the ICMP echo replies.
sniffers, such as: Use encryption: Encrypting data When the devices on the broadcast network receive
packets makes them unreadable to packet sniffers. the ICMP echo replies, they will send them back to the
Use a firewall: A firewall can help to block victim's IP address. This can overwhelm the victim's
unauthorized access to a network, including access network with traffic, making it unavailable to
from packet sniffers. Use a VPN: A VPN encrypts all legitimate users. Smurf attacks can be very effective,
traffic between the user's computer and the VPN as they can generate a large amount of traffic with a
server. This can help to protect users from packet relatively small amount of effort. Smurf attacks can
sniffers, even when they are using public Wi-Fi also be difficult to defend against, as they can be
networks. launched from anywhere in the world.
21) What are the ways to achieve Mobile apps 25) Define Scanning & mention its three types 29) Write a short note on MAC Flooding.
security? Explain > Scanning is the process of gathering information > MAC Flooding is a type of denial-of-service (DoS)
> There are many ways to achieve mobile app security. about a computer system or network. This information attack that targets network switches. The attack works
Here are some of the most important ones: Secure can be used for a variety of purposes, such as by flooding the switch's MAC address table with a
code development: This involves using secure coding identifying vulnerabilities, assessing risks, and large number of spoofed MAC addresses. This causes
practices, such as input validation, error handling, and planning attacks. There are three main types of the switch to overflow its MAC address table and start
data encryption. It is also important to keep the code scanning: Port scanning: Port scanning is the process flooding all traffic to all ports. MAC flooding attacks
up to date and to use a code linter to identify and fix of identifying open ports on a computer system or can be very effective, as they can quickly overwhelm a
potential security vulnerabilities. Use of strong network. Open ports are ports that are listening for switch and cause it to become unusable. The attacks
authentication: Mobile apps should use strong incoming traffic. Attackers can use port scanning to can also be difficult to detect and prevent, as they do
authentication mechanisms, such as two-factor identify potential targets and to exploit vulnerabilities not exploit any specific vulnerabilities in the switch.
authentication or biometrics, to prevent unauthorized associated with specific ports. Vulnerability There are a few things that organizations can do to
access. Data encryption: All sensitive data, such as scanning: Vulnerability scanning is the process of protect themselves from MAC flooding attacks, such
user login credentials and financial information, should identifying vulnerabilities in computer systems and as: Using a switch that supports MAC address filtering:
be encrypted at rest and in transit. Sandboxing: networks. Vulnerabilities are weaknesses that can be MAC address filtering allows the switch to only accept
Mobile apps should be sandboxed to prevent them exploited by attackers to gain access to a system or traffic from devices with known MAC addresses. This
from interacting with other apps and the underlying network, steal data, or launch attacks. Network can help to prevent MAC flooding attacks by blocking
operating system in unintended ways. Regular scanning: Network scanning is the process of spoofed MAC addresses. Using a switch that supports
security testing: Mobile apps should be regularly identifying all of the devices on a network. This rate limiting: Rate limiting allows the switch to limit
tested for security vulnerabilities. This can be done information can be used to identify potential targets the amount of traffic that can be received from a single
using manual testing, automated testing, or a and to map out the network topology. port. This can help to prevent MAC flooding attacks by
combination of both. In addition to these general preventing attackers from flooding the switch with
security measures, there are a number of specific 26) What is XSS traffic. Using a switch that supports MAC address
security measures that can be taken to protect mobile > XSS stands for Cross-Site Scripting. It is a type of learning: MAC address learning allows the switch to
apps from specific types of attacks. For example, to web security vulnerability that allows an attacker to learn the MAC addresses of the devices that are
protect against phishing attacks, mobile apps can use inject malicious code into a web page. This code can connected to it. This can help to prevent MAC flooding
certificate pinning to ensure that they are only then be executed by the victim's browser when they attacks by allowing the switch to ignore spoofed MAC
communicating with trusted servers. visit the web page. There are three main types of XSS: addresses.
Reflected XSS: Reflected XSS occurs when the
22) What is Buffer overflow malicious code is reflected back to the victim in the 30) Write a short note on MAC Spoofing.
> A buffer overflow is a type of anomaly whereby a response from the web server. This can happen, for > MAC spoofing is a technique that allows an attacker
program writes data to a buffer beyond the buffer's example, when a user enters malicious code into a to change the MAC address of their network interface
allocated memory, overwriting adjacent memory search form and the web server returns the results card (NIC). The MAC address is a unique identifier
locations. Buffers are areas of memory set aside to with the malicious code included. Stored XSS: Stored that is assigned to every NIC when it is manufactured.
hold data, often while moving it from one section of a XSS occurs when the malicious code is stored on the Attackers can use MAC spoofing to impersonate other
program to another, or between programs. Buffer web server and then executed when the victim visits devices on a network or to bypass MAC address
overflows can occur for a variety of reasons, such as: the web page. This can happen, for example, when a filtering. There are a number of reasons why an
Incorrect input validation: If a program does not user comments on a blog post and the malicious code attacker might want to use MAC spoofing, such as:
properly validate the input that it receives, an attacker is stored in the database along with the comment. To gain unauthorized access to a network: An attacker
can inject malicious code into the input buffer. This DOM-based XSS: DOM-based XSS occurs when the can spoof the MAC address of a legitimate device on a
code can then be executed when the program tries to malicious code is injected into the Document Object network to gain unauthorized access to the network.
process the input. Integer overflows: If a program Model (DOM) of the web page. The DOM is a For example, an attacker could spoof the MAC address
performs an arithmetic operation on two integers and representation of the web page in the browser's of a printer to gain access to the printer's network
the result is larger than the maximum value that can memory. When the malicious code is injected into the queue. To launch attacks against other devices on a
be stored in the destination variable, an integer DOM, it can be executed by the browser when the network: An attacker can spoof the MAC address of
overflow can occur. This can cause the program to victim interacts with the web page. their own device to launch attacks against other
overwrite adjacent memory locations. Use-after-free devices on the network. For example, an attacker
errors: If a program tries to access memory that has 27) Explain the Netcat Trojan in detail could spoof their own MAC address to launch a denial-
already been freed, a use-after-free error can occur. >A Netcat Trojan is a type of Trojan horse program of-service attack against another device on the
This can cause the program to overwrite adjacent that uses the Netcat utility for malicious purposes. network. To bypass MAC address filtering: MAC
memory locations. Buffer overflows can be exploited Netcat is a powerful networking tool that can be used address filtering is a security measure that can be
by attackers to gain control of a program, steal data, for a variety of purposes, such as port scanning, file used to restrict access to a network to specific devices.
or crash the program. transfer, and remote code execution. However, when An attacker can use MAC spoofing to bypass MAC
Netcat is used in a Trojan horse program, it can be address filtering and gain access to the network.
23) Describe the term Steganography used to create backdoors, steal data, and launch
> Steganography is the practice of concealing a attacks. Netcat Trojans are typically installed on a
message within another message or physical object. victim's computer through a variety of means, such as
The word steganography comes from the Greek words phishing emails, malicious websites, and malware.
steganos, meaning "covered or concealed," and Once installed, the Trojan will open a backdoor on the
graphia, meaning "writing." Steganography can be victim's computer and allow the attacker to connect to
used to conceal a wide variety of information, the victim's computer remotely. The attacker can then
including text, images, audio, and video. The hidden use the Netcat utility to perform a variety of malicious
information can be embedded in a variety of different actions, such as: Stealing data: The attacker can use
ways, such as: Least significant bit (LSB) insertion: the Netcat utility to steal files from the victim's
This technique involves embedding the hidden computer, such as passwords, credit card numbers,
information in the least significant bits of the carrier and other sensitive information. Launching attacks:
medium. This can be done with images, audio, and The attacker can use the Netcat utility to launch
video files. Spread spectrum steganography: This attacks against other computers on the victim's
technique involves embedding the hidden information network, such as denial-of-service attacks and
across a wide range of frequencies in the carrier distributed denial-of-service attacks. Creating
medium. This makes the hidden information more backdoors: The attacker can use the Netcat utility to
difficult to detect. Watermarking: This technique create backdoors on other computers on the victim's
involves embedding the hidden information in a way network. This allows the attacker to connect to the
that is difficult to remove without damaging the carrier victim's network at any time and perform malicious
medium. Watermarking is often used to protect actions.
intellectual property, such as images and videos.
28) List and explain any 5 OWASP Secure Coding
24) Explain the term Cookie Theft Guidelines.
> Cookie theft is a type of cyberattack in which an > Here are 5 OWASP Secure Coding Guidelines:
attacker steals a user's cookies. Cookies are small text Input validation: This guideline emphasizes the
files that are stored on a user's computer when they importance of validating all user input before it is
visit a website. Cookies contain information about the processed by the application. This includes checking
user's session and preferences, allowing the website to for the type of input, the length of the input, and the
remember them and offer personalized experiences. presence of any malicious characters. Output
However, if an attacker gains access to a user's encoding: This guideline recommends encoding all
cookies, they can use that information to impersonate output before it is displayed to the user. This helps to
the user and perform actions on the victim's behalf. prevent cross-site scripting (XSS) attacks, which can
For example, an attacker could use a stolen cookie to occur when malicious code is injected into the output
log in to the victim's bank account or social media and then executed by the user's browser.
account. Cookie theft can occur in a variety of ways, Authentication and session management: This
such as: Cross-site scripting (XSS): XSS is a type of guideline provides recommendations for implementing
cyberattack in which an attacker injects malicious secure authentication and session management
code into a website. When a user visits this website, mechanisms. This helps to protect the application from
the malicious code is executed and the attacker can attacks such as SQL injection and session hijacking.
steal the user's cookies. Man-in-the-middle attacks: Error handling and logging: This guideline
A man-in-the-middle attack is a type of cyberattack in recommends handling errors in a secure manner and
which an attacker intercepts communication between logging all errors for later analysis. This helps to
two parties. By intercepting communication between a prevent attackers from gaining information about the
user and a website, an attacker can steal the user's application's vulnerabilities. Cryptographic
cookies. Malware: Malware is a type of malicious practices: This guideline provides recommendations
software that can be used to steal a user's cookies. for using cryptography to protect sensitive data. This
Malware can be installed on a user's computer through includes using strong encryption algorithms and
a variety of means, such as phishing emails and managing cryptographic keys securely. These are just
malicious websites. a few of the many OWASP Secure Coding Guidelines.
By following these guidelines, developers can help to
create more secure applications.