Q1.

A. What is malware? Explain in brief the concept of Virus. (5)

Malware is malicious software designed to disrupt, damage, or gain unauthorized access to
computer systems. It includes various types, such as viruses, worms, trojans, ransomware, and
spyware.
A virus is a type of malware that attaches itself to legitimate software or files. When the infected
program runs, the virus activates, replicates itself, and spreads to other files or systems. Viruses
can corrupt or delete files, disrupt system performance, and lead to data loss.
B. Write a short note on whaling and spear phishing. (5)
Whaling and spear phishing are targeted phishing attacks aimed at specific individuals or
organizations.
• Whaling specifically targets high-profile individuals, such as executives or important
personnel, often using personalized information to make the attack more convincing. The
goal is usually to steal sensitive data or money.
• Spear phishing is similar but can target any individual within an organization. Attackers
gather information about the target to create convincing emails that prompt them to
divulge sensitive information or click malicious links.
C. Explain the need for repeated penetration testing. (5)
Repeated penetration testing is essential for several reasons:

1. Evolving Threats: Cyber threats are constantly changing, with new vulnerabilities and
attack vectors emerging. Regular testing helps identify these risks.

2. System Changes: As organizations update systems, software, or network architecture,

new vulnerabilities can be introduced. Frequent testing ensures these are identified and
mitigated.

3. Compliance Requirements: Many industries have regulations mandating regular

security assessments to protect sensitive data and ensure compliance.

4. Improved Security Posture: Continuous testing helps organizations build a proactive

security strategy, allowing them to strengthen defenses based on findings.
D. Define session hijacking. Describe the three steps. (5)
Session hijacking is an attack where an attacker takes control of a user's active session to gain
unauthorized access to information or services.
The three steps involved are:

1. Session Sniffing: The attacker intercepts session tokens or cookies sent over the network,
usually through packet sniffing techniques.

2. Session Fixation: The attacker tricks the user into using a specific session ID that the
attacker knows, allowing them to gain control once the user logs in.

3. Session Takeover: The attacker uses the captured session ID or token to impersonate the
user and access their account or sensitive information.

Q2.
A. Explain the different types of hackers. Explain in detail the different types of attacks
carried out by hackers? (10)
Types of Hackers:

1. White Hat Hackers: Ethical hackers who test systems for vulnerabilities to help
organizations improve security.

2. Black Hat Hackers: Malicious hackers who exploit vulnerabilities for personal gain or
to cause harm.
 3. Grey Hat Hackers: Operate between white and black hats; they may exploit
vulnerabilities but report them instead of exploiting them for malicious purposes.

4. Script Kiddies: Inexperienced hackers who use existing tools and scripts to carry out
attacks without deep understanding.
Types of Attacks:
• Phishing: Deceptive emails or messages to steal sensitive information.
• Malware Attacks: Using malicious software like viruses, worms, or ransomware.
• Denial of Service (DoS): Overloading systems to make them unavailable.
• SQL Injection: Exploiting vulnerabilities in applications to manipulate databases.
• Man-in-the-Middle (MitM): Intercepting communications between two parties to steal
data.
B. What are the different types of threats due to foot printing? Explain in brief. (10)
Footprinting is the reconnaissance phase of hacking where attackers gather information about a
target system.
Types of Threats:

1. Social Engineering: Attackers use gathered information to manipulate employees into

revealing sensitive data.

2. Network Mapping: Identifying network structure and vulnerabilities, enabling targeted

attacks.

3. Vulnerability Identification: Pinpointing specific weaknesses in the system to exploit

later.

4. Phishing Preparation: Collecting details to craft convincing phishing schemes that

target individuals in the organization.

5. Targeted Attacks: Understanding the organization’s defenses allows attackers to plan

more effective breaches.

Q3.
A. What are different types of Trojans? Explain each in brief. (10)

1. Backdoor Trojans: Provide attackers remote access to systems, bypassing normal

authentication.

2. Banking Trojans: Specifically designed to steal banking credentials and financial

information.

3. RATs (Remote Access Trojans): Allow attackers to control infected machines remotely,
capturing keystrokes and accessing files.

4. Downloader Trojans: Download and install additional malicious software onto the
infected system.

5. Rootkit Trojans: Hide their presence and maintain control over a compromised system
without detection.
B. What is network scanning? Explain different Types of Scanning and objectives of
network scanning. (10)
Network Scanning is a process used to identify active devices on a network and their associated
vulnerabilities.
Types of Scanning:

1. Ping Scanning: Determines which devices are online by sending ICMP echo requests.
2. Port Scanning: Identifies open ports on a device to discover services running and
potential vulnerabilities.

3. Service Scanning: Identifies services running on open ports to ascertain versions and
possible vulnerabilities.
 4. OS Fingerprinting: Determines the operating system running on a device based on
responses to network probes.
Objectives of Network Scanning:
• Identify active devices for network management.
• Assess security posture by uncovering open ports and services.
• Map the network for inventory purposes.
• Detect vulnerabilities that could be exploited.

Q4.
A. What information can be enumerated by intruders? Explain the different enumeration
techniques. (10)
Information that can be enumerated includes:
• Usernames and user groups
• Network shares and their permissions
• Services running on hosts
• System and application versions
• Active devices on the network
Enumeration Techniques:

1. SNMP Enumeration: Using SNMP (Simple Network Management Protocol) to gather

information about network devices.

2. NetBIOS Enumeration: Exploiting the NetBIOS service to extract user and share
information from Windows systems.

3. LDAP Enumeration: Accessing directory services to gather information about users,

groups, and other resources.

4. DNS Enumeration: Querying DNS records to discover subdomains, IP addresses, and

associated services.
B. What are the different types of password attacks? Explain techniques to crack
passwords. (10)
Types of Password Attacks:

1. Brute Force Attack: Systematically trying all possible combinations until the correct one
is found.

2. Dictionary Attack: Using a list of common passwords or phrases to guess the password.
3. Credential Stuffing: Utilizing leaked username/password combinations from other
breaches to gain access.

4. Social Engineering: Manipulating individuals into revealing their passwords through

deception.
Techniques to Crack Passwords:
• Rainbow Tables: Precomputed tables for reversing cryptographic hash functions, used to
crack hashed passwords.
• Keylogging: Installing software to record keystrokes and capture passwords as users enter
them.
• Phishing: Deceptive practices to trick users into entering their credentials on fake sites.
• Password Reset Exploits: Manipulating password recovery mechanisms to gain access.

Q5.
A. Explain the need for cloud computing? What are the different types of cloud
computing? (10)
Need for Cloud Computing:
 1. Cost Efficiency: Reduces the need for physical hardware and maintenance, lowering
overall IT costs.

2. Scalability: Allows businesses to scale resources up or down based on demand.

3. Accessibility: Provides remote access to data and applications from any device with
internet connectivity.

4. Collaboration: Facilitates real-time collaboration among teams regardless of location.

5. Disaster Recovery: Enhances data backup and recovery capabilities, improving business
continuity.
Types of Cloud Computing:

1. Public Cloud: Services offered over the public internet, available to anyone, such as
AWS or Google Cloud.

2. Private Cloud: Dedicated infrastructure for a single organization, offering more control
and security.

3. Hybrid Cloud: Combination of public and private clouds, allowing data and applications
to be shared between them.

4. Community Cloud: Infrastructure shared by several organizations with similar interests

or requirements.
B. What are the applications of steganography? Explain types of steganography. (10)
Applications of Steganography:

1. Data Hiding: Concealing sensitive information within innocuous files to prevent

detection.

2. Digital Watermarking: Embedding information in media files (images, videos) for

copyright protection.

3. Secure Communication: Sending covert messages that are less likely to be intercepted.
4. Intellectual Property Protection: Hiding proprietary information within files to prevent
unauthorized use.
Types of Steganography:

1. Image Steganography: Hiding data within image files by manipulating pixel values.
2. Audio Steganography: Concealing information within audio files through techniques
like LSB (Least Significant Bit).

3. Video Steganography: Embedding messages within video files, often using frame
manipulation.

4. Text Steganography: Using text files or documents to hide information, typically

through formatting or using specific word patterns.

Q6.
A. Explain SQL injection. What are its countermeasures? (10)
SQL Injection is a code injection technique that allows attackers to manipulate a web
application's database by injecting malicious SQL code through input fields.
Countermeasures:

1. Prepared Statements: Using parameterized queries to prevent execution of untrusted

data.

2. Input Validation: Ensuring all input is validated and sanitized before being processed.
3. Stored Procedures: Utilizing stored procedures to encapsulate SQL queries, reducing
exposure to injections.

4. Least Privilege: Granting minimal permissions to database accounts used by

 applications, limiting potential damage.

5. Web Application Firewalls (WAFs): Deploying WAFs to filter and monitor incoming
traffic for SQL injection patterns.
B. Explain in detail DoS and DDoS attacks. (10)
DoS (Denial of Service): An attack designed to make a service unavailable by overwhelming it
with traffic, rendering it unable to respond to legitimate requests. This can be achieved through
various methods, such as flooding a server with requests.
DDoS (Distributed Denial of Service): Similar to DoS but involves multiple compromised
systems (often part of a botnet) attacking a single target, making it harder to mitigate. DDoS
attacks can cause significant disruption and require extensive resources to defend against.
Key Characteristics:
• Impact: Both attacks aim to disrupt service, but DDoS attacks are typically more severe
due to the distributed nature.
• Mitigation: Addressing DoS might involve rate limiting or blacklisting IPs, while DDoS
requires more robust measures like traffic filtering and advanced mitigation solutions.

Q1. Write Short notes on the following: (Any Four)

a. Types of Hackers (05)

1. White Hat Hackers: Ethical hackers who use their skills for defensive purposes. They
help organizations improve security by identifying vulnerabilities through penetration
testing.

2. Black Hat Hackers: Malicious hackers who exploit vulnerabilities for personal gain,
causing harm to individuals or organizations.

3. Grey Hat Hackers: Operate between ethical and unethical; they may exploit
vulnerabilities without permission but often report them to the organization afterward.

4. Script Kiddies: Inexperienced hackers who use pre-existing scripts or tools to conduct
attacks without understanding the underlying technology.

5. Hacktivists: Hackers who use their skills for political or social activism, often defacing
websites or leaking sensitive information to promote their causes.
b. Phases of Hacking (05)

1. Reconnaissance: Gathering information about the target, including network

infrastructure, domain details, and employee data.

2. Scanning: Identifying active devices, services, and vulnerabilities through various

scanning techniques like port scanning.

3. Gaining Access: Exploiting identified vulnerabilities to gain unauthorized access to the

target system.

4. Maintaining Access: Installing backdoors or other methods to ensure persistent access to

the compromised system.

5. Covering Tracks: Deleting logs or using techniques to hide evidence of the attack to
avoid detection.
c. Indian IT Act 2000 (05)
The Indian IT Act 2000 is a legislation that aims to provide legal recognition to electronic
transactions and to facilitate e-governance in India. Key features include:
• Digital Signatures: Legal recognition for digital signatures, ensuring secure electronic
communication.
• Cyber Crimes: Defining various cybercrimes, including hacking, data theft, and identity
theft, along with penalties.
• Regulation of Certifying Authorities: Establishing guidelines for the certification of
digital signatures.
• Adjudication and Appellate Tribunal: Provision for adjudication of disputes and
establishment of an appellate tribunal to handle grievances.
d. Enumeration Techniques (05)
Enumeration involves gathering information about a target system to identify user accounts,
services, and network resources. Key techniques include:

1. SNMP Enumeration: Using SNMP (Simple Network Management Protocol) to extract

information from network devices.

2. NetBIOS Enumeration: Gathering data from Windows networks, including user names
and shared resources.

3. LDAP Enumeration: Querying Lightweight Directory Access Protocol services to

retrieve user and group information.

4. DNS Enumeration: Extracting DNS records to discover subdomains, IP addresses, and

services associated with a domain.
e. Types of Cloud Computing (05)

1. Public Cloud: Services offered over the public internet, accessible to anyone, like AWS
or Google Cloud.

2. Private Cloud: Dedicated resources for a single organization, providing enhanced

security and control.

3. Hybrid Cloud: Combination of public and private clouds, allowing data and applications
to be shared between them.

4. Community Cloud: Infrastructure shared among several organizations with similar

interests, often for specific projects or compliance requirements.

Q2.
a. Explain SQL Injection with Examples (10)
SQL Injection is a web security vulnerability that allows attackers to interfere with the queries
an application makes to its database. By injecting malicious SQL code, attackers can manipulate
databases to retrieve, modify, or delete data.
Example: Consider a login form that uses the following SQL query to authenticate users:
sql
Copy code
SELECT * FROM users WHERE username = 'user_input' AND password =
'pass_input';

If an attacker inputs:
vbnet
Copy code
Username: admin' OR '1'='1
Password: anything

The query becomes:

sql
Copy code
SELECT * FROM users WHERE username = 'admin' OR '1'='1' AND password =
'anything';

This condition is always true, allowing the attacker to bypass authentication.

Countermeasures:

1. Prepared Statements: Use parameterized queries to prevent the execution of malicious

SQL.

2. Input Validation: Sanitize and validate all user inputs.

3. Web Application Firewalls (WAF): Deploy WAFs to monitor and filter incoming
traffic.
b. Difference between Virus, Worm & Trojan with examples of each. (10)
• Virus: A piece of malicious code that attaches itself to legitimate software. It requires user
action to spread.
o Example: The ILOVEYOU virus, which spread via email and affected millions of
computers.
 • Worm: A standalone malware that replicates itself to spread to other systems without user
intervention.
o Example: The Conficker worm, which infected millions of computers worldwide
by exploiting vulnerabilities.
• Trojan: Malicious software disguised as legitimate software. It does not self-replicate but
can create backdoors for other malware.
o Example: The Zeus Trojan, which targets banking credentials and can capture
sensitive information.

Q3.
a. What is DoS attack? Explain any two types of DoS attacks. (10)
A Denial of Service (DoS) attack aims to make a service unavailable to its intended users by
overwhelming the system with excessive traffic or requests.
Types of DoS Attacks:

1. SYN Flood: Exploits the TCP handshake by sending SYN requests without completing
the handshake. This fills the target's connection table, preventing legitimate users from
connecting.

2. HTTP Flood: Targets web servers by sending a large number of HTTP requests,
overwhelming the server’s resources and making the website slow or unresponsive.
b. Explain types of wireless Architecture and wireless encryption techniques-WEP and
WPA (10)
Types of Wireless Architecture:

1. Ad-hoc Networks: Peer-to-peer networks where devices connect directly without a

central access point. Useful for temporary connections.

2. Infrastructure Networks: Use access points to connect wireless devices to a wired

network, providing more control and security.
Wireless Encryption Techniques:
• WEP (Wired Equivalent Privacy): The original security protocol for wireless networks.
Uses a static 40-bit key for encryption, making it relatively easy to crack due to
vulnerabilities.
• WPA (Wi-Fi Protected Access): An improvement over WEP that uses dynamic encryption
keys and TKIP (Temporal Key Integrity Protocol) for better security. WPA2 further
enhances security by using AES (Advanced Encryption Standard).

Q4.
a. What are different types of viruses? Explain each in brief. (10)

1. File Infector Virus: Attaches itself to executable files and spreads when the infected file
is run.
o Example: CIH (Chernobyl) virus, which can overwrite critical system files.

2. Macro Virus: Infects documents and templates, primarily in applications like Microsoft
Word or Excel, exploiting macro features.
o Example: Melissa virus, which spread through infected email attachments.

3. Boot Sector Virus: Infects the master boot record of a hard drive, executing when the
computer starts.
o Example: Stone virus, which spreads via floppy disks.

4. Polymorphic Virus: Changes its code each time it infects a new file, making it difficult
to detect by antivirus software.
o Example: Storm Worm, which altered its code to avoid detection.

5. Resident Virus: Embeds itself into the system memory and can infect files even when
the original host program is not running.
 o Example: Randex virus, which modifies files after infection.
b. Explain man in the middle attack and waterhole attack. (10)
• Man-in-the-Middle (MitM) Attack: An attacker secretly intercepts and relays messages
between two parties who believe they are communicating directly. This can involve
eavesdropping, altering messages, or impersonating one of the parties.
o Example: An attacker intercepting a session between a user and a banking website
to capture login credentials.
• Waterhole Attack: A targeted attack where the attacker compromises a website that is
frequented by a specific group or organization, infecting it with malware. When members
of the target group visit the site, their devices get infected.
o Example: Compromising a legitimate site used by employees of a company,
leading to malware installation on their devices when they visit.

Q5.
a. Explain the IT 2008 Amendment act with at least 2 case studies. (10)
The IT (Amendment) Act 2008 introduced changes to the original IT Act 2000, enhancing
cybersecurity and defining new cybercrimes. Key amendments include:
• Cyber Crimes: Expanding the definition of cybercrimes to include identity theft, cyber
terrorism, and violations of privacy.
• Data Protection: Imposing stricter penalties for data breaches and unauthorized access.
Case Studies:

1. Case Study of Cyberbullying: A victim of cyberbullying filed a complaint under Section

66A (which was later struck down) for receiving offensive messages. The case
highlighted the need for better laws protecting individuals against online harassment.

2. Data Breach Incident: A major Indian bank faced a data breach where customer
information was exposed. The incident led to the enforcement of stringent data protection
measures under the amended act, including penalties for negligence.
b. What is session hijacking? Explain its countermeasures. (10)
Session Hijacking is an attack where an attacker takes control of a user's active session by
stealing session tokens or cookies. This allows the attacker to impersonate the user and access
sensitive information.
Countermeasures:

1. Secure Cookies: Use secure flags for cookies to prevent them from being transmitted
over unencrypted connections.

2. Session Timeouts: Implement timeouts for inactive sessions to minimize the risk of
hijacking.

3. Two-Factor Authentication (2FA): Add an additional layer of security that requires

users to verify their identity through another method.

4. SSL/TLS Encryption: Use encryption protocols to secure data transmission, making it

difficult for attackers to intercept session information.

5. Regular Token Renewal: Regularly refresh session tokens to limit the window of
opportunity for attackers.

Q6.
a. What is Steganography? Explain Types of Steganography. (10)
Steganography is the practice of hiding secret information within other non-secret data to avoid
detection. It allows for covert communication, as the presence of the hidden message is
concealed.
Types of Steganography:

1. Image Steganography: Hiding data within images by altering pixel values (e.g., Least
Significant Bit technique).
 2. Audio Steganography: Concealing information within audio files, often by modifying
the least significant bits of audio samples.

3. Video Steganography: Embedding data within video files, typically by modifying

frames or using compression algorithms.

4. Text Steganography: Hiding messages within text files, often by using specific
formatting or manipulating word patterns.
b. What is sniffing? Explain different sniffing tools and its countermeasures. (10)
Sniffing is the act of intercepting and analyzing network traffic to capture sensitive information
such as passwords, emails, and data packets.
Sniffing Tools:

1. Wireshark: A popular network protocol analyzer that allows users to capture and
interactively browse traffic on a computer network.

2. tcpdump: A command-line packet analyzer that provides the ability to capture and
display packets being transmitted or received over a network.

3. EtherApe: A graphical tool that displays network activity in real-time, highlighting

connections and data flow between nodes.
Countermeasures:

1. Encryption: Use protocols like SSL/TLS to encrypt data in transit, making it difficult for
attackers to read intercepted data.

2. Secure Networks: Implement Virtual Private Networks (VPNs) to secure data

transmissions over public networks.

3. Network Segmentation: Divide the network into segments to limit access and control
data flow, reducing the risk of sniffing attacks.

4. Intrusion Detection Systems (IDS): Deploy IDS to monitor network traffic for
suspicious activity and potential sniffing attempts.
Q1. Write short notes on:
A. Email Spoofing and Phishing
Email Spoofing is the creation of email messages with a forged sender address, typically to
deceive the recipient into believing the message is from a trusted source. This can lead to various
attacks, such as phishing.
Phishing is a type of cyber attack where attackers attempt to acquire sensitive information (like
usernames, passwords, or credit card details) by masquerading as a trustworthy entity in
electronic communications. Phishing can occur through emails, messages, or fake websites, often
luring victims with enticing offers or urgent requests.
B. ID Theft
Identity Theft occurs when someone unlawfully obtains and uses another person’s personal
information, typically for financial gain. This can include stealing credit card numbers, Social
Security numbers, or bank account details. ID theft can lead to financial loss, damaged credit
ratings, and significant stress for the victim. Preventive measures include monitoring credit
reports, using strong passwords, and being cautious about sharing personal information.
C. Computer Sabotage
Computer Sabotage refers to the intentional destruction, alteration, or disruption of a computer
system, software, or data. This can manifest as deploying malware, launching DoS attacks, or
physically damaging hardware. Sabotage can be perpetrated by disgruntled employees, hackers,
or external threats and can result in substantial financial and operational damage to
organizations.
D. Cyber Defamation
Cyber Defamation involves spreading false statements about an individual or organization
through digital platforms, leading to harm to their reputation. This can occur via social media,
blogs, or websites and can result in significant personal and professional consequences for the
victim. Legal recourse may be available, but proving defamation in the online context can be
challenging due to issues like anonymity.
Q2.
A. What is Cyber crime against society? Explain in detail. (10)
Cyber Crime against Society encompasses a range of illegal activities conducted via the
internet that can harm individuals, communities, or the broader society. These crimes include:

1. Online Fraud: This includes scams like lottery fraud, advance-fee fraud, and auction
fraud, where individuals are deceived into giving money or personal information.

2. Child Exploitation: The distribution and possession of child pornography, as well as

online grooming of minors for sexual exploitation, fall under this category.

3. Cyberbullying: Harassment or intimidation conducted through digital platforms can lead

to severe emotional distress for victims.

4. Hate Crimes: Utilizing the internet to spread hate speech or incite violence against
individuals or groups based on race, religion, or sexual orientation.

5. Terrorism: The use of the internet to promote terrorist activities, recruit members, or
disseminate propaganda.
The impact of these crimes can be extensive, leading to societal fear, economic losses, and a
decrease in the overall sense of safety in online environments.
B. Explain network scanning and its types in detail. (10)
Network Scanning is a process used to discover active devices on a network and identify their
services and vulnerabilities. It is a critical step in penetration testing and network management.
Types of Network Scanning:

1. Ping Scanning: Identifies live hosts by sending ICMP echo requests. If a response is
received, the host is considered active.

2. Port Scanning: Detects open ports on devices to find services running and potential
vulnerabilities. Tools like Nmap can be used for this purpose.

3. Service Scanning: Goes a step further than port scanning to identify specific services
running on open ports, allowing for detailed vulnerability assessments.

4. OS Fingerprinting: Determines the operating system running on a device by analyzing

responses to network probes, aiding in understanding the potential weaknesses of the
target.

5. Network Mapping: Visual representation of the network layout, showing connections

and interactions between devices.
Network scanning is crucial for network security, helping administrators identify unauthorized
devices and vulnerabilities.

Q3.
A. What is footprinting? Explain types of footprinting & purpose of footprinting in detail.
(10)
Footprinting is the initial stage of an attack where information is gathered about a target system
or organization. This reconnaissance helps attackers understand the target's structure, identify
potential vulnerabilities, and plan their approach.
Types of Footprinting:

1. Active Footprinting: Involves actively engaging with the target system to collect
information. This can include pinging servers, performing DNS queries, or using port
scanners.

2. Passive Footprinting: Involves gathering information without directly interacting with

the target. This can be done through search engines, social media, public records, or
company websites.
Purpose of Footprinting:
• Identify Vulnerabilities: To find weaknesses that can be exploited.
• Map Network Infrastructure: Understanding how the target's systems are structured.
 • Gather Intelligence: Collecting information that can aid in social engineering or phishing
attacks.
• DevelopAttack Strategies: Creating a detailed plan based on the information gathered to
maximize the chances of success in the attack.
B. What is Banner grabbing? Explain types of techniques available to perform Banner
grabbing. (10)
Banner Grabbing is a technique used to gather information about network services running on
open ports. By collecting banner information, attackers can identify software versions and
potentially vulnerable services.
Techniques for Banner Grabbing:

1. Telnet: Connecting to a specific port using Telnet can reveal service banners. For
example, connecting to an HTTP server (port 80) can yield the server type and version.

2. Netcat: A versatile networking utility that can create TCP/UDP connections, allowing
users to grab banners from services running on specified ports.

3. Nmap: This network scanner has built-in capabilities for banner grabbing, using scripts
to identify service versions and configurations.

4. HTTP Requests: Sending crafted HTTP requests (like HEAD or OPTIONS) to a web
server can reveal server information in the response headers.

5. FTP Commands: Connecting to an FTP server and issuing the USER command can return
the server's banner information.
Banner grabbing helps security professionals and attackers assess the security posture of a target
by identifying outdated or vulnerable services.

Q4.
A. What is SQL Injection? Explain SQL Injection attack & prevention. (10)
SQL Injection is a type of cyber attack that exploits vulnerabilities in an application's software
by injecting malicious SQL queries. It allows attackers to manipulate database queries, gaining
unauthorized access to data or modifying it.
SQL Injection Attack: For example, consider a vulnerable login form that uses the following
SQL query:
sql
Copy code
SELECT * FROM users WHERE username = 'user_input' AND password =
'pass_input';

If an attacker inputs:
vbnet
Copy code
Username: admin' --
Password: anything

The query becomes:

sql
Copy code
SELECT * FROM users WHERE username = 'admin' -- ' AND password = 'anything';

The -- comment syntax makes the rest of the query ignored, potentially allowing unauthorized
access.
Prevention Measures:

1. Prepared Statements: Use parameterized queries to ensure that user inputs are treated as
data, not executable code.

2. Input Validation: Sanitize and validate all user inputs to remove harmful characters or
commands.

3. Stored Procedures: Encapsulate SQL queries within stored procedures to limit direct
interaction with the database.

4. Web Application Firewalls (WAFs): Implement WAFs to filter and monitor traffic for
SQL injection patterns.
 5. Regular Security Audits: Conduct frequent audits and code reviews to identify and
address potential vulnerabilities.
B. What is steganography? Explain types of steganography. (10)
Steganography is the practice of hiding secret data within other non-secret data to avoid
detection. It differs from cryptography, which obscures the content of the message but does not
hide its existence.
Types of Steganography:

1. Image Steganography: Hiding data within image files by altering the pixel values. The
Least Significant Bit (LSB) method is commonly used.

2. Audio Steganography: Concealing information in audio files by manipulating the least

significant bits of audio samples, making it difficult to detect.

3. Video Steganography: Embedding data within video files, typically by modifying

specific frames or using compression algorithms.

4. Text Steganography: Hiding messages within text files by using specific formatting,
spacing, or manipulating the arrangement of words.
Steganography is used for secure communications, copyright protection, and covert data transfer.

Q5.
A. What is Social Engineering? Explain types of Social Engineering. (10)
Social Engineering is a manipulation technique that exploits human psychology to gain
confidential information or access to systems. It relies on deception to trick individuals into
divulging sensitive data or performing actions that compromise security.
Types of Social Engineering:

1. Phishing: Deceptive emails or messages that appear to be from trustworthy sources,

aimed at tricking individuals into revealing sensitive information.

2. Spear Phishing: Targeted phishing attacks directed at specific individuals or

organizations, often using personal information to enhance credibility.

3. Pretexting: The attacker creates a fabricated scenario to obtain personal information. For
example, pretending to be an IT support technician.

4. Baiting: Offering something enticing (like free software) to lure victims into revealing
sensitive information or downloading malware.

5. Tailgating: Gaining unauthorized access to a secure area by following an authorized

person, exploiting social norms of politeness.
B. What are BOTs & BOTNETs? Explain in detail. (10)
Bots are automated software programs that perform repetitive tasks over the internet. They can
be beneficial (like web crawlers) or malicious when used for harmful purposes.
Botnets are networks of compromised computers (bots) that are controlled by a single attacker,
often without the owners' knowledge. Attackers use botnets to conduct large-scale cyber attacks,
including:

1. DDoS Attacks: Flooding a target with traffic, overwhelming servers and causing
downtime.

2. Spamming: Sending unsolicited emails en masse using the resources of the infected
machines.

3. Credential Theft: Collecting login information or personal data from infected machines.
4. Mining Cryptocurrencies: Utilizing the processing power of botnet devices to mine
cryptocurrency without the owners’ consent.
Botnets can consist of thousands of infected devices, making them powerful tools for
cybercriminals. Preventive measures include keeping software updated, using strong passwords,
and employing security solutions to detect and remove malware.
Q6.
A. Explain DNS Poisoning & ARP Poisoning in detail. (10)
DNS Poisoning (or DNS Spoofing) is a cyber attack that compromises the integrity of a DNS
server, redirecting users from legitimate websites to malicious ones. This is done by injecting
false DNS responses into the cache of the server.
How it Works:

1. An attacker sends a forged DNS response to the target DNS server, associating a
legitimate domain with a malicious IP address.

2. Users attempting to access the legitimate site are redirected to the attacker's site, where
they may be phished or infected with malware.
ARP Poisoning (or ARP Spoofing) is an attack on a local area network that exploits the Address
Resolution Protocol (ARP). The attacker sends falsified ARP messages to associate their MAC
address with the IP address of another device (often the default gateway).
How it Works:

1. The attacker sends ARP responses that associate their MAC address with the IP address
of a legitimate device on the network.

2. Other devices on the network then send traffic intended for the legitimate device to the
attacker's device, allowing them to intercept, modify, or block the communication.
Countermeasures for Both Attacks:
• Use of DNSSEC: Implementing DNS Security Extensions to protect against DNS spoofing.
• Static ARP Entries: Configuring static ARP entries to prevent ARP spoofing.
• Packet Filtering: Using firewalls and intrusion detection systems to monitor and block
suspicious traffic.
B. What is Proxy Server? Explain types of Proxy server in detail. (10)
A Proxy Server acts as an intermediary between a client and a destination server. It forwards
requests from clients to the internet and returns responses, providing anonymity, security, and
content filtering.
Types of Proxy Servers:

1. Forward Proxy: Sits between a client and the internet, forwarding client requests. It can
provide anonymity and content filtering.
o Example: A school using a forward proxy to restrict access to certain websites for
students.

2. Reverse Proxy: Sits in front of web servers and forwards client requests to them. It can
provide load balancing, SSL termination, and caching.
o Example: A reverse proxy used by a large website to distribute traffic among
multiple servers.

3. Transparent Proxy: Intercepts client requests without modifying them and without
requiring any configuration on the client side. Often used for caching and filtering.
o Example: An ISP using a transparent proxy to cache frequently accessed web
content to reduce bandwidth.

4. Anonymous Proxy: Hides the user's IP address from the destination server, providing
anonymity but still revealing that a proxy is being used.
o Example: A user accessing the internet through an anonymous proxy to hide their
identity.

5. High Anonymity Proxy: Completely hides the user's IP address and does not disclose
that it is a proxy server, providing the highest level of anonymity.
o Example: An individual using a high anonymity proxy to securely browse the
internet without being tracked.
Q1. Write Short notes on the following:
a. Cross Site Scripting (XSS)
Cross-Site Scripting (XSS) is a web security vulnerability that allows attackers to inject
malicious scripts into web pages viewed by users. This occurs when a web application includes
untrusted data in a new webpage without proper validation or escaping. There are three main
types of XSS:

1. Stored XSS: The malicious script is stored on the server (e.g., in a database) and is
delivered to users when they access the affected page.

2. Reflected XSS: The script is reflected off a web server, usually via a URL, and executed
immediately without being stored.

3. DOM-based XSS: The vulnerability exists in the client-side code rather than the server,
and the script is executed as a result of modifying the DOM environment.
Impact: XSS can lead to session hijacking, defacement, and the spread of malware.
b. SQL Injection
SQL Injection is a code injection technique that exploits vulnerabilities in an application's
software by injecting malicious SQL queries. Attackers can manipulate SQL statements to
execute arbitrary queries, potentially gaining unauthorized access to data.
Example: Consider a login form where an attacker inputs:
sql
Copy code
' OR '1'='1'; --

The query may become:

sql
Copy code
SELECT * FROM users WHERE username = '' OR '1'='1'; --' AND password = '...';
This query would return all users instead of verifying a single user's credentials.
Prevention: Use parameterized queries, input validation, and stored procedures to mitigate SQL
injection risks.
c. Amendments to the Indian IT Act 2008
The Indian IT Act 2000, initially enacted to address cybercrime and electronic commerce, was
amended in 2008 to address emerging cyber threats and improve data protection. Key
amendments include:

1. Introduction of New Offenses: It includes provisions for identity theft, cyber terrorism,
and data theft.

2. Stronger Provisions for Data Protection: Organizations are required to implement

reasonable security practices and procedures for handling personal data.

3. Recognition of Digital Signatures: Enhancements in the legal recognition of electronic

records and digital signatures.

4. Enhanced Penalties: Increased penalties for cybercrimes and stricter enforcement

measures.
These amendments aim to strengthen cyber laws and improve cybersecurity in India.
d. Need for Repeated Penetration Testing
Repeated Penetration Testing is essential for several reasons:

1. Evolving Threat Landscape: Cyber threats continuously evolve, making it necessary to

regularly assess the security posture of systems.

2. Changes in Infrastructure: As organizations update their systems, applications, or

networks, new vulnerabilities can emerge.

3. Compliance Requirements: Many regulatory frameworks mandate regular security

assessments to ensure compliance.

4. Incident Response Improvement: Regular testing helps identify weaknesses and

improve incident response strategies.

5. Awareness and Training: Repeated testing can help train staff and increase awareness of
 security practices.
Conducting regular penetration tests allows organizations to proactively manage risks and
maintain robust security.
e. Footprinting
Footprinting is the process of gathering information about a target system or organization to
identify potential vulnerabilities. It is often the first step in an attack and can be divided into two
main types:

1. Active Footprinting: Involves direct interaction with the target system, such as pinging
or port scanning, to gather information about network services and devices.

2. Passive Footprinting: Involves gathering information from publicly available sources,

such as social media, company websites, or WHOIS databases, without interacting
directly with the target.
Purpose: The primary goal of footprinting is to gather intelligence that can help plan subsequent
attacks or security assessments.
f. Session Hijacking
Session Hijacking is a security breach where an attacker exploits a valid computer session to
gain unauthorized access to information or services. This can occur through various techniques,
such as:

1. Cookie Theft: Capturing session cookies through methods like XSS or sniffing
unsecured traffic.

2. Session Fixation: Forcing a user to authenticate with a specific session ID known to the
attacker.

3. Man-in-the-Middle (MitM) Attacks: Intercepting communication between a user and a

server to steal session tokens.
Impact: Successful session hijacking can lead to unauthorized access to sensitive information,
impersonation of users, and data breaches.

Q2.
a. What are Different types of hackers? Explain any three types of Hackers in Detail. (10)
Hackers can be classified into several categories based on their intent and activities. Here are
three main types:

1. White Hat Hackers: Also known as ethical hackers, they are security professionals who
use their skills to help organizations improve their security. They conduct penetration
testing, vulnerability assessments, and security audits to identify and mitigate risks.
White hat hackers operate with permission and within legal boundaries.

2. Black Hat Hackers: These are malicious hackers who exploit vulnerabilities for personal
gain, such as stealing data, spreading malware, or conducting fraud. They engage in
illegal activities and are often associated with cybercrime. Black hat hackers do not seek
permission and disregard the law.

3. Gray Hat Hackers: Gray hats fall somewhere between white and black hats. They may
exploit vulnerabilities without malicious intent but do so without permission. For
example, they might identify a security flaw in a system and inform the organization but
might also disclose the vulnerability publicly if not addressed.
Understanding these types helps organizations build effective cybersecurity strategies and
differentiate between ethical and malicious activities.
b. What are the different types of password attacks? Explain techniques to crack
passwords. (10)
Password Attacks are methods used by attackers to gain unauthorized access to systems by
cracking user passwords. Common types include:

1. Brute Force Attack: An attacker systematically tries every possible combination of

characters until the correct password is found. While effective, it can be time-consuming
and is often mitigated by account lockout policies.

2. Dictionary Attack: This method involves using a pre-defined list of common passwords
 or phrases (a dictionary) to guess the password. It is faster than brute force as it targets
likely candidates.

3. Credential Stuffing: Attackers use stolen username and password combinations from
one breach to gain access to accounts on other platforms, exploiting the tendency of users
to reuse passwords.

4. Social Engineering: Attackers manipulate individuals into revealing their passwords

through deception, such as phishing attacks.
Techniques to Crack Passwords:
• Hash Cracking: If passwords are stored as hashes, attackers may use rainbow tables
(precomputed hash lists) to find matches.
• Keyloggers: Malicious software that records keystrokes to capture passwords.
• Phishing: Trick users into entering their credentials on fake login pages.
Preventing these attacks involves using strong, unique passwords, enabling multi-factor
authentication, and educating users about security practices.

Q3.
a. What is session hijacking, Define session hijacking techniques? (10)
Session Hijacking refers to the exploitation of a valid session to gain unauthorized access to
information or services. Attackers aim to take over a user's session by obtaining session tokens
or cookies.
Techniques of Session Hijacking:

1. Cookie Theft: Attackers capture session cookies through XSS attacks or network
sniffing. Once obtained, they can impersonate the user.

2. Session Fixation: An attacker tricks a user into authenticating with a session ID known
to the attacker, allowing them to take over the session once the user logs in.

3. Man-in-the-Middle (MitM) Attacks: In this technique, the attacker intercepts

communication between the user and the server, allowing them to capture session tokens.

4. Cross-Site Request Forgery (CSRF): An attacker tricks a user into executing unwanted
actions on a different website where the user is authenticated, potentially compromising
the session.
Prevention Measures: Utilize secure cookies, implement session timeouts, employ multi-factor
authentication, and ensure HTTPS encryption.
b. What are the applications of steganography? Explain types of steganography. (10)
Steganography is the practice of hiding secret messages within non-secret mediums to avoid
detection. It has several applications, including:

1. Covert Communication: Used for secretive communication in sensitive situations (e.g.,

military operations).

2. Digital Watermarking: Embedding information in digital media (images, audio) to

prove ownership or authenticity.

3. Copyright Protection: Hiding metadata within files to protect intellectual property

rights.

4. Data Integrity: Ensuring that data has not been altered by embedding checksums within
files.
Types of Steganography:

1. Image Steganography: Hiding data within images by manipulating pixel values,

commonly using the Least Significant Bit (LSB) method.

2. Audio Steganography: Concealing information in audio files, often by altering the least
significant bits of audio samples.

3. Video Steganography: Embedding data within video files, typically through frame
manipulation or compression techniques.
 4. Text Steganography: Hiding messages within text files by manipulating formatting,
spacing, or using specific word patterns.
Steganography provides a means of secure communication, ensuring that messages remain
hidden from prying eyes.

Q4.
a. What are different types of Trojans? Explain each in brief. (10)
Trojans are malicious programs that disguise themselves as legitimate software to deceive users.
Different types include:

1. Remote Access Trojans (RATs): Allow attackers to remotely control the infected
system, accessing files, recording keystrokes, and using the camera/microphone.

2. Banking Trojans: Specifically designed to steal sensitive financial information, such as

login credentials for online banking and payment systems.

3. Downloader Trojans: Used to download additional malicious software onto the infected
system, often serving as a gateway for further attacks.

4. Rootkit Trojans: Hide their presence on the infected system and provide unauthorized
access to the attacker while making it difficult for users to detect.

5. Trojan-Spy: Designed to gather sensitive information from the infected system, such as
passwords and personal data, and send it back to the attacker.

6. Exploit Trojans: Take advantage of software vulnerabilities to infect the system and
execute malicious actions.
Understanding these types helps in implementing appropriate security measures against Trojan
threats.
b. How does a penetration test differ from other types of ethical hacking assessments? (10)
Penetration Testing and other types of ethical hacking assessments differ primarily in scope and
methodology:

1. Penetration Testing: Focused on simulating real-world attacks to identify and exploit

vulnerabilities within a specific system, network, or application. It involves rigorous
testing under controlled conditions and often includes a report detailing findings and
recommendations.

2. Vulnerability Assessments: A broader examination of systems to identify potential

vulnerabilities without actively exploiting them. It may use automated tools to scan for
known vulnerabilities and provide a general overview of security posture.

3. Red Team Assessments: Involves a team of ethical hackers (red team) simulating an
adversary's tactics, techniques, and procedures to test an organization's defenses
comprehensively. This approach emphasizes real-world attack scenarios and often
includes social engineering and physical security testing.

4. Blue Team Assessments: Focused on defensive strategies, the blue team monitors and
responds to threats. They evaluate incident response effectiveness and overall security
posture, working to improve defense mechanisms.
Overall, penetration testing is a specific, focused type of ethical hacking aimed at identifying and
demonstrating vulnerabilities through exploitation.

Q5.
a. Describe the differences between a DoS and a DDoS attack, and explain how to conduct a
controlled DoS or DDoS attack. (10)
Denial of Service (DoS) and Distributed Denial of Service (DDoS) attacks are both aimed at
making a service unavailable, but they differ in execution:

1. DoS Attack: Conducted by a single attacker, it aims to overwhelm a target system with
traffic or requests, exhausting resources and rendering the service unavailable. Common
methods include flooding the target with requests or exploiting vulnerabilities.
 2. DDoS Attack: Involves multiple compromised systems (often part of a botnet) targeting
a single system simultaneously. This amplifies the volume of traffic and makes it more
challenging to mitigate. DDoS attacks often use amplification techniques to increase the
traffic sent to the target.
Conducting a Controlled DoS or DDoS Attack: This should only be performed in a legal and
ethical manner, typically as part of a penetration test with explicit permission from the target
organization. The steps involve:

1. Planning: Define the scope, objectives, and permissible limits of the test.
2. Selecting Tools: Use controlled tools such as LOIC (Low Orbit Ion Cannon) for
bandwidth flooding or stress testing.

3. Monitoring Impact: Measure how the target system responds and identify points of
failure.

4. Reporting: Document findings and recommend mitigation strategies.

Controlled tests should always prioritize safety and legality.
b. Explain types of wireless Architecture and wireless encryption techniques—WEP and
WPA. (10)
Wireless Architecture refers to the structure and design of wireless networks, including various
components and technologies:

1. Ad-hoc Networks: A decentralized type of wireless network where devices communicate

directly with each other without a central access point. Useful for temporary setups.

2. Infrastructure Networks: These use a central access point (AP) to connect wireless
devices to a wired network. This is the most common type used in homes and businesses.

3. Mesh Networks: A decentralized network structure where each device can connect
directly to multiple other devices, enhancing coverage and redundancy.
Wireless Encryption Techniques:

1. Wired Equivalent Privacy (WEP): An older security protocol designed to provide a

wireless local area network (WLAN) with a level of security comparable to wired
networks. However, WEP is now considered insecure due to weaknesses in its encryption
method (RC4) and key management. It is susceptible to various attacks, including packet
sniffing and key recovery.

2. Wi-Fi Protected Access (WPA): Developed to address the vulnerabilities of WEP, WPA
uses a stronger encryption protocol (TKIP) and includes improvements in key
management and message integrity checks. WPA2 further enhanced security by using
AES encryption.

3. WPA3: The latest standard, providing improved security features such as enhanced
encryption for open networks and better protection against brute-force attacks.
Using stronger encryption protocols is crucial for securing wireless networks against
unauthorized access and data breaches.

Q6.
a. What information can be enumerated by intruders? Explain the different enumeration
techniques. (10)
Information Enumeration involves gathering detailed information about a target system or
network to identify vulnerabilities. Commonly enumerated data includes:

1. Usernames and Groups: Lists of user accounts and their associated groups.
2. Network Resources: Information about shared files, printers, and services on the
network.

3. Operating System Details: Specific versions of operating systems and installed

software, which can indicate vulnerabilities.

4. Running Services: Active services and their configurations that can be exploited.
Enumeration Techniques:

1. NetBIOS Enumeration: Used in Windows networks to gather information about user

accounts and shares.

2. SNMP Enumeration: Leveraging the Simple Network Management Protocol to retrieve

device configurations and status information.

3. LDAP Enumeration: Using the Lightweight Directory Access Protocol to query

directory services for user and group information.

4. DNS Enumeration: Querying DNS records to discover hostnames, IP addresses, and

other related data.
Effective enumeration helps attackers plan further exploitation strategies, making it crucial for
organizations to implement strong security measures.
b. What are the objectives behind creating viruses? What are the indications of a virus
attack? (10)
Objectives Behind Creating Viruses:

1. Data Theft: To steal sensitive information, including personal data, financial

information, and intellectual property.

2. Disruption: To cause damage or disruption to systems, networks, or services, often for

malicious intent or to demonstrate capabilities.

3. Financial Gain: To facilitate fraud, extortion (ransomware), or distribute malware for

profit through ad fraud or affiliate scams.

4. Reputation Damage: To undermine the credibility or reliability of an organization or

individual.

5. Botnet Creation: To create networks of compromised devices for further attacks,

including DDoS attacks.
Indications of a Virus Attack:

1. Sluggish Performance: Noticeable decrease in system speed and responsiveness.

2. Unusual Behavior: Programs crashing, unexpected pop-ups, or unfamiliar applications
appearing.

3. Unauthorized Changes: Alterations to system files or settings, including missing files or

unauthorized account access.

4. Increased Network Activity: Unexplained spikes in network traffic, often indicative of

data exfiltration or communication with a command-and-control server.

5. Antivirus Alerts: Notifications from security software detecting and quarantining

malicious files.
Recognizing these signs early can help mitigate the impact of a virus attack and initiate a timely
response.