Recent

3/recent-posts

Mobile Hacking Part 3: Intro to USB Rubber Ducky for Keystroke Injection

Mobile Hacking Part 3: Intro to USB Rubber Ducky for Keystroke Injection

Welcome back hackers! Today we’re going to be continuing our mobile hacking series with the introduction of some special equipment. We’re going to be setting up and making a payload for the USB rubber ducky.
The USB rubber ducky is a small USB device that will act as a keyboard when plugged into a PC. This allows us to inject whatever keystrokes we want into the victim PC in a matter of seconds. As a starter, since it’s our first time using the USB rubber ducky here, we’ll be making a payload that will write a fork bomb in Python and execute it. So, let’s get started!

Step 1: Unpacking and Setting up

Once you have your rubber ducky unboxed and ready to go, it should look something like this:
ducky1
That micro SD card comes pre-formatted in FAT16 with a single file named inject.bin. It’s important that you take the micro SD card out of the rubber ducky and mount it using a micro SD to USB adapter, so we can write our own payload to it instead of using the default one. We can make sure its detected by the system using fdisk:
ducky2
Alright, our micro SD card is good to go, now it’s time to make our payload.

Step 2: Writing and Encoding the Payload

The USB rubber ducky has a simple syntax format for writing payloads. This syntax includes the ability to type strings, delay for a given time, and use special keys (like CTRL, ALT, or the Windows key). Let’s take a look at our payload (note that REM is for making comments):
ducky5
This payload will open xterm (a terminal program) and write a Python script that will forever call os.fork(), eventually crashing the system (this is a fork bomb). After the payload is written, it will be executed. Now that we have our payload, we need to encode it into the binary format that the rubber ducky understands. For this we’ll need to use the encoder provided by Hak5. We’ll start by downloading the encoder using git clone, when we’ll move into the encoder’s directory:
ducky4
Now that we have the encoder downloaded, we can use it to create the binary we need. After browsing the help page, we can compile our payload:
ducky6
We now have the binary payload we need. We just need to delete the one that comes on the micro SD card by default and copy ours to it, once that’s complete our rubber ducky should be ready:
ducky7

Our USB rubber ducky should be ready now. I was unable to capture a screenshot of it in action though, as it crashed my PC. But, test it out for yourself! We’ll be seeing much more of both the USB rubber ducky and the Bash Bunny in later articles, but this was just an introduction to the concepts. Next time we’ll do something a bit more useful, such as downloading and executing a payload.

FREAK Vulnerability : Android Penetration Testing a Must now .

The Freak Vulnerability leave Android and Apple users Unsecured . This is a Vulnerability in SSL/TLS that is not new and has left the Android and Apple users open to exploitation via MITM(Man in the middle attack) . The Freak Vulnerability leaves the Apple and Android users exposed to MITM and any secure traffic is completely to the exposure of the Hacker .
Freak Vulnerability is widespread and disastrous SSL/TLS vulnerability and has been uncovered for over a decade left Millions of users of Apple and Android devices vulnerable to man-in-the-middle attacks on encrypted traffic when they visited supposedly ‘secured’ websites, including the official websites of the White House, FBI and National Security Agency.

CVE-2015-0204

Dubbed the “FREAK” vulnerability (CVE-2015-0204) – also known as Factoring Attack on RSA-EXPORT Keys – enables hackers or intelligence agencies to force clients to use older, weaker encryption i.e. also known as the export-grade key or 512-bit RSA keys.
The FREAK vulnerability discovered by security researchers of French Institute for Research in Computer Science and Automation (Inria) and Microsoft, resides in OpenSSL versions 1.01k and earlier, and Apple’s Secure Transport.

Freak Vulnerability : From Penetration Testers View

How Freak Vulnerability Works ! (The very technical Description of the Freak Vulnerability)
  • In the client’s Hello message, it asks for a standard ‘RSA’ ciphersuite.
  • The MITM attacker changes this message to ask for ‘export RSA’.
  • The server responds with a 512-bit export RSA key, signed with its long-term key.
  • The client accepts this weak key due to the OpenSSL/Secure Transport bug.
  • The attacker factors the RSA modulus to recover the corresponding RSA decryption key.
  • When the client encrypts the ‘pre-master secret’ to the server, the attacker can now decrypt it to recover the TLS ‘master secret’.
  • From here on out, the attacker sees plain text and can inject anything it wants.

Who is Vulnerable to Freak ?

The FREAK attack is possible when a vulnerable browser connects to a susceptible web server—a server that accepts “export-grade” encryption.

Servers

Servers that accept RSA_EXPORT cipher suites put their users at risk from the FREAK attack. Using Internet-wide scanning, we have been performing daily tests of all HTTPS servers at public IP addresses to determine whether they allow this weakened encryption. More than a third of all servers with browser-trusted certificates are at risk.

Clients

Browsers are vulnerable to the FREAK attack because of bugs that allow an attacker to force them to use weak, export-grade encryption.  Far more browsers are vulnerable to the FREAK attack than was initially thought when the attack was announced. The client side bugs can also be identified via the penetration testing of the clients browser for Freak Vulnerability.

Remediation from Freak Vulnerability

On the Server Side

You should immediately disable support for TLS export cipher suites. While you’re at it, you should also disable other cipher suites that are known to be insecure and enable forward secrecy. For instructions on how to secure popular HTTPS server software, we recommend Mozilla’s security configuration guide and their SSL configuration generator.

On the Client Side (Browser)

Make sure you have the most recent version of your browser installed, and check for updates frequently. Updates that fix the FREAK attack should be available for all major browsers soon.

For SysAdmins and Developers

TLS libraries must be up to dateUnpatched OpenSSL Microsoft Schannel , and Apple SecureTransport all suffer from the vulnerability. Note that these libraries are used internally by many other programs, such as wget and curl. You also need to ensure that your software does not offer export cipher suites, even as a last resort, since they can be exploited even if the TLS library is patched.
Hello Friends, today i am going to share several secret hack codes for Apple Iphone 5, 5C, 5S, 6 and 6 Plus. These iphone hack codes will help you to hack iphone mobiles and help you to explore more about your apple iPhone.
Secret Hack codes are those codes which are usually hidden from users for any misuse and exploit. As we all know Apple Iphone is very secured platform and thus very few hack codes of apple iphone are there on internet. Today i am sharing all the hack codes of apple iphone cellphones that i am aware of. And i surely hope you can’t find codes better than that. So friends let’s hack and explore our apple Iphone and tabs. I have tested these codes on my Apple Iphone 5S and friends iphone 6 plus. I am sure these will work on all previous apple iphones too.
iphone-hidden-secret-codes
Secret Hacking codes for Apple IPhone Mobile Phones:
1. Entering into Field Mode :  Field mode contains lots of iPhone inner settings, especially newest network and cell information.

*3001#12345#* and tap Call

2. IMEI Number : Shows your IMEI. No need to tap Call. IMEI is the unique identifier for your mobile phone hardware.

*#06#

3. Call Forward Settings and Insights : Set interrogation for call forwards. Discover the settings for your call forwarding. You’ll see whether you have voice, data, fax, SMS, sync, async, packet access, and pad access call forwarding enabled or disabled.

*#21# and tap Call

4. Calling Line Presentation : This shows whether you have enabled or disabled the presentation of the calling line, presumably the number of the party placing the call.

*#30# and tap Call

5. Call Waiting Settings : Determine if call waiting is enabled. Shows call waiting status for voice, data, fax, SMS, sync data, async data, packet access and pad access. Each item is either enabled or disabled.

*#43# and tap Call

6. Check all Unanswered Calls : Check the number for unanswered calls. Show the number for voice call forwarding when a call is unanswered. Also show the options for data, fax, SMS, sync, async, packet access and pad access.

*#61# and tap Call

7. Check the number for call forwarding if no service is available. Just like the previous, except for no-service rather than no-answer situations.

*#62# and tap Call

8. Check the number for call forwarding when the iPhone is busy. And again, but for when the iPhone is busy.

*#67# and tap Call

9. Call Control Bars : Check all the usual suspects ( voice, data, fax,SMS, etc ) to see whether barring is enabled or disabled for outgoing.

*#33# and tap Call

10. Disable Call Forwarding : This code disable all call Forwading.

##002#

11. Code to Hide your Number :

*#31#

That’s all guys. Some of them might be operator specific i.e. works for prepaid phones only. But all codes deserves and try. Check these codes and let us know what all works for you. Hope you guys enjoyed new set of secret hack codes.
Apple releases patched versions of iOS and OS X , both of which include a significant number of security patches, several for bugs that can lead to remote code execution and other serious issues.
Apple-releases-patched-versions-of-iOS-and-OS-X
Version 8.4 of iOS contains fixes for more than 30 security vulnerabilities, including bugs in the iOS kernel, WebKit, and CoreText. Apple also patched the vulnerability that leads to the Logjam attack, an issue with servers that support weak Diffie-Hellman cryptography. To fix that issue in iOS, Apple released a patch for the coreTLS component of the operating system.
“coreTLS accepted short ephemeral Diffie-Hellman (DH) keys, as used in export-strength ephemeral DH cipher suites. This issue, also known as Logjam, allowed an attacker with a privileged network position to downgrade security to 512-bit DH if the server supported an export-strength ephemeral DH cipher suite. The issue was addressed by increasing the default minimum size allowed for DH ephemeral keys to 768 bits,” the Apple advisory says.
Apple also patched an interesting bug that involved the way that iOS handles payloads from SIM cards. The vulnerability could allow an attacker to craft a malicious SIM card that could give him code execution on a target device.
Among the other vulnerabilities addressed in iOS 8.4 are a number of WebKit bugs, some of which could lead to arbitrary code execution. The code execution flaws include a pair of memory corruption vulnerabilities in WebKit, and an issue with the way the framework handled some SQL functions.
“An insufficient comparison issue existed in SQLite authorizer which allowed invocation of arbitrary SQL functions. This issue was addressed with improved authorization checks,” the Apple advisory says.
There is a patch in the new version of iOS for a bug that could lead to an attacker being able to replace a legitimate app with a malicious one under some conditions. The vulnerability is in the way the OS handles universal provisioning profiles, and could be used to replace system apps such as Apple Pay. Researchers at FireEye discovered the vulnerability and reported it to Apple almost a year ago.
“Manifest Masque Attack leverages the CVE-2015-3722/3725 vulnerability to demolish an existing app on iOS when a victim installs an in-house iOS app wirelessly using enterprise provisioning from a website. The demolished app (the attack target) can be either a regular app downloaded from official App Store or even an important system app, such as Apple Watch, Apple Pay, App Store, Safari, Settings, etc. This vulnerability affects all iOS 7.x and iOS 8.x versions prior to iOS 8.4. We first notified Apple of this vulnerability in August 2014,” FireEye’s researchers wrote in an explanation of the bug and its consequences.
As for OS X, Apple patched many of the same bugs that were present in iOS, along with dozens of others, for a total of more than 75 flaws in all. OS X 10.10.4 includes patches for several buffer overflow vulnerabilities in the Intel graphics driver, some of which could lead to code execution. Apple also fixed a number of memory corruption bugs in QuickTime that could be used for code execution.
In both iOS and OS X Apple updated the certificate trust policy to address the CNNIC certificate issue, among other problems.

Secret Hack Codes for iPhone 4 or 4S

Secret Hack Codes for iPhone 4 or 4S 

Hello friends, today I am going to share all available secret hack codes for the iPhone 4 and the iPhone 4S. These secret codes will help you to hack the iPhone and allow you to explore the internal settings of your phone.
Secret codes are actually just codes which are not known (hidden) to general users. Techies usually use these codes as shortcuts to browse internal settings and perform their exploits. Since iPhones are quite secure, there are less hack codes available than for their counterparts from other companies, but don’t worry, I will cover all the available hacking codes that work on iPhone 4 or 4S. They may also be useful on previous models, but I have only tested them on the iPhone 4 and 4S. Note that not all of these hacks work on BOTH the iPhone 4 and 4S, so pay close attention.
SecrethackcodesforiPhone4or4S
Hack Code for iPhone 4 or iPhone 4S by spark hacking Tool
Note: Some codes will require tapping of call key on your iPhone. Actually, most of them require call button tap (meaning to slide it). If you encounter a code that doesn’t work just by dialing, you just need to tap the call key and it will work.
Secret Hack Codes for iPhone 4 or iPhone 4S
*#43#   
Use to verify if call waiting is enabled
*#61#  
Verify the number for unanswered calls
*#62#   
Verify the number for call forwarding if no service is available.
*#67#   
Verify the number for call forwarding if phone is busy
*#33#  
To verify whether barring is enabled or disabled for outgoing
*#21#   
To display the settings for your call forwarding
*3001#12345#*
Enters field mode which allows you to access most of the hidden settings and functions of your iPhone.
*#06#
Display the IMEI of your iPhone, as always this is the standard code for all brands of phones.
*225#    
Displays the account balance for postpaid contracts.
*777#     
Displays the account balance for prepaid accounts.
*646#  
Displays the remaining minutes available.
*3282#     
Get your data usage information.
*729     
Options to make payments. This is operator specific.
611     
Dials customer service, (114 in RSA for Vodacom). This is operator specific.
*#30#    
This shows whether you have enabled or disabled the presentation of the calling line, presumably the number of the party placing the call.
*#76#    
States whether the connected line presentation is enabled or disabled. Similar to the calling line presentation.
Note: This is the list of all iPhone codes available now. If you are able to find any extra hack codes for the iPhone 4 or iPhone 4S, don’t hesitate to share.
So friends, that’s all for today, I hope you liked it.
If you have any issues or concerns, please share it in the form of comments below. If you like our articles, so don’t forget to subscribe!
Thanks for reading…:)

Top 110 Cyber Security Interview Questions & Answers


Following are frequently asked questions in interviews for freshers as well as experienced cyber security certification candidates.
1) What is cybersecurity?
Cybersecurity refers to the protection of hardware, software, and data from attackers. The primary purpose of cyber security is to protect against cyberattacks like accessing, changing, or destroying sensitive information.
2) What are the elements of cybersecurity?
Major elements of cybersecurity are:
  • Information security
  • Network security
  • Operational security
  • Application security
  • End-user education
  • Business continuity planning
3) What are the advantages of cyber security?
Benefits of cyber security are as follows:
  • It protects the business against ransomware, malware, social engineering, and phishing.
  • It protects end-users.
  • It gives good protection for both data as well as networks.
  • Increase recovery time after a breach.
  • Cybersecurity prevents unauthorized users.
4) Define Cryptography.
It is a technique used to protect information from third parties called adversaries. Cryptography allows the sender and recipient of a message to read its details.
5) Differentiate between IDS and IPS.
Intrusion Detection System (IDS) detects intrusions. The administrator has to be careful while preventing the intrusion. In the Intrusion Prevention System (IPS), the system finds the intrusion and prevent it.
6) What is CIA?
Confidentiality, Integrity, and Availability (CIA) is a popular model which is designed to develop a security policy. CIA model consists of three concepts:
  • Confidentiality: Ensure the sensitive data is accessed only by an authorized user.
  • Integrity: Integrity means the information is in the right format.
  • Availability: Ensure the data and resources are available for users who need them.
7) What is a Firewall?
It is a security system designed for the network. A firewall is set on the boundaries of any system or network which monitors and controls network traffic. Firewalls are mostly used to protect the system or network from malware, worms, and viruses. Firewalls can also prevent content filtering and remote access.
8) Explain Traceroute
It is a tool that shows the packet path. It lists all the points that the packet passes through. Traceroute is used mostly when the packet does not reach the destination. Traceroute is used to check where the connection breaks or stops or to identify the failure.
9) Differentiate between HIDS and NIDS.
ParameterHIDSNIDS
UsageHIDS is used to detect the intrusions.NIDS is used for the network.
What does it do?It monitors suspicious system activities and traffic of a specific device.It monitors the traffic of all device on the network.
10) Explain SSL
SSL stands for Secure Sockets Layer. It is a technology creating encrypted connections between a web server and a web browser. It is used to protect the information in online transactions and digital payments to maintain data privacy.
11) What do you mean by data leakage?
Data leakage is an unauthorized transfer of data to the outside world. Data leakage occurs via email, optical media, laptops, and USB keys.
12) Explain the brute force attack. How to prevent it?
It is a trial-and-error method to find out the right password or PIN. Hackers repetitively try all the combinations of credentials. In many cases, brute force attacks are automated where the software automatically works to login with credentials. There are ways to prevent Brute Force attacks. They are:
  • Setting password length.
  • Increase password complexity.
  • Set limit on login failures.
13) What is port scanning?
It is the technique for identifying open ports and service available on a specific host. Hackers use port scanning technique to find information for malicious purposes.
14) Name the different layers of the OSI model.
Seven different layers of OSI models are as follows:
  1. Physical Layer
  2. Data Link Layer
  3. Network Layer
  4. Transport Layer
  5. Session Layer
  6. Presentation Layer
  7. Application Layer
15) What is a VPN?
VPN stands for Virtual Private Network. It is a network connection method for creating an encrypted and safe connection. This method protects data from interference, snooping, censorship.
16) What are black hat hackers?
Black hat hackers are people who have a good knowledge of breaching network security. These hackers can generate malware for personal financial gain or other malicious reasons. They break into a secure network to modify, steal, or destroy data so that the network can not be used by authorized network users.
17) What are white hat hackers?
White hat hackers or security specialist are specialized in penetration testing. They protect the information system of an organization.
18) What are grey hat hackers?
Grey hat hackers are computer hacker who sometimes violate ethical standards, but they do not have malicious intent.
19) How to reset a password-protected BIOS configuration?
There are various ways to reset BIOS password. Some of them are as follows:
  • Remove CMOS battery.
  • By utilizing the software.
  • By utilizing a motherboard jumper.
  • By utilizing MS-DOS.
20) What is MITM attack?
A MITM or Man-in-the-Middle is a type of attack where an attacker intercepts communication between two persons. The main intention of MITM is to access confidential information.
21) Define ARP and its working process.
It is a protocol used for finding MAC address associated with IPv4 address. This protocol work as an interface between the OSI network and OSI link layer.
22) Explain botnet.
It's a number of internet-connected devices like servers, mobile devices, IoT devices, and PCs that are infected and controlled by malware.
23) What is the main difference between SSL and TLS?
The main difference between these two is that SSL verifies the identity of the sender. SSL helps you to track the person you are communicating to. TLS offers a secure channel between two clients.
24) What is the abbreviation of CSRF?
CSRF stands for Cross-Site Request Forgery.
25) What is 2FA? How to implement it for a public website?
TFA stands for Two Factor Authentication. It is a security process to identify the person who is accessing an online account. The user is granted access only after presenting evidence to the authentication device.
26) Explain the difference between asymmetric and symmetric encryption.
Symmetric encryption requires the same key for encryption and decryption. On the other hand, asymmetric encryption needs different keys for encryption and decryption.
27) What is the full form of XSS?
XSS stands for cross-site scripting.
28) Explain WAF
WAF stands for Web Application Firewall. WAF is used to protect the application by filtering and monitoring incoming and outgoing traffic between web application and the internet.
29) What is hacking?
Hacking is a process of finding weakness in computer or private networks to exploit its weaknesses and gain access.
For example, using password cracking technique to gain access to a system.
30) Who are hackers?
A Hacker is a person who finds and exploits the weakness in computer systems, smartphones, tablets, or networks to gain access. Hackers are well experienced computer programmers with knowledge of computer security.
31) What is network sniffing?
Network sniffing is a tool used for analyzing data packets sent over a network. This can be done by the specialized software program or hardware equipment. Sniffing can be used to:
  • Capture sensitive data such as password.
  • Eavesdrop on chat messages
  • Monitor data package over a network
32) What is the importance of DNS monitoring?
Yong domains are easily infected with malicious software. You need to use DNS monitoring tools to identify malware.
33) Define the process of salting. What is the use of salting?
Salting is that process to extend the length of passwords by using special characters. To use salting, it is very important to know the entire mechanism of salting. The use of salting is to safeguard passwords. It also prevents attackers testing known words across the system.
For example, Hash("QxLUF1bgIAdeQX") is added to each and every password to protect your password. It is called as salt.
34) What is SSH?
SSH stands for Secure Socket Shell or Secure Shell. It is a utility suite that provides system administrators secure way to access the data on a network.
35) Is SSL protocol enough for network security?
SSL verifies the sender's identity, but it does not provide security once the data is transferred to the server. It is good to use server-side encryption and hashing to protect the server against a data breach.
36) What is black box testing and white box testing?
  • Black box testing: It is a software testing method in which the internal structure or program code is hidden.
  • White box testing: A software testing method in which internal structure or program is known by tester.
37) Explain vulnerabilities in network security.
Vulnerabilities refer to the weak point in software code which can be exploited by a threat actor. They are most commonly found in an application like SaaS (Software as a service) software.
38) Explain TCP Three-way handshake.
It is a process used in a network to make a connection between a local host and server. This method requires the client and server to negotiate synchronization and acknowledgment packets before starting communication.
39) Define the term residual risk. What are three ways to deal with risk?
It is a threat that balances risk exposure after finding and eliminating threats.
Three ways to deal with risk are:
  1. Reduce it
  2. Avoid it
  3. Accept it.
40) Define Exfiltration.
Data exfiltration refers to the unauthorized transfer of data from a computer system. This transmission may be manual and carried out by anyone having physical access to a computer.
41) What is exploit in network security?
An exploit is a method utilized by hackers to access data in an unauthorized way. It is incorporated into malware.
42) What do you mean by penetration testing?
It is the process of checking exploitable vulnerabilities on the target. In web security, it is used to augment the web application firewall.
43) List out some of the common cyber-attack.
Following are the common cyber-attacks which can be used by hackers to damage network:
  • Malware
  • Phishing
  • Password attacks
  • DDoS
  • Man in the middle
  • Drive-by downloads
  • Malvertising
  • Rogue software
44) How to make the user authentication process more secure?
In order to authenticate users, they have to provide their identity. The ID and Key can be used to confirm the user's identity. This is an ideal way how the system should authorize the user.
45) Explain the concept of cross-site scripting.
Cross-site scripting refers to a network security vulnerability in which malicious scripts are injected into websites. This attack occurs when attackers allow an untrusted source to inject code into a web application.
46) Name the protocol that broadcast the information across all the devices.
Internet Group Management Protocol or IGMP is a communication protocol that is used in game or video streaming. It facilitates routers and other communication devices to send packets.
47) How to protect email messages?
Use cipher algorithm to protect email, credit card information, and corporate data.
48) What are the risks associated with public Wi-Fi?
Public Wi-Fi has many security issues. Wi-Fi attacks include karma attack, sniffing, war-driving, brute force attack, etc.
Public Wi-Fi may identify data that is passed through a network device like emails, browsing history, passwords, and credit card data.
49) What is Data Encryption? Why it is important in network security?
Data encryption is a technique in which the sender converts the message into a code. It allows only authorized user to gain access.
50) Explain the main difference between Diffie-Hellman and RSA.
Diffie-Hellman is a protocol used while exchanging key between two parties while RSA is an algorithm that works on the basis two keys called private and public key.
51) What is a remote desktop protocol?
Remote Desktop Protocol (RDP) is developed by Microsoft, which provides GUI to connect two devices over a network.
The user uses RDP client software to serve this purpose while other device must run RDP server software. This protocol is specifically designed for remote management and to access virtual PCs, applications, and terminal server.
52) Define Forward Secrecy.
Forward Secrecy is a security measure that ensures the integrity of unique session key in event that long term key is compromised.
53) Explain the concept of IV in encryption.
IV stands for the initial vector is an arbitrary number that is used to ensures that identical text encrypted to different ciphertexts. Encryption program uses this number only once per session.
54) Explain the difference between stream cipher and block cipher.
ParameterStream CipherBlock Cipher.
How does it work?Stream cipher operates on small plaintext unitsBlock cipher works on large data blocks.
Code requirementIt requires less code.It requires more code.
Usage of keyKey is used only once.Reuse of key is possible.
ApplicationSecure Socket layer.File encryption and database.
UsageStream cipher is used to implement hardware.Block cipher is used to implement software.
55) Give some examples of a symmetric encryption algorithm.
Following are some examples of symmetric encryption algorithm.
  • RCx
  • Blowfish
  • Rijndael (AES)
  • DES
56) What is the abbreviation of ECB and CBC?
The full form of ECB is Electronic Codebook, and the full form of CBC is Cipher Block Chaining.
57) Explain a buffer overflow attack.
Buffer overflow attack is an attack that takes advantage of a process that attempts to write more data to a fixed-length memory block.
58) Define Spyware.
Spyware is a malware that aims to steal data about the organization or person. This malware can damage the organization's computer system.
59) What is impersonation?
It is a mechanism of assigning the user account to an unknown user.
60) What do you mean by SRM?
SRM stands for Security Reference Monitor provides routines for computer drivers to grant access rights to object.
61) What is a computer virus?
A virus is a malicious software that is executed without the user's consent. Viruses can consume computer resources, such as CPU time and memory. Sometimes, the virus makes changes in other computer programs and insert its own code to harm the computer system.
A computer virus may be used to:
  • Access private data like user id and passwords
  • Display annoying messages to the user
  • Corrupt data in your computer
  • Log the user's keystrokes
62) What do you mean by Authenticode?
Authenticode is a technology that identifies the publisher of Authenticode sign software. It allows users to ensure that the software is genuine and not contain any malicious program.
63) Define CryptoAPI
CryptoAPI is a collection of encryption APIs which allows developers to create a project on a secure network.
64) Explain steps to secure web server.
Follow the following steps to secure your web server:
  • Update ownership of file.
  • Keep your webserver updated.
  • Disable extra modules in the webserver.
  • Delete default scripts.
65) What is Microsoft Baseline Security Analyzer?
Microsoft Baseline Security Analyzer or MBSA is a graphical and command-line interface that provides a method to find missing security updates and misconfigurations.
66) What is Ethical hacking?
Ethical hacking is a method to improve the security of a network. In this method, hackers fix vulnerabilities and weakness of computer or network. Ethical hackers use software tools to secure the system.
67) Explain social engineering and its attacks.
Social engineering is the term used to convince people to reveal confidential information.
There are mainly three types of social engineering attacks: 1) Human-based, 2) Mobile-based, and 3) Computer-based.
  • Human-based attack: They may pretend like a genuine user who requests higher authority to reveal private and confidential information of the organization.
  • Computer-based attack: In this attack, attackers send fake emails to harm the computer. They ask people to forward such email.
  • Mobile-based attack: Attacker may send SMS to others and collect important information. If any user downloads a malicious app, then it can be misused to access authentication information.
68) What is IP and MAC Addresses?
IP Address is the acronym for Internet Protocol address. An internet protocol address is used to uniquely identify a computer or device such as printers, storage disks on a computer network.
MAC Address is the acronym for Media Access Control address. MAC addresses are used to uniquely identify network interfaces for communication at the physical layer of the network.
69) What do you mean by a worm?
A Worm is a type of malware which replicates from one computer to another.
70) State the difference between virus and worm
ParameterVirusWorm
How they infect a computer?It inserts malicious code into a specific file or program.Generate it's copy and spread using email client.
DependencyVirus need a host program to workThey do not require any host to function correctly.
Linked with filesIt is linked with .com, .xls, .exe, .doc, etc.It is linked with any file on a network.
Affecting speedIt is slower than worm.It faster compared to a virus.
71) Name some tools used for packet sniffing.
Following are some tools used for packet sniffing.
  • Tcpdump
  • Kismet
  • Wireshark
  • NetworkMiner
  • Dsniff
72) Explain anti-virus sensor systems
Antivirus is software tool that is used to identify, prevent, or remove the viruses present in the computer. They perform system checks and increase the security of the computer regularly.
73) List out the types of sniffing attacks.
Various types of sniffing attacks are:
  • Protocol Sniffing
  • Web password sniffing
  • Application-level sniffing
  • TCP Session stealing
  • LAN Sniffing
  • ARP Sniffing
74) What is a distributed denial-of-service attack (DDoS)?
It is an attack in which multiple computers attack website, server, or any network resource.
75) Explain the concept of session hijacking.
TCP session hijacking is the misuse of a valid computer session. IP spoofing is the most common method of session hijacking. In this method, attackers use IP packets to insert a command between two nodes of the network.
76) List out various methods of session hijacking.
Various methods of session hijacking are:
  • Using packet Sniffers
  • Cross-Site Scripting (XSS Attack)
  • IP Spoofing
  • Blind Attack
77) What are Hacking Tools?
Hacking Tools are computer programs and scripts that help you find and exploit weaknesses in computer systems, web applications, servers, and networks. There are varieties of such tools available on the market. Some of them are open source, while others are a commercial solution.
78) Explain honeypot and its Types.
Honeypot is a decoy computer system which records all the transactions, interactions, and actions with users.
Honeypot is classified into two categories: 1) Production honeypot and 2) Research honeypot.
  • Production honeypot: It is designed to capture real information for the administrator to access vulnerabilities. They are generally placed inside production networks to increase their security.
  • Research Honeypot: It is used by educational institutions and organizations for the sole purpose of researching the motives and tactics of the back-hat community for targeting different networks.
79) Name common encryption tools.
Tools available for encryptions are as follows:
  • RSA
  • Twofish
  • AES
  • Triple DES
80) What is Backdoor?
It is a malware type in which security mechanism is bypassed to access a system.
81) Is it right to send login credentials through email?
It is not right to send login credentials through email because if you send someone userid and password in the mail, chances of email attacks are high.
82) Explain the 80/20 rule of networking?
This rule is based on the percentage of network traffic, in which 80% of all network traffic should remain local while the rest of the traffic should be routed towards a permanent VPN.
83) Define WEP cracking.
It is a method used for a security breach in wireless networks. There are two types of WEP cracking: 1) Active cracking and 2) Passive cracking.
84) What are various WEP cracking tools?
Well known WEP cracking tools are:
  • Aircrack
  • WebDecrypt
  • Kismet
  • WEPCrack
85) What is a security auditing?
Security auditing is an internal inspection of applications and operating systems for security flaws. An audit can also be done via line by line inspection of code.
86) Explain phishing.
It is a technique used to obtain a username, password, and credit card details from other users.
87) What is Nano-scale encryption?
Nano encryption is a research area which provides robust security to computers and prevents them from hacking.
88) Define Security Testing?
Security Testing is defined as a type of Software Testing that ensures software systems and applications are free from any vulnerabilities, threats, risks that may cause a big loss.
89) Explain Security Scanning.
Security scanning involves identifying network and system weaknesses and later provides solutions for reducing these risks. This scanning can be performed for both Manual as well as Automated scanning.
90) Name the available hacking tools.
Following is a list of useful hacking tools.
  • Acunetix
  • WebInspect
  • Probably
  • Netsparker
  • Angry IP scanner:
  • Burp Suite
  • Savvius
91) What is the importance of penetration testing in an enterprise?
Here are two common application of Penetration testing.
  • Financial sectors like stock trading exchanges, investment banking, want their data to be secured, and penetration testing is essential to ensure security.
  • In case if the software system is already hacked and the organization would like to determine whether any threats are still present in the system to avoid future hacks.
92) What are the disadvantages of penetration testing?
Disadvantages of penetration testing are:
  • Penetration testing cannot find all vulnerabilities in the system.
  • There are limitations of time, budget, scope, skills of penetration testers.
  • Data loss and corruption
  • Down Time is high which increase costs
93) Explain security threat
Security threat is defined as a risk which can steal confidential data and harm computer systems as well as organization.
94) What are physical threats?
A physical threat is a potential cause of an incident that may result in loss or physical damage to the computer systems.
95) Give examples of non-physical threats
Following are some examples of non-physical threat:
  • Loss of sensitive information
  • Loss or corruption of system data
  • Cyber security Breaches
  • Disrupt business operations that rely on computer systems
  • Illegal monitoring of activities on computer systems
96) What is Trojan virus?
Trojan is a malware employed by hackers and cyber-thieves to gain access to any computer. Here attackers use social engineering techniques to execute the trojan on the system.
97) Define SQL Injection
It is an attack that poisons malicious SQL statements to database. It helps you to take benefit of the design flaws in poorly designed web applications to exploit SQL statements to execute malicious SQL code. In many situations, an attacker can escalate SQL injection attack in order to perform other attack, i.e. denial-of-service attack.
98) List security vulnerabilities as per Open Web Application Security Project (OWASP).
Security vulnerabilities as per open web application security project are as follows:
  • SQL Injection
  • Cross-site request forgery
  • Insecure cryptographic storage
  • Broken authentication and session management
  • Insufficient transport layer protection
  • Unvalidated redirects and forwards
  • Failure to restrict URL access
99) Define an access token.
An access token is a credential which is used by the system to check whether the API should be granted to a particular object or not.
100) Explain ARP Poisoning
ARP (Address Resolution Protocol) Poisoning is a type of cyber-attack which is used to convert IP address to physical addresses on a network device. The host sends an ARP broadcast on the network, and the recipient computer responds back with its physical address.
ARP poisoning is sending fake addresses to the switch so that it can associate the fake addresses with the IP address of a genuine computer on a network and hijack the traffic.
101) Name common types of non-physical threats.
Following are various types of non-physical threats:
  • Trojans
  • Adware
  • Worms
  • Spyware
  • Denial of Service Attacks
  • Distributed Denial of Service Attacks
  • Virus
  • Key loggers
  • Unauthorized access to computer systems resources
  • Phishing
102) Explain the sequence of a TCP connection.
The sequence of a TCP connection is SYN-SYN ACK-ACK.
103) Define hybrid attacks.
Hybrid attack is a blend of dictionary method and brute force attack. This attack is used to crack passwords by making a change of a dictionary word with symbols and numbers.
104) What is Nmap?
Nmap is a tool which is used for finding networks and in security auditing.
105) What is the use of EtterPeak tool?
EtterPeak is a network analysis tool that is used for sniffing packets of network traffic.
106) What are the types of cyber-attacks?
There are two types of cyberattacks: 1) Web-based attacks, 2) System based attacks.
107) List out web-based attacks
Some web-based attacks are: 1) SQL Injection attacks, 2) Phishing, 3) Brute Force, 4) DNS Spoofing, 4) Denial of Service, and 5) Dictionary attacks.
108) Give examples of System-based attacks
Examples of system-based attacks are:
  • Virus
  • Backdoors
  • Bots
  • Worm
109) List out the types of cyber attackers
There are four types of cyber attackers. They are: 1) cybercriminals, 2) hacktivists, 3) insider threats, 4) state-sponsored attackers.
110) Define accidental threats
They are threats that are accidently done by organization employees. In these threats, an employee unintentionally deletes any file or share confidential data with outsiders or a business partner going beyond the policy of the company.