Question bank – EHDF

6. what is penetration testing? & explain 5

stages
Ans : 1. penetration test is composed of some methods or
instructions whose main aim is to test the organization’s
security.
2. This test much proved to be helpful for the organizations
because it helps to find the vulnerabilities and check if the
attacker /hacker will be able to exploit and be capable of
enough of gaining unauthorized access.
5 stages:-
Penetration testing can be broken down into multiple phases;
this will vary depending on the organization and the type of test
conducted– internal or external. Let’s discuss each phase:

1. Agreement phase = In this phase, there is a mutual agreement

between the parties; the agreement covers high-level details- methods
followed and the exploitation levels
2. Planning & Reconnaissance= In this phase, the attacker
gathers as much information about the target as possible. The information
can be IP addresses, domain details, mail servers, network topology, etc. An
 expert hacker will spend most of the time in this phase, this will help with
further phases of the attack.
3. Scanning = This is the phase where the attacker will interact
with the target with an aim to identify the vulnerabilities. This
phase includes- scanning the network with various scanning tools.
4. Gaining access = Once the vulnerabilities have been
identified, the next step is to exploit the vulnerabilities with an aim
to gain access to the target. The target can be a system, firewall,
secured zone or server The next step is to ensure that the access is
maintained
5. Exploitation =This is the phase where the actual damage is
done. An attacker will try to get the data, compromise the system,
launch dos attacks, etc (Here's a resource that will navigate you
through cyber security attacks)

Q.7 what is footprinting? Explain footprinting

methodology?
ANS –
Footprinting -

Refers to the process of collecting as much as information as

possible about the target system to find ways to
penetrate into the system.
An Ethical hacker has to spend the majority of his time in
profiling an organization,gathering information about the host,
network and people related to the organization.
 Information such as ip address, Whois records, DNs
information, an operating system used, employee email id,
Phone numbers etc is collected.
Footprinting helps to:
Know Security Posture – The data gathered will help us to get an
overview of the security posture of the company
such as details about the presence of a firewall, security
configurations of applications etc.
Reduce Attack Area – Can identify a specific range of systems
and concentrate on particular targets only. This will
greatly reduce the number of systems we are focussing on.
Identify vulnerabilities – we can build an information database
containing the vulnerabilities, threats, loopholes
available in the system of the target organization.
Draw Network map – helps to draw a network map of the
networks in the target organization covering topology,
trusted routers, presence of server and other information.
Footprinting Methodology
Various methods used to collect information about the target
organization. They are
1.Footprinting through Search Engines
This is a passive information gathering process where we gather
information about the target from social media,
search engines, various websites etc. Information gathered
includes name, personal details, geographical location
detrails, login pages, intranet portals etc.
2. Email Footprinting
 email header reveals information about the mail server, original
sender’s email id, internal IP addressing
scheme, as well as the possible architecture of the target network
3. DNS Footprinting
DNS is a naming system for computers that converts human-
readable domain names into computer
readable IP-addresses and vice versa.DNS uses UDP port 53 to
serve its requests.
4. Footprinting through Social Engineering:
Social media like twitter, facebook are searched to collect
information like personal details, user
credentials, other sensitive information using various social
engineering techniques. Some of the
techniques include

Q.8 What is Scanning explain the different

types of scanning.
Ans- Scanning is a set of procedures for identifying live hosts, ports,
and services, discovering Operating system and architecture of target
system, Identifying vulnerabilities and threats in the network.
Network scanning is used to create a profile of the target
organization. Scanning refers to collecting more information using
complex and aggressive reconnaissance techniques.

 Network Scanning
The purpose of each scanning process is given below:
Port Scan– detecting open ports and services running on the
target.
Network Scan– IP addresses, Operating system details, Topology
details, trusted routers information etc
Vulnerability– scanning for known vulnerabilities or weakness in
a system
Scanning Methodology:-
 Check for Live Systems:

Ping scan checks for the live system by sending ICMP echo
request packets. If a system is alive, the system responds with
ICMP echo reply packet containing details of TTL, packet size
etc.

 Check for Open Ports: Port scanning helps us to find out

open ports, services running on them, their versions etc.
Nmap is the powerful tool used mainly for this purpose.
We have various types of scan:
1. Connect scan: Identifies open ports by establishing a TCP
handshake with the target.
2. Half-open scan otherwise known as Stealth scan used to scan
the target in a stealthy way by notcompleting the TCP
handshake by abruptly resetting the communication.
3. XMAS scan: This is also called as inverse TCP scanning. This
works by sending packets set with PSH,URG, FIN flags. The
targets do not respond if the ports are open and send a reset
response if ports are closed.
4 FIN scan: Fin flag is set in the TCP packets sent to the
target. open ports doe does not respond while closed ports
send a reset response.
 5 ACK scan: Here the attacker sets the ACK flag in the TCP
header and the target's port status is gathered
6 Null Scan: Works by sending TCP packets with no flags set
to the target. Open ports do not respond while closed ports
respond with a RESET packet
7 Idle Scan: Here the attacker tries to mask his identity uses
an idle machine on the network to probe the status details
of target

Q.9 Define enumeration and describe

enumeration techniques
Ans- Enumeration - Enumeration is defined as the process
of extracting user names, machine names, network resources,
shares and services from a system. The gathered information is
used to identify the vulnerabilities or weak points in system
security and tries to exploit in the System gaining phase.
Techniques for Enumeration

roups from Windows

 NetBIOS Enumeration
NetBIOS stands for Network Basic Input Output System. It
Allows computer communication over a LAN and
allows them to share files and printers.
 NetBIOS names are used to identify network devices over TCP/IP
(Windows).
 SNMP Enumeration
SNMP (Simple Network Management Protocol) is an application
layer protocol which uses UDP protocol to
maintain and manage routers, hubs and switches other network
devices on an IP network. SNMP enumeration is used to
enumerate user accounts, passwords, groups, system names,
devices on a target system.
 LDAP Enumeration
The Lightweight Directory Access Protocol is a protocol used to
access directory listings within Active Directory or
from other Directory Services.
 SMTP Enumeration
The Simple Mail Transport Protocol is used to send email
messages as opposed to POP3 or IMAP which can be
used to both send and receive messages.
 DNS Enumeration
DNS enumeration is the process of locating all the DNS servers
and their corresponding records for an organization.

Q.10 explain few methods of passward

cracking
Password Cracking:
There are few basic methods of password cracking:
 1. Bruteforce: trying all possible combinations until the
password is cracked.
2. Dictionary attack: This is a compiled list of meaningful words,
compared against the password field till a match is found.
3.Rule based attack: If some details about the target are known,
we can create rules based on the
information we know.
4. Rainbow table: Instead of comparing the passwords directly,
taking the hash value of the password,
comparing them with a list of pre-computed hash values until a
match is found.
Rainbow table method gives an advantage to the attacker since
no account lockout is enabled for wrong
hashes against the password. To prevent rainbow table attack,
salting can be used. Salting is a process of
adding random numbers to the password so the attacker will not
be able to crack the hash without that salt
added.

Q.11mention different types of passward

attack
ANS- Types of Password Attacks
A passive attack is an attack on a system that does not result in a
change to the system in any way.
The attack is to purely monitor or record data.
1.Wire Sniffing
2.Man in the middle
3.Replay attack

Active online attack

 An active online attack is the easiest way to gain
unauthorized administrator-level access to the
 system
 Password guessing
 Trojan/spyware/keyloggers
 Hash injection
 Phishing
Offline attacks
Offline attacks occur when the intruder checks the validity of the
passwords. Offline attacks are often time to consume.
 Pre-computed hashes
 Distributed Network
 Rainbow

Non-electronic attacks are also known as non-technical attacks.

This kind of attack doesn't require any
technical knowledge about the methods of intruding into
another system.
 Social engineering
 Shoulder surfing
 Dumpster Diving
Q.12 explain steganography and
keyylogger
Steganography
The art of hiding a data inside another data/medium is called
steganography.
For eg: hiding data within an image file
The secret message is called overt file and the covering file is
called covert file.
Types of Steganography
Image Steganography
Document Steganography
Folder Steganography
Video Steganography
Audio Steganography
White Space Steganography
KEYlogger
keystroke loggers are programs or hardware devices that
monitor each keystroke a user types on a keyboard, logs onto a
file, or transmits them to a remote location.
keyloggers are placed between the keyboard hardware and the
OS.
A key logger can Record each keystroke capture screenshots
at regular intervals of time showing user activity such as when
he or she types a character or click a mouse button
Track the activities of users by logging window titles, names of
launched applications and other information monitor online
activity of users by recording addresses of the websites that they
are have visited and with the keywords entered by them record
all the login names, bank and credit card numbers andpasswords
including hidden passwords or data that are in asterisk or blank
spaces record online chat conversion.
 Types of Key logger
1. Hardware Keylogger

2. Software Keylogger
SpywareSpyware is stealthy computer monitoring software that
allows you to secretly record all activities
of a computer user.
Q.13explain penetration testing methods
Penetration testing methods
 External testing
External penetration tests target the assets of a company that
are visible on the internet, e.g., the webapplication itself, the
company website, and email and domain name servers (DNS).
The goal is to gainaccess and extract valuable data.
 Internal testing
In an internal test, a tester with access to an application behind
its firewall simulates an attack by a malicious insider. This isn’t
necessarily simulating a rogue employee. A common starting
scenario can be an employee whose credentials were stolen due
to a phishing attack.
 Blind testing
In a blind test, a tester is only given the name of the enterprise
that’s being targeted. This gives security personnel a real-time
look into how an actual application assault would take place.
 Double-blind testing
In a double blind test, security personnel have no prior
knowledge of the simulated attack. As in the real
 world, they won’t have any time to shore up their defenses
before an attempted breach.
 Targeted testing
In this scenario, both the tester and security personnel work
together and keep each other appraised of their movements.
This is a valuable training exercise that provides a security team
with real-time feedback from a hacker’s point of view.
Q.14 What is digital forensic
Digital Forensics is a branch of forensic science which includes the
identification, collection, analysis and reporting any valuable digital
information in the digital devices related to the computer crimes, as a part
of the investigation. In simple words, Digital Forensics is the process of
identifying, preserving, analyzing and presenting digital evidences.
1. Identification of evidence: It includes of identifying evidences related to the
digital crime in storage media, hardware, operating system, network and/or
applications. It is the most important and basic step.
2. Collection: It includes preserving the digital evidences identified in the first
step so that they doesn’t degrade to vanish with time. Preserving the digital
evidences is very important and crucial.
3. Analysis: It includes analyzing the collected digital evidences of the
committed computer crime in order to trace the criminal and possible path
used to breach into the system.
4. Documentation: It includes the proper documentation of the whole digital
investigation, digital evidences, loop holes of the attacked system etc. so
that the case can be studied and analysed in future also and can be
presented in the court in a proper format.
5. Presentation: It includes the presentation of all the digital evidences and
documentation in the court in order to prove the digital crime committed and
identify the criminal.
Branches of Digital Forensics:
 Media forensics: It is the branch of digital forensics which includes
identification, collection, analysis and presentation of audio, video and image
evidences during the investigation process.
 Cyber forensics: It is the branch of digital forensics which includes
identification, collection, analysis and presentation of digital evidences
during the investigation of a cyber crime.
 Mobile forensics: It is the branch of digital forensics which includes
identification, collection, analysis and presentation of digital evidences
during the investigation of a crime committed through a mobile device like
mobile phones, GPS device, tablet, laptop.
 Software forensics: It is the branch of digital forensics which includes
identification, collection, analysis and presentation of digital evidences
during the investigation of a crime related to softwares only.

Q.15 What is incident? Explain the

incidence response methodology briefly
ANS –
In the field of cybersecurity, incident management can be defined as the
process of identifying, managing, recording, and analyzing
the security threats and incidents related to cybersecurity in the real world

Step-1 :
The process of incident management starts with an alert that reports an incident
that took place. Then comes the engagement of the incident response team
(IRT). Prepare for handling incidents.
Step-2 :
Identification of potential security incidents by monitoring and report all
incidents.
Step-3 :
Assessment of identified incidents to determine the appropriate next steps for
mitigating the risk.
Step-4 :
Respond to the incident by containing, investigating, and resolving it (based on
the outcome of step 3).
Step-5 :
Learn and document key takeaways from every incident.

Incident response is the methodology an organization uses

to respond to and manage a cyberattack.
Necessary part of incident response :
Always make a habit of collecting evidence and analyze forensics which is a
necessary part of incident response. For these circumstances, the following
things are needed.
1. A well-defined policy to collect evidence to ensure that it is correct and very
much sufficient to make it admissible in the Court of Law.
2. It is also importantly needed to have the ability to employ forensics as
needed for analysis, reporting, and investigation.
3. The personnel of the IRT must be trained in cyber forensics, functional
techniques and would also have some knowledge in the legal and
governance.