8. Authentication: Authentication is the process of verifying the identity of a user or system.

It ensures that
the entity trying to access a system or resource is who or what it claims to be. There are several types of
authentication methods:
 Password-based authentication: Users provide a username and password to prove their
identity.
 Biometric authentication: This involves using unique biological traits like fingerprints, iris scans,
or facial recognition to verify identity.
 Token-based authentication: Users authenticate using a physical device, like a smart card or a
key fob.
 Multi-factor authentication (MFA): This method requires users to provide two or more types of
authentication factors, such as something they know (password), something they have (token), or
something they are (biometric).
 Single sign-on (SSO): Users authenticate once to gain access to multiple systems or applications.
9. Password cracking: Password cracking is the process of attempting to gain unauthorized access to a
system by guessing or breaking passwords. Various tools are used for password cracking, including:
 John the Ripper: A widely-used password cracking tool that can perform dictionary attacks,
brute-force attacks, and more.
 Hashcat: A powerful password recovery tool that supports various algorithms and attack modes.
 Hydra: A popular online password cracking tool that supports various protocols such as HTTP,
FTP, SSH, etc.
 Cain and Abel: A versatile tool that can perform various password cracking and network sniffing
tasks.
10. SQL injection: SQL injection is a type of cyber attack that allows an attacker to execute malicious SQL
statements in a web application's database. Types of SQL injection include:
 In-band SQLi (Classic SQLi): This is the most common type where the attacker uses the same
communication channel to both launch the attack and gather results.
 Out-of-band SQLi: Attackers use a different channel to launch the attack and gather results.
 Blind SQLi: Attackers don't directly see the result of their actions, making it more challenging to
exploit, but still possible.
11. Vulnerabilities in SQL Server: Vulnerabilities in SQL Server refer to weaknesses or flaws in the SQL Server
software that can be exploited by attackers to gain unauthorized access, manipulate data, or disrupt
services. These vulnerabilities can include flaws in authentication mechanisms, SQL injection
vulnerabilities, buffer overflows, insecure configurations, etc.
12. Buffer overflow: Buffer overflow is a type of software vulnerability where an application writes more data
to a buffer than it can hold, causing the extra data to overflow into adjacent memory locations. Types of
buffer overflow include:
 Stack-based buffer overflow: Overflows occur in the stack memory region.
 Heap-based buffer overflow: Overflows occur in the heap memory region.
 Integer overflow: Arithmetic operation results in a value that exceeds the range of representable
values for the data type.
13. Stack-based buffer overflow: In stack-based buffer overflow attacks, the attacker overflows a buffer
allocated on the stack, which can overwrite the return address of a function. By controlling the return
address, the attacker can redirect the execution flow of the program to malicious code.
14. Mutation in Exploit Hunting (EH): Mutation refers to the process of modifying an existing exploit to
create a new variant that bypasses detection mechanisms. Mutation techniques include changing code
obfuscation, altering exploit payloads, modifying exploit delivery methods, and manipulating exploit
signatures.
15. Wired Equivalent Privacy (WEP): WEP is a security protocol used to secure wireless computer networks.
It was the first security protocol defined in the IEEE 802.11 standard. WEP encrypts data transmitted
between wireless devices using a shared key. However, it is now considered weak and vulnerable to
various attacks.
16. Wireless Hacking Methods:
 Packet sniffing and analysis
 Brute force attacks on wireless encryption
 Exploiting weaknesses in authentication protocols
 Creating rogue access points
 Denial of Service (DoS) attacks
17. Wired Equivalent Privacy (WEP): WEP was an early security algorithm for Wi-Fi networks intended to
provide wireless LANs with a level of security and privacy comparable to what is usually expected of a
wired LAN. However, due to its vulnerabilities, it's now considered insecure.
18. WPA Authentication Mechanism: Wi-Fi Protected Access (WPA) is a security standard for wireless
networks. It uses the Temporal Key Integrity Protocol (TKIP) for encryption and the Extensible
Authentication Protocol (EAP) for authentication. WPA provides stronger security than WEP by addressing
its vulnerabilities.
19. Wireless Sniffing: Wireless sniffing is the process of intercepting and analyzing data packets transmitted
over a wireless network. It involves capturing wireless network traffic using specialized tools like Wireshark
or tcpdump and analyzing the captured data to gain insights into network activity, including usernames,
passwords, and other sensitive information.
20. Rogue Access Point: A rogue access point is an unauthorized wireless access point that has been
installed on a network without the explicit consent of the network administrator. Rogue access points can
be used by attackers to intercept network traffic, launch attacks, or gain unauthorized access to the
network.
21. Password Hacking Techniques:
 Brute Force Attack: Trying every possible combination until the correct one is found.
 Dictionary Attack: Using a list of commonly used passwords or words from a dictionary.
 Phishing: Tricking users into revealing their passwords by impersonating legitimate entities.
 Social Engineering: Manipulating individuals into divulging their passwords through
psychological manipulation.
 Keylogging: Recording keystrokes to capture passwords as they are entered.
 Rainbow Table Attack: Precomputed tables of hashes to quickly reverse hashed passwords.
22. Types of Passwords:
 Simple Passwords: Easy-to-guess passwords like "password", "123456", etc.
 Complex Passwords: Strong passwords with a mix of uppercase, lowercase, numbers, and special
characters.
 One-time Passwords (OTP): Temporary passwords used for a single login session or transaction.
 Biometric Passwords: Passwords based on unique biological characteristics like fingerprints or
iris scans.
 Passphrases: Longer sequences of words or phrases that are easier to remember but harder to
crack than traditional passwords.
23. Spyware Technologies: Spyware refers to software that secretly monitors and collects user information. It
can capture keystrokes, record browsing habits, steal passwords, and more. Spyware technologies include
keyloggers, screen capture software, webcam recorders, and data exfiltration tools.

24. Difference between Spoofing and Hijacking:

 Spoofing: Involves impersonating a legitimate entity or source.
 Hijacking: Involves taking control of an ongoing communication or session between legitimate
parties.
25. Preventions Used in Root Notes: Measures to prevent unauthorized access to root notes include:
 Strong authentication mechanisms.
 Regular auditing and monitoring of user activities.
 Implementation of least privilege principles.
 Proper configuration management.
 Regular security updates and patches.
26. DNS Spoofing Technique: DNS spoofing involves manipulating the Domain Name System (DNS) to
redirect users to malicious websites. Attackers can forge DNS responses or poison DNS caches to associate
domain names with incorrect IP addresses, leading users to unintended destinations.
27. Protocols Susceptible to Sniffing: Protocols such as HTTP, FTP, Telnet, SMTP, and POP3 are susceptible
to sniffing because they transmit data in plaintext over the network, making it easy for attackers to intercept
and capture sensitive information.
28. ARP Spoofing: ARP spoofing is a technique where an attacker sends falsified Address Resolution Protocol
(ARP) messages over a local area network. By spoofing ARP replies, the attacker associates their MAC
address with the IP address of another network device, allowing them to intercept or modify network
traffic.
29. MAC Flooding: MAC flooding is a network attack where the attacker floods a switch's MAC address table
with fake MAC addresses, causing the switch to enter into a fail-open mode, where it starts broadcasting all
traffic to all ports, enabling the attacker to sniff the traffic.
30. DNS Attack: In a DNS attack, attackers exploit vulnerabilities in the Domain Name System to redirect
users to malicious websites, intercept sensitive information, or disrupt network services. Techniques
include DNS spoofing, DNS cache poisoning, and DNS amplification attacks.
31. Common DoS Attack Techniques:
 SYN Flood: Overwhelming a server with connection requests, exhausting its resources.
 UDP Flood: Flooding a server with UDP packets, causing it to become unresponsive.
 Ping Flood: Sending a large number of ICMP Echo Request (ping) packets to a target to consume
its bandwidth.
 HTTP Flood: Sending a large volume of HTTP requests to a web server, overloading it and
denying legitimate users access.
32. Smurf Attack: A Smurf attack involves sending large numbers of ICMP echo requests (pings) to IP
broadcast addresses, with the source address spoofed to that of the victim. This causes all devices on the
network to reply to the victim, overwhelming its resources.
33. Bots vs. Botnets:
 Bots: Individual compromised computers or devices controlled by an attacker.
 Botnets: Networks of compromised devices (bots) controlled by a central command and control
server.
34. DoS/DDoS Countermeasures:
 Traffic Filtering: Blocking malicious traffic at network perimeters.
 Rate Limiting: Limiting the rate of incoming requests to mitigate flooding attacks.
 Distributed Defense Systems: Using multiple layers of defense to distribute and absorb attack
traffic.
 Anomaly Detection: Monitoring network traffic for abnormal patterns indicative of an attack.
35. Spoofing: Spoofing involves impersonating another entity or manipulating data to appear as though it
originated from a trusted source. Types include IP spoofing, email spoofing, MAC address spoofing, and
DNS spoofing.
36. Preventive Measures for Hijacking:
 Strong Authentication: Implementing multi-factor authentication.
 Encryption: Encrypting sensitive data to prevent interception and tampering.
 Network Segmentation: Isolating critical systems from less secure networks.
 Regular Auditing: Monitoring and reviewing system logs for suspicious activity.
 37. Sniffing Countermeasures:
 Encryption: Encrypting network traffic to prevent interception.
 Network Segmentation: Separating critical systems from less secure networks.
 Packet Filtering: Blocking unauthorized traffic at network perimeters.
 Port Security: Restricting access to network ports to authorized devices only.
38. Web Server and Types of Attacks: Types of attacks against web servers include:
 SQL Injection: Exploiting vulnerabilities in web applications to execute malicious SQL
commands.
 Cross-Site Scripting (XSS): Injecting malicious scripts into web pages viewed by other users.
 DDoS Attacks: Overwhelming a web server with a flood of requests to make it inaccessible.
 Directory Traversal: Accessing files and directories outside of the web server's root directory.
39. Patch Management Techniques:
 Regular Updates: Applying patches and updates from software vendors promptly.
 Vulnerability Scanning: Identifying and prioritizing vulnerabilities for patching.
 Change Management: Implementing changes to software and systems in a controlled and
documented manner.
 Testing: Testing patches in a controlled environment before deploying them to production
systems.
40. Steps for Web Server Hardening:
 Disable Unnecessary Services: Turn off unnecessary services to reduce attack surface.
 Use Strong Authentication: Implement strong passwords and multi-factor authentication.
 Secure Configuration: Configure web server settings to adhere to security best practices.
 Regular Updates: Keep software and server components up to date with security patches.
 Monitor and Audit: Continuously monitor server logs for suspicious activity and perform regular
security audits.
41. Vulnerability and Web Server Vulnerabilities: A vulnerability is a weakness or flaw in a system that can
be exploited by attackers to compromise its security. Web server vulnerabilities include:
 SQL Injection: Exploiting vulnerabilities in web applications to execute malicious SQL
commands.
 Cross-Site Scripting (XSS): Injecting malicious scripts into web pages viewed by other users.
 Directory Traversal: Accessing files and directories outside of the web server's root directory.
 Remote Code Execution: Allowing attackers to execute arbitrary code on the server.
19. Scanning / Port Scanning: Scanning is the process of systematically examining a network or system for
vulnerabilities or open ports. Port scanning, specifically, involves probing a computer network to discover
open ports and services available on target machines. This information can be used by attackers to
identify potential entry points for exploitation.
20. Definition of Port Scanning with Example: Port scanning is the process of sending packets to specific
ports on a target system to determine which ports are open and what services are running on those ports.
For example, a common port scanning tool is Nmap. By running a port scan using Nmap, an attacker can
discover that port 80 (HTTP) and port 22 (SSH) are open on a target system, indicating that the system
likely hosts a web server and allows secure shell access.
21. Brief Note on Network Scanning: Network scanning involves assessing a network's perimeter and
internal systems to identify active hosts, open ports, and services. It helps in understanding the network's
topology, identifying vulnerabilities, and strengthening security defenses.
22. Vulnerability Scanning: Vulnerability scanning is the process of proactively identifying weaknesses in a
network, system, or application before they can be exploited by attackers. This involves using automated
tools to scan for known vulnerabilities, misconfigurations, and outdated software versions.
23. CEH Scanning Methodology: CEH (Certified Ethical Hacker) scanning methodology involves
systematically scanning a network or system using various techniques and tools to identify potential
security vulnerabilities. It typically includes steps such as reconnaissance, scanning, enumeration,
vulnerability assessment, and reporting.
24. Ping Sweep Techniques and Approaches: Ping sweep techniques involve sending ICMP Echo Request
(ping) packets to a range of IP addresses to determine which hosts are alive on a network. Approaches
include:
 Sequential Scanning: Pinging each IP address in a sequential manner.
 Random Scanning: Pinging random IP addresses within a specified range.
 Parallel Scanning: Sending multiple ping requests simultaneously to speed up the scanning
process.
25. Nmap Command Switches: Nmap is a popular port scanning tool with various command-line switches.
Some common switches include:
 -sS: TCP SYN scan (stealth scan)
 -sT: TCP connect scan
 -sU: UDP scan
 -p: Specify port range
 -A: Enable OS detection, version detection, script scanning, and traceroute
26. Explain how SYN is used to transfer the connection in Ethical Hacking:
 SYN (Synchronize) is a TCP (Transmission Control Protocol) packet used to initiate a connection
between two devices over a network.
 In Ethical Hacking, attackers can exploit the SYN packet to perform SYN flooding attacks, also
known as SYN flood attacks, which overwhelm a target system with a high volume of SYN
packets, causing it to become unresponsive.
 Attackers can also use SYN packets as part of the TCP three-way handshake to establish a
connection with a target system and then exploit vulnerabilities or perform further attacks.
27. Define Stealth in Ethical Hacking:
 In Ethical Hacking, stealth refers to the ability of an attacker to conduct activities without being
detected by security measures or intrusion detection systems.
 Stealthy techniques include using encrypted communication channels, obfuscating attack
payloads, and minimizing the footprint of malicious activities to avoid detection by network
defenders.
28. Explain how XMAS Scanning techniques is used in Ethical Hacking:
 XMAS scanning is an advanced port scanning technique used by Ethical Hackers to identify open
ports on a target system.
 In XMAS scanning, the attacker sends a TCP packet with the FIN, PSH, and URG flags set to the
target ports.
 If a port is closed, the target system should respond with a TCP RST (reset) packet. However, if a
port is open, the target system may not respond at all, indicating to the attacker that the port is
open and potentially vulnerable.
29. What is the term NULL defines in Ethical Hacking:
 In Ethical Hacking, NULL refers to a TCP packet with no flags set, resulting in a packet with all bits
set to zero.
 NULL scans are a port scanning technique where an attacker sends NULL packets to target ports
to determine their state.
 Like XMAS scans, NULL scans rely on the behavior of target systems in responding to unexpected
or invalid TCP packets to identify open ports.
30. Explain the role of IDLE Scan in Ethical Hacking:
 IDLE Scan, also known as zombie scan, is a stealthy port scanning technique used by Ethical
Hackers to scan target systems indirectly through a third-party system, known as a zombie or idle
host.
 In IDLE Scan, the attacker sends spoofed SYN packets to the target system, with the source IP
address set to the IP address of the idle host.
 By observing the responses from the target system, the attacker can determine the state of ports
on the target without directly interacting with it, thereby evading detection.
31. Explain FIN scans and its role in Ethical Hacking:
 FIN scanning is a port scanning technique used by Ethical Hackers to identify open ports on a
target system.
 In FIN scanning, the attacker sends TCP packets with only the FIN (finish) flag set to the target
ports.
 If a port is closed, the target system should respond with a TCP RST (reset) packet. However, if a
port is open, the target system may not respond at all, indicating to the attacker that the port is
open and potentially vulnerable.
32. What are the anonymizers in Ethical Hacking:
 Anonymizers are tools or services used by Ethical Hackers to conceal their identity and location
when conducting activities online.
 Anonymizers may include proxy servers, virtual private networks (VPNs), and Tor (The Onion
Router) network, which route internet traffic through multiple servers to obfuscate the original
source.
33. What are the HTTP Tunneling Techniques in Ethical Hacking:
 HTTP tunneling techniques are methods used by Ethical Hackers to bypass network security
measures and exfiltrate data or execute commands over HTTP protocols.
 Examples of HTTP tunneling techniques include using web shells, covert channels in HTTP
headers, and exploiting vulnerabilities in web applications to establish command and control
channels.
34. What are the IP Spoofing Techniques in Ethical Hacking:
 IP spoofing techniques involve manipulating the source IP address in network packets to
impersonate another host or network device.
 Ethical Hackers may use IP spoofing to evade network security measures, bypass access controls,
and launch attacks while masking their identity.
 Common IP spoofing techniques include source IP address spoofing, where the attacker forges
the source IP address in packets, and source routing, where the attacker specifies the route that
packets should take through the network.