Clickjacking is a deceptive technique used by attackers to trick users into clicking on something

different from what they think they are clicking on, potentially leading to unintended actions.

In a clickjacking attack, the attacker overlays a malicious web page or element on top of a legitimate
webpage or element, making it seem like the user is interacting with the legitimate content when
they are actually interacting with the hidden, malicious content.

For example, a user might think they are clicking on a harmless button or link on a website, but in
reality, they are clicking on a button that performs a malicious action such as transferring funds,
downloading malware, or sharing sensitive information.

Preventing clickjacking typically involves implementing security measures such as frame-busting

scripts, X-Frame-Options headers, and Content Security Policy (CSP) directives to prevent malicious
websites from embedding legitimate content within frames or iframes.

Session Hijacking: is a type of cyber attack where an attacker takes control of a user’s active
session on a web application or service.

During a session hijacking attack, the attacker intercepts or steals the session token or cookie of a
legitimate user and uses it to impersonate the user and gain unauthorized access to their account.

Session hijacking can occur through various means, including:

1.​ Network Sniffing: The attacker monitors network traffic to intercept the session token or
cookie as it is transmitted between the user’s device and the web server.
2.​ Cross-Site Scripting (XSS): The attacker injects malicious scripts into a vulnerable website,
allowing them to steal session tokens or cookies from other users who visit the compromised
site.
3.​ Session Fixation: The attacker sets or fixes the session token or cookie value for a victim
user, allowing them to hijack the user’s session once the user logs in.

To prevent session hijacking, web applications should implement security measures such as:

●​ Using secure HTTPS connections to encrypt data transmitted between the user’s device and
the web server.
●​ Implementing measures such as CSRF tokens and secure session management practices to
mitigate the risk of CSRF (Cross-Site Request Forgery) attacks, which can be used in
conjunction with session hijacking.
●​ Regularly auditing and monitoring for suspicious activity or unauthorized access to user
accounts.+
Explain phishing and list different types of phishing techniques.
Phishing is a type of cyber attack where attackers use deceptive tactics to trick
individuals into revealing sensitive information such as login credentials, personal
information, or financial data.

Phishing attacks often involve impersonating trusted entities, such as legitimate

organizations or individuals, to manipulate victims into taking actions that benefit the
attackers.

Types of phishing techniques:

1.​ Email Phishing: Attackers send fraudulent emails posing as legitimate

organizations or individuals, often with urgent or enticing messages, to trick
recipients into clicking on malicious links or downloading attachments that
contain malware. Email phishing is one of the most prevalent and widely known
types of phishing.
2.​ Spear Phishing: Spear phishing is a targeted form of phishing where attackers
customize their fraudulent messages for specific individuals or organizations.
The emails often contain personalized information obtained through
reconnaissance, making them more convincing and difficult to detect.
3.​ Clone Phishing: In clone phishing, attackers create replica emails that appear to
be legitimate copies of previously received emails from trusted sources. The
cloned emails typically contain malicious links or attachments, exploiting the
recipient’s familiarity with the original email to increase the likelihood of success.
4.​ Vishing (Voice Phishing): Vishing involves using voice communication, such as
phone calls or VoIP (Voice over Internet Protocol). Attackers may impersonate
legitimate entities, such as bank representatives or tech support personnel, to
trick victims into providing financial information over the phone.
5.​ SMiShing (SMS Phishing): SMiShing refers to phishing attacks conducted via
SMS (Short Message Service) or text messages. Attackers send fraudulent text
messages containing malicious links or prompts to call a phone number, often
impersonating legitimate organizations or claiming that the recipient has won a
prize to lure victims into disclosing personal information or installing malware.
6.​ Pharming: Pharming attacks involve redirecting victims to fraudulent websites or
web pages without their knowledge. Attackers manipulate DNS (Domain Name
System) or compromise routers and DNS servers to redirect users from
legitimate websites to malicious ones, where they may be prompted to enter
sensitive information.
Explain memory and address protection in detail. Write a note on file protection. 10

Memory and Address Protection:

1.​ Memory Protection: Memory protection is a mechanism to control access to memory

locations in a computer’s memory. It prevents a process from accessing memory that
has not been allocated to it or from accessing memory allocated to another process.
2.​ Address Protection: Address protection is a subset of memory protection. It involves
techniques to ensure that memory addresses accessed by a process are valid and within
the boundaries of the allocated memory for that process. This prevents buffer overflows,
pointer manipulation attacks, and other vulnerabilities

Techniques used for Memory and Address Protection:

○​ Memory Segmentation: Memory segmentation divides memory into segments

and assigns different segments to different processes. Each segment has its
own access rights, such as read, write, and execute permissions.
○​ Memory Paging: Memory paging divides memory into fixed-size blocks called
pages. Each page can be individually protected with access permissions. It also
enables virtual memory management, allowing the operating system to manage
memory more efficiently.
○​ Memory Protection Units (MPUs) and Memory Management Units (MMUs):
Hardware components like MPUs and MMUs are used to enforce memory
protection at the hardware level. They can restrict access to memory based on
permissions set by the operating system.

File Protection:

File protection involves controlling access to files stored on a computer’s file system. It ensures
that only authorized users or processes can read, write, or execute files, thereby safeguarding
sensitive data and system integrity.

1.​ Access Control Lists (ACLs): ACLs are lists of permissions attached to files or
directories. They specify which users or groups have access to the file and what actions
they can perform (e.g., read, write, execute). ACLs provide granular control over file
access, allowing administrators to define precise access policies.
2.​ File Ownership: Each file in a file system is associated with an owner and a group. File
ownership determines who has the authority to modify permissions and access control
settings for the file. Only the owner or a privileged user (e.g., the system administrator)
can change ownership or modify permissions.
 3.​ File System Permissions: File systems support permissions that define what actions
can be performed on a file by different categories of users: owner, group, and others.
These permissions typically include read, write, and execute permissions. By setting
appropriate permissions, administrators can control who can view, modify, or execute
files.
4.​ Encryption: Encryption is another layer of file protection that involves encoding the
contents of a file using encryption algorithms. Encrypted files can only be accessed by
users with the decryption key, ensuring confidentiality even if unauthorized users gain
access to the file.

Web browser attacks

Web browser attacks encompass a range of malicious activities aimed at exploiting
vulnerabilities in web browsers or leveraging the browser as a vector to attack users. Types of
web browser attacks:

Cross-Site Scripting (XSS):

●​ XSS attacks involve injecting malicious scripts into web pages viewed by other users.
●​ Attackers exploit vulnerabilities to execute scripts in the victim’s browser, leading to
actions like session hijacking, data theft, or defacement.
●​ Types include reflected XSS, stored XSS, and DOM-based XSS.

Clickjacking, Session Hijacking: defn

Malvertising:

●​ Malvertising involves embedding malicious code in online advertisements displayed by

web browsers.
●​ Attackers exploit ad networks to distribute malware or redirect users to malicious
websites.

Drive-By Downloads:

●​ Drive-by downloads exploit browser vulnerabilities to download and execute malicious

code without user consent.
●​ Attackers compromise legitimate websites to deliver malware or exploit kits that target
known browser vulnerabilities.
●​ Mitigation includes keeping browsers and plugins updated, using antivirus software, and
enabling browser security features.
Cross-Site Request Forgery (CSRF) is a type of security vulnerability that allows an attacker
to manipulate a victim user’s actions on a website where the user is authenticated. In a CSRF
attack, the attacker tricks the victim into unknowingly executing actions on a web application
that they are authenticated to, without their consent.

Steps :

1.​ Authentication: The victim user is authenticated to a web application, usually by logging
in and receiving a session token or cookie that authenticates their actions on the site.
2.​ Attack Preparation: The attacker crafts a malicious web page or email that contains a
request to the target web application. This request is usually in the form of a URL or a
form submission.
3.​ Tricking the Victim: The attacker lures the victim into visiting the malicious web page or
clicking on the malicious link, often by disguising it as something legitimate or enticing.
4.​ Executing the Attack: When the victim visits the malicious page, their browser
automatically sends the authenticated request to the target website without their
knowledge. Since the victim is already authenticated, the website believes that the
request is legitimate and processes it.
5.​ Unintended Action: The target website executes the request, which could be actions like
changing the victim’s email address, making a purchase, transferring funds, or any other
action that the victim has permission to perform.

To protect against CSRF attacks, web developers can implement measures such as:

●​ CSRF Tokens: Including unique tokens in forms or URLs that are verified by the server
before processing requests.
●​ SameSite Cookies: Setting the SameSite attribute on cookies to restrict their usage to
same-site requests, which can mitigate CSRF attacks.
●​ Referer Header Checking: Verifying that requests originate from the same site, although
this method has limitations and can be bypassed in some cases.
●​ User Interaction: Requiring user interaction for sensitive actions, such as confirming a
transaction or entering a password.
Domain Name Server is a prominent building block of the Internet. It’s developed as a system
to convert alphabetical names into IP addresses, allowing users to access websites and exchange
emails. DNS is organized into a tree-like infrastructure where the first level contains topmost
domains, such as .com and .org. The second-level nodes contain general, traditional domain names.
The ‘leaf’ nodes on this tree are known as hosts.

DNS works similarly to a database that is accessed by millions of computer systems in trying to
identify which address is most likely to solve a user’s query. In DNS attacks, hackers will sometimes
target the servers which contain the domain names. In other cases, these attackers will try to
determine vulnerabilities within the system itself and exploit them for their own good.​
Types of Attacks:

1.​ Denial of service (DoS): An attack where the attacker renders a computer useless
(inaccessible) to the user by making a resource unavailable or by flooding the system with
traffic.
2.​ Distributed denial of service (DDoS): The attacker controls an overwhelming amount of
computers (hundreds or thousands) in order to spread malware and flood the victim’s
computer with unnecessary and overloading traffic.
3.​ DNS spoofing (also known as DNS cache poisoning): An attacker will drive the traffic
away from real DNS servers and redirect them to a “pirate” server, unbeknownst to the
users. This may cause the corruption/theft of a user’s personal data.
4.​ Fast flux: An attacker will typically spoof his IP address while performing an attack. Fast flux
is a technique to constantly change location-based data in order to hide where exactly the
attack is coming from.
5.​ Reflected attacks: Attackers will send thousands of queries while spoofing their own IP
address and using the victim’s source address. When these queries are answered, they will
all be redirected to the victim himself.
Email Attacks:

1.​ Phishing:
○​ Definition: Fraudulent attempts to gather sensitive information by impersonating
reputable sources via email, instant messaging, or social media.
○​ Types: Regular phishing and highly targeted spear phishing.
○​ Disadvantage: Easily detectable if users are cautious.
2.​ Vishing:
○​ Definition: Phishing using voice communication technology.
○​ Tactics: Spoofing calls from trusted sources or using recorded messages to
obtain sensitive information.
○​ Exploits trust in telephone networks.
3.​ Smishing:
○​ Definition: Phishing via text messaging on mobile phones.
○​ Tactics: Impersonates legitimate sources to gain victim’s trust, often involving
malware installation through deceptive links.
4.​ Whaling:
○​ Definition: Targeted phishing attacks on high-profile individuals within
organizations.
○​ Targets: Senior executives, politicians, celebrities.
○​ Disadvantage: Requires high sophistication and social engineering skills.
5.​ Pharming:
○​ Definition: Impersonation of authorized websites to deceive users into entering
credentials.
○​ Method: Misdirects users to fake websites resembling legitimate ones.
6.​ Scareware:
○​ Definition: Malware persuading users to take specific actions based on fear.
○​ Tactics: Forges pop-up windows resembling system alerts to trick users into
executing malware.

Protection Measures:

●​ Exercise caution with emails from unknown sources.

●​ Watch for phishing signs like spelling errors, suspicious links/attachments, and requests
for personal information.
●​ Strengthen email security with strong passwords and two-factor authentication.
●​ Keep computer and software updated with security patches.
●​ Utilize antivirus and anti-malware software to detect and prevent email attacks.