A) Session Hijacking:TECHNIQUE1) Session Prediction: 2)Session Sniffing: 3)Man-in-the-Middle

(MITM) Attack: 4)Cross-Site Scripting (XSS): 5)Session Fixation: 6)Session Sidejacking: 7)Session
Replay: 8)Brute Force Attacks: T SSTEP:1)Reconnaissance: 2)Session Token Capture: 3)Session
Token Analysis: 4)Session Token Usage: 5)Maintain Access: 6 )Covering Tracks:)
AWERENESS:- 1)Use of HTTPS: 2) Strong Session Management: 3)Input Validation and Output
Encoding: 4)Secure Cookies: 5)Network Segmentation: 6)User Awareness: 7)Session Monitoring and
Detection:
B) Bluetooth Hacking Vector Description Method Impact prevention
1)Bluejacking :Sending unsolicited messages , ,Sending contacts with messages ,,Annoyance,
disruption ,, Set to non-discoverable, reject unknown messages 2)Bluesnarfing :- Unauthorized data
access ,, Exploiting protocol vulnerabilities ,, Data theft, privacy invasion,, Keep firmware updated,
limit connectivity ,, Use strong PINs, update firmware, disable Bluetooth 3)Bluebugging:- Remote
control of device ,, Exploiting security flaws ,,Full device compromise 4)Bluesmacking:-DoS attack ,,
Flooding malformed packets ,, Device disruption,, Set to non-discoverable, use unique device names
5)Blueprinting:- Device mapping ,, Scanning for devices,, Reconnaissance, target identification ,,
Non-discoverable mode, use encryption, update devices
C) Mobile Hacking Vector Description Method Impact
1)Malicious Apps ,, Malware installation ,, Disguised apps ,, Data theft, unauthorized access
2)Phishing ,, Social engineering ,, Fake emails/messages ,, Credential theft
3)MitM Attacks ,, Communication interception ,, Rogue access points ,, Eavesdropping, data theft
4)OS Vulnerabilities ,, Exploit OS flaws ,, Known exploits ,, Full device control
5)SIM Swapping ,,Phone number hijacking ,, Social engineering carriers ,, Intercept calls/messages
6)Network Exploits ,, Attacks on mobile networks ,,Protocol vulnerabilities ,,Eavesdropping, tracking
7)Data Leakage ,,Unintentional data exposure ,,Insecure apps ,, Exposure of sensitive data
D) WEB PEN STEP :1)Planning and Preparation 2. Reconnaissance 3. Vulnerability Scanning 5. Post-
Exploitation 6. Reporting 7. Remediation and Retesting)
E)IOT AREA :- Device Security: Network Security: Application Security: Data Security: Cloud Security:)
 Methodology: Step Objective Techniques
1)Reconnaissance ,, Gather information about target IoT devices ,, Passive info gathering, network
scanning, firmware analysis 2)Scanning and Enumeration ,, Identify vulnerabilities and entry points ,,
Network scanners, firmware enumeration, config exploration 3)Vulnerability Analysis ,, Identify
security weaknesses ,, s Firmware analysis, vulnerability testing, traffic examination
4)Exploitation ,, Gain unauthorized access ,, Credential exploitation, exploiting known vulnerabilities
5)Post-Exploitation ,, Maintain access and achieve attack objectives ,, Backdoors, data exfiltration,
device control 6)Covering Tracks ,, Hide evidence of the attack ,,Log clearing, encryption, disabling
security mechanisms)
F) FIREWALL:-1)Packet Filtering Firewall 2)Stateful Inspection Firewall 3)Proxy Firewall 4)Next-
Generation Firewall 5) Unified Threat Management (UTM) Firewall  Examples, packet filter:-
1)iptables, Cisco ACLs ,, Based on IP, ports, protocol2) Cisco ASA, Check Point FW-1,, Based on
connection state 3)Squid Proxy, Blue Coat ,, Based on application data 4)Palo Alto Networks,
Fortinet ,, Based on deep packet inspection 5)Sophos UTM, SonicWall ,, Based on multiple integrated
security features
G)IDS:- Feature/Aspect HIDS NIDS
1)Scope :-Individual hosts ,, Network-wide2)Deployment:-Installed on each host ,, Deployed at
strategic network points 3)Resource Usage:-High (on hosts) ,, Low (on hosts), high (on network
devices)4)Traffic Analysis:-Local to host ,, Across the network
5)Encrypted Traffic:- Can analyze encrypted traffic ,, Cannot analyze without decryption
6)Visibility:-Detailed host-level visibility ,, Broad network-level visibility
7)Detection Methods:-File integrity, log analysis, process monitoring ,, Traffic analysis, protocol
analysis, signature and anomaly detection 8)Management:-Requires per-host management ,,
Centralized management 9)Examples:-OSSEC, Tripwire, AIDE ,, Snort, Suricata, Zeek
H)PACKET SNIFFING:- Methodology 1) Capturing Packets: 2)Filtering Traffic: 3)Analyzing
Packets:4)Reassembling Data: 5)Reporting and Visualization: Tools for Packet
Sniffing :1)Wireshark: 2)tcpdump: 3)Tshark: 4)Microsoft Network Monitor (Netmon): 5)Colasoft
Capsa: Practice methodology:-1)Network Setup: 2)Configuring the Tool: 3)Capturing Data:
4)Analyzing Captured Packets: 5)Diagnosing Issues: 6)Reporting Findings: Application: 1)Network
Troubleshooting:2)Security Analysis: 3)Protocol Development and Debugging: 4)Compliance and
Auditing:5)Education and Training:
I)SQL : Methodology :- 1)Identifying Vulnerable Inputs: 2)Crafting Malicious SQL Statements:
3)Executing Malicious Queries: 4)Extracting Data: Types of SQL Injection: 1)Classic SQL
Injection:2)Blind SQL Injection:3)Union-based SQL Injection: 4)Error-based SQL Injection:
Countermeasures: 1)Input Validation: 2)Prepared Statements and Parameterized Queries: 3)Stored
Procedures: 4)Least Privilege Principle: 5)Error Handling: 6)Web Application Firewalls (WAFs):
7)Regular Security Audits and Penetration Testing:
J)SOCIAL ENG:- 1)Phishing: 2)Pretexting: 3)Baiting: 4)Quid Pro Quo: 5)Tailgating/Piggybacking:
6)Impersonation: Countermeasures: 1) Education and Training: 2)Strong Policies and Procedures:
3)Technical Controls:4)Physical Security Measures:5)Incident Response:
K) Working of Wireshark:- 1)Capturing Packets: 2)Filtering Traffic: 3)Analyzing Data: 4)Reassembling
Streams: 5)Decoding Protocols: 6)Visualization:
Applications of Wireshark :1)Network Troubleshooting: 2)Security Analysis: 3)Protocol
Development:4)Network Performance Monitoring: 5)Educational Purposes: 6)Compliance and
Auditing:
L) Types Cyber-Attacks:- 1)Phishing: 2)Malware: 3)Denial-of-Service (DoS) and Distributed Denial-of-
Service (DDoS): 4)Man-in-the-Middle (MitM): 5)SQL Injection: 6)Zero-Day Exploit: 7)Cross-Site
Scripting (XSS): 8)Password Attacks: 9)Ransomware: 10)Advanced Persistent Threats (APTs):
M) FOOTPRINTING:-1)WHOIS Lookup: 2)DNS Enumeration: 3)Network Footprinting: 4)Social
Engineering: 5)Website Footprinting: 6)Google Dorking: Tool: 1)WHOIS Tools: 2)DNS Tools:
3)Network Scanning Tools: 4)Website Analysis Tools: 5)Social Engineering Tools:
N) VA TOOl:-1)Nessus: 2)OpenVAS: 3)Rapid7 InsightVM: 4)QualysGuard:
PEIN: 1)Metasploit Framework: 2)Burp Suite: 3)Wireshark: 4)Hydra: 5)John the Ripper:
Process: 1)Planning and Scoping: 2)Reconnaissance: 3)Vulnerability Assessment: 4)Penetration
Testing: 5)Reporting: 6)Remediation and Re-Testing:
O)VAPT TOOl:-1) Nessus:-Vulnerability Assessment ,, Extensive plugin library, detailed reporting,
integration with other security tools 2)OpenVAS:- Vulnerability Assessment ,, Open-source,
comprehensive scanning, integration with Greenbone Security Manager 3)QualysGuard :-
Vulnerability Management ,, Cloud-based, continuous monitoring, customizable dashboards, third-
party integration 4)Rapid7 Nexpose :- Vulnerability Management,, Real-time detection, risk scoring,
integration with Metasploit, automation capabilities 5)Metasploit:- Penetration Testing ,, Large
exploit repository, payload generation, scripting, integration with vulnerability scanners 6)Burp
Suite:- Web Penetration Testing ,, HTTP/S traffic inspection, automated scanning, advanced tools
(Intruder, Repeater), extensible 7)Nmap:- Network Scanning ,, Host discovery, port scanning,
service/version detection, Nmap Scripting Engine 8)Wireshark:- Network Analysis ,, Real-time packet
capture, protocol support, filtering, visualizations 9)Aircrack-ng:- Wireless Network Testing ,, Packet
capture, WEP/WPA/WPA2-PSK cracking, network testing, anomaly detection