M.

SC DEGREE EXAMINATIONS, APRIL 2025

[For the candidates admitted from 2024-25 onwards]

FIRST SEMESTER

M.SC CYBER SECURITY

ADVANCED ETHICAL HACKING AND PENETRATION TESTING-24CSESC09

Maximum :45 Marks Duration: 3 hours

--------------------------------------------------------------------- PART A [5 x 1 = 5 Marks]

Answer ALL Questions(Choose the Best Answer)

1. Which tool is commonly used for exploitation in penetration CO K

testing?
a Wireshark b Metasploit

c Nmap d Nessus CO1 K2

2. Which tool is commonly used for DNS reconnaissance?

a) Metasploit b) Nmap

c) Nslookup d) Hydra CO2 K2

3. Which command in Metasploit is used to list all available

HTTP/HTTPS payloads?
a) show exploits b) search http

c) show payloads | grep http d) use http/payloads CO3 K3

4. Which of the following is NOT a type of social engineering

attack?
a) Phishing b) Tailgating

c) Malware analysis d) Pretexting CO3 K4

5. Which attack involves capturing and analyzing wireless packets

to crack the Wi-Fi password?
a) Phishing b) ARP Poisoning CO3 K4

c) Packet Sniffing d) DNS Spoofing

SECTION B (5 x 6 = 30 Marks)
Answer ALL Questions

6. a) Write a note on the steps involved in Penetration testing.

. Penetration testing (pen testing) in ethical hacking follows a structured approach to assess the security of a system. The process consists of
five main phases:

1. Planning & Reconnaissance

 Define scope and goals of the test.

 Gather intelligence (e.g., domain names, network infrastructure, IP addresses).
 Identify potential vulnerabilities.
 Use passive and active reconnaissance techniques (e.g., Google dorking, WHOIS lookup, social engineering, network scanning).

2. Scanning

 Identify live hosts, open ports, and services.

 Use tools like Nmap, Nessus, or OpenVAS for network scanning.
 Perform vulnerability scanning to detect potential weaknesses.
  Analyze system responses to different types of attacks.

3. Gaining Access (Exploitation)

 Exploit vulnerabilities found in the previous phase.

 Use tools like Metasploit, SQLmap, Hydra for attacks.
 Execute different types of attacks (e.g., SQL injection, buffer overflow, privilege escalation).
 Attempt to gain administrative control or access sensitive data.

4. Maintaining Access

 Establish persistence using backdoors, trojans, or rootkits.

 Test how long an attacker can stay undetected.
 Assess the impact of prolonged access.
 Identify potential risks if a real attacker were to maintain control.

5. Analysis & Reporting

 Document findings, including exploited vulnerabilities and attack methods.

 Provide a risk assessment and remediation plan.
 Suggest security measures (patching, configuration changes, security policies).
 Deliver a final report to the organization for action.--- The list of headings carry 1 mark and explanation carries 5 marks.

CO1 K2

(OR)

b) backdoors are working and analyse its types.

Explain how
A backdoor is a method used by attackers (or sometimes legitimate developers) to gain unauthorized access to a
system, bypassing normal authentication mechanisms. It allows remote control over a system, often without the knowledge of the user. ----
alternative entry point into a system. They can be implemented
carries 1 mark- Backdoors operate by creating an
through: Malware or Trojans: Attackers embed backdoors inside malicious software that a user unknowingly
installs.Vulnerabilities Exploitation: Attackers exploit software vulnerabilities to install a
backdoor.Pre-installed by Developers: Some software may have intentional backdoors for maintenance, but they can
be abused by attackers.---carries 2 marks.-types carries 3 marks.

7. a) Write a note on Maltego and its characteristics.

Maltego is a powerful open-source intelligence (OSINT) and graphical link
analysis tool used for information gathering, cyber threat intelligence, and digital forensics. It is widely used by ethical
hackers, penetration testers, law enforcement agencies, and security researchers to visually map relationships
between entities like domains, IP addresses, people, emails, and social media profiles.----carries 3 marks-characteristics-
Graphical analysis- Open-Source Intelligence (OSINT) Gathering-- Automation of
Data Collection and some other information carries 2 marks.

CO2 K3

(OR)

b) Write a note on the N-Map scripting engines.

The Nmap Scripting Engine (NSE) is a powerful feature of Nmap, allowing users to automate network discovery, vulnerability
detection, and exploitation using Lua scripts. NSE extends Nmap’s functionality beyond simple port scanning by enabling detailed
analysis and interaction with network services. –carries 2 marks- Categorized Scripts for Various
Functions
 NSE scripts are divided into categories such as:
Auth – Authentication bypass and brute force attacks
Discovery – Host and service discovery
Vuln – Vulnerability scanning
Exploit – Running exploit scripts on discovered vulnerabilities
Malware – Detecting malware and backdoors – carries 4 marks.
8. a) Examine how malware is injected and identify its defense mechanisms.
To prevent and detect malware injections, organizations use various cybersecurity defense strategies:
1. Endpoint Security & Antivirus
✔ Use next-generation antivirus (NGAV) with real-time malware detection.
✔ Implement behavior-based detection to identify suspicious activities.
2. Regular Software Patching
✔ Keep OS, applications, and firmware updated to prevent vulnerability exploitation.
✔ Use automated patch management tools.
3. Network Security Measures
✔ Deploy firewalls, intrusion detection systems (IDS), and intrusion prevention
systems (IPS).
✔ Use Zero Trust Network Architecture (ZTNA) to restrict unauthorized access.
4. Email & Web Security
✔ Use email filtering to block phishing attempts.
✔ Enable browser sandboxing to prevent drive-by downloads.
5. User Awareness & Training
✔ Conduct phishing simulations and cybersecurity awareness training.
✔ Educate users on not clicking unknown links or downloading suspicious
attachments.
6. USB & Device Control-----or any other general informations carries 3
marks with injection mechanisms carries 3 marks..
CO3 K3

b) Suggest some defensive measures against Password attacks.

brute
Password attacks are attempts to steal or crack user credentials to gain unauthorized access. Attackers use techniques like
force, dictionary attacks, phishing, and credential stuffing to exploit weak or reused
passwords. To defend against such attacks, organizations and users must adopt strong authentication practices
and security measures. --- carries 3 marks.

Key Defensive Measures:

1. Use Strong & Unique Passwords

o Create long passwords (12+ characters) with a mix of letters, numbers, and symbols.
o Avoid common words, names, or predictable patterns.

2. Implement Multi-Factor Authentication (MFA)

o Require additional authentication (e.g., OTP, biometrics, security keys) to strengthen secu-

rity.

3. Enable Account Lockout Mechanisms

o Lock accounts after multiple failed login attempts to prevent brute-force attacks.

4. Use Password Managers --- or any relevant informations carries 3

marks.

9. a) Write an overview of Spear Phising attacks.

 Spear phishing is a highly targeted and deceptive cyber attack in which attackers send fraudulent emails or messages to specific individu-
als, organizations, or businesses. Unlike regular phishing attacks that cast a wide net, spear phishing is personalized and designed to trick the
recipient into revealing sensitive information, such as login credentials, financial details, or confidential data. ---- carries 6 marks with rel-
evant informations.

CO3 K4

(OR)

b) Write an outline of Social Engineering and web attacks.

Psychological manipulation to trick users into revealing confidential information
Exploiting trust, urgency, or authority --- or relevant definition carries 2 marks-
Common Social Engineering Techniques
1. Phishing – Deceptive emails or messages to steal credentials
2. Spear Phishing – Targeted phishing attack against specific individuals or organizations
3. Whaling – Phishing attack aimed at high-profile executives
4. Vishing (Voice Phishing) – Attackers use phone calls to extract sensitive information
5. Smishing (SMS Phishing) – Phishing via text messages --- carries 4 marks.
10. a) Write a note on mobile malware.

Mobile malware refers to malicious software designed to infect smartphones, tablets, and other mobile devices. It is used by cybercrimin-
als to steal personal data, spy on users, perform unauthorized transactions, and disrupt device functionality. Mobile malware typically
spreads through malicious apps, phishing links, drive-by downloads, or unsecured networks. --- carries 2 marks --And some other relev-
ant informations carries 4 marks.

CO3 K5

(OR)

b) Examine the attacks in mobile environments and explain.

Types of Attacks in Mobile Environments
1. Malware-Based Attacks
A. Mobile Trojans
 Disguised as legitimate apps but execute malicious activities in the background.
 Example: Banking Trojans steal financial information.
 Prevention: Download apps only from trusted stores and review permissions.
B. Spyware
 Secretly monitors user activity, tracking calls, messages, location, and keystrokes.
 Example: Pegasus spyware used for surveillance.
 Prevention: Use antivirus software and avoid installing unknown apps.
C. Ransomware
 Encrypts mobile data and demands ransom to restore access.
 Example: Android ransomware that locks users out of their devices.
 Prevention: Backup data regularly and avoid downloading suspicious files.
D. Adware
 Displays intrusive ads and collects user data without consent.
 Example: Hidden adware inside free apps that generate revenue through forced ads.
 Prevention: Avoid installing free apps from unknown developers.
------ carries 2 marks each for a total of atleast 3 attacks with explanations --- carries 6 marks.

SECTION C (1 x 10 = 10 Marks)
Answer ALL Questions

11. a) Write in detail about the Host and Network scanning methods.

Host and network scanning are essential cybersecurity techniques used for assessing vulnerabilities, identifying active devices, and detect-
ing security weaknesses. These methods are commonly used in penetration testing, threat hunting, and security audits to strengthen an
organization's defense mechanisms.
 Host scanning focuses on analyzing individual devices (hosts), while network scanning examines the overall network infrastructure.
Various tools like Nmap, Nessus, Wireshark, and OpenVAS help conduct these scans effectively.

----- carries 2 marks----- Types of Host Scanning Methods – carries 2 marks- Since attackers also use host and network scanning to discover
vulnerabilities, organizations should implement defensive counter measures:

✔ Use Firewalls & IDS/IPS – Blocks unauthorized scanning attempts.

✔ Disable Unused Ports & Services – Reduces attack surface.

✔ Enable Network Segmentation – Prevents lateral movement of attackers.

✔ Monitor Network Traffic – Detects abnormal scanning activities.

✔ Use Encryption & VPNs – Prevents data interception.

✔ Implement Zero-Trust Security – Restricts unauthorized access--- or relevant explanations carries 6 marks.

CO3 K4

(OR)

b) Explain in detail about the Intrusion detections in wireless communications.

monitoring, analyzing, and detecting

Intrusion Detection in wireless communications involves
unauthorized access or malicious activities in wireless networks. Since wireless networks are more
vulnerable to attacks like rogue access points, eavesdropping, denial-of-service (DoS),
and man-in-the-middle (MITM) attacks, specialized Wireless Intrusion Detection
Systems (WIDS) are used to safeguard them.---- carries 2 marks.---Key Techniques for Wireless
Intrusion Detection:

✔ Signature-Based Detection – Identifies known attack patterns from a database.

✔ Anomaly-Based Detection – Detects deviations from normal network behavior.
✔ Behavioral Analysis – Monitors user activity and device connectivity patterns.
✔ Real-Time Traffic Monitoring – Captures packets for deep analysis using tools like Wireshark and
Kismet.
✔ Rogue AP Detection – Identifies unauthorized access points that may lead to data theft.

Defense Strategies:

✔ Enable WPA3 encryption to protect wireless transmissions.

✔ Deploy WIDS/WIPS (Wireless Intrusion Prevention Systems) for real-time attack detection.
✔ Use MAC address filtering to restrict unauthorized device connections.
✔ Implement network segmentation to minimize attack impact.
✔ Regularly audit wireless traffic logs for unusual activity.

---- carries 8 marks with marks evenly distributed for any two headings.

*****