A. Listed below are other forms of cyber-attacks.

Explain and discuss the following:

A.1 Cross-Site Scripting

Cross-site Scripting (XSS) is a client-side code injection attack. The attacker aims to execute malicious
scripts in a web browser of the victim by including malicious code in a legitimate web page or web
application. The actual attack occurs when the victim visits the web page or web application that
executes the malicious code. The web page or web application becomes a vehicle to deliver the
malicious script to the user’s browser. Vulnerable vehicles that are commonly used for Cross-site
Scripting attacks are forums, message boards, and web pages that allow comments.

Video Reference: https://youtu.be/cbmBDiR6WaY

A.2 Code Injection (XML, SQL, DLL, LDAP)

Code injection is the term used to describe attacks that inject code into an application. That injected
code is then interpreted by the application, changing the way a program executes. Code injection
attacks typically exploit an application vulnerability that allows the processing of invalid data. This type
of attack exploits poor handling of untrusted data, and these types of attacks are usually made possible
due to a lack of proper input/output data validation. Attackers are able to introduce (or inject) code into
a computer program with this type of vulnerability.

Video Reference: https://youtu.be/uUTM-fu6EAY

• XML injection, sometimes called XML code injection, is a category of vulnerabilities where an
application doesn’t correctly validate/sanitize user input before using it in an XML document or
query. XML, which stands for extensible markup language, is a language format that’s commonly
used for structuring storing data. Having XML injection vulnerabilities within your app means
that attackers will have free rein to cause whatever damage they can to your XML documents.
XML injections enable unvalidated user data to construct queries that allow an attacker to read
or modify XML documents or execute commands in your XML-enabled database. This enables
an attacker to get around your application’s front end to gain access to the juicy stored data
they seek by taking advantage of vulnerabilities that exist in input fields (e.g., the user’s name,
password, and search input fields).

Video Reference: https://youtu.be/4yrGD9Xj-hY

• SQL injection, also known as SQLI, is a common attack vector that uses malicious SQL code for
backend database manipulation to access information that was not intended to be displayed.
This information may include any number of items, including sensitive company data, user lists
or private customer details. SQL is a standardized language used to access and manipulate
databases to build customizable data views for each user. SQL queries are used to execute
commands, such as data retrieval, updates, and record removal. Different SQL elements
implement these tasks, e.g., queries using the SELECT statement to retrieve data, based on user-
provided parameters.
 A successful attack may result in the unauthorized viewing of user lists, the deletion of entire
tables and, in certain cases, the attacker gaining administrative rights to a database, all of which
are highly detrimental to a business.

Video Reference: https://youtu.be/oLahd_ksX6c

• DLL injection is the act of loading a dynamic link library into an external process, from your own
process. It is the easiest to perform, easiest to manage and most portable method to get
execution in an external process. DLL injection is a technique used for running code within the
address space of another process by forcing it to load a dynamic-link library. DLL injection is
often used by external programs to influence the behavior of another program in a way its
authors did not anticipate or intend. For example, the injected code could hook system function
calls, or read the contents of password textboxes, which cannot be done the usual way. A
program used to inject arbitrary code into arbitrary processes is called a DLL injector.

Video Reference: https://youtu.be/e4KUdwh8rGo?t=209

• LDAP injection is a vulnerability in which queries are constructed from untrusted input without
prior validation or sanitization. LDAP uses queries constructed from predicates that involve the
use of special characters (e.g., brackets, asterisks, ampersands, or quotes). Metacharacters such
as these control the meaning of the query; thereby, affecting the type and number of objects
retrieved from the underlying directory. If an attacker can submit input containing these control
characters, they can alter the query and change the intended behavior.

Video Reference: https://youtu.be/QjeuNiQmRrc?t=11

A.3 Buffer Overflow

A buffer overflow occurs when a program or process attempts to write more data to a fixed-length block
of memory, or buffer, than the buffer is allocated to hold. Buffers contain a defined amount of data; any
extra data will overwrite data values in memory addresses adjacent to the destination buffer. That sort
of overflow can be avoided if the program includes sufficient bounds checking to flag or discard data
when too much is sent to a memory buffer.

A buffer overflow can occur inadvertently or when a malicious actor causes it. A threat actor can send
carefully crafted input referred to as arbitrary code to a program. The program attempts to store the
input in a buffer that isn't large enough for the input. If the excess data is then written to the adjacent
memory, it overwrites any data already there.

The original data in the buffer includes the exploited function's return pointer, the address to which the
process should go next. However, the attacker can set new values to point to an address of their
choosing. The attacker usually sets the new values to a location where the exploit payload is positioned.
This change alters the process's execution path and transfers control to the attacker's malicious code.

Video Reference: https://youtu.be/YNkjX2Wqgh0?t=9

B. Discuss the difference between Surface Web, Deep Web, and Dark Web.

Surface web is the portion of the World Wide Web that is readily available to the general public and
searchable with standard web search engines. It is the opposite of the deep web. The section of the
internet that is being indexed by search engines is known as the “Surface Web” or “Visible Web”.

Deep web is part of the World Wide Web whose contents are not indexed by standard web search
engines for any reason. The content of the deep web is hidden behind HTTP forms, and includes many
common uses such as web mail, online banking, and services that users must pay for, and which is
protected by a paywall, such as video on demand, some online magazines and newspapers, and many
more. Content of the deep web can be located and accessed by a direct URL or IP address, and may
require password or other security access past the public website page.

The Dark Web is defined as a layer of information and pages that you can only get access to through so-
called "overlay networks", which run on top of the normal internet and obscure access. You need special
software to access the Dark Web because a lot of it is encrypted, and most of the dark web pages are
hosted anonymously.

Video Reference: https://youtu.be/oL1hLYe45_Q?t=5

C. What is Kali Linux?

Kali Linux is a Linux distribution that is specialized for cybersecurity. It is an open-source operating
system that involves a lot of customization for penetration testing, which helps companies to
understand their vulnerabilities. Kali Linux is based on the Debian Linux distribution, and runs on a wide
spectrum of devices. Its open-source build means that it is free and legal to use in a wide range of
enterprise scenarios.

Kali Linux offers “single root user” design as a way to handle privileges, and users can disable network
services by default. That is helpful for the penetration testing and data forensics that can be used to
determine a company's weak points in a risk mitigation project.

Video Reference: https://youtu.be/psyDZ9ytlwc?t=74

D. Discuss the following Kali Linux Tools:

D.1 Nmap

Nmap is an open-source network scanner that is used to recon/scan networks. It is used to discover
hosts, ports, and services along with their versions over a network. It sends packets to the host and then
analyzes the responses in order to produce the desired results. It could even be used for host discovery,
operating system detection, or scanning for open ports. It is one of the most popular reconnaissance
tools.

Video Reference: https://youtu.be/41SSWXXRwy0

D.2 Wireshark

Wireshark is a network security tool used to analyze or work with data sent over a network. It is used to
analyze the packets transmitted over a network. These packets may have information like the source IP
and the destination IP, the protocol used, the data, and some headers. The packets generally have an
extension of “.pcap” which could be read using the Wireshark tool.

Video Reference: https://youtu.be/uJiAoLcmZzA

D.3 Metasploit Framework and Armitage

Metasploit is an open-source tool that was designed by Rapid7 technologies. It is one of the world’s
most used penetration testing frameworks. It comes packed with a lot of exploits to exploit the
vulnerabilities over a network or operating systems. Metasploit generally works over a local network but
we can use Metasploit for hosts over the internet using “port forwarding “. Basically, Metasploit is a CLI
based tool but it even has a GUI package called “Armitage” which makes the use of Metasploit more
convenient and feasible. Armitage is a scriptable red team collaboration tool for Metasploit that
visualizes targets, recommends exploits, and exposes the advanced post- exploitation features in the
framework.

Video References:

https://youtu.be/5m4KF9XbkzU?t=64

https://youtu.be/JALmoY4LuT8?t=21

D.4 Aircrack-ng

Aircrack-ng is an all in one packet sniffer, WEP and WPA/WPA2 cracker, analyzing tool and a hash
capturing tool. It is a tool used for wifi hacking. It helps in capturing the package and reading the hashes
out of them and even cracking those hashes by various attacks like dictionary attacks. It supports almost
all the latest wireless interfaces.

Video Reference: https://youtu.be/CXvEJlXXMVc

D.5 John the Ripper

John the Ripper is a great tool for cracking passwords using some famous brute for attacks like
dictionary attack or custom wordlist attack etc. It is even used to crack the hashes or passwords for the
zipped or compressed files and even locked files as well. It has many available options to crack hashes or
passwords.
Video Reference: https://youtu.be/dozik7kI73o

D.6 Sqlmap

sqlmap is one of the best tools to perform SQL injection attacks. It just automates the process of testing
a parameter for SQL injection and even automates the process of exploitation of the vulnerable
parameter. It is a great tool as it detects the database on its own so we just have to provide a URL to
check whether the parameter in the URL is vulnerable or not, we could even use the requested file to
check for POST parameters.

Video Reference: https://youtu.be/nVj8MUKkzQk?t=102

D.7 Autopsy

Autopsy is a digital forensics tool that is used to gather information from forensics. Or in other words,
this tool is used to investigate files or logs to learn about what exactly was done with the system. It
could even be used as a recovery software to recover files from a memory card or a pen drive.

Video Reference: https://youtu.be/80xratgObjk?t=58

D.8 Social Engineering Toolkit (SET)

Social Engineering Toolkit is a collection of tools that could be used to perform social engineering
attacks. These tools use and manipulate human behavior for information gathering. it is a great tool to
phish the websites even.

Video Reference: https://youtu.be/FE-FN_QUPWs?t=73

D.9 Lynis

Lynis is a security auditing tool for systems based on UNIX like Linux, macOS, BSD, and others. It
performs an in-depth security scan and runs on the system itself. The primary goal is to test security
defenses and provide tips for further system hardening. It will also scan for general system information,
vulnerable software packages, and possible configuration issues. Lynis was commonly used by system
administrators and auditors to assess the security defenses of their systems.

Video Reference: https://youtu.be/FYnrfkkVKD8

D.10 Burp Suite

Burp Suite is one of the most popular web application security testing software. It is used as a proxy, so
all the requests from the browser with the proxy pass through it. And as the request passes through the
burp suite, it allows us to make changes to those requests as per our need which is good for testing
vulnerabilities like XSS or SQLi or even any vulnerability related to the web.
Kali Linux comes with burp suite community edition which is free but there is a paid edition of this tool
known as burp suite professional which has a lot many functions as compared to burp suite community
edition.

Video Reference: https://youtu.be/_XUQ7etMCT8

E. Explain the "The Cybersecurity Cube [The Three Dimension of Information Security]"

Cybersecurity cube is a tool developed to help manage the protection of networks, domains, and the
Internet. The first dimension of the Cybersecurity Cube is the three principles of information security.
The second dimension identifies the three states of information or data. The third dimension of the cube
identifies the expertise required to provide protection. All three dimensions representing areas that
must be addressed to secure the information system.

The Principles of Security

• The first dimension of the cybersecurity cube identifies the goals to protect the cyber world. The
goals identified in the first dimension are the foundational principles of the cybersecurity world.
• These three principles are confidentiality, integrity and availability.
• The principles provide focus and enable cybersecurity specialists to prioritize actions in
protecting the cyber world.

The States of Data

The cyber world is a world of data; therefore, cybersecurity specialists focus on protecting data. The
second dimension of the cybersecurity cube focuses on the problems of protecting all of the states of
data in the cyber world. Data has three possible states:

1) Data at rest or in storage

2) Data in transit
3) Data in process

Cybersecurity Safeguards

The third dimension of the cybersecurity sorcery cube defines the types of powers used to protect the
cyber world. The sorcery cube identifies the three types of powers:

• Technologies - devices, and products available to protect information systems and fend off
cyber criminals.
• Policies and Practices - procedures, and guidelines that enable the citizens of the cyber world to
stay safe and follow good practices.
• People - Aware and knowledgeable about their world and the dangers that threaten their world.

Video Reference: https://youtu.be/_MGFmaXs6pg

-----------------------------------------------------------------------
LIST of SOURCES

https://www.acunetix.com/websitesecurity/cross-site-scripting/

https://www.contrastsecurity.com/glossary/code-injection

https://www.thesslstore.com/blog/xml-injection-attacks-what-to-know-about-xpath-xquery-xxe-
more/#:~:text=XML%20injection%2C%20sometimes%20called%20XML,an%20XML%20document%20or
%20query.

https://www.imperva.com/learn/application-security/sql-injection-sqli/#

https://guidedhacking.com/threads/dll-injection-methods.14569/

https://www.synopsys.com/glossary/what-is-ldap-injection.html

https://www.techtarget.com/searchsecurity/definition/buffer-overflow

https://www.cisoplatform.com/profiles/blogs/surface-web-deep-web-and-dark-web-are-they-different

https://www.techopedia.com/definition/32588/kali-linux

https://www.geeksforgeeks.org/top-10-kali-linux-tools-for-hacking/

https://github.com/CISOfy/lynis

https://medium.com/it-paragon/the-cybersecurity-cube-cff88638d8e7

https://btu.edu.eg/wp-content/uploads/2020/03/Chapter-2-The-Cybersecurity-Cube.pdf