IMT-94: Network Security Threats Attacks and Loopholes-2014
IMT-94: Network Security Threats Attacks and Loopholes-2014
ASSIGNMENT - 1
1. What is social engineering? Describe different types of social engineering attacks.
2. Give ideas of social engineering attacks that could possibly be implemented on people around you.
3. What is the difference between intimidation and impersonation?
4. Describe the various types of password cracking attacks.
5. Give three examples of weak passwords.
6. Give three examples of strong passwords.
7. How can an attacker crack a UNIX password?
8. How can an attacker crack a WINDOWS password?
9. How can an attacker crack a Screen Saver password?
10. What are default passwords? Why are they enabled in applications by software developers?
ASSIGNMENT - 2
1. Describe the functions, structure and uses of the various layers of TCP/IP.
2. What is the use of checksum on the Internet?
3. What is the use of sequencing on the Internet?
4. How can an attacker carry out IP spoofing?
5. What are the four biggest challenges associated with IP spoofing?
6. What are the advantages of proxy bouncing compared with proxy servers? How can you carry out proxy bouncing?
7. What are trust relationships? Are they more secure than username-password authentication?
8. What are the three steps of connection establishment and connection termination respectively?
9. Describe the functions of the following data packets: ACK, SYN, FIN, URG and PSH.
10. What role do DOS attacks play in IP spoofing?
ASSIGNMENT - 3
1. Download the file named ankitfadia.zip from the course mailing list and crack its password. (Kindly submit the cracked password as your answer).
2. Imagine that you are a social engineer and you wish to find out the bank account number of Mr A. You decide to call the call centre of the bank and carry out a social engineering attack. How would you do it? Kindly do not actually carry out such an attack, simply submit conversation records/logs of a social engineering attack.
IMT-95: Security Solutions-2014
IMT-95: Security Solutions-2014
Assignment – A
1. What are the two types of fabrication?
2. What is the difference between Secret Key Cryptography (SKC) and Public Key Cryptography (PKC)
3. Define the different types of IDS.
4. What is preprocessing in IDS?
5. What is Heuristics in IDS terminology9
6. Define the primary components for the multitier IDS architecture.
7. Define the various sensor deployment patterns in detail.
8. What is a spanning port?
9. What are ephemeral port numbers?
10. Define fragmentation and path MTU discovery.
Assignment – B
1. What are the advantages of using HIDS?
2. Differentiate between source address spoofing (inbound traffic) and source address spoofing (outbound traffic).
3. What are the different types of IDS architectures?
4. Discuss the advantages and disadvantages of using an IDS agent.
5. How can network-based IDS be implemented in a heavily switched environment? Discuss the various options available.
IMT-96: Software Hacking-2014
IMT-96: Software Hacking-2014
IMT-96: Software Hacking
Q1: You are a developer at a reputed Internet Security company, your company is about to launch a product in Internet Safety for home users. Design a custom protection scheme that you prefer to be the best way to track piracy at the same time you have to keep your software customer friendly.
Q2: What are EFLAGS? Give examples. Which EFLAG is of the most use and has priority in assembly analysis of programs in a debugger?
Q3: How is a DWORD data type different from the BYTE data type in assembly programming?
Q4: In context to Virtual Memory Management, out of the 3 states of a process's virtual address, in which state is the page access, protected by memory protection option? And which API call is used to specify memory access permissions?
Q5: Explain the working of SoftlCE. Decompilers are not reliable. Why?
Q6: While crackers are breaking time-based protections, what APIs they mostly look for in the program disassembly? And what are the preferred
Countermeasures for it?
Q7: Among UPX, ASPACK and MoleBox (all in their latest versions), which one would you choose to pack your programs and its dependants (DLLs, OCXs etc.) and why?
Q8. A binary program has 50 45 00 00 in the signature field. Determine whether it's a PE,NE, LE or LX file. Mention reason.
Q9: What are descriptors, in context to Symbian mobile OS? How are they useful in mobile application reversing?
IMT-94: Network Security Threats Attacks and Loopholes-2014
ASSIGNMENT - 1
1. What is social engineering? Describe different types of social engineering attacks.
2. Give ideas of social engineering attacks that could possibly be implemented on people around you.
3. What is the difference between intimidation and impersonation?
4. Describe the various types of password cracking attacks.
5. Give three examples of weak passwords.
6. Give three examples of strong passwords.
7. How can an attacker crack a UNIX password?
8. How can an attacker crack a WINDOWS password?
9. How can an attacker crack a Screen Saver password?
10. What are default passwords? Why are they enabled in applications by software developers?
ASSIGNMENT - 2
1. Describe the functions, structure and uses of the various layers of TCP/IP.
2. What is the use of checksum on the Internet?
3. What is the use of sequencing on the Internet?
4. How can an attacker carry out IP spoofing?
5. What are the four biggest challenges associated with IP spoofing?
6. What are the advantages of proxy bouncing compared with proxy servers? How can you carry out proxy bouncing?
7. What are trust relationships? Are they more secure than username-password authentication?
8. What are the three steps of connection establishment and connection termination respectively?
9. Describe the functions of the following data packets: ACK, SYN, FIN, URG and PSH.
10. What role do DOS attacks play in IP spoofing?
ASSIGNMENT - 3
1. Download the file named ankitfadia.zip from the course mailing list and crack its password. (Kindly submit the cracked password as your answer).
2. Imagine that you are a social engineer and you wish to find out the bank account number of Mr A. You decide to call the call centre of the bank and carry out a social engineering attack. How would you do it? Kindly do not actually carry out such an attack, simply submit conversation records/logs of a social engineering attack.
IMT-95: Security Solutions-2014
IMT-95: Security Solutions-2014
Assignment – A
1. What are the two types of fabrication?
2. What is the difference between Secret Key Cryptography (SKC) and Public Key Cryptography (PKC)
3. Define the different types of IDS.
4. What is preprocessing in IDS?
5. What is Heuristics in IDS terminology9
6. Define the primary components for the multitier IDS architecture.
7. Define the various sensor deployment patterns in detail.
8. What is a spanning port?
9. What are ephemeral port numbers?
10. Define fragmentation and path MTU discovery.
Assignment – B
1. What are the advantages of using HIDS?
2. Differentiate between source address spoofing (inbound traffic) and source address spoofing (outbound traffic).
3. What are the different types of IDS architectures?
4. Discuss the advantages and disadvantages of using an IDS agent.
5. How can network-based IDS be implemented in a heavily switched environment? Discuss the various options available.
IMT-96: Software Hacking-2014
IMT-96: Software Hacking-2014
IMT-96: Software Hacking
Q1: You are a developer at a reputed Internet Security company, your company is about to launch a product in Internet Safety for home users. Design a custom protection scheme that you prefer to be the best way to track piracy at the same time you have to keep your software customer friendly.
Q2: What are EFLAGS? Give examples. Which EFLAG is of the most use and has priority in assembly analysis of programs in a debugger?
Q3: How is a DWORD data type different from the BYTE data type in assembly programming?
Q4: In context to Virtual Memory Management, out of the 3 states of a process's virtual address, in which state is the page access, protected by memory protection option? And which API call is used to specify memory access permissions?
Q5: Explain the working of SoftlCE. Decompilers are not reliable. Why?
Q6: While crackers are breaking time-based protections, what APIs they mostly look for in the program disassembly? And what are the preferred
Countermeasures for it?
Q7: Among UPX, ASPACK and MoleBox (all in their latest versions), which one would you choose to pack your programs and its dependants (DLLs, OCXs etc.) and why?
Q8. A binary program has 50 45 00 00 in the signature field. Determine whether it's a PE,NE, LE or LX file. Mention reason.
Q9: What are descriptors, in context to Symbian mobile OS? How are they useful in mobile application reversing?
No comments:
Post a Comment