Cyber Security Winter 2022 GTU Paper Solution | 3150714

Here, We provide Cyber Security GTU Paper Solution Winter 2022. Read the Full CS GTU paper solution given below.

Cyber Security GTU Old Paper Winter 2022 [Marks : 70] : Click Here

(a) Describe Reconnaissance and Probe

Reconnaissance and probe are terms commonly used in the context of cybersecurity and network security. They refer to specific activities that are part of the initial phase of assessing the security posture of a system or network. Here’s a description of each term:

  1. Reconnaissance: Reconnaissance, also known as information gathering or intelligence gathering, involves collecting data and information about a target system or network. The purpose of reconnaissance is to gather information that can be used to understand the target’s vulnerabilities, architecture, configuration, and potential weaknesses. It helps an attacker or a security professional assess the potential attack surface and plan subsequent steps accordingly. Reconnaissance techniques can include both passive and active methods. Passive reconnaissance involves gathering information from publicly available sources, such as websites, social media, or public databases. Active reconnaissance involves more direct interaction with the target system or network, such as scanning for open ports, identifying network services, or analyzing network traffic.
  2. Probe: In the context of network security, a probe refers to the act of actively probing or scanning a target system or network to gather specific information about its vulnerabilities or weaknesses. A probe typically involves sending network packets or requests to the target system or network and analyzing the responses received. Probing is often carried out using specialized scanning tools or scripts that automate the process. Probes can be used to identify open ports, detect running services, determine operating system details, or identify potential security vulnerabilities. Probes can be conducted for legitimate purposes, such as network diagnostics and vulnerability assessment, or with malicious intent, such as in the case of a hacker trying to identify weaknesses for exploitation.

(b) Explain Phishing and 3 ways it is done.

(c) Explain Metasploit and Nmap

(a) Describe NAT with example

NAT (Network Address Translation) is a technology used in computer networks to translate IP addresses between different network domains. It allows multiple devices within a private network to share a single public IP address when communicating with devices outside the network. NAT plays a crucial role in conserving IPv4 addresses and providing a level of security by hiding the internal IP addresses of a network.

Here’s an example to illustrate how NAT works:

Consider a small office with a private network that consists of several computers, smartphones, and printers. The office has a single public IP address assigned by the Internet Service Provider (ISP). When devices from the office network want to access the internet, NAT is used to translate their private IP addresses to the public IP address.

  1. Internal Network:
    • Private IP range:
    • Public IP address assigned by ISP:
  2. Scenario:
    • A computer from the office network with the IP address wants to access a website on the internet.
  3. Outgoing Request:
    • The computer sends an outgoing request to the website with the destination IP address
  4. NAT Translation:
    • The NAT device (typically a router) receives the outgoing request and replaces the source IP address with the public IP address assigned by the ISP (
    • It also assigns a unique port number to the outgoing request to maintain the communication session.
  5. Response from Website:
    • The website receives the request and sends a response back to the public IP address ( and the assigned port number.
  6. NAT Reversal:
    • The NAT device receives the response and identifies the corresponding internal device based on the port number.
    • It translates the destination IP address ( back to the private IP address (
    • The response is then forwarded to the requesting computer on the private network.

(b) Differentiate between Stateful and Stateless firewalls.

(c) Explain Injection tools like Tcpdump, Windump and Wireshark

(c) Explain Ettercap and Hping Kismet

(a) Explain Zed Attack Proxy.

Zed Attack Proxy (ZAP) is an open-source, community-driven web application security testing tool developed by OWASP (Open Web Application Security Project). ZAP is designed to help security professionals and developers identify and address security vulnerabilities in web applications. It provides a wide range of features and functionalities to perform various types of security testing and analysis.

Here are some key features and capabilities of ZAP:

  1. Intercepting Proxy: ZAP acts as a proxy server between the client and the web application, allowing the user to intercept and modify HTTP/HTTPS requests and responses. This enables security professionals to inspect and analyze the communication between the client and the web application, identify vulnerabilities, and manipulate data.
  2. Automated Scanning: ZAP offers automated scanning capabilities, allowing users to scan web applications for common vulnerabilities such as cross-site scripting (XSS), SQL injection, insecure direct object references (IDOR), and more. It performs active scanning by sending crafted requests and analyzing the responses for potential vulnerabilities.
  3. Spidering and Crawler: ZAP includes a spidering functionality that crawls the web application, discovering and mapping its structure. It identifies different pages, URLs, and functionality within the application, which helps in thorough testing and coverage. The spidering feature helps in finding hidden or less accessible areas of the application.
  4. Fuzzing: ZAP allows users to perform fuzzing attacks by injecting malicious or unexpected input into parameters and fields of the web application. This helps identify potential vulnerabilities and weaknesses in input validation and sanitization.
  5. Authentication and Session Management: ZAP supports various authentication mechanisms and session management features. It allows users to configure and test authentication workflows, handle session tokens, and simulate user interactions during security testing.
  6. Reporting and Alerting: ZAP provides detailed reports and alerts about the identified vulnerabilities, including the severity level and recommended remediation steps. It generates reports in various formats, making it easier to share the findings with development teams and track the progress of vulnerability mitigation.

(b) Differentiate between John Ripper and HTC-Hydra.

(c) Explain the web vulnerability tools like Nikto and W3af.


(a) Explain Curl, OpenSSL and Stunnel.

Curl, OpenSSL, and Stunnel are tools commonly used in networking and security-related tasks. Here’s an explanation of each tool:

  1. Curl: Curl is a command-line tool used for transferring data to or from a server, supporting various protocols such as HTTP, HTTPS, FTP, FTPS, SCP, SFTP, and more. It is widely used for making HTTP requests, fetching web pages, and interacting with web services from the command line. Curl supports various features, including data transfer, authentication, cookie handling, SSL/TLS encryption, and custom headers. It is highly flexible and allows users to perform a wide range of operations, such as downloading files, submitting form data, testing APIs, and automating tasks. Curl is available for multiple operating systems and is often used in scripting and automation scenarios.
  2. OpenSSL: OpenSSL is an open-source software library that provides cryptographic functions and SSL/TLS protocols for secure communication over networks. It offers a wide range of cryptographic operations, including encryption, decryption, digital signatures, certificate management, and secure key exchange. OpenSSL is widely used for implementing secure communication in various applications, including web servers, email servers, VPNs, and other network services. It supports various protocols such as SSL/TLS, PKI (Public Key Infrastructure), and provides APIs for developers to integrate cryptographic functionalities into their applications. OpenSSL is available as a library and a set of command-line tools, making it versatile for both development and administrative purposes.
  3. Stunnel: Stunnel is an open-source software tool that provides SSL/TLS encryption and authentication for non-secure network protocols. It acts as a secure wrapper or proxy, allowing non-secure network connections to be encrypted and protected. Stunnel creates a secure tunnel between a client and a server, transparently encrypting and decrypting the data passing through it. It can be used to secure various network services such as SMTP, POP3, IMAP, HTTP, and others. Stunnel is often used in scenarios where encryption is required but not natively supported by the underlying network protocol. It provides a simple configuration file to specify the secure connections and certificates to use. Stunnel enhances the security of network communications and is commonly used in environments where secure connections are necessary.

(b) Differentiate between packet filter and firewall.

(c) Explain the network monitoring tool Snort.

(a) Describe attack vector, cyberspace and IT act 2000.

Snort is an open-source network intrusion detection and prevention system (IDS/IPS) tool. It is widely used for real-time network traffic analysis and monitoring, detecting and alerting on suspicious or malicious activity within a network. Snort is highly flexible, customizable, and capable of detecting a wide range of network-based attacks and anomalies.

Here are some key features and capabilities of Snort:

  1. Packet Sniffing: Snort captures and analyzes network traffic by functioning as a packet sniffer. It monitors network interfaces or network segments, capturing packets traversing the network.
  2. Rule-based Detection: Snort uses a rule-based detection mechanism to identify potential security threats or anomalies. It compares network packets against a set of predefined rules or signatures, which define patterns and characteristics of known attacks or suspicious activities. When a packet matches a rule, Snort generates an alert or takes action based on its configuration.
  3. Protocol Analysis: Snort supports a wide range of network protocols and can perform protocol analysis to detect protocol-level anomalies or violations. It can detect protocol-specific attacks or abnormal behaviors, helping in the identification of various types of network-based threats.
  4. Traffic Logging: Snort can log network traffic for later analysis and forensics. It can store packet captures or alert data in various formats, allowing security analysts to review and investigate network incidents.
  5. Flexible Configuration: Snort offers extensive configuration options, allowing users to customize its behavior and adapt it to specific network environments. It allows the creation of custom rules, thresholds, and actions to tailor the detection and response capabilities according to the organization’s needs.
  6. Community Support: Snort has a large and active user community that contributes to its development and provides ongoing support. Users can access a wide range of community-created rules, updates, and resources, enabling collaboration and knowledge sharing.

(b) Explain hacking and its types.

(c) Explain Incident response and digital forensics.


(a) List three contemporary crimes?

Here are three examples of contemporary crimes:

  1. Cybercrime: With the increasing reliance on technology and the widespread use of the internet, cybercrime has become a significant concern. Cybercriminal activities include hacking, identity theft, phishing, ransomware attacks, financial fraud, data breaches, and various forms of online scams. These crimes exploit vulnerabilities in computer systems, networks, and digital platforms to gain unauthorized access, steal sensitive information, disrupt services, or cause financial harm.
  2. Money Laundering: Money laundering involves concealing the origins of illegally obtained money to make it appear legitimate. Criminals use various techniques to launder money, such as creating complex financial transactions, using shell companies, transferring funds through multiple accounts, or investing in assets like real estate or businesses. Money laundering enables criminals to enjoy the proceeds of their illegal activities while obscuring the illicit source of the funds.
  3. Human Trafficking: Human trafficking is a form of modern-day slavery that involves the recruitment, transportation, and exploitation of individuals for forced labor, sexual exploitation, or other forms of exploitation. It is a global criminal enterprise that victimizes millions of people, particularly women and children. Human trafficking networks engage in activities such as recruitment, abduction, coercion, and transportation of victims across national borders, often exploiting vulnerable populations and operating in the shadows of society.

(b) Explain the types of cybercrimes.

(c) Explain DVWA and Web goat

(a) Features of Trojan virus.

A Trojan virus, also known as a Trojan horse, is a type of malware that disguises itself as legitimate software or files to deceive users and gain unauthorized access to their systems. Here are some key features and characteristics of Trojan viruses:

  1. Deception: Trojans often masquerade as legitimate files or software to trick users into downloading or executing them. They may be disguised as harmless files, games, or software updates, making them appear trustworthy and enticing.
  2. Payload Delivery: Trojans carry a payload, which is the malicious component or functionality that is hidden within the seemingly legitimate file or software. The payload can vary widely and may include activities such as data theft, remote access, keystroke logging, botnet creation, or backdoor installation.
  3. Exploitation: Trojans exploit vulnerabilities in the target system’s security to gain unauthorized access or perform malicious activities. They take advantage of weaknesses in operating systems, software, or user behavior to infiltrate and compromise the system.
  4. Backdoor Creation: Many Trojans create a backdoor on the infected system, allowing the attacker to gain remote control or access to the compromised system. This backdoor can be used for unauthorized activities, such as stealing sensitive information, launching further attacks, or using the infected system as part of a botnet.
  5. Persistence: Trojans often employ techniques to ensure their persistence on the infected system, even after system reboots or antivirus scans. They may modify system settings, create registry entries, or install themselves in hidden directories to avoid detection and removal.
  6. Self-Replication: While Trojans do not typically have self-replicating capabilities like viruses, some variants can spread by copying themselves to removable media, network shares, or other connected devices. This allows them to infect other systems and propagate further.
  7. Remote Access and Control: Trojans may provide the attacker with remote access and control over the infected system. This allows the attacker to perform various malicious activities, such as monitoring user activities, stealing sensitive information, executing commands, or launching additional attacks.
  8. Stealth and Evasion: Trojans often employ techniques to evade detection by antivirus software and security mechanisms. They may use rootkit functionalities to hide their presence, employ encryption to obfuscate their malicious code, or use anti-analysis techniques to make it difficult for security analysts to analyze and detect their behavior.

(b) List four functions a backdoor can do to help the attacker.

(c) Explain how SQL Injection attacks can be prevented.


(a) What is Stegnography and list two examples.

Steganography is the practice of concealing messages or information within other non-secret data to hide their existence. It involves embedding the hidden data in such a way that it is not easily detectable by unauthorized individuals. Steganography aims to provide secrecy and confidentiality by ensuring that the hidden information goes unnoticed.

Here are two examples of steganography techniques:

  1. Image Steganography: In this technique, hidden messages or data are embedded within digital images. The technique takes advantage of the fact that digital images contain a vast amount of data and can tolerate minor modifications without significantly affecting their visual appearance. One common method of image steganography is Least Significant Bit (LSB) embedding, where the least significant bit of each pixel in the image is altered to encode the hidden information. This technique allows the hidden data to be imperceptible to the human eye.
  2. Text Steganography: Text steganography involves hiding messages or data within seemingly innocent text files or documents. This can be achieved through various methods, such as modifying the spacing between words, altering the font characteristics, or embedding the hidden data within specific words or characters in the text. The hidden information can be revealed by using a specific decoding technique or a secret key.

Both image steganography and text steganography can be used for covert communication, data exfiltration, or to bypass security measures. They require specialized tools or algorithms to embed and extract the hidden information. Steganography is often used in combination with encryption techniques to enhance the security of the hidden data.

(b) Differentiate between
1. DOS and DDOS attack
2. Keyloggers and Spyware

(c) Explain the tools for attacking wireless Networks.

“Do you have the answer to any of the questions provided on our website? If so, please let us know by providing the question number and your answer in the space provided below. We appreciate your contributions to helping other students succeed.”