cyber security discussion question and need the explanation and answer to help me learn.
Hello classmates and Professor,
Describe how an attacker could use a sniffer in conjunction with a Trojan to successfully gain access to sensitive data:
A Trojan is a type of Malware that will be embedded on to a victim’s computer and this can happen by presenting itself as something legitimate such as downloads from supposed trusted sites, emails, and others. A sniffer is an application or device that will track network traffic in order to gain important information on suspected victims. “A sniffer can give an attacker access to a large amount of information, including email passwords, web passwords, File Transfer Protocol (FTP) credentials, email contents, and transferred files” (Oriyano, 2018). Keeping this small amount of information provided in mind on Trojan and sniffers one could see how an attacker could use both to construct an attack. For example, when using a sniffer an attacker could gain information on several networks/computers to be able to deploy a Trojan. This can be through emails, form of file transfer, and others and wants this has happened the Trojan will be embedded on the computer while stealing information, monitoring traffic, and others.
Describe how the attacker could use the Flaw Hypothesis Methodology to potentially gain a foothold:
When it comes to the Flaw Hypothesis Methodology it “was developed at System Development Corporation and provides a framework for penetration studies” (ClemsonUniversity, 2023). The five steps are: Information gathering, Flaw hypothesis, Flaw testing, Flaw generalization, and Flaw elimination. These steps will help in gathering specific but important information on how to best attack a victim. Starting with the system and how it functions then using that information for any vulnerabilities, moving on to verify the information/vulnerabilities and lastly, fully exploit the vulnerability. Using these steps can give an attack a way to go about exploiting vulnerabilities and meeting the attackers goals.
ClemsonUniversity. (2023). Penetration Studies. https://www.cs.clemson.edu/course/cpsc420/material/Security%20Practice/Vulnerability%20Analysis/ Penetration%20Studies.pdf
Oriyano, S. (2018). Hacker Techniques, Tools, and Incident Handling (3rd ed.). Jones & Bartlett Learning. https://online.vitalsource.com/books/9781284172645
Requirements: 150 words up