Question: 1 / 400
What type of attack did Malcolm perform by stealing an employee's credentials using packet sniffers?
Phishing
Authentication hijacking
The scenario describes an attack where an attacker, in this case, Malcolm, steals an employee's credentials using packet sniffers. This technique is fundamentally linked to authentication hijacking.
Authentication hijacking occurs when an attacker gains access to a user's session or credentials, typically through methods like packet sniffing, where sensitive data packets traveling over a network are intercepted. In this context, stealing the credentials allows Malcolm to impersonate the user and gain unauthorized access to systems or data.
The other options present different types of attacks that do not align with the method described in the scenario. Phishing typically involves tricking the user into providing their credentials voluntarily, rather than intercepting them directly. Session fixation involves exploiting a user's session identifier, which is not relevant here since the attack is about stealing credentials, not manipulating a session token. Lastly, cross-site request forgery tricks a user into performing actions without their consent, but it does not involve stealing credentials directly via packet sniffing. Thus, the most accurate characterization of Malcolm's actions is authentication hijacking.
Get further explanation with Examzify DeepDiveBetaSession fixation
Cross-site request forgery