Certified Ethical Hacker (CEH v13) — Question 23

Joel, a professional hacker, targeted a company and identified the types of websites frequently visited by its employees. Using this information, he searched for possible loopholes in these websites and injected a malicious script that can redirect users from the web page and download malware onto a victim's machine. Joel waits for the victim to access the infected web application so as to compromise the victim's machine.
Which of the following techniques is used by Joel in the above scenario?

Answer options

• A. Watering hole attack
• B. DNS rebinding attack
• C. MarioNet attack
• D. Clickjacking attack

Correct answer: A

Explanation

Joel is employing a Watering hole attack, which involves compromising a website that is frequently visited by a particular group to target its users. The other options do not fit this scenario; a DNS rebinding attack involves manipulating DNS responses to gain access to local resources, a MarioNet attack is not a recognized technique, and clickjacking is about tricking users into clicking on something different from what they perceive.