This phase having the hacker uses different techniques and tools to realize maximum data from the system.
they're -
* Password cracking - Methods like Bruteforce, dictionary attack, rule-based attack, rainbow table are used.
Bruteforce is trying all combinations of the password. Dictionary attack is trying an inventory of meaningful words until the password matches. Rainbow table takes the hash value of the password and compares with pre- computed hash values until a match is discovered.
* Password attacks - Passive attacks like wire sniffing, replay attack. Active online attack like Trojans, keyloggers, hash injection, phishing. Offline attacks like pre-computed hash, distributed network and rainbow. Non electronic attack like shoulder surfing, social engineering and dumpster diving.

Encrypting all sensitive data stored on the device is the best measure to ensure the security of this data, because it protects the data from unauthorized access or disclosure, even if the device is lost, stolen, or compromised. Encryption is a process of transforming data into an unreadable format using a secret key or algorithm. Only authorized parties who have the correct key or algorithm can decrypt and access the data.
Encryption can be applied to data at rest, such as files or databases, or data in transit, such as network traffic or messages. Encryption can prevent attackers from stealing or tampering with the customer data stored on the device, such as credit card details and PINs, which can cause financial or identity fraud.
The other options are not as effective or sufficient as encryption for securing the customer data stored on the device. Implementing biometric authentication for app access may provide an additional layer of security, but it does not protect the data from being accessed by other means, such as malware, physical access, or backup extraction. Enabling GPS tracking for all devices using the app may help locate the device in case of loss or theft, but it does not prevent the data from being accessed by unauthorized parties, and it may also pose privacy risks. Regularly updating the app to the latest version may help fix bugs or vulnerabilities, but it does not guarantee the security of the data, especially if the app does not use encryption or other security features.
References:
Securely Storing Data | Security.org
Data Storage Security: 5 Best Practices to Secure Your Data
M9: Insecure Data Storage | OWASP Foundation

The attack scenario is best described as Instant Messenger Applications, and the measure that could have prevented it is verifying the sender's identity before opening any files. Instant Messenger Applications are communication tools that allow users to exchange text, voice, video, and file messages in real time. However, they can also be used as attack vectors for spreading malware, such as viruses, worms, or Trojans, by exploiting the trust and familiarity between the users. In this scenario, the attacker compromised one of the team member's messenger account and used it to send malicious files to the other team members, who may have opened them without suspicion, thus infecting their systems. This type of attack is also known as an instant messaging worm12.
To prevent this type of attack, the users should verify the sender's identity before opening any files sent through instant messenger applications. This can be done by checking the sender's profile, asking for confirmation, or using a secure channel. Additionally, the users should also follow other security tips, such as using strong passwords, updating the application software, scanning the files with antivirus software, and reporting any suspicious activity34.
References:
* 1: Instant Messaging Worm - Techopedia
* 2: Cybersecurity's Silent Foe: A Comprehensive Guide to Computer Worms | Silent Quadrant
* 3: Instant Messenger Hacks: 10 Security Tips to Protect Yourself - MUO
* 4: Increased phishing attacks on instant messaging platforms: how to prevent them | Think Digital Partners

A counter-based authentication system is based on the HOTP (HMAC-Based One-Time Password) algorithm.
It uses a shared secret and a moving counter to generate a one-time password (OTP). Each time the counter is incremented, a new OTP is generated and encrypted using the secret key.
Reference - CEH v13 Official Study Guide:
Module 5: System Hacking
Quote:
"HOTP generates a one-time password using a counter value and a secret key. This is a form of two-factor authentication, and the passwords are encrypted." Incorrect Options Explained:
A & B. These describe biometric systems, not counter-based OTPs.
D). Virtual passwords from passphrases are not counter-based systems.

From CEH v13 Module 03: Scanning Networks, OS fingerprinting with Nmap (using the -O option) requires privileged access to craft raw packets (especially SYN, ACK, and ICMP). On Unix/Linux systems:
Root privileges are mandatory to perform TCP/IP stack fingerprinting.
If Nmap is run as a normal user, it fails to initiate OS scanning and exits with a message like "QUITTING!".
So, in this case, the scan fails because the shell opened does not have elevated (root) privileges.
Reference:
CEH v13 Module 03 - OS Fingerprinting Techniques using Nmap
Nmap Man Page: https://nmap.org/book/man-os-detection.html