7 DROP ORGANIZATION YEARS OF EXCELLENCE RESEARCH PLANNING Ddroporg.in DROP CERTIFIED SECURITY COURSE)> BASIC NETWORKING INTRODUCTION TO NETWORKING IDENTIFYING DEVICES ON A NETWORK PING (ICMP) WHAT IS INTERNET INTERNET PROTOCOL (IP) ADDRESS INTERNET PROTOCOL VERSION 4 INTERNET PROTOCOL VERSION 6 NETWORK ADDRESS TRANSLATION (NAT) MEDIA ACCESS CONTROLLER (MAC) TOTAL NUMBERS OF PROTOCOL } INTRODUCTORY NETWORKING * TRACEROUTE ¢ TRANSMISSION CONTROLLER PROTOCOL (TCP) MODEL * PACKETS INTERNET GROPERS (PING) * OPEN SYSTEM INTERCONNECTION (OSI) MODEL * WHOIS LOOKUP * CONFIDENTIALITY INTEGRITY AVAILABILITY (CIA) MODEL * INTERNET SERVICE PROVIDER (ISP) LOCATION TRACKING ) WEB FUNDAMENTALS INTRODUCTION & OBJECTIVES (HTTPS) FINDING THE SERVER REQUEST RESPONCE WHAT IS COOKIES COOKIES STEALING COOKIES TRACKING WHAT IS SESSION HIJACKING _«»,_> INTERNET * SURFACE WEB * DEEP WEB * DARK WEB * WORLD WIDE WEB ¢ HOW INTERNET WORKS ° HOST ) FIREWALL & HONEYPOT WHAT IS FIREWALL INTRUSION DETECTION SYSTEM (IDS) INTRUSION PREVENTION SYSTEM (IPS) WHAT IS HONEYPOT HONEYPOT SETUP NETWORK SECURITY DETECTION ATTACK PENTBOX 1.8 © MAIL DNS SERVER ° WEB ) FUNDAMENTAL OF LINUX WHAT IS LINUX TYPES OF LINUX OPEATING SYSTEM LINUX SETUP KALI LINUX PARROT SECURITY OPERATING SYSTEM BACKBOX LINUX LINUX SOFTWARES LINUX COMMANDS LINUX TRICKS} FOOTPRINTING & INFORMATION GATHERING * ACTIVE FOOTPRINTING * PASSIVE FOOTPRINTING * WHOIS LOOKUP * WAPPALYZER * PING * EVASDROPPING * WAYBACK MECHINE * SHODAN * SUBDOMAIN ENUMERATION * TRACERT * CMS ENUMERATION ¢ MIRRORING WEBSITE * HTTRACK ° E-MAIL TRACKING }> GOOGLE DORK GOOGLE HACKED DATABASE (GHDB) INTITLE: ALLIGNTEXT: INURL: INFO: SITE: FILETYPE: LINK: CACHE: HOW TO USE GOOGLE DORK DATABASE MANAGEMENT. PROGRAMME a»,) SCANNING NETWORKS * PORT SCANNING * NETWORK SCANNING * NMAP SCANNER ¢ VERSION SCANNING * AGGRESSIVE SCANNING *° OPERATING SYSTEM SCANNING * VERBOSITY SCANNING * NMAP TIMING TEMPLATE TO LEVEL 5 > VULNERABILITY SCANNING * NIKTO WEB SERVER SCANNER * WPSCAN * NMAP SECURITY SCANNER * VEGA VULNERABILITY SCANNER * ACUNETIX WEB VULNERABILITY SCANNER * OWASP ZED SCANNER * BURP SUITE SCANNER > WEBSITE HACKING CROSS-SITE SCRIPTING (XSS) COMMAND INJECTION SERVER-SIDE REQUEST FORGERY (SSRF) BRUTE FORCE CLICKJACKING SQL INJECTION CROSS SITE REQUEST FORGERY (CSRF)) SYSTEM HACKING REMOTE ACCESS TROJAN (RAT) BYPASS WINDOWS LOGIN PASSWORD COOKIE STEALING ATTACK RECOVER ZIP FILES, PDF KEYLOGGER SYSTEM HACKING FILE EXTENSION SPOOFER USB TO SYSTEM HACKING VIRUS CREATING SILENT EXPLOIT WINDOWS DEFENDER BYPASS ) ANDROID HACKING * REMOTE ACCESS TROJAN (RAT) * ANDROID HACKING KEYLOGGER ¢ NETWORK SCANNING * INSTALL AND SETUP GOOGLE CLOUD SHELL * INSTALL SCRIPT AND TOOLS * GITHUB TOOLS ¢ HACKING COMMAND } HACKING WIRELESS NETWORKS ¢ WHAT IS WPS ¢ WIFI HACKING * WIFI NETCUT | NETWORK HACKING * WIFI JAMMING | WIFI DOSS * WIFI HACKING | WIFI PHISHING> IMAGE FORENSIC * DIGITAL FORENSIC IMAGING IS DEFINED AS THE PROCESSES AND TOOLS USED IN COPYING A PHYSICAL STORAGE DEVICE FOR CONDUCTING INVESTIGATIONS AND GATHERING EVIDENCE.THE IMAGE IS AN IDENTICAL COPY OF ALL THE DRIVE STRUCTURES AND CONTENTS. }> PROOF OF CONCEPT (POC) * PROOF OF CONCEPT * PIECE OF CODE > WEB PENETRATION TESTING * FIREWALL * USE HTTPS ¢ UP-TO-DATE } SERVER SIDE REQUEST FORGERY (SSRF) * BASIC SSRF AGAINST THE LOCAL SERVER * BASIC SSRF AGAINST ANOTHER BACK-END SYSTEM * SSRF WITH BLACKLIST-BASED INPUT FILTER * SSRF WITH WHITELIST-BASED INPUT FILTER * BYPASSING SSRF FILTERS VIA OPEN REDIRECTION _«#»«d)) BUSINESS LOGIC VULNERABILITIES * PRICE TEMPERING VULNERABILITY ¢ EXCESSIVE TRUST IN CLIENT-SIDE CONTROLS ¢ HIGH-LEVEL LOGIC VULNERABILITY } BRUTE FORCE ATTACK * CRYPTOGRAPHY ¢ DICTIONARY ATTACK * NUMERIC ATTACK * COMBINATION ATTACK } CROSS SITE SCRIPTING (XSS) « HOW DOES XSS WORK * XSS PROOF OF CONCEPT * XSS ATTACKS * REFLECTED CROSS-SITE SCRIPTING * STORED CROSS-SITE SCRIPTING * DOM-BASED CROSS-SITE SCRIPTING * INSECURE DIRECT OBJECT REFERENCE (IDOR) ) FULL PATH DISCLOSURE (FPD) * DIRSEARCH : DIRECTORY SEARCH * DIRBUSTER : DIRECTORY SEARCH ¢ DIRB: WEB FUZZER il>) FTP EXPLOIT REVERSE SHELL * VSFTPD V2.3.4 BACKDOOR COMMAND EXECUTION © FTP EXPLOIT METASPLOIT * MSF > USE EXPLOIT/UNIX/FTP/VSFTPD_234_BACKDOOR * MSF EXPLOIT(VSFTPD_234_ BACKDOOR) > SHOW TARGETS * MSF EXPLOIT(VSFTPD_234_BACKDOOR) > SET TARGET < TARGET-ID > * MSF EXPLOIT(VSFTPD_234_BACKDOOR) > SHOW OPTIONS * MSF EXPLOIT(VSFTPD_234_BACKDOOR) > * EXPLOIT )} OS COMMAND INJECTION ¢ WAYS OF INJECTING OS COMMANDS * PURPOSE OF COMMAND * NAME OF CURRENT USER * OPERATING SYSTEM * NETWORK CONFIGURATION * NETWORK CONNECTIONS ¢ RUNNING PROCESSES } CLICKJACKING BUG « INTERFACE-BASED ATTACK ¢ HIDDEN UI IN CONTROL * USER INTERFACE (UI) REDRESSING _«»«,) HTTP TO HTTPS * SECURE SOCKETS LAYER (SSL) * HYPER TEXT TRANSFER PROTOCOL (HTTP) * HYPER TEXT TRANSFER PROTOCOL SECURED (HTTPS) * TRANSPORT LAYER SECURITY (TLS) * INSECURED CONNECTION * SECURED CONNECTION } WORDPRESS WEB APPLICATION FIREWALL (WAP) *¢ FIREWALL SECURITY SETUP * CLOUD-BASED WAF *¢ MITIGATION OF EVOLVING THREATS ) BOTNET | SYSTEM HACKING * HOW BOTNET WORKS ¢ DISTRIBUTED DENIAL-OF-SERVICE (DDOS) ATTACK ¢ STEAL DATA * COMMAND AND CONTROL (C&C) ° MALICIOUS CONNOTATION > VIRTUAL PRIVATE NETWORK (VPN) e ENCRYPTION OF YOUR IP ADDRESS * ENCRYPTION OF PROTOCOLS * TWO-FACTOR AUTHENTICATION _«#~) ANONYMOUS IDENTITY * TOR BROWSER ¢ THE TOR PROJECT * DEFEND YOURSELF * HOW WORKS TOR BROWSER > WEB REAL TIME COMMUNICATION (RTC) * ANONYMOUS IDENTITY (RTC) * BROWSERS : CHROME, OPERA, EDGE, FIREFOX ETC > IDENTIFY SYSTEMS * BROWSER FINGERPRINTING * USER AGENT BROWSER * HIDDEN IDENTITY * DATA ¢ INFORMATION © CONNECT *¢ ALERT } LOCATION TRACKING e IPLOGGER * CANARYTOKENS * GRABIFY ° FIND MY DEVICEOUR DELIVERY PARTNERS a OF a ekart 'So"— LOGISTICS —— €& a‘PAYMENT MODE ° ONE SHOT PAYMENT ° NO INTEREST EMI (T&C) e PAYMENT PROCESSING PARTNER INSCAMO) CARD, WALLETS, UPI & NETBANKING visa GD LRA» RuPay»p aeCERTIFICATION GOODS & SERVICE TAX (GST) NO. 19EXQPB7929Q1ZB SIC are sik Sar Hx aa GOODS AND SERVICES TAX COUNCIL INTERNATIONAL STANDARD ORGANIZATION (ISO) NO. - 76B30BCO UKACLVISIT US FOG 1ST OFFICE: SHANKARPUR MORE, NEAR ELECTRIC OFFICE, UKHRA, WEST BENGAL 713363CONTACT US (OHOOG | OFFICIAL WEBSITE WWW.DROP.ORG.IN OFFICIAL YOUTUBE CHANNEL DROP ORGANIZATION OFFICIAL INSTAGRAM DROPORGIN OFFICIAL TELEGRAM DROP ORGANIZATION OFFICIAL LINKEDIN DROP ORGANIZATION OFFICIAL TWITTER @DROP_ORG +91 8918100300 +91 7477466951 DROPORGANIZATION@GMAIL.COM io