package com.SyP.learnethicalhacking.Utils;

import com.SyP.learnethicalhacking.Model.ChapterIndexModel;
import com.SyP.learnethicalhacking.Model.ExplanationPartModel;
import com.SyP.learnethicalhacking.Model.PointWiseModel;
import java.util.ArrayList;
import java.util.List;

/* loaded from: classes.dex */
public class CourseUtils {
    public static String dotPoint = "•";
    public static String newLine = "<br>";

    public static String bigText(String str) {
        return "<big>" + str + "</big>";
    }

    public static List<ChapterIndexModel> getChapterList() {
        ArrayList arrayList = new ArrayList();
        arrayList.add(new ChapterIndexModel("Introduction to Ethical Hacking", getTopicList(1)));
        arrayList.add(new ChapterIndexModel("Footprinting and Reconnaissance", getTopicList(2)));
        arrayList.add(new ChapterIndexModel("Scanning Networks", getTopicList(3)));
        arrayList.add(new ChapterIndexModel("Enumeration", getTopicList(4)));
        arrayList.add(new ChapterIndexModel("Vulnerability Assessment", getTopicList(5)));
        arrayList.add(new ChapterIndexModel("System Hacking", getTopicList(6)));
        arrayList.add(new ChapterIndexModel("Malware Threats", getTopicList(7)));
        arrayList.add(new ChapterIndexModel("Sniffing", getTopicList(8)));
        arrayList.add(new ChapterIndexModel("Social Engineering", getTopicList(9)));
        arrayList.add(new ChapterIndexModel("Denial-of-Service", getTopicList(10)));
        arrayList.add(new ChapterIndexModel("Session Hijacking", getTopicList(11)));
        arrayList.add(new ChapterIndexModel("Hacking Web server", getTopicList(12)));
        arrayList.add(new ChapterIndexModel("Hacking Web Applications", getTopicList(13)));
        arrayList.add(new ChapterIndexModel("SQL Injections", getTopicList(14)));
        arrayList.add(new ChapterIndexModel("Cloud Computing", getTopicList(15)));
        arrayList.add(new ChapterIndexModel("Hacking Mobile Platforms", getTopicList(16)));
        arrayList.add(new ChapterIndexModel("Cryptography", getTopicList(17)));
        arrayList.add(new ChapterIndexModel("Hacking Wireless Networks", getTopicList(18)));
        arrayList.add(new ChapterIndexModel("Evading IDS,Firewalls and Honeypots", getTopicList(19)));
        arrayList.add(new ChapterIndexModel("IoT hacking", getTopicList(20)));
        return arrayList;
    }

    /* JADX WARN: Can't fix incorrect switch cases order, some code will duplicate */
    /* JADX WARN: Code restructure failed: missing block: B:103:0x0977, code lost:
    
        return r0;
     */
    /*
        Code decompiled incorrectly, please refer to instructions dump.
        To view partially-correct add '--show-bad-code' argument
    */
    public static java.util.ArrayList<com.SyP.learnethicalhacking.Model.ExplanationPartModel> getExplanationParagraph(int r1) {
        /*
            Method dump skipped, instructions count: 2628
            To view this dump add '--comments-level debug' option
        */
        throw new UnsupportedOperationException("Method not decompiled: com.SyP.learnethicalhacking.Utils.CourseUtils.getExplanationParagraph(int):java.util.ArrayList");
    }

    /* JADX WARN: Can't fix incorrect switch cases order, some code will duplicate */
    /* JADX WARN: Code restructure failed: missing block: B:23:0x065e, code lost:
    
        return r0;
     */
    /*
        Code decompiled incorrectly, please refer to instructions dump.
        To view partially-correct add '--show-bad-code' argument
    */
    private static java.util.List<com.SyP.learnethicalhacking.Model.TopicModel> getTopicList(int r5) {
        /*
            Method dump skipped, instructions count: 1676
            To view this dump add '--comments-level debug' option
        */
        throw new UnsupportedOperationException("Method not decompiled: com.SyP.learnethicalhacking.Utils.CourseUtils.getTopicList(int):java.util.List");
    }

    public static String highlightText(String str) {
        return "<font color='#FFFFFF'><b>" + str + "</b></font>";
    }

    public static String highlightTextGreen(String str) {
        return "<font color='#95CF46'><b>" + str + "</b></font>";
    }

    public static String highlightTextPurple(String str) {
        return "<font color='#A654FF'><b>" + str + "</b></font>";
    }

    private static ExplanationPartModel s100_1() {
        return new ExplanationPartModel("Tools :- Wireshark,Nmap,Fiddler", new String[]{bigText(highlightTextPurple("1. Wireshark")) + newLine + " - A powerful tool for capturing and analyzing network traffic in real-time." + newLine + " - Useful for network diagnostics, it allows penetration testers to inspect data packets and detect potential threats." + newLine + highlightText("Benefits ") + newLine + space(3) + " - Runs on multiple operating systems." + newLine + space(3) + " - Detects traffic issues." + newLine + space(3) + " - Decodes data shared by others." + newLine + newLine + bigText(highlightTextPurple("2. Nmap")) + newLine + " - A popular open-source tool for network discovery and vulnerability scanning." + newLine + " - Used by network admins and ethical hackers to discover hosts, open ports, and detect security weaknesses." + newLine + highlightText("Benefits") + newLine + space(3) + " - Identifies connected hosts." + newLine + space(3) + " - Scans for open ports." + newLine + space(3) + " - Finds vulnerabilities." + newLine + newLine + bigText(highlightTextPurple("3. Fiddler")) + newLine + " - A web traffic tracing tool that works as a proxy to intercept and modify data between devices and the internet." + newLine + " - It’s a valuable tool for penetration testers to assess web applications." + newLine + highlightText("Benefits ") + newLine + space(3) + " - Compatible with all HTTP clients." + newLine + space(3) + " - Ideal for testing and analyzing websites."});
    }

    private static ExplanationPartModel s100_2() {
        return new ExplanationPartModel("Tools :- Metasploit,Maltego", new String[]{bigText(highlightTextPurple("4. Metasploit")) + newLine + " - An open-source framework for penetration testing that helps identify vulnerabilities and perform remote exploits." + newLine + " - It automates many tasks for penetration testers, streamlining the testing process." + newLine + highlightText("Benefits ") + newLine + space(3) + " - Compatible with most operating systems." + newLine + space(3) + " - Free and easy to use." + newLine + space(3) + " - Supports extensive network penetration testing." + newLine + newLine + bigText(highlightTextPurple("5. Maltego")) + newLine + " - A data mining tool used for gathering information and mapping out relationships between various data points for investigative tasks." + newLine + " - It’s useful for penetration testers to analyze domains, DNS, websites, and more." + newLine + highlightText("Benefits ") + newLine + space(3) + " - Presents data in an easy-to-read format." + newLine + space(3) + " - Extracts information from a variety of online sources."});
    }

    private static ExplanationPartModel s10_1() {
        return new ExplanationPartModel("Define of Active Footprinting", new String[]{"Active Footprinting refers to the process of directly interacting with a target system or network to gather information. Unlike passive footprinting, which relies on publicly available data, active footprinting involves sending queries, probes, or scans to the target systems. This interaction helps ethical hackers gather more detailed information but also carries a higher risk of detection. Active footprinting is typically used after passive techniques to further refine the intelligence collected."});
    }

    private static ExplanationPartModel s10_2() {
        return new ExplanationPartModel("Direct Interaction with Target Systems", new String[]{"Ethical hackers directly engage with the target system by sending network requests or probes. These techniques help identify key information such as the operating system, open ports, services running on the target, and network configurations.", newLine + newLine + bigText(highlightTextPurple("Pinging:")), newLine + "- Ping is a basic network diagnostic tool used to check the availability of a system. By sending an Internet Control Message Protocol (ICMP) Echo Request, an ethical hacker can determine if a target system is online and reachable.", newLine + newLine + highlightText(" Purpose :- ") + "Ping helps identify live systems, providing insights into which IP addresses are active. It can also reveal potential firewalls or filtering devices that may block ICMP traffic.", newLine + newLine + bigText(highlightTextPurple("Port Scanning")), newLine + "- Port Scanning is the process of scanning a range of ports on a target system to identify open ports and services that are accessible.", newLine + newLine + highlightText("Tools :- ") + "Tools like Nmap and Zenmap are commonly used to perform port scanning.", newLine + newLine + highlightText("Purpose :- ") + "Open ports often indicate which services are running on the system (e.g., HTTP on port 80, SSH on port 22), revealing potential entry points for further attacks.", newLine + newLine + bigText(highlightTextPurple("Advantages")), newLine + "- Provides detailed information about the live systems and services operating on a network.", newLine + "- Helps identify attack vectors based on open ports and running services.", newLine + newLine + bigText(highlightTextPurple("Disadvantages")), newLine + "- Active footprinting techniques like pinging and port scanning can trigger alerts or be blocked by firewalls or intrusion detection systems (IDS). "});
    }

    private static ExplanationPartModel s10_3() {
        return new ExplanationPartModel("IP Address Scanning", new String[]{"IP Address Scanning is a technique used to identify the IP addresses in use within a target network or organization. It involves scanning an entire IP range to discover which devices or systems are active.", newLine + newLine + bigText(highlightTextPurple("Key Methods")), newLine + newLine + highlightText(" Ping Sweep  ") + newLine + "- A Ping Sweep involves sending ICMP Echo Requests to a range of IP addresses. The responses received indicate which IP addresses are active.", newLine + newLine + highlightText(" Nmap  ") + newLine + "- Using Nmap, ethical hackers can scan specific IP ranges and determine which hosts are up and which ports are open. ", newLine + newLine + highlightText(" Subnet Scanning  ") + newLine + "- Scanning a subnet allows ethical hackers to gather information about systems connected to a specific network, especially in large enterprise environments. ", newLine + newLine + bigText(highlightTextPurple("Purpose")), newLine + "- By scanning IP ranges, ethical hackers can map the network's layout, identify live systems, and assess the exposure of devices across the network.", newLine + newLine + bigText(highlightTextPurple("Advantages")), newLine + "- Efficient method for identifying live systems and network segmentation.", newLine + "- Helps understand the size and scope of the target network.", newLine + newLine + bigText(highlightTextPurple("Disadvantages")), newLine + "- Like port scanning, IP address scanning can be easily detected by intrusion detection/prevention systems.", newLine + "- Scanning large IP ranges can generate a significant amount of traffic, raising suspicion."});
    }

    private static ExplanationPartModel s10_4() {
        return new ExplanationPartModel("Banner Grabbing", new String[]{"Banner Grabbing is the process of extracting information from the banners returned by network services. A \"banner\" is a text message that a service or server sends to a client upon connection, often revealing details about the software, version number, and sometimes even the operating system.", newLine + newLine + bigText(highlightTextPurple("Techniques for Banner Grabbing")), newLine + newLine + highlightText("Telnet or Netcat  ") + newLine + "- By connecting to an open port (such as port 80 for HTTP or port 22 for SSH), banner grabbing can be performed using tools like Telnet or Netcat to read the response from the service.", newLine + newLine + highlightText("Nmap  ") + newLine + "- Nmap also has banner-grabbing capabilities that allow the extraction of service versions running on open ports.", newLine + newLine + highlightText("HTTP Requests  ") + newLine + "- Many web servers (e.g., Apache, Nginx, IIS) send server banners with details about the web server software and version when a connection is made.", newLine + newLine + bigText(highlightTextPurple("Purpose")), newLine + "- Identifying service versions and software running on open ports can help ethical hackers understand the underlying technology and software vulnerabilities. For example, older versions of services might be vulnerable to known exploits. ", newLine + newLine + bigText(highlightTextPurple("Advantages")), newLine + "- Provides detailed information about software versions, which can be useful for identifying vulnerabilities.", newLine + "- Helps determine the technology stack in use on the target system.", newLine + newLine + bigText(highlightTextPurple("Disadvantages")), newLine + "- Banner information can sometimes be misleading or modified for security purposes (e.g., \"banners\" may be deliberately obfuscated or hidden).", newLine + "- Repeated banner grabbing may alert the target system administrators to potential reconnaissance activities."});
    }

    private static ExplanationPartModel s10_5() {
        return new ExplanationPartModel("Traceroute Analysis", new String[]{"Traceroute Analysis involves using the traceroute command to trace the path that packets take from the ethical hacker’s system to the target system. It shows the series of routers (hops) that data packets travel through to reach the destination.", newLine + newLine + bigText(highlightTextPurple("How Traceroute Works")), newLine + newLine + highlightText(" Traceroute Command  ") + newLine + "- It sends ICMP Echo Requests with incrementally increasing Time-To-Live (TTL) values, capturing each hop's IP address along the way.", newLine + newLine + highlightText(" Tool  ") + newLine + "- Common tools for traceroute analysis include traceroute (Linux/macOS) and tracert (Windows).", newLine + newLine + bigText(highlightTextPurple("Purpose")), newLine + "- Traceroute helps ethical hackers understand the network's topology and structure by revealing the IP addresses of intermediate routers. ", newLine + "- It helps identify the geographical location of the target’s network infrastructure, which can be useful for understanding the routing and the security controls in place. ", newLine + "- The path traced through different hops may reveal firewalls, proxies, or load balancers in use by the target. ", newLine + newLine + bigText(highlightTextPurple("Advantages")), newLine + "- Provides insights into the target's network infrastructure, routing, and intermediate devices.", newLine + "- Helps identify network delays, bottlenecks, and possible points of failure or attack.", newLine + newLine + bigText(highlightTextPurple("Disadvantages")), newLine + "- Firewalls and intrusion prevention systems may block traceroute probes, preventing full visibility into the network topology.", newLine + "- Some networks intentionally obscure or limit traceroute data to protect their infrastructure from reconnaissance."});
    }

    private static ExplanationPartModel s11_1() {
        return new ExplanationPartModel("Identifying Network Topology and Structure", new String[]{"Network topology refers to the arrangement of different network devices and the connections between them. Identifying the network topology is essential in ethical hacking because it helps ethical hackers understand how the systems are organized and how information flows between them. This understanding is crucial for identifying potential weak points in the network's security.", newLine + newLine + bigText(highlightTextPurple("Methods for Identifying Network Topology")), newLine + newLine + highlightText("  Traceroute Analysis  ") + newLine + "- By using traceroute tools, ethical hackers can map the path that packets take from one system to another across the network. Traceroute reveals the series of routers and switches that handle the data, giving insights into the network’s hierarchical structure.", newLine + newLine + highlightText("  IP Range Scanning  ") + newLine + "- Scanning a range of IP addresses helps in mapping out which IP addresses are in use within the network, and this can help determine the layout of the network.", newLine + newLine + highlightText("  Network Diagrams  ") + newLine + "- In some cases, reviewing publicly available network diagrams (e.g., in technical documentation, marketing materials, or past network audits) can provide valuable insights into how the network is structured.", newLine + newLine + highlightText("  Subnet Analysis  ") + newLine + "- Understanding the network's subnets helps in identifying how the network is segmented and how different systems or departments are isolated or connected.", newLine + newLine + bigText(highlightTextPurple("Purpose")), newLine + newLine + highlightText(" Visibility into Network Structure  ") + newLine + "- Provides visibility into how the network is organized, making it easier to pinpoint systems, services, and paths that might be vulnerable.", newLine + newLine + highlightText(" Segmentation Identification  ") + newLine + "- Helps identify isolated or segmented parts of the network that might be more exposed or difficult to penetrate."});
    }

    private static ExplanationPartModel s11_2() {
        return new ExplanationPartModel("Network Mapping (IP Range Scanning)", new String[]{"Network Mapping is the process of scanning an IP range to identify which devices or systems are present on the network. This allows ethical hackers to discover live hosts and gain insights into the overall layout of the network. IP range scanning is one of the most effective techniques for mapping out a network and understanding its reach.", newLine + newLine + bigText(highlightTextPurple("Techniques for Network Mapping")), newLine + newLine + highlightText("  Ping Sweeps  ") + newLine + "- A ping sweep involves sending ICMP Echo Requests to a range of IP addresses to check which addresses are active. This is a simple and efficient method for identifying live hosts in a network.", newLine + newLine + highlightText("  Nmap  ") + newLine + "- The Nmap tool is often used to perform IP range scanning. Nmap can scan a specified IP range to discover live hosts and perform additional services and port scans.", newLine + newLine + highlightText("  CIDR Notation  ") + newLine + "- Networks often use Classless Inter-Domain Routing (CIDR) notation to define their IP address ranges (e.g., 192.168.0.0/24). Ethical hackers can use CIDR notation to identify the scope of the network and then scan the corresponding IP range.", newLine + newLine + bigText(highlightTextPurple("Purpose")), newLine + newLine + highlightText(" Host Discovery  ") + newLine + "- Helps identify which systems are active on the network, allowing ethical hackers to map out all devices that could potentially be attacked.", newLine + newLine + highlightText(" Network Coverage  ") + newLine + "- Provides a complete picture of the devices that fall within the network, which is crucial for both vulnerability assessment and penetration testing."});
    }

    private static ExplanationPartModel s11_3() {
        return new ExplanationPartModel("Identifying Active Hosts and Services", new String[]{"Once live hosts are discovered on the network, the next step is to identify the services running on those hosts. Knowing which services are active and exposed allows ethical hackers to understand the security posture of the network and identify potential vulnerabilities in services that may be outdated, misconfigured, or unpatched.", newLine + newLine + bigText(highlightTextPurple("Methods for Identifying Active Hosts and Services")), newLine + newLine + highlightText("  Port Scanning  ") + newLine + "- A primary method for identifying services on active hosts is through port scanning. Tools like Nmap can be used to scan for open ports on a specific host, revealing the services running on those ports (e.g., HTTP on port 80, SSH on port 22).", newLine + newLine + highlightText("  Service Version Detection  ") + newLine + "- Nmap can also detect the version of services running on open ports, which is helpful for identifying vulnerable services or outdated software.", newLine + newLine + highlightText("  Banner Grabbing  ") + newLine + "- By connecting to open ports using tools like Netcat or Telnet, ethical hackers can grab the banner information returned by the service. This banner can reveal details such as the software type, version, and sometimes even OS details, helping identify potential vulnerabilities.", newLine + newLine + highlightText("  Operating System Fingerprinting  ") + newLine + "- Nmap can also perform OS fingerprinting to determine the operating system of a device. Knowing the operating system can help ethical hackers assess which exploits or attack techniques would be most effective.", newLine + newLine + bigText(highlightTextPurple("Purpose")), newLine + newLine + highlightText(" Service Identification  ") + newLine + "- Identifying services helps ethical hackers understand the attack surface of a system and which services might be vulnerable.", newLine + newLine + highlightText(" Vulnerability Assessment  ") + newLine + "- Knowing the services and their versions allows ethical hackers to determine if any of those services are known to have vulnerabilities that could be exploited."});
    }

    private static ExplanationPartModel s11_4() {
        return new ExplanationPartModel("Port Scanning", new String[]{"Port Scanning is one of the most important techniques in network footprinting. It involves scanning a system to detect open ports and the services running behind them. Each open port can be a potential entry point for an attacker, so discovering these ports is critical in understanding the security posture of the target.", newLine + newLine + bigText(highlightTextPurple("Common Port Scanning Techniques")), newLine + newLine + highlightText("  TCP Connect Scan  ") + newLine + "- This scan attempts to establish a full TCP connection (three-way handshake) to each target port. It's simple but can be detected by the target system’s firewall or IDS.", newLine + newLine + highlightText("  SYN Scan (Stealth Scan)  ") + newLine + "- A SYN scan sends SYN packets to ports and waits for responses (SYN-ACK or RST). It’s faster and stealthier compared to a full TCP connection scan.", newLine + newLine + highlightText("  UDP Scan  ") + newLine + "- UDP port scanning checks for open UDP ports, which are often less secure than TCP ports because they don’t use a handshake mechanism and are more difficult to detect.", newLine + newLine + highlightText("  Window Scan  ") + newLine + "- This scan analyzes the behavior of the target system’s TCP window size to determine if a port is open.", newLine + newLine + bigText(highlightTextPurple("Tools for Port Scanning")), newLine + newLine + highlightText(" Nmap  ") + newLine + "- A powerful tool for conducting detailed port scans on hosts. It provides features like service detection, OS fingerprinting, and version scanning.", newLine + newLine + highlightText(" Masscan  ") + newLine + "- A fast port scanner that can scan large IP ranges in a short amount of time.", newLine + newLine + highlightText(" Netcat  ") + newLine + "- Often used for banner grabbing and testing open ports.", newLine + newLine + bigText(highlightTextPurple("Purpose")), newLine + newLine + highlightText(" Identify Open Ports  ") + newLine + "- The primary goal is to identify which ports are open and which services are running on those ports. This helps assess potential vulnerabilities associated with each service.", newLine + newLine + highlightText(" Map Attack Surface  ") + newLine + "- Understanding which ports are open allows the ethical hacker to plan an effective attack strategy, testing for weaknesses in the exposed services.", newLine + newLine + bigText(highlightTextPurple("Advantages")), newLine + "- Provides a detailed map of the target’s exposed services, enabling more focused testing for vulnerabilities.", newLine + "- Identifies systems that are exposed to the internet or internal network, revealing potential points of entry for attackers.", newLine + newLine + bigText(highlightTextPurple("Disadvantages")), newLine + "- Port scanning can be detected by IDS/IPS systems, firewalls, or other defensive mechanisms, especially if performed aggressively.", newLine + "- The scan may take time, particularly if scanning a large range of ports or a network with many hosts."});
    }

    private static ExplanationPartModel s12_1() {
        return new ExplanationPartModel("Ethical Boundaries in Reconnaissance", new String[]{"Reconnaissance and footprinting are the first steps in ethical hacking, and they involve gathering information about a target system, network, or organization. While these activities are essential for identifying vulnerabilities, they must be carried out within ethical boundaries to ensure that the ethical hacker's actions do not cause harm or disruption.", newLine + newLine + bigText(highlightTextPurple("Key Ethical Guidelines in Reconnaissance")), newLine + newLine + highlightText(" Do Not Cause Harm ") + newLine + "- Ethical hackers must avoid causing harm to systems, networks, or data during the reconnaissance phase. For example, actively engaging with systems to gather information (such as sending excessive requests or conducting aggressive scans) can disrupt services or lead to system crashes.", newLine + newLine + highlightText(" Respect Privacy ") + newLine + "- Footprinting should never be used to infringe on the privacy of individuals or organizations. Gathering personal information, such as employees' names, email addresses, or confidential business data, should only be done if it is directly relevant to the scope of the authorized penetration test.", newLine + newLine + highlightText(" Be Transparent ") + newLine + "- Ethical hackers should always operate with transparency and communicate clearly with the client or target organization about their methods and goals. This ensures that all parties understand the scope and limits of the reconnaissance process.", newLine + newLine + highlightText(" Follow the Scope of Engagement ") + newLine + "- Ethical hackers should conduct reconnaissance only within the defined scope of their engagement. If the agreement specifies that reconnaissance should only be done on public-facing systems, it is unethical to attempt to gather information on internal or private systems.", newLine + newLine + bigText(highlightTextPurple("Purpose of Ethical Boundaries")), newLine + newLine + highlightText(" Protects the Target ") + newLine + "- By adhering to ethical guidelines, ethical hackers minimize the risk of causing damage or compromising sensitive data.", newLine + newLine + highlightText(" Maintains Professional Integrity ") + newLine + "- Operating within ethical boundaries ensures that ethical hackers maintain their reputation and credibility in the industry.", newLine + newLine + highlightText(" Ensures Legal Compliance ") + newLine + "- Staying within the ethical boundaries of reconnaissance helps prevent violating laws or contracts, which could result in legal consequences."});
    }

    private static ExplanationPartModel s12_2() {
        return new ExplanationPartModel("Importance of Permission in Penetration Testing", new String[]{"Permission is a fundamental principle in ethical hacking. Without explicit authorization, even the smallest action, such as scanning for open ports or gathering publicly available information, can be illegal and considered unauthorized access.", newLine + newLine + bigText(highlightTextPurple("Why Permission is Crucial")), newLine + newLine + highlightText(" Clear Scope ") + newLine + "- Permission from the target organization clearly defines the scope of the penetration testing engagement, ensuring that ethical hackers only perform activities that are authorized. This prevents unintentional overreach.", newLine + newLine + highlightText(" Minimizing Risk ") + newLine + "- Obtaining permission ensures that the target organization is aware of the activities taking place, which minimizes the risk of damaging systems, causing service disruptions, or inadvertently accessing sensitive information.", newLine + newLine + highlightText(" Legal Protection ") + newLine + "- When ethical hackers have permission, they are legally protected to carry out the actions within the engagement's scope. Unauthorized actions, even if done with good intentions, can result in legal consequences.", newLine + newLine + highlightText(" Prevents Accusations of Malice ") + newLine + "- Gaining formal authorization ensures that ethical hackers are not mistakenly accused of malicious activity. Unauthorized access could result in criminal charges, regardless of the hacker's intent.", newLine + newLine + bigText(highlightTextPurple("Steps for Obtaining Permission")), newLine + newLine + highlightText("Written Consent ") + newLine + "- Always obtain written authorization before conducting any form of penetration testing, including reconnaissance. This can be in the form of a contract or engagement letter that details the scope, goals, and limitations of the engagement.", newLine + newLine + highlightText("Define Boundaries ") + newLine + "- The written agreement should specify which systems, networks, or data can be tested and which ones are off-limits. It should also outline the tools and techniques that will be used, as well as the timing and duration of the test.", newLine + newLine + highlightText("Scope Adjustments ") + newLine + "- If there are any changes to the scope during the engagement (e.g., additional systems to test), obtain explicit permission before proceeding with the new activities."});
    }

    private static ExplanationPartModel s12_3() {
        return new ExplanationPartModel("Legal Consequences of Unauthorized Footprinting", new String[]{"Unauthorized footprinting refers to any reconnaissance or information-gathering activity conducted without explicit permission from the target. This could involve actions like port scanning, DNS querying, or even gathering publicly available information about a target without consent. Unauthorized footprinting can lead to severe legal consequences, including criminal charges, civil suits, and reputational damage.", newLine + newLine + bigText(highlightTextPurple("Legal Risks of Unauthorized Footprinting")), newLine + newLine + highlightText(" Violation of Computer Crime Laws ") + newLine + "- Many countries have strict laws regulating unauthorized access to computer systems and networks. For example, the Computer Fraud and Abuse Act (CFAA) in the U.S. criminalizes unauthorized access to computer systems, which can apply to activities like scanning ports or gathering information from systems without consent. Violating these laws can result in heavy fines and imprisonment.", newLine + newLine + highlightText(" Tort Claims ") + newLine + "- In some cases, unauthorized footprinting may lead to civil lawsuits for damages caused by the hacking activities. Organizations that suffer service disruptions or data breaches due to unauthorized activities can pursue legal action against individuals responsible.", newLine + newLine + highlightText(" Intellectual Property Violations ") + newLine + "- Unauthorized access to certain types of data, such as intellectual property or confidential business information, can lead to intellectual property theft claims, further escalating legal consequences.", newLine + newLine + highlightText(" Breach of Contracts or Terms of Service ") + newLine + "- If a target organization has publicly available systems or services (e.g., a website), conducting reconnaissance without permission may violate terms of service agreements, which could result in legal action. Even gathering publicly available information may breach contractual terms.", newLine + newLine + bigText(highlightTextPurple("Examples of Legal Violations")), newLine + newLine + highlightText(" Port Scanning without Consent ") + newLine + "- Performing a port scan on a target's network without their permission can be considered an unauthorized intrusion. Even if no data is accessed, it could be seen as a violation of computer crime laws.", newLine + newLine + highlightText(" Social Engineering ") + newLine + "- Using social engineering tactics (e.g., phishing, pretexting) without the target's consent can be illegal, particularly when it involves deceiving individuals to gain access to confidential information.", newLine + newLine + highlightText(" Accessing Sensitive Information ") + newLine + "- Trying to access or gather sensitive information (such as credentials, financial records, or private communications) without explicit permission is illegal, even if the information is publicly available in some form.", newLine + newLine + bigText(highlightTextPurple("Consequences")), newLine + newLine + highlightText(" Criminal Penalties ") + newLine + "- Unauthorized footprinting can result in criminal prosecution, with penalties ranging from fines to imprisonment, depending on the severity of the offense.", newLine + newLine + highlightText(" Civil Liabilities ") + newLine + "- Organizations may seek damages for the harm caused by unauthorized activities, including lost revenue, reputational harm, or the cost of remediation.", newLine + newLine + highlightText(" Reputation Damage ") + newLine + "- Engaging in unauthorized activities can permanently damage the ethical hacker's reputation, making it difficult to gain trust from clients or employers in the future."});
    }

    private static ExplanationPartModel s13_1() {
        return new ExplanationPartModel("Interpreting the Collected Information", new String[]{"Once footprinting is complete, the collected information is often vast and diverse, ranging from IP addresses and domain names to open ports, service versions, and network topologies. The next step is to interpret this data to understand the target system's structure and its security implications.", newLine + newLine + bigText(highlightTextPurple("Key Areas of Interpretation ")), newLine + newLine + highlightText(" Network Layout and Topology  ") + newLine + "- Understanding the layout of the network helps identify critical systems and network segmentation. Systems exposed to the internet may require more attention due to their potential vulnerability." + newLine + highlightText("Example:") + " If the network topology reveals that certain critical systems (e.g., web servers, databases) are directly accessible from the internet, they may be at higher risk for attacks.", newLine + newLine + highlightText(" Live Hosts and Services  ") + newLine + "- Identifying which hosts are active and which services they run can reveal potential weaknesses, such as unpatched services, misconfigured systems, or outdated software." + newLine + highlightText("Example:") + " If a service is identified as running on an outdated version with known vulnerabilities (e.g., an old version of Apache HTTP server), this could be a potential attack vector.", newLine + newLine + highlightText(" Open Ports and Communication Protocols  ") + newLine + "-  Port scanning results show which ports are open and what services are associated with those ports. Services running on these open ports can indicate which systems are exposed to external threats." + newLine + highlightText("Example:") + " An open port 3389 (RDP) on a system may indicate that the system is vulnerable to remote code execution if it is not properly secured or patched.", newLine + newLine + highlightText(" DNS and WHOIS Information  ") + newLine + "- DNS interrogation and WHOIS queries provide details about the domain names, IP addresses, and sometimes even the administrative contacts of a target system or organization." + newLine + highlightText("Example:") + " WHOIS data may reveal the organization’s registered domain names and subdomains, which can help identify potential targets for social engineering or further reconnaissance.", newLine + newLine + bigText(highlightTextPurple("Interpretation Process ")), newLine + newLine + highlightText(" Correlate Data  ") + newLine + "- Combine information from various reconnaissance techniques to build a complete picture of the target's infrastructure. For instance, an IP address found in a DNS query might be cross-referenced with a port scan result to determine if the corresponding system has critical services exposed.", newLine + newLine + highlightText(" Identify Weaknesses  ") + newLine + "- Look for patterns in the data that indicate weaknesses in the target system's security, such as outdated software, misconfigured services, or exposed sensitive information.", newLine + newLine + highlightText(" Prioritize Risks  ") + newLine + "- Not all findings are of equal importance. Focus on critical vulnerabilities or exposed services that could lead to an exploit."});
    }

    private static ExplanationPartModel s13_2() {
        return new ExplanationPartModel("Identifying Attack Vectors from the Data", new String[]{"Analyzing footprint data helps ethical hackers identify attack vectors—potential paths an attacker could take to exploit vulnerabilities in the target system. An attack vector is essentially a route through which an attacker could gain unauthorized access to a system or network.", newLine + newLine + bigText(highlightTextPurple("Common Attack Vectors Identified Through Footprinting ")), newLine + newLine + highlightText(" Unpatched or Outdated Services  ") + newLine + "- Services running on old versions or with known vulnerabilities represent easy entry points for attackers. Identifying these outdated services through banner grabbing or version detection can help determine which ones should be prioritized in testing." + newLine + highlightText("Example:") + " If a web server is running a vulnerable version of Apache or Nginx, it may be susceptible to remote code execution or denial of service attacks.", newLine + newLine + highlightText(" Open Ports  ") + newLine + "- An open port may expose a vulnerable service to external attacks. Common ports, like port 80 (HTTP) or port 443 (HTTPS), are often targeted, but any open port could be an entry point." + newLine + highlightText("Example:") + " Port 22 (SSH) might be targeted for brute force attacks if weak or default credentials are used, and an exposed FTP server on port 21 could be vulnerable to data exfiltration or unauthorized access.", newLine + newLine + highlightText(" Misconfigured Services  ") + newLine + "- Misconfigurations in services can leave systems vulnerable. For instance, a DNS server that allows zone transfers could leak sensitive information about the network structure." + newLine + highlightText("Example:") + " DNS zone transfer misconfigurations could reveal internal network information such as private IP addresses, which could be exploited for further attacks.", newLine + newLine + highlightText(" Open Remote Desktop Protocol (RDP) Ports  ") + newLine + "- Exposing RDP (port 3389) to the internet without proper security measures (such as multi-factor authentication or network-level authentication) can lead to successful brute-force or credential stuffing attacks." + newLine + highlightText("Example:") + " Attackers could use tools to guess weak passwords or exploit vulnerabilities in RDP to gain remote access to a system.", newLine + newLine + highlightText(" Social Engineering Opportunities  ") + newLine + "- Information obtained through OSINT (e.g., email addresses, names, roles) could be leveraged for social engineering attacks like phishing or pretexting." + newLine + "WHOIS data could reveal an organization’s administrator's contact details, which could then be used in a spear-phishing attempt to gain access to credentials or internal resources.", newLine + newLine + bigText(highlightTextPurple("Categorizing and Prioritizing Attack Vectors ")), newLine + newLine + highlightText(" High Risk  ") + newLine + "- Exposed services or open ports that are known to be vulnerable, misconfigured services, and critical system vulnerabilities should be categorized as high risk and prioritized for further exploitation in penetration testing.", newLine + newLine + highlightText(" Medium Risk  ") + newLine + "- Services that are less exposed but still outdated or misconfigured, such as internal servers with weak configurations or publicly available but non-critical services.", newLine + newLine + highlightText(" Low Risk  ") + newLine + "- Non-essential services or information that are unlikely to provide an immediate attack vector or represent a low priority for attackers."});
    }

    private static ExplanationPartModel s13_3() {
        return new ExplanationPartModel("Reporting the Findings", new String[]{"Once the analysis is complete and attack vectors have been identified, the findings need to be reported in a clear, structured, and actionable way. The report is crucial for communicating the results of the footprinting phase to stakeholders (e.g., clients, management teams, or security teams), helping them make informed decisions about improving security defenses.", newLine + newLine + bigText(highlightTextPurple("Key Elements of a Footprinting Report")), newLine + newLine + highlightText(" Executive Summary  ") + newLine + "- Executive Summary: A high-level overview of the findings, presented in a way that non-technical stakeholders can understand. The executive summary should outline the purpose of the testing, key findings, and general security posture." + newLine + highlightText("Example:") + " \"We identified multiple exposed services, including a vulnerable web server running outdated software and an exposed RDP port, which could be targeted by attackers.\"", newLine + newLine + highlightText(" Methodology  ") + newLine + "- A detailed explanation of the tools and techniques used during the footprinting and reconnaissance phase. This includes describing how information was collected (e.g., port scanning, DNS queries, WHOIS lookups) and the scope of the testing." + newLine + highlightText("Example:") + " \"Nmap was used to conduct a port scan on the target's IP range. Banner grabbing and version detection were performed to identify outdated services.\"", newLine + newLine + highlightText(" Detailed Findings  ") + newLine + "- A comprehensive breakdown of the data collected during reconnaissance, including open ports, active hosts, services, software versions, DNS data, WHOIS information, and identified vulnerabilities. It should clearly link each finding to potential security risks." + newLine + highlightText("Example:") + " \"Port 22 (SSH) was found to be open and running an outdated version of OpenSSH 6.6, which is susceptible to multiple known vulnerabilities, including brute-force password attacks.\"", newLine + newLine + highlightText(" Risk Assessment  ") + newLine + "- A risk assessment section should categorize vulnerabilities by severity (e.g., critical, high, medium, low). This helps the client prioritize remediation efforts." + newLine + highlightText("Example:") + " \"The open RDP port is a critical vulnerability and should be closed or protected immediately to prevent unauthorized remote access.\"", newLine + newLine + highlightText(" Recommended Actions  ") + newLine + "- Actionable remediation recommendations should be provided for each identified vulnerability or risk. Recommendations should be practical and prioritize actions based on the severity of the risk." + newLine + highlightText("Example:") + " \"Update the Apache HTTP server to the latest stable version to mitigate known vulnerabilities. Implement multi-factor authentication (MFA) for all RDP access.\"", newLine + newLine + highlightText(" Conclusion  ") + newLine + "- A summary of the overall findings and any next steps. This section should include a summary of the most pressing issues and a path forward for remediation or further testing." + newLine + "Example: \"To secure the network, the exposed RDP port should be secured, outdated software should be patched, and strong access control measures should be implemented for critical systems.\"", newLine + newLine + bigText(highlightTextPurple("Reporting Best Practices")), newLine + newLine + highlightText("  Clarity and Precision  ") + newLine + "- Avoid jargon and technical language that might confuse stakeholders. The report should be clear, concise, and understandable by non-technical individuals.", newLine + newLine + highlightText(" Actionability  ") + newLine + "- Ensure that the report provides practical, step-by-step recommendations that the client can act on immediately.", newLine + newLine + highlightText(" Confidentiality  ") + newLine + "- Ensure that the report is shared only with authorized parties, as it contains sensitive security findings that could be exploited if they fall into the wrong hands."});
    }

    private static ExplanationPartModel s14_1() {
        return new ExplanationPartModel("Steps to Prevent Information Leakage", new String[]{"Preventing information leakage involves ensuring that sensitive data, such as system configurations, employee details, and infrastructure layouts, do not inadvertently become public or accessible to malicious actors. Information leakage can provide attackers with valuable insights during the reconnaissance phase.", newLine + newLine + bigText(highlightTextPurple("Key Measures to Prevent Information Leakage")), newLine + newLine + highlightTextGreen(" Limit Publicly Available Information  ") + newLine + "- Avoid exposing unnecessary internal details (e.g., network structure, internal IP addresses, service versions) on public-facing systems, websites, or services." + newLine + newLine + highlightText("Example: ") + "A company website should not list specific internal software versions or system configurations that could be exploited.", newLine + newLine + highlightTextGreen(" Review and Remove Sensitive Information   ") + newLine + "- Regularly audit public-facing resources like websites, social media, and databases for sensitive information that can leak. This includes system documentation, email addresses, employee names, and other personal or technical data." + newLine + newLine + highlightText("Example: ") + "Employee email addresses should not be publicly available on company websites. If exposed, it may lead to targeted phishing attacks.", newLine + newLine + highlightTextGreen(" Minimize WHOIS Data Exposure  ") + newLine + "- WHOIS data can reveal critical information about domain ownership, IP addresses, and even administrative contact details. Consider using WHOIS privacy protection services to hide this data or register domains through third-party privacy providers." + newLine + newLine + highlightText("Example: ") + "Use privacy-protecting services like Domains by Proxy to mask domain registration details.", newLine + newLine + highlightTextGreen(" Disable or Restrict DNS Information  ") + newLine + "- If possible, restrict DNS records from revealing too much information about your internal infrastructure. Sensitive records, such as those indicating mail servers or backup servers, should be hidden from public view." + newLine + newLine + highlightText("Example: ") + "Configure DNS servers to restrict access to DNS zone transfers, preventing external users from obtaining internal domain information.", newLine + newLine + highlightTextGreen(" Prevent OS and Application Fingerprinting  ") + newLine + "- Configure services to obscure their operating system details and versions. Banner-grabbing tools can be used by attackers to fingerprint your systems. Disabling service banners or altering default error messages can make it harder to gather such information." + newLine + newLine + highlightText("Example: ") + "On a web server, turn off detailed error reporting that discloses information about the software stack and version (e.g., Apache, PHP versions)."});
    }

    private static ExplanationPartModel s14_2() {
        return new ExplanationPartModel("Secure DNS Practices", new String[]{"DNS plays a crucial role in footprinting, as it provides information about domain names, subdomains, and associated IP addresses. Ensuring your DNS infrastructure is secure can greatly reduce the risk of attackers gaining valuable intelligence from DNS records.", newLine + newLine + bigText(highlightTextPurple("Key Secure DNS Practices")), newLine + newLine + highlightTextGreen(" DNS Zone Transfer Restrictions  ") + newLine + "- DNS zone transfers allow a requestor to download the entire set of DNS records for a domain. Attackers can exploit this feature to gather critical information about your network." + newLine + newLine + highlightText("Mitigation: ") + "Restrict DNS zone transfers to only trusted IP addresses (e.g., your internal DNS servers). Ensure external requests for zone transfers are blocked." + newLine + newLine + highlightText("Example: ") + "Configure DNS servers to allow zone transfers only to specific IP addresses belonging to trusted DNS servers, ensuring unauthorized users cannot obtain full zone records.", newLine + newLine + highlightTextGreen(" Implement DNSSEC (DNS Security Extensions)  ") + newLine + "- DNSSEC helps prevent DNS spoofing and cache poisoning attacks by digitally signing DNS data. It ensures the integrity of the data received from DNS servers, making it harder for attackers to manipulate DNS records." + newLine + newLine + highlightText("Mitigation: ") + "Implement DNSSEC to secure your domain's DNS records, ensuring that attackers cannot alter your DNS data to redirect traffic." + newLine + newLine + highlightText("Example: ") + "Configure DNSSEC on your authoritative DNS servers to ensure data integrity and prevent attackers from redirecting users to malicious sites.", newLine + newLine + highlightTextGreen(" Use of Hidden or Non-Public DNS Records  ") + newLine + "- Sensitive DNS records (e.g., internal mail servers, administrative interfaces) should be kept non-public or hidden from external DNS queries." + newLine + newLine + highlightText("Mitigation: ") + "Only publish DNS records that are necessary for the public, and keep sensitive records (like internal hostnames, mail servers, and subdomains) private." + newLine + newLine + highlightText("Example: ") + "An internal email server or intranet should not be publicly accessible through DNS queries. Use internal DNS infrastructure to manage internal hostnames.", newLine + newLine + highlightTextGreen(" Regular DNS Audits  ") + newLine + "- Periodically review DNS configurations and records to ensure they do not leak sensitive data or allow for unauthorized access." + newLine + newLine + highlightText("Mitigation: ") + "Regularly audit and review DNS settings, records, and any misconfigurations that could expose valuable infrastructure details." + newLine + newLine + highlightText("Example: ") + "Ensure that DNS records for systems like routers, firewalls, or admin interfaces are not publicly accessible."});
    }

    private static ExplanationPartModel s14_3() {
        return new ExplanationPartModel("Privacy Protection Measures", new String[]{"Privacy protection ensures that sensitive personal information is not exposed to the public or to malicious actors during the footprinting phase. Strong privacy practices help prevent attacks like social engineering, identity theft, and phishing.", newLine + newLine + bigText(highlightTextPurple("Key Privacy Protection Measures")), newLine + newLine + highlightTextGreen("Limit Exposure of Employee Information  ") + newLine + highlightText("Mitigation: ") + "Avoid listing personal employee details (names, job titles, email addresses, phone numbers) on public-facing websites or databases unless absolutely necessary." + newLine + newLine + highlightText("Example: ") + "Use generic contact forms or dedicated email aliases (e.g., security@company.com) instead of personal email addresses for customer communication.", newLine + newLine + highlightTextGreen("Data Encryption and Masking  ") + newLine + "- Ensure that sensitive data, such as employee personal information or system credentials, is encrypted and not exposed in plaintext on public-facing systems." + newLine + newLine + highlightText("Mitigation: ") + "Use strong encryption for all sensitive information in transit (e.g., using HTTPS for websites, TLS for email, etc.) and at rest (e.g., encrypt sensitive databases)." + newLine + newLine + highlightText("Example: ") + "Sensitive user data, such as passwords, should never be stored in plaintext. Use hashing and encryption algorithms like bcrypt or AES.", newLine + newLine + highlightTextGreen("Social Media Monitoring and Control  ") + newLine + "- Employees should be trained to recognize the risks associated with social media platforms and limit the sharing of sensitive information that could aid in social engineering attacks." + newLine + newLine + highlightText("Mitigation: ") + "Encourage employees to set strong privacy settings on social media and refrain from sharing details that could reveal internal network structures or sensitive data." + newLine + newLine + highlightText("Example: ") + "An employee posting internal project details or their job title on social media can inadvertently reveal security-related information that attackers can use to tailor phishing attacks.", newLine + newLine + highlightTextGreen("Use of Anonymized Services  ") + newLine + "- When interacting with services or websites for penetration testing or legitimate security assessments, use anonymized services such as VPNs, proxies, or disposable email addresses to hide your identity." + newLine + newLine + highlightText("Mitigation: ") + "For external security testing, use anonymization techniques to reduce the risk of social engineering or information leaks." + newLine + newLine + highlightText("Example: ") + "An ethical hacker performing reconnaissance should use a VPN and a burner email address to prevent linking activities back to them.", newLine + newLine + highlightTextGreen("Security Awareness Training  ") + newLine + "- Educating employees about privacy risks and the importance of safeguarding sensitive information is crucial. Training should focus on recognizing social engineering attempts and handling sensitive data appropriately." + newLine + newLine + highlightText("Mitigation: ") + "Implement regular security awareness training sessions to help employees understand the risks of oversharing personal and organizational information." + newLine + newLine + highlightText("Example: ") + "Employees should be taught not to share details like system configurations, employee names, or access details over email or on social media platforms."});
    }

    private static ExplanationPartModel s15_1() {
        return new ExplanationPartModel("Definition of Network Scanning in Ethical Hacking", new String[]{"Network scanning is a critical process in ethical hacking, where a security professional, known as an ethical hacker or penetration tester, systematically explores and analyzes a computer network for vulnerabilities and potential security weaknesses. The goal is to identify devices, services, open ports, and any security loopholes that could be exploited by malicious attackers.", newLine + newLine + "Network scanning involves a variety of techniques that help in discovering the structure of a network, the active devices, the software or services running on them, and any security flaws. This process allows ethical hackers to assess the security posture of a network and provide recommendations for remediation before a cybercriminal has the chance to exploit vulnerabilities."});
    }

    private static ExplanationPartModel s15_2() {
        return new ExplanationPartModel("Importance of Network Scanning in Ethical Hacking", new String[]{highlightTextPurple("Vulnerability Identification  ") + newLine + "Detects open ports, exposed services, and weak configurations that attackers might exploit.", newLine + newLine + highlightTextPurple("Risk Assessment  ") + newLine + "Helps prioritize security risks based on the severity of the vulnerabilities found.", newLine + newLine + highlightTextPurple("Security Improvement  ") + newLine + "Offers insights on improving firewall rules, access controls, and overall network security.", newLine + newLine + highlightTextPurple("Compliance  ") + newLine + "Assists organizations in adhering to industry standards and regulations by ensuring their network is secure.", newLine + newLine + highlightTextPurple("Prevention of Data Breaches  ") + newLine + "By discovering vulnerabilities early, network scanning prevents potential breaches that could lead to data loss or unauthorized access."});
    }

    private static ExplanationPartModel s15_3() {
        return new ExplanationPartModel("Overview of Network Reconnaissance", new String[]{"Network reconnaissance is a broad process within ethical hacking that involves gathering information about a target network to better understand its structure and security status. It is typically the first step in a penetration testing engagement, where hackers gather as much information as possible to plan their next steps. The reconnaissance process is divided into two phases: passive and active." + newLine + newLine + bigText(highlightTextPurple("1. Passive Reconnaissance")) + newLine + "- In this phase, the hacker collects publicly available information without directly interacting with the target network. This can include:" + newLine + "1. Searching domain name registries for IP addresses" + newLine + "2. Gathering information from social media and websites" + newLine + "3. Analyzing publicly available network maps" + newLine + "4. Looking at employee details or infrastructure on public platforms" + newLine + newLine + " - The main advantage of passive reconnaissance is that it leaves no trace of the attacker's presence and provides useful insights into the target's network setup." + newLine + newLine + bigText(highlightTextPurple("2. Active Reconnaissance")) + newLine + "- This phase involves actively scanning the network, which may involve direct interaction with the network infrastructure. Techniques used in active reconnaissance include:" + newLine + newLine + highlightText(" Ping Sweeping :- ") + " Checking for live hosts on a network." + newLine + newLine + highlightText(" Port Scanning :- ") + " Identifying open ports and the services running on those ports." + newLine + newLine + highlightText(" OS Fingerprinting :- ") + " Determining the operating system used by a particular machine based on its network behavior." + newLine + newLine + " - Active reconnaissance can be detected by intrusion detection systems (IDS), so ethical hackers use these techniques carefully to avoid being discovered.", newLine + newLine + bigText(highlightTextPurple("Key Tools Used for Network Scanning ")) + newLine + newLine + highlightTextGreen("  Nmap (Network Mapper) :- ") + " A powerful tool for network discovery and vulnerability scanning." + newLine + newLine + highlightTextGreen("  Wireshark :- ") + " A network protocol analyzer used for capturing and analyzing network traffic." + newLine + newLine + highlightTextGreen("  Netcat :- ") + " A networking tool used for reading from and writing to network connections using TCP or UDP." + newLine + newLine + highlightTextGreen("  OpenVAS :- ") + " A framework for scanning and managing vulnerabilities in a network." + newLine + newLine + "Overall, network scanning and reconnaissance are foundational skills in ethical hacking, allowing security professionals to map and assess the security state of a network before making recommendations for improvement."});
    }

    private static ExplanationPartModel s16_1() {
        return new ExplanationPartModel("Network scanning Type", new String[]{"Network scanning is a fundamental process in ethical hacking that helps security professionals gather information about network devices, services, vulnerabilities, and overall security posture. There are different types of network scanning techniques, each suited for specific purposes." + newLine + newLine + highlightText("1. Active Scanning " + newLine + " 2. Passive Scanning " + newLine + " 3. Stealth Scanning.")});
    }

    private static ExplanationPartModel s16_2() {
        return new ExplanationPartModel("Active Scanning", new String[]{highlightTextPurple(" Description  ") + newLine + "- Active scanning involves directly sending probes or requests to a network or system to gather information. This scan interacts with the target systems by sending packets and waiting for responses, such as ICMP (ping) requests or TCP connection attempts.", newLine + newLine + highlightTextPurple(" Purpose  ") + newLine + "- It helps in gathering detailed information about open ports, services, and the operating system of the target.", newLine + newLine + highlightTextPurple(" Advantages  ") + newLine + "- Provides more detailed and accurate information." + newLine + "- Can identify vulnerabilities more effectively.", newLine + newLine + highlightTextPurple(" Disadvantages  ") + newLine + "- Can be detected by intrusion detection/prevention systems (IDS/IPS)." + newLine + "- May trigger alerts or defensive measures from security tools on the target system."});
    }

    private static ExplanationPartModel s16_3() {
        return new ExplanationPartModel("Passive Scanning", new String[]{highlightTextPurple(" Description  ") + newLine + "- Passive scanning involves monitoring and collecting information without directly interacting with the target systems. It typically involves sniffing network traffic or analyzing public records (e.g., DNS, WHOIS) to gather information.", newLine + newLine + highlightTextPurple(" Purpose  ") + newLine + "- It is used to gather intelligence without being detected by the target.", newLine + newLine + highlightTextPurple(" Advantages  ") + newLine + "- Stealthy; unlikely to be detected by IDS/IPS systems." + newLine + "- Less intrusive as it does not directly engage the target systems.", newLine + newLine + highlightTextPurple(" Disadvantages  ") + newLine + "- May provide less detailed information than active scanning." + newLine + "- May not identify all vulnerabilities or services running on the target."});
    }

    private static ExplanationPartModel s16_4() {
        return new ExplanationPartModel("Stealth Scanning", new String[]{highlightTextPurple(" Description  ") + newLine + "- Stealth scanning refers to techniques designed to evade detection by security systems. The goal is to avoid triggering IDS/IPS or firewall alerts. This can involve techniques like SYN scanning, fragmenting packets, or using decoys to mask the real source of the scan.", newLine + newLine + highlightTextPurple(" Purpose  ") + newLine + "- It is used to covertly gather information while minimizing the risk of detection.", newLine + newLine + highlightTextPurple(" Advantages  ") + newLine + "- Makes it difficult for the target system to detect the scan." + newLine + "- More evasive compared to active scanning methods.", newLine + newLine + highlightTextPurple(" Disadvantages  ") + newLine + "- Can be slower or less effective than active scanning." + newLine + "- More complex to implement and requires advanced tools or techniques."});
    }

    private static ExplanationPartModel s17_1() {
        return new ExplanationPartModel("Identifying Open and Closed Ports", new String[]{bigText(highlightTextPurple("Open Ports  ")) + newLine + "- These are ports on a system that are actively accepting incoming connections. Open ports indicate running services that are accessible to the network. Attackers often target these services to exploit vulnerabilities." + newLine + newLine + highlightText("Example: ") + "If a port 80 (HTTP) is open, a web server is likely running on that port, and it could be vulnerable to attacks like SQL injection or cross-site scripting (XSS).", newLine + newLine + bigText(highlightTextPurple("Closed Ports  ")) + newLine + "- These ports are not currently accepting connections. They might be blocked by a firewall or the service behind the port is not active." + newLine + newLine + highlightText("Example: ") + "A firewall may block access to a port that’s not in use, reducing the attack surface.", newLine + newLine + bigText(highlightTextPurple("Filtered Ports  ")) + newLine + "- These ports are not responding to direct scans, possibly due to firewall rules that block incoming probes or traffic. A port may be \"filtered\" but not completely closed, making it difficult to assess the service on that port."});
    }

    private static ExplanationPartModel s17_2() {
        return new ExplanationPartModel("Commonly Used Port Numbers", new String[]{"Port numbers are used to identify specific services and protocols on a network. Certain port numbers are reserved for common services that most systems use. Here are some well-known ports:", newLine + newLine + highlightTextPurple("Port 21: ") + "FTP (File Transfer Protocol) – Used for file transfers.", newLine + newLine + highlightTextPurple("Port 22: ") + "SSH (Secure Shell) – Used for secure command-line access to remote servers.", newLine + newLine + highlightTextPurple("Port 23: ") + "Telnet – Used for remote login (but often insecure due to lack of encryption).", newLine + newLine + highlightTextPurple("Port 25: ") + "SMTP (Simple Mail Transfer Protocol) – Used for sending emails.", newLine + newLine + highlightTextPurple("Port 53: ") + "DNS (Domain Name System) – Used for resolving domain names to IP addresses.", newLine + newLine + highlightTextPurple("Port 80: ") + "HTTP (Hypertext Transfer Protocol) – Used for web traffic.", newLine + newLine + highlightTextPurple("Port 443: ") + "HTTPS (Hypertext Transfer Protocol Secure) – Used for encrypted web traffic.", newLine + newLine + highlightTextPurple("Port 3389: ") + "RDP (Remote Desktop Protocol) – Used for remote desktop access (common in Windows environments).", newLine + newLine + highlightTextPurple("Port 445: ") + " SMB (Server Message Block) – Used for file sharing and printer services in Windows.", newLine + newLine + highlightTextPurple("Port 3306: ") + " MySQL – Used for database access.", newLine + newLine + highlightTextPurple("Port 1433: ") + " Microsoft SQL Server – Used for database services."});
    }

    private static ExplanationPartModel s17_3() {
        return new ExplanationPartModel("TCP vs UDP Scanning", new String[]{"Port scanning can be performed using either TCP (Transmission Control Protocol) or UDP (User Datagram Protocol). These two protocols differ significantly in how they establish connections and handle data transmission.", newLine + newLine + bigText(highlightTextPurple("TCP Scanning")), newLine + newLine + highlightTextGreen("Characteristics") + newLine + newLine + highlightText("Connection-Oriented: ") + newLine + "- TCP requires a handshake to establish a reliable connection before data transfer (3-way handshake: SYN, SYN-ACK, ACK)." + newLine + newLine + highlightText("Reliable: ") + newLine + "- Ensures that data is transmitted correctly and in order, providing error correction and flow control." + newLine + newLine + highlightText("Detectable: ") + newLine + "- Because TCP scans involve establishing a connection (even a partial one), they are easier to detect through network monitoring tools like IDS/IPS systems." + newLine + newLine + highlightTextGreen("Common Scanning Techniques") + newLine + newLine + highlightText("SYN Scan: ") + newLine + "- Also known as a \"half-open scan.\" Sends a SYN packet and waits for a response (SYN-ACK for open ports, RST for closed). It doesn’t complete the handshake, making it harder to detect." + newLine + newLine + highlightText("Connect Scan: ") + newLine + "- The full TCP connection is established, which makes it easier to detect but provides complete information about the state of the port." + newLine + newLine + highlightText("FIN Scan: ") + newLine + "- Sends a FIN packet (normally used to terminate a connection) to see if the port responds with a reset (RST) or not.", newLine + newLine + bigText(highlightTextPurple("UDP Scanning")), newLine + newLine + highlightTextGreen("Characteristics") + newLine + newLine + highlightText("Connectionless: ") + newLine + "- UDP does not establish a formal connection between the client and server. It simply sends packets and waits for responses." + newLine + newLine + highlightText("Unreliable: ") + newLine + "- UDP does not guarantee packet delivery, order, or error correction." + newLine + newLine + highlightText("Stealthier: ") + newLine + "- Since UDP does not involve the formal connection process, it can be harder to detect than TCP scans." + newLine + newLine + highlightTextGreen("Common Scanning Techniques") + newLine + newLine + highlightText("UDP Ping: ") + newLine + "- Sends a \"ping\" packet to the target. If no response is received, the port may be closed or filtered. If there is a response, the port is open." + newLine + newLine + highlightText("Application Layer Query: ") + newLine + "- A packet is sent requesting a service-specific response (e.g., DNS query). A response means the port is open and active." + newLine + newLine + highlightText("Closed Port Behavior: ") + newLine + "- UDP is more difficult to scan because closed ports typically do not respond, which makes it harder to discern whether a port is filtered or closed."});
    }

    private static ExplanationPartModel s18_1() {
        return new ExplanationPartModel("Definition ", new String[]{"Vulnerability scanning is a crucial component of network scanning and ethical hacking. It involves systematically identifying potential security weaknesses in systems, applications, and network infrastructures that could be exploited by attackers. The goal is to find and assess vulnerabilities before malicious actors can take advantage of them. Vulnerability scanning is often performed using specialized tools and is an essential part of penetration testing, risk management, and maintaining an organization's security posture."});
    }

    private static ExplanationPartModel s18_2() {
        return new ExplanationPartModel("Identifying Weaknesses in Systems", new String[]{bigText(highlightTextPurple("1. System Discovery and Enumeration ")) + newLine + "- The first step in vulnerability scanning is discovering which systems and services are present in the network. This is usually done through techniques like port scanning and network enumeration. Vulnerability scanners such as Nmap or Nessus first identify active hosts and the services running on them, like HTTP, FTP, SSH, etc." + newLine + newLine + highlightText("Example: ") + "The scanner might find a host running an outdated version of a web server, such as Apache 2.2. In this case, the scanner flags potential vulnerabilities associated with that version of the server.", newLine + newLine + bigText(highlightTextPurple("2. Identifying Open Ports ")) + newLine + "- Scanners will check for open ports on systems, as each open port may correspond to a running service that could be vulnerable. For example, an open port for SSH (port 22) could indicate a system that is vulnerable to brute-force attacks or misconfigurations." + newLine + newLine + highlightText("Example: ") + "The scan may find an open port running Telnet (port 23), which is considered insecure due to lack of encryption and could be vulnerable to unauthorized access if improperly configured.", newLine + newLine + bigText(highlightTextPurple("3. Service Fingerprinting ")) + newLine + "- Vulnerability scanners go beyond simply identifying open ports. They also attempt to fingerprint the services running on those ports, including their versions. This helps in determining if those services are running outdated or vulnerable versions." + newLine + newLine + highlightText("Example: ") + "The scanner might detect an outdated version of Microsoft IIS (Internet Information Services) and cross-reference the version against known vulnerabilities in a database.", newLine + newLine + bigText(highlightTextPurple("4. Automated Vulnerability Matching ")) + newLine + "- Once the systems and services are identified, the vulnerability scanner checks each one against known vulnerability databases to identify potential security flaws. These databases contain Common Vulnerabilities and Exposures (CVEs), which describe specific security flaws or weaknesses within software or hardware." + newLine + newLine + highlightText("Example: ") + "If the scan identifies a vulnerable version of OpenSSL with a known vulnerability like Heartbleed, it will flag that vulnerability and provide relevant details.", newLine + newLine + bigText(highlightTextPurple("5. Identifying Misconfigurations ")) + newLine + "- In addition to looking for known vulnerabilities in software and hardware, vulnerability scanners also identify misconfigurations that could create security weaknesses. For example, incorrect firewall rules, weak password policies, or exposed services could all be flagged by a scanner." + newLine + newLine + highlightText("Example: ") + "A vulnerability scanner might find that a system has unnecessary services running or weak default credentials that could be exploited by an attacker.", newLine + newLine + bigText(highlightTextPurple("6. System ")) + newLine + "- After the vulnerabilities are identified, the scanner assigns each one a severity level, such as Critical, High, Medium, or Low, based on factors like exploitability and potential impact. This helps prioritize remediation efforts." + newLine + newLine + highlightText("Example: ") + "A vulnerability in a database server might be classified as Critical due to the potential for remote code execution, while a minor misconfiguration in a non-essential system might be flagged as Low."});
    }

    private static ExplanationPartModel s18_3() {
        return new ExplanationPartModel("Integrating with Vulnerability Databases", new String[]{bigText(highlightTextPurple("1. Common Vulnerability and Exposure (CVE) ")) + newLine + "- CVE is a publicly accessible database maintained by MITRE that provides a unique identifier for known cybersecurity vulnerabilities. Each CVE entry describes a vulnerability, including details about the affected software, hardware, potential exploits, and mitigations. " + newLine + newLine + highlightText("Integration: ") + "Most modern vulnerability scanners, such as Nessus, Qualys, or OpenVAS, integrate directly with the CVE database to compare the identified services, versions, and configurations against the latest known vulnerabilities listed in CVE." + newLine + newLine + highlightText("Example: ") + "If the scanner identifies an outdated version of Apache HTTP Server, it will look up the CVE database for vulnerabilities associated with that version and flag any critical vulnerabilities, such as remote code execution flaws.", newLine + newLine + bigText(highlightTextPurple("2. National Vulnerability Database (NVD) ")) + newLine + "- The NVD, managed by the National Institute of Standards and Technology (NIST), is another widely used resource for identifying and managing vulnerabilities. It builds upon the CVE database but provides additional metadata, such as CVE severity scores (using the CVSS scoring system), which helps in assessing the risk level of a vulnerability. " + newLine + newLine + highlightText("Integration: ") + "Scanners often integrate with the NVD to fetch CVSS (Common Vulnerability Scoring System) scores, which provide a standardized measure of vulnerability severity based on exploitability, impact, and other factors." + newLine + newLine + highlightText("Example: ") + "If a vulnerability has a CVSS score of 9.8 (Critical), the scanner might alert the security team to patch or mitigate it as soon as possible to avoid an exploit.", newLine + newLine + bigText(highlightTextPurple("3. Vendor Security Advisories ")) + newLine + "- In addition to CVE and NVD, some vulnerability scanners integrate with specific vendor security advisories. These are advisory notices or bulletins released by vendors, detailing newly discovered vulnerabilities in their products and offering patches or mitigations. " + newLine + newLine + highlightText("Integration: ") + "Many vulnerability scanners can be configured to pull updates from specific vendor advisory feeds (e.g., from Microsoft, Cisco, or Oracle) to ensure that the latest vulnerabilities in specific products are checked during a scan." + newLine + newLine + highlightText("Example: ") + "If a vulnerability scanner detects a Microsoft Windows Server version running on a system, it will check for any Microsoft security advisories related to that version to ensure the system isn't vulnerable to any recent exploits.", newLine + newLine + bigText(highlightTextPurple("4. Threat Intelligence Feeds ")) + newLine + "- Vulnerability scanners may also integrate with third-party threat intelligence feeds, which provide real-time data about new vulnerabilities, exploits, or attack trends. These feeds can be integrated into the scanning process to provide even more up-to-date information. " + newLine + newLine + highlightText("Integration: ") + "Integrating with threat intelligence feeds allows the scanner to adapt to emerging threats and provide more precise recommendations, based on the latest cybersecurity landscape." + newLine + newLine + highlightText("Example: ") + "If a zero-day vulnerability is discovered in a commonly used web server, integrating threat intelligence feeds into the scanning process would allow the scanner to flag this vulnerability quickly, even before it appears in traditional CVE databases."});
    }

    private static ExplanationPartModel s19_1() {
        return new ExplanationPartModel("SYN Scanning (Half-Open Scanning)", new String[]{bigText(highlightTextPurple(" Concept ")) + newLine + "- SYN scanning is a method of scanning that only sends SYN packets to initiate a connection but does not complete the three-way handshake. Because the connection is never fully established, this type of scan is stealthier than a full TCP connection scan and harder to detect.", newLine + newLine + bigText(highlightTextPurple(" How It Works ")) + newLine + "- The scanner sends a SYN packet to a target port, and if the port is open, the target system responds with a SYN-ACK. The scanner never sends the final ACK, which means the connection is never fully established, making it less likely to be logged.", newLine + newLine + bigText(highlightTextPurple(" Example ")) + newLine + "- A SYN scan is often used for port scanning to avoid triggering alerts in firewalls or IDS/IPS systems that monitor established connections.", newLine + newLine + bigText(highlightTextPurple(" Tools ")) + newLine + "- Nmap supports SYN scanning with the -sS option, which performs a \"half-open\" scan without completing the TCP handshake."});
    }

    private static ExplanationPartModel s19_2() {
        return new ExplanationPartModel("Idle Scanning", new String[]{bigText(highlightTextPurple(" Concept  ")) + newLine + "- Idle scanning allows a scanner to perform a port scan on a target system without directly sending packets to the target. Instead, it sends packets to an intermediate system, often referred to as a \"zombie\" machine, which causes the target system to respond without revealing the source of the scan.", newLine + newLine + bigText(highlightTextPurple(" How It Works  ")) + newLine + "- In idle scanning, the attacker sends a series of probes to a \"zombie\" machine (a third-party machine). The target machine then sends responses back to the zombie. Since the zombie is the one sending the response, the target doesn't directly see the scan's origin.", newLine + newLine + bigText(highlightTextPurple(" Example  ")) + newLine + "- The scanner sends a SYN packet to the target through the zombie machine. The target responds with a SYN-ACK, which is reflected back to the zombie. The scanner uses the response to infer whether the port on the target is open or closed.", newLine + newLine + bigText(highlightTextPurple(" Tools  ")) + newLine + "- Tools like Nmap support idle scanning using the -iZ option. This technique requires finding a suitable zombie machine that can be used to route the scan traffic."});
    }

    private static ExplanationPartModel s19_3() {
        return new ExplanationPartModel("Slow Scanning (Timing and Throttling)", new String[]{bigText(highlightTextPurple(" Concept  ")) + newLine + "- Slow scanning involves sending packets at a slower rate to avoid overwhelming security systems and avoid detection by time-based IDS/IPS systems. By reducing the speed of the scan, the attacker reduces the likelihood of triggering alarms due to high-volume scanning activity.", newLine + newLine + bigText(highlightTextPurple(" How It Works  ")) + newLine + "- IDS/IPS systems often have thresholds set for normal network traffic. If scanning activities happen too quickly or generate too many requests in a short amount of time, they might trigger alerts. By slowing down the scan, the hacker avoids crossing these thresholds and reduces the risk of detection.", newLine + newLine + bigText(highlightTextPurple(" Example  ")) + newLine + "- A penetration tester might use the -T0 or -T1 options in Nmap, which slow the scan process to avoid detection, particularly when operating in high-security environments.", newLine + newLine + bigText(highlightTextPurple(" Tools  ")) + newLine + "- Nmap’s timing options (e.g., -T0 through -T5) allow the ethical hacker to adjust the speed of the scan to avoid detection based on the security environment."});
    }

    private static ExplanationPartModel s19_4() {
        return new ExplanationPartModel("Source Port Manipulation", new String[]{bigText(highlightTextPurple(" Concept  ")) + newLine + "- This technique involves changing the source port of the scan packets to a port commonly used by legitimate services, such as port 80 (HTTP) or 443 (HTTPS), in order to bypass firewall filters that are configured to block traffic from non-standard ports.", newLine + newLine + bigText(highlightTextPurple(" How It Works  ")) + newLine + "- Many firewalls are configured to allow traffic from well-known ports (e.g., HTTP/HTTPS) while blocking traffic from others that are less commonly used (e.g., ports used by scanners). By using the source port of a legitimate service (like HTTP), the scanner attempts to avoid being flagged as suspicious.", newLine + newLine + bigText(highlightTextPurple(" Example  ")) + newLine + "- A scan originating from port 443 (HTTPS) might avoid detection by a firewall configured to allow traffic on this port, even though the destination port being scanned might be 22 (SSH) or 3389 (RDP).", newLine + newLine + bigText(highlightTextPurple(" Tools  ")) + newLine + "- Tools such as Nmap allow source port manipulation using the --source-port option to define a custom source port during a scan."});
    }

    private static ExplanationPartModel s19_5() {
        return new ExplanationPartModel("Decoy Scans (Covert Scanning)", new String[]{bigText(highlightTextPurple(" Concept  ")) + newLine + "- A decoy scan involves using one or more \"decoy\" IP addresses that are inserted into the scan traffic to obfuscate the real source of the scan. The idea is to confuse any IDS/IPS or firewall systems that are monitoring incoming traffic, making it harder to identify which IP address initiated the scan.", newLine + newLine + bigText(highlightTextPurple(" How It Works  ")) + newLine + "- During a decoy scan, the attacker generates multiple fake scan packets from different IP addresses (decoys) in addition to the real source IP. This makes it appear that the scan is coming from multiple locations, rather than a single IP, reducing the chance of detection.", newLine + newLine + bigText(highlightTextPurple(" Example  ")) + newLine + "- An attacker performing a port scan might send packets with the source address of the victim system as well as several unrelated decoy IP addresses. The IDS/IPS or firewall might get overwhelmed with false traffic and struggle to correctly identify the true source.", newLine + newLine + bigText(highlightTextPurple(" Tools  ")) + newLine + "- Tools like Nmap allow decoy scanning with the -D option. For instance, nmap -D RND:10 will generate 10 random decoys to mask the attacker’s real IP address."});
    }

    private static ExplanationPartModel s19_6() {
        return new ExplanationPartModel("Packet Fragmentation", new String[]{bigText(highlightTextPurple(" Concept  ")) + newLine + "- Packet fragmentation is a technique used to break down scan packets into smaller pieces (fragments) so that they are reassembled by the target host but not by intermediate devices such as firewalls or IDS/IPS. By fragmenting the packets, scanners can bypass firewalls and IDS/IPS systems that look for whole packet patterns or analyze packet content.", newLine + newLine + bigText(highlightTextPurple(" How It Works  ")) + newLine + "- When a large packet is sent across a network, it may be fragmented into smaller packets that are transmitted separately and reassembled at the destination. Firewalls or IDS/IPS systems that inspect complete packets might miss the smaller fragments and thus fail to detect the scan.", newLine + newLine + bigText(highlightTextPurple(" Example  ")) + newLine + "- When conducting a port scan, an attacker might fragment the SYN packets used in a TCP handshake. The firewall or IDS/IPS may not be able to see the entire SYN request and thus cannot detect the scan or determine the origin of the request.", newLine + newLine + bigText(highlightTextPurple(" Tools  ")) + newLine + "- Many tools, like Nmap or Scapy, support packet fragmentation. For example, Nmap has an option -f to fragment packets during a scan."});
    }

    private static ExplanationPartModel s19_7() {
        return new ExplanationPartModel("Techniques to Bypass Security Devices During Scanning", new String[]{"When performing network scanning or penetration testing, it is important to be aware of the security devices and systems that may attempt to detect or block your activities. Firewalls and Intrusion Detection/Prevention Systems (IDS/IPS) are two such critical devices commonly deployed to protect networks from unauthorized access. As ethical hackers, we need to use various evasion techniques to bypass these security devices during scanning to gather accurate information without triggering alarms or being blocked. These techniques can involve manipulating how the scan traffic is sent, making it harder for security devices to detect or block the scan."});
    }

    private static ExplanationPartModel s1_1() {
        return new ExplanationPartModel("What is Ethical Hacking", new String[]{"Ethical hacking, also known as white-hat hacking or penetration testing, involves the authorized practice of attempting to exploit vulnerabilities in computer systems or networks. The goal of ethical hacking is to identify weaknesses in security and address them before they can be exploited by malicious hackers." + newLine + newLine, "Ethical hackers work to strengthen the security measures of an organization by using the same tools, techniques, and strategies as cybercriminals, but with permission from the system's owner. Their efforts help to prevent data breaches and other cyberattacks, ultimately ensuring the protection and integrity of the system."});
    }

    private static ExplanationPartModel s1_2() {
        return new ExplanationPartModel("What is Hacking", new String[]{"Gaining unauthorized access to a system or network is considered hacking. This includes activities such as logging into an email account without permission, accessing a remote computer without authorization, or reading information that is restricted. Hacking can be carried out through a variety of methods and techniques, each designed to bypass security measures in place to protect systems and data." + newLine});
    }

    private static ExplanationPartModel s1_3() {
        ArrayList arrayList = new ArrayList();
        ArrayList arrayList2 = new ArrayList();
        arrayList.add(newLine + newLine + highlightText("1. Intention") + " : A hacker targets networks, systems, or applications to steal personal information from users. They may also delete, alter, or destroy a corporation's records. The primary goal of a hacker is often to steal sensitive data for malicious purposes.");
        arrayList.add(newLine + newLine + highlightText("2. Legality") + " : Hacking involves accessing a company's network or technology without their permission or knowledge. It is a criminal act, and individuals caught engaging in hacking face severe legal penalties.");
        arrayList.add(newLine + newLine + highlightText("3. Authorization") + " : Hacking refers to unauthorized access to computer systems, networks, or data, often without the owner's knowledge or consent. It typically involves exploiting security vulnerabilities to infiltrate and manipulate digital assets. Hacking activities can vary widely in intent and scope, from malicious actions designed to steal information or cause harm, to ethical hacking efforts focused on identifying and addressing security weaknesses to improve cybersecurity.");
        arrayList.add(newLine + newLine + highlightText("4. Compensation") + " : A hacker or cyber attacker can be an individual, a group, or even a government-sponsored team. Regardless of the entity, the primary goal is often financial gain, typically by unlawfully obtaining confidential information. This stolen data can be sold, used for fraudulent activities, or exploited for personal profit, such as through the use of stolen credit card details.");
        arrayList.add(newLine + newLine + highlightText("5. Tools") + " : They use the same tools as ethical hackers to exploit vulnerabilities.");
        arrayList.add(newLine + newLine + highlightText("6. Training") + " : To become a hacker, one needs a deep understanding of networking, a solid grasp of operating systems, strong network security expertise, and proficiency in programming languages such as Python, JavaScript, C, and C++. These skills are essential for navigating and exploiting systems effectively.");
        arrayList.add(newLine + newLine + highlightText("7. Professional Development") + " : A black-hat hacker engages in illegal activities, typically lacking legitimate professional development. This individual operates outside the boundaries of the law, often facing the constant risk of being apprehended by authorities.");
        arrayList2.add(newLine + newLine + highlightText("1. Intention") + " : An ethical hacker targets a company's network with positive intentions, such as identifying and fixing security vulnerabilities, assessing the effectiveness of security measures, and ensuring compliance with data protection policies. In essence, they help safeguard your data.");
        arrayList2.add(newLine + newLine + highlightText("2. Legality") + " : Ethical hacking is a legally authorized activity, typically performed with the consent of the organization. Ethical hackers are protected by formal agreements, ensuring their actions are legitimate. In fact, this profession has become one of the most lucrative career paths in today's tech-driven world.");
        arrayList2.add(newLine + newLine + highlightText("3. Authorization") + " : Ethical hackers, also known as white-hat hackers, work with explicit permission from the system owner or organization to evaluate and test the security of networks, applications, or computer systems. Their primary goal is to identify vulnerabilities that could potentially be exploited by malicious hackers. Unlike cybercriminals, ethical hackers adhere to strict ethical guidelines and legal boundaries, ensuring their activities are authorized and aimed at improving security rather than causing harm. By discovering weaknesses and helping organizations strengthen their defenses, ethical hackers play a critical role in protecting sensitive data and maintaining the overall integrity of digital systems.");
        arrayList2.add(newLine + newLine + highlightText("4. Compensation") + " : An ethical hacker may work independently or as a member of a company's cyber security team, typically as a full-time employee. In exchange for their role in protecting the organization's data, they receive a salary along with various incentives.");
        arrayList2.add(newLine + newLine + highlightText("5. Tools") + " : They employ the same tools as hackers to infiltrate the system and fix the discovered vulnerabilities.");
        arrayList2.add(newLine + newLine + highlightText("6. Training") + " : Ethical hackers undergo similar foundational training as traditional hackers. After gaining hands-on experience, they can pursue certifications like the Certified Ethical Hacker (CEH) to validate their skills and work professionally as ethical hackers.");
        arrayList2.add(newLine + newLine + highlightText("7. Professional Development") + " : Unlike black hat hacking, ethical hacking is a highly respected and lucrative career path. Once you secure an entry-level position, you can advance to more advanced roles in computer security, such as a senior penetration tester or network administrator, within a company. These roles offer opportunities for growth and the chance to contribute to safeguarding digital infrastructures.");
        return new ExplanationPartModel("Difference between Hacking and Ethical Hacking", new PointWiseModel[]{new PointWiseModel(bigText(highlightTextPurple("Hacking")), arrayList), new PointWiseModel(newLine + newLine + bigText(highlightTextPurple("Ethical Hacking")), arrayList2)});
    }

    private static ExplanationPartModel s20_1() {
        return new ExplanationPartModel("Process of Enumeration", new String[]{"Enumeration is the process of discovering all hosts within a network, typically achieved through active or passive scanning methods. Active scanning involves sending requests and analyzing the responses to detect which hosts are operational on the network. In contrast, passive scanning listens to network traffic and analyzes it to identify hosts without sending out any direct requests.", newLine + newLine + "Each method comes with its own set of benefits and drawbacks. Active scanning is generally more effective at identifying all hosts but carries a higher risk of disrupting the network due to the traffic it generates. On the other hand, passive scanning is less intrusive and unlikely to cause disruptions, but it may not identify every host on the network."});
    }

    private static ExplanationPartModel s20_2() {
        return new ExplanationPartModel("Importance of Enumeration", new String[]{bigText(highlightTextPurple("1. Usernames: Identifying Valid User Accounts")) + newLine + " - Usernames are essential for gaining access to a system. Identifying valid user accounts helps penetration testers focus their attack efforts on potential login attempts or social engineering." + newLine + newLine + bigText(highlightText("Techniques: ")) + newLine + "- SMB Enumeration: Using tools like Enum4linux or SMBclient to query Windows systems for user accounts." + newLine + "- LDAP Queries: If the target uses LDAP, valid usernames can be retrieved by querying the LDAP server.", newLine + newLine + bigText(highlightTextPurple("2. Group Memberships: Determining Users’ Roles and Access Privileges")) + newLine + " - Group memberships reveal what roles users have within a system, and which permissions or access they are granted. Identifying high-privilege groups like Administrators can help an attacker focus on valuable targets." + newLine + newLine + bigText(highlightText("Techniques: ")) + newLine + "- SMB Enumeration: Extract group memberships via SMB in Windows environments. " + newLine + "- LDAP Queries: In Active Directory, querying for group memberships can reveal users in high-privilege roles.", newLine + newLine + bigText(highlightTextPurple("3.  Network Shares: Identifying File Systems and Resources Shared Over the Network")) + newLine + " - Network shares expose directories or files that are shared across the network. Identifying these shares can lead to accessing sensitive data or exploiting misconfigurations." + newLine + newLine + bigText(highlightText("Techniques: ")) + newLine + "- SMBclient/Enum4linux: For Windows-based networks, these tools can list shared directories and files. " + newLine + "- Net View Command: On Windows, net view lists shared resources." + newLine + "- NFS Enumeration: For Linux/Unix systems, tools like showmount can identify NFS shares.", newLine + newLine + bigText(highlightTextPurple("4. Services: Identifying Active Services Running on a Target")) + newLine + " - Identifying active services running on a target allows the ethical hacker to pinpoint potential vulnerabilities associated with those services." + newLine + newLine + bigText(highlightText("Techniques: ")) + newLine + "- Nmap Scanning: Nmap can be used to discover open ports and identify services running on them. " + newLine + "- Banner Grabbing: Tools like Netcat or Telnet can be used to gather information about the services by connecting to open ports.", newLine + newLine + bigText(highlightTextPurple("5. DNS Information: Extracting Domain Names and Subdomains")) + newLine + " - DNS information helps map out a target’s domain structure and identify potential entry points through subdomains or misconfigured DNS records." + newLine + newLine + bigText(highlightText("Techniques: ")) + newLine + "- DNS Zone Transfer: If misconfigured, a DNS server might allow zone transfers, revealing all records. Tools like dig or nslookup can be used to check for this. " + newLine + "- Subdomain Enumeration: Tools like Fierce or dnsrecon can identify subdomains through brute force or querying DNS records."});
    }

    private static ExplanationPartModel s20_3() {
        return new ExplanationPartModel("Definition of enumeration", new String[]{"Enumeration is a critical phase in the penetration testing process, focusing on actively gathering detailed information about a target system or network. During this phase, an ethical hacker (or penetration tester) identifies specific system details such as user accounts, network shares, services, and other vulnerabilities that may be exploited during an attack. Unlike passive information-gathering techniques (like footprinting), enumeration involves direct interaction with the target system to extract more precise data, which can be used to craft a targeted attack strategy."});
    }

    private static ExplanationPartModel s21_1() {
        return new ExplanationPartModel("Types of information enumerated", new String[]{"Enumerating different types of information is essential for identifying vulnerabilities or misconfigurations within a system or network. Below is a breakdown of the key information that ethical hackers (or potential attackers) may seek to gather during an assessment:" + newLine + space(3) + "1. Network Resource and shares" + newLine + space(3) + "2. Users and Groups" + newLine + space(3) + "3. Routing tables" + newLine + space(3) + "4. Auditing and Service settings" + newLine + space(3) + "5. Machine names" + newLine + space(3) + "6. Applications and banners" + newLine + space(3) + "7. SNMP and DNS details"});
    }

    private static ExplanationPartModel s21_2() {
        return new ExplanationPartModel("1. Network Resource and shares", new String[]{"In a typical corporate environment, resources such as shared drives, printers, and file systems are accessible over the network. Intruders (or ethical hackers) will typically attempt to enumerate these resources to gather information about the internal structure of the network." + newLine + newLine + bigText(highlightTextPurple("What is gathered: ")) + newLine + "- Hackers look for shared network drives, folders, and file systems that may contain sensitive information. They also attempt to assess the security of these shared resources, such as who has read, write, or full access permissions." + newLine + newLine + bigText(highlightTextPurple("Why it’s important: ")) + newLine + "- Misconfigured file shares with insufficient access controls can provide attackers with easy access to critical data or even the ability to plant malicious files. For example, if a shared folder is accessible to any user without authentication or with weak access controls, attackers could potentially copy data from it or deploy malware into the network."});
    }

    private static ExplanationPartModel s21_3() {
        return new ExplanationPartModel("2. Users and Groups", new String[]{"Understanding the structure of users and their associated privileges is key for both attackers and ethical hackers. The more granular the understanding of users and their group memberships, the better an attacker can determine where they might find a vulnerability or gain higher-level access." + newLine + newLine + bigText(highlightTextPurple("What is gathered: ")) + newLine + "- This includes discovering user accounts, their group memberships, roles, and access privileges. Ethical hackers will often look for administrative accounts, users with weak or default passwords, and unnecessary privileges that could lead to privilege escalation." + newLine + newLine + bigText(highlightTextPurple("Why it’s important: ")) + newLine + "- If an attacker can identify users with excessive privileges, weak passwords, or default account credentials, they can exploit these to gain unauthorized access. For instance, finding an account with administrative rights but a weak password could provide the attacker with full control over a system."});
    }

    private static ExplanationPartModel s21_4() {
        return new ExplanationPartModel("3. Routing Tables", new String[]{"Routing tables define how network traffic is directed between devices and networks. These tables are critical in understanding the overall structure of a network, which can be invaluable during an attack." + newLine + newLine + bigText(highlightTextPurple("What is gathered: ")) + newLine + "- Ethical hackers will gather information about internal routing configurations, which might include static routes, dynamic routing protocols, and network segmentation details. They may attempt to identify misconfigurations or routes that can be exploited to traverse between subnets." + newLine + newLine + bigText(highlightTextPurple("Why it’s important: ")) + newLine + "- A poorly configured routing table can lead to unintended data flows or paths that attackers could use to move laterally across the network. For example, if there is an incorrect route that directs traffic through a less secure subnet, attackers can exploit this to reach sensitive systems they might not have been able to access otherwise."});
    }

    private static ExplanationPartModel s21_5() {
        return new ExplanationPartModel("4. Auditing and Service Settings", new String[]{"Auditing settings help monitor and log actions performed on a network or system, while service settings define the configurations and behaviors of network services (e.g., web servers, database servers). Proper auditing and security settings can help detect intrusions or misconfigurations early." + newLine + newLine + bigText(highlightTextPurple("What is gathered: ")) + newLine + "- Ethical hackers will review system logs, auditing configurations, and service settings to identify areas where monitoring or logging might be insufficient. They’ll also examine whether security services like firewalls, intrusion detection/prevention systems, or anti-virus software are enabled and properly configured." + newLine + newLine + bigText(highlightTextPurple("Why it’s important: ")) + newLine + "- If auditing is not properly configured or if there are gaps in monitoring, attackers can perform malicious activities (e.g., installing malware, exfiltrating data) without detection. Additionally, if a service is misconfigured or exposed unnecessarily (e.g., an open database or poorly secured FTP server), it could become an easy target for exploitation."});
    }

    private static ExplanationPartModel s21_6() {
        return new ExplanationPartModel("5. Machine Names", new String[]{"The names of machines in a network often follow a specific naming convention that can provide insights into the internal structure and organization of the network. Knowing machine names is useful for attackers to target specific systems based on their role or importance in the infrastructure." + newLine + newLine + bigText(highlightTextPurple("What is gathered: ")) + newLine + "- Intruders may enumerate the names of computers, servers, or workstations on the network. This can often be done using network discovery tools or querying DNS (Domain Name System) records." + newLine + newLine + bigText(highlightTextPurple("Why it’s important: ") + newLine) + "- Identifying machines by their names (especially if they follow predictable conventions) helps attackers identify targets with critical functions (like databases or file servers) or machines that are vulnerable due to specific software or misconfigurations. For example, an attacker may identify a machine named “SQLServer01” and attempt to exploit a known vulnerability in the SQL Server software running on it."});
    }

    private static ExplanationPartModel s21_7() {
        return new ExplanationPartModel("6. Applications and Banners", new String[]{"Applications running on networked systems, especially those that are exposed to the internet (e.g., web servers, mail servers, or database servers), often reveal their version numbers and other information through banner messages. These banners can give valuable clues about the software and services running on a machine." + newLine + newLine + bigText(highlightTextPurple("What is gathered: ")) + newLine + "- Through banner grabbing or scanning techniques, ethical hackers can identify the applications running on servers, their versions, and sometimes the underlying operating systems. This can involve looking at HTTP headers from web servers, SMTP banners from email servers, or even querying databases directly." + newLine + newLine + bigText(highlightTextPurple("Why it’s important: ")) + newLine + "- By identifying the version of an application or service, hackers can determine whether there are known vulnerabilities associated with that version. For instance, if an old version of Apache or a database system is discovered, an attacker can look for publicly available exploits for that version to gain access. Ethical hackers use this information to assess whether any of the exposed services are outdated and vulnerable to attack."});
    }

    private static ExplanationPartModel s21_8() {
        return new ExplanationPartModel("7. SNMP and DNS Details", new String[]{"SNMP (Simple Network Management Protocol) and DNS (Domain Name System) are essential for managing and resolving network devices and services, but they can also provide attackers with detailed information about a network that might not be visible otherwise." + newLine + newLine + bigText(highlightTextPurple("What is gathered: ")) + newLine + newLine + highlightText("SNMP: ") + "Intruders can query SNMP-enabled devices (e.g., routers, switches, printers) to gather information such as device configurations, network topology, and even passwords stored in plain text (depending on the SNMP version and configuration)." + newLine + newLine + highlightText("DNS: ") + "Querying the DNS server can reveal internal domain names, subdomains, and even IP addresses of network resources that aren’t publicly visible. Attackers can use this information to map out the network and discover hosts that may not be part of the regular infrastructure but could still be vulnerable." + newLine + newLine + bigText(highlightTextPurple("Why it’s important: ")) + newLine + "- Misconfigured SNMP or DNS services can give attackers an extensive view of the network infrastructure. If SNMP is poorly secured, attackers might get sensitive information about network devices, such as default passwords, which can be used to gain access to those devices. Similarly, DNS can provide internal network details that attackers can exploit for further reconnaissance or lateral movement across the network."});
    }

    private static ExplanationPartModel s22_1() {
        return new ExplanationPartModel("", new String[]{"In network security, enumeration plays a crucial role. By thoroughly enumerating a system, you can gain valuable insights into its structure and functions. This understanding can then be leveraged to identify potential vulnerabilities, which could be exploited to gain unauthorized access to sensitive information.", newLine + newLine + "There are various techniques available for enumeration, and the choice of method depends on the specific system being targeted. Common approaches include gathering email addresses and usernames, exploiting default passwords, and performing DNS zone transfers."});
    }

    private static ExplanationPartModel s22_2() {
        return new ExplanationPartModel("", new String[]{bigText(highlightTextPurple("1. Enumeration Using Email ID  ")) + newLine + "- Extracting information from an email ID can yield valuable details such as the username and domain name. An email address typically consists of both the username and the domain, making it a useful source of information.", newLine + newLine + bigText(highlightTextPurple("2. Enumeration using Default Password ")) + newLine + "- Another method of enumeration involves exploiting default passwords. Many devices and software come with pre-configured default credentials and settings, which are typically recommended to be changed. However, some administrators neglect to update these defaults, leaving systems vulnerable. Attackers can easily gain unauthorized access by using these default credentials, as discovering the default settings, configurations, and passwords is often straightforward.", newLine + newLine + bigText(highlightTextPurple("3. Brute Force Attack on Active Directory ")) + newLine + "- Active Directory (AD) offers centralized management of domain users, computers, and network printers, controlling access to network resources based on defined users and computers. Due to its central role, AD becomes a prime target for attackers seeking sensitive information. Brute force attacks or queries against LDAP services are commonly used to extract details such as usernames, email addresses, credentials, and privileges, all of which can be valuable for further exploitation."});
    }

    private static ExplanationPartModel s22_3() {
        return new ExplanationPartModel("", new String[]{bigText(highlightTextPurple("4. Enumeration through DNS Zone Transfer ")) + newLine + "- Enumeration through DNS zone transfer involves extracting crucial information such as the DNS server location, DNS records, and other network-related details like hostnames, IP addresses, and usernames. A zone transfer is a method used to synchronize DNS servers, and the zone file contains valuable data that attackers can retrieve. DNS requests from name servers typically use UDP port 53, while TCP port 53 is employed for zone transfers to ensure reliable data transmission.", newLine + newLine + bigText(highlightTextPurple("5. Enumeration using SNMP ")) + newLine + "- Enumeration using SNMP involves extracting information through the Simple Network Management Protocol (SNMP). Attackers often exploit default community strings or attempt to guess them to gain access to device details. SNMP was originally designed to allow administrators to manage devices such as servers, routers, switches, and workstations on an IP network. It helps network administrators monitor performance, identify and resolve issues, and plan for network expansion. As an application-layer protocol, SNMP facilitates communication between managers and agents. The SNMP system consists of three main components:SNMP manager,SNMP agents (managed node) and Management Information Base (MIB)" + newLine});
    }

    private static ExplanationPartModel s23_1() {
        return new ExplanationPartModel("", new String[]{highlightText("Port :- ") + "53" + newLine + highlightText("Service :- ") + "DNS Zone Transfer" + newLine + highlightText("Protocol :- ") + "TCP" + newLine + highlightText("Description :- ") + "Allows a complete transfer of DNS zone data, potentially revealing subdomains.", newLine + newLine + highlightText("Port :- ") + "135" + newLine + highlightText("Service :- ") + "Microsoft RPC Endpoint Mapper" + newLine + highlightText("Protocol :- ") + "TCP" + newLine + highlightText("Description :- ") + "Maps RPC services, potentially revealing services and endpoints.", newLine + newLine + highlightText("Port :- ") + "137" + newLine + highlightText("Service :- ") + "NetBIOS Name Service\t" + newLine + highlightText("Protocol :- ") + "TCP" + newLine + highlightText("Description :- ") + "Resolves NetBIOS names and shares in Windows networks.", newLine + newLine + highlightText("Port :- ") + "389" + newLine + highlightText("Service :- ") + "LDAP" + newLine + highlightText("Protocol :- ") + "TCP/Usp" + newLine + highlightText("Description :- ") + "Directory access and query for user, group, and other directory data.", newLine + newLine + highlightText("Port :- ") + "3268" + newLine + highlightText("Service :- ") + "Global Catalog Service" + newLine + highlightText("Protocol :- ") + "TCP/Usp" + newLine + highlightText("Description :- ") + "Provides access to a global directory in Active Directory."});
    }

    private static ExplanationPartModel s23_2() {
        return new ExplanationPartModel("", new String[]{highlightText("Port :- ") + "139" + newLine + highlightText("Service :- ") + "NetBIOS Session Service (SMB over NetBIOS)" + newLine + highlightText("Protocol :- ") + "TCP" + newLine + highlightText("Description :- ") + "File and printer sharing via SMB over NetBIOS.", newLine + newLine + highlightText("Port :- ") + "445" + newLine + highlightText("Service :- ") + "SMB over TCP (Direct Host)" + newLine + highlightText("Protocol :- ") + "TCP" + newLine + highlightText("Description :- ") + "Direct SMB connections without NetBIOS, used for file and printer sharing.", newLine + newLine + highlightText("Port :- ") + "161" + newLine + highlightText("Service :- ") + "SNMP" + newLine + highlightText("Protocol :- ") + "Usp" + newLine + highlightText("Description :- ") + "Used for network management and monitoring of devices.", newLine + newLine + highlightText("Port :- ") + "25" + newLine + highlightText("Service :- ") + "SMTP" + newLine + highlightText("Protocol :- ") + "TCP" + newLine + highlightText("Description :- ") + "Sends emails and can be used to enumerate email addresses and relay services."});
    }

    private static ExplanationPartModel s24_1() {
        return new ExplanationPartModel("NetBIOS Enumeration", new String[]{"NetBIOS, which stands for Network Basic Input/Output System, is a protocol that facilitates communication between computers over a local area network (LAN) and allows for the sharing of files and printers. On TCP/IP networks, devices are identified using NetBIOS names, typically in Windows environments. These names must be unique within the network and are limited to 16 characters. The first 15 characters are used for the device name, while the 16th character is reserved to specify the type of service running or the name record type." + newLine + newLine + bigText(highlightTextPurple("Uses of NetBIOS Enumeration")) + newLine + "- An attacker who finds a Windows OS with port 139 open can assess the resources accessible or visible on the remote system. To enumerate NetBIOS names, the remote system must have file and printer sharing enabled. Depending on the available shares, NetBIOS enumeration may grant an attacker the ability to read from or write to the remote system, or even launch a denial-of-service (DoS) attack, depending on the vulnerabilities present."});
    }

    private static ExplanationPartModel s24_2() {
        return new ExplanationPartModel("SNMP Enumeration", new String[]{"The Simple Network Management Protocol (SNMP) is an application layer protocol that operates over UDP. It is used to monitor and manage network devices such as routers, switches, and hubs. SNMP agents are installed on these networking devices within both Windows and UNIX-based networks to facilitate their management and maintenance.- SNMP (Simple Network Management Protocol) is an application layer protocol that operates over UDP to manage network devices such as routers, hubs, and switches within an IP network. It is commonly used across various operating systems, including Windows Server, Linux servers, and on network devices like routers and switches. SNMP enumeration on a target system can be used to gather information such as user accounts, passwords, groups, system names, and other device details." + newLine + newLine + bigText(highlightTextPurple("Component")) + newLine + newLine + highlightText("1. Managed Device: ") + newLine + "- A managed device is any device or host (referred to as a node) that has the SNMP service enabled. These devices include network equipment such as routers, switches, hubs, and bridges, as well as computers and other networked devices. These managed devices can be monitored and configured using SNMP for effective network management." + newLine + newLine + highlightText("2. Agents: ") + newLine + "- An agent is a software component that operates on a managed device. Its main role is to collect and organize data from the device, then convert this information into a format compatible with the SNMP protocol. This allows the data to be communicated to network management systems for monitoring and configuration purposes." + newLine + newLine + highlightText("3. Network Management System (NMS): ") + newLine + "- Network Management Systems (NMS) are software platforms used to monitor, manage, and control network devices. These systems collect data from managed devices, often through SNMP, to track performance, identify issues, and ensure the overall health and security of the network."});
    }

    private static ExplanationPartModel s24_3() {
        return new ExplanationPartModel("LDAP Enumeration", new String[]{"Before continuing, it’s important to understand LDAP in general. The Lightweight Directory Access Protocol (LDAP) is an internet protocol that operates over TCP/IP and is used to access and manage directory services, such as Active Directory. LDAP allows users to query and modify directory information, often related to organizational resources, users, and devices." + newLine + newLine + "LDAP enumeration is a technique used to query and extract details from an Active Directory, such as usernames, group memberships, email addresses, and other valuable information. These details can be used for various purposes, including further attacks or social engineering. By default, LDAP runs on TCP ports 389 (unencrypted) and 636 (encrypted via SSL/TLS)." + newLine + newLine + "LDAP queries can help enumerate important details, such as usernames, groups, organizational units, and other information that could be exploited by attackers for malicious purposes."});
    }

    private static ExplanationPartModel s24_4() {
        return new ExplanationPartModel("NTP Enumeration", new String[]{"NTP Enumeration is the process by which an attacker identifies and discovers Network Time Protocol (NTP) servers within a network. This information can be leveraged to locate vulnerable NTP servers or to further probe the network for other potential weaknesses. NTP servers that are publicly accessible from the internet are typically more susceptible to exploitation due to their exposure." + newLine + newLine + "Attackers often use a combination of DNS queries and brute force techniques to identify these servers, as well as utilizing online tools like Shodan.io or Censys to search for unprotected or misconfigured NTP devices. Once identified, these vulnerable NTP servers may be exploited in various ways, including for DDoS amplification attacks or other malicious purposes." + newLine + newLine + "In practice, it’s not necessary to control the entire network using NTP; instead, it’s typically sufficient to manage the first level of infrastructure, often referred to as the \"stratum 1\" servers, which are directly synchronized with highly accurate time sources like atomic clocks or GPS." + newLine + newLine + "NTP should not be used in conjunction with DNS for time synchronization, as this can lead to potential security risks and misconfigurations. Network time can often be disabled on improperly configured devices or even overridden by users on both clients and servers, which could lead to inconsistent time synchronization across the network." + newLine + newLine + "To improve security, servers should use multiple, reliable time sources to avoid a single point of failure. Clients should also be configured with the correct NTP options to choose their own time sources, ensuring they aren't vulnerable to attacks or manipulation if their designated NTP server is compromised."});
    }

    private static ExplanationPartModel s24_5() {
        return new ExplanationPartModel("SMTP Enumeration", new String[]{"SMTP (Simple Mail Transfer Protocol) is a set of communication protocols that facilitate email transmission across the internet. As part of the TCP/IP suite, SMTP is responsible for sending emails between servers. SMTP enumeration is the process of identifying valid users on an SMTP server, allowing attackers to gather information about potential targets." + newLine + newLine + " SMTP enumeration typically involves the use of specific built-in SMTP commands: " + newLine + newLine + bigText(highlightTextPurple("VRFY: ")) + newLine + "- This command is used to verify whether a specific email address exists on the server." + newLine + newLine + bigText(highlightTextPurple("EXPN: ")) + newLine + "- This command reveals the actual email addresses for aliases and mailing lists, providing insight into multiple recipients." + newLine + newLine + bigText(highlightTextPurple("RCPT TO: ")) + newLine + "- This command identifies the recipient(s) of an email, helping attackers gather information about valid addresses." + newLine + newLine + "By using these commands, an attacker can perform SMTP enumeration to identify valid email addresses and users on the target SMTP server, which could be leveraged for further attacks or social engineering."});
    }

    private static ExplanationPartModel s24_6() {
        return new ExplanationPartModel("DNS Enumeration", new String[]{"In this article, we will explore DNS Enumeration and walk through the process with a practical approach." + newLine + newLine + "The Domain Name System (DNS) is essentially a service that translates domain names  into IP addresses and vice versa. When a user enters a domain name in a browser, DNS resolves that name into an IP address, allowing the browser to connect to the correct web server. " + newLine + newLine + "DNS Enumeration is a technique used during reconnaissance to gain a better understanding of the target system’s surface area, such as its associated IP addresses and other network details." + newLine + newLine + "Through DNS enumeration, an attacker can retrieve valuable information from the target, such as DNS record types, hostnames, IP addresses, and other details, depending on how the target system is configured. This data can be crucial for further exploration or attacks." + newLine + newLine + "There are several open-source tools and scripts available for performing DNS enumeration, including Nmap, DNSRecon, and others, which can help in gathering this information efficiently."});
    }

    private static ExplanationPartModel s25_1() {
        return new ExplanationPartModel("Definition and Importance", new String[]{"Vulnerability analysis is a critical process in cybersecurity that involves identifying, assessing, and addressing weaknesses within systems, networks, or applications that could be exploited by cyber attackers. These vulnerabilities can come in various forms, such as software bugs, misconfigurations, outdated systems, or human errors, and pose potential threats to an organization's security posture." + newLine + newLine + "Vulnerability analysis is the systematic process of evaluating an organization’s assets and identifying any weaknesses or flaws in those assets. It aims to pinpoint areas that could be exploited by malicious actors, allowing organizations to take proactive steps to mitigate the risks." + newLine + newLine + bigText(highlightTextPurple("Importance of vulnerability analysis ")) + newLine + "- Prevent data breaches and cyberattacks by proactively identifying weaknesses." + newLine + "- Reduce potential financial and reputational damage caused by exploits." + newLine + "- Ensure compliance with industry standards and regulations (e.g., GDPR, HIPAA)." + newLine + "- Prioritize remediation efforts based on the severity of identified vulnerabilities."});
    }

    private static ExplanationPartModel s25_2() {
        return new ExplanationPartModel("Vulnerability vs. Threat vs. Risk", new String[]{bigText(highlightTextPurple("1. Vulnerability ")) + newLine + "- A vulnerability refers to a weakness or flaw in a system, application, network, or process that can potentially be exploited by a threat actor (hacker, malware, etc.) to gain unauthorized access, cause damage, or disrupt operations. Vulnerabilities can be present due to coding errors, misconfigurations, outdated software, or design flaws." + newLine + newLine + highlightText("Example: ") + "A software application with outdated libraries that are susceptible to known security exploits is considered vulnerable.", newLine + newLine + bigText(highlightTextPurple("2. Threat ")) + newLine + "- A threat is any potential danger or harmful event that can exploit a vulnerability to cause damage or unauthorized access to a system or network. It can come from various sources, such as hackers, malware, natural disasters, or human error. A threat is typically an actor or event that poses a risk to the security of the system." + newLine + newLine + highlightText("Example: ") + "A hacker attempting to exploit a vulnerability to gain unauthorized access to a company's network is considered a threat.", newLine + newLine + bigText(highlightTextPurple("3. Risk ")) + newLine + "- Risk refers to the probability and impact of a threat exploiting a vulnerability. It is a combination of two factors:" + newLine + "1. The likelihood that a threat will exploit a vulnerability." + newLine + "2. The potential damage or loss caused if that happens." + newLine + "- In ethical hacking, risk assessment involves evaluating the various vulnerabilities in a system, identifying potential threats, and estimating the risk (likelihood and impact) associated with each." + newLine + newLine + highlightText("Example: ") + "If a vulnerability in an outdated web application (vulnerability) is discovered and hackers (threat) attempt to exploit it, the risk would be determined by assessing how likely the hackers are to successfully exploit the vulnerability and what the consequences of such an exploit would be (e.g., data breach, financial loss, reputation damage)."});
    }

    private static ExplanationPartModel s26_1() {
        return new ExplanationPartModel("Penetration Testing vs. Vulnerability Assessments part 1 ", new String[]{bigText(highlightTextPurple("1. Criticality of Systems")) + newLine + highlightTextGreen("Penetration Testing: ") + " Meant for critical real-time systems." + newLine + newLine + highlightTextGreen("Vulnerability Assessments: ") + " Meant for non-critical systems.", newLine + newLine + bigText(highlightTextPurple("2. Analysis Focus")) + newLine + highlightTextGreen("Penetration Testing: ") + "Non-intrusive, focuses on documentation, environmental review, and analysis." + newLine + newLine + highlightTextGreen("Vulnerability Assessments: ") + "Comprehensive analysis and thorough review of the target system and its environment.", newLine + newLine + bigText(highlightTextPurple("3. Outcome")) + newLine + highlightTextGreen("Penetration Testing: ") + "Cleans up the system and provides a final report." + newLine + newLine + highlightTextGreen("Vulnerability Assessments: ") + "Attempts to mitigate or eliminate potential vulnerabilities in valuable resources.", newLine + newLine + bigText(highlightTextPurple("4. Information Gathering")) + newLine + highlightTextGreen("Penetration Testing: ") + "Gathers targeted information and/or inspects the system." + newLine + newLine + highlightTextGreen("Vulnerability Assessments: ") + "Allocates quantifiable value and significance to the available resources.", newLine + newLine + bigText(highlightTextPurple("5. Sensitive Data")) + newLine + highlightTextGreen("Penetration Testing: ") + "Tests sensitive data collection." + newLine + newLine + highlightTextGreen("Vulnerability Assessments: ") + "Discovers potential threats to each resource.", newLine + newLine + bigText(highlightTextPurple("6. Attack Scope")) + newLine + highlightTextGreen("Penetration Testing: ") + "Determines the scope of an attack." + newLine + newLine + highlightTextGreen("Vulnerability Assessments: ") + "Makes a directory of assets and resources in a given system."});
    }

    private static ExplanationPartModel s26_2() {
        return new ExplanationPartModel("Penetration Testing vs. Vulnerability Assessments part 2 ", new String[]{bigText(highlightTextPurple("7. Focus")) + newLine + highlightTextGreen("Penetration Testing: ") + "Discovers unknown and exploitable weaknesses in normal business processes." + newLine + newLine + highlightTextGreen("Vulnerability Assessments: ") + "Lists known software vulnerabilities that could be exploited.", newLine + newLine + bigText(highlightTextPurple("8. Execution")) + newLine + highlightTextGreen("Penetration Testing: ") + "A simulated cyberattack carried out by experienced ethical hackers in a well-defined, controlled environment." + newLine + newLine + highlightTextGreen("Vulnerability Assessments: ") + "An automated assessment performed with the help of automated tools.", newLine + newLine + bigText(highlightTextPurple("9. Procedure")) + newLine + highlightTextGreen("Penetration Testing: ") + "A goal-oriented procedure that should be carried out in a controlled manner." + newLine + newLine + highlightTextGreen("Vulnerability Assessments: ") + "A cost-effective assessment method, often considered safe to perform.", newLine + newLine + bigText(highlightTextPurple("10. Scope of Vulnerabilities")) + newLine + highlightTextGreen("Penetration Testing: ") + "Identifies exploitable security vulnerabilities." + newLine + newLine + highlightTextGreen("Vulnerability Assessments: ") + "Identifies, categorizes, and quantifies security vulnerabilities.", newLine + newLine + bigText(highlightTextPurple("11. Environment")) + newLine + highlightTextGreen("Penetration Testing: ") + "Ideal for physical environments and network architecture. " + newLine + newLine + highlightTextGreen("Vulnerability Assessments: ") + "Ideal for lab environments."});
    }

    private static ExplanationPartModel s27_1() {
        return new ExplanationPartModel("Software vulnerability", new String[]{"This type of vulnerability arises from weaknesses within software products, often due to:" + newLine + "1. Programming errors like SQL injection or cross-site scripting." + newLine + "2. Design flaws, such as insufficient user authentication or authorization processes." + newLine + "3. Inadequate input validation, which can allow attackers to manipulate data or commands." + newLine + "4. Flaws in error handling that may expose sensitive information or system behavior to unauthorized users." + newLine + newLine + "Cybercriminals can exploit these vulnerabilities to introduce malware or a backdoor into the system. Even though the software may continue to operate correctly from a functional standpoint, the vulnerability allows attackers to remain undetected while exploiting the flaw. Additionally, the continued presence of the vulnerability may provide cybercriminals with long-term access to sensitive systems, increasing the risk of data theft or system compromise."});
    }

    private static ExplanationPartModel s27_2() {
        return new ExplanationPartModel("Network vulnerability", new String[]{"Network vulnerabilities encompass weaknesses within the software, hardware, and processes that manage:" + newLine + "1. Data workload flows" + newLine + "2. User traffic" + newLine + "3. Computing requests across IT networks." + newLine + newLine + "These vulnerabilities can span the entire OSI model, from the physical hardware layer to the application layer. Given the diverse range of technologies that make up an IT network, tracking and managing vulnerabilities becomes complex. Each hardware device and software service often comes from different vendors, introducing unique security risks. Even with up-to-date software and firmware, the network infrastructure may remain susceptible to unauthorized access due to misconfigurations in firewalls or traffic routing."});
    }

    private static ExplanationPartModel s27_3() {
        return new ExplanationPartModel("Configuration & process vulnerability", new String[]{"Misconfigurations can create significant security risks, even when individual software and hardware components are free from known vulnerabilities. For instance, devices might be set up with default administrative credentials that are widely known or easily accessible to cybercriminals. Additionally, default security settings may fail to automatically encrypt sensitive data, leaving any exposed data vulnerable to risks such as:" + newLine + "1. Unauthorized modifications" + newLine + "2. Trade secret leaks" + newLine + "3. Intellectual property theft" + newLine + newLine + "Another dimension of misconfigurations involves risks related to system processes. These can arise from the handling of TCP/IP protocols, network traffic workflows, and authentication mechanisms, all of which are crucial for ensuring the proper operation of the network. Misconfigurations in these areas could cause network traffic to breach established security policies. Since no individual network component may appear to malfunction, engineering teams must rely on statistical analysis to assess whether the network as a whole adheres to the assigned security protocols."});
    }

    private static ExplanationPartModel s27_4() {
        return new ExplanationPartModel("Insider threats vulnerability", new String[]{"According to research, human error is responsible for 95% of all cybersecurity incidents. Not all of these errors are due to external actors—insider threats can pose a significant risk as well. An insider threat can arise when an employee, initially trusted with sensitive business information and access to critical systems, becomes disgruntled or dissatisfied and intentionally seeks to harm the organization. In such cases, the potential for risk largely depends on two factors:" + newLine + "1. The level of access privileges granted to the employee" + newLine + "2. Their ability to exploit vulnerabilities and gain unauthorized access" + newLine + newLine + "Another form of insider threat stems from accidental actions, negligence, or a lack of security awareness among employees handling sensitive data. Identifying malicious intent or predicting security negligence can be difficult, but there are steps organizations can take to reduce their exposure to these risks. Effective measures include:" + newLine + "1. Implementing strict access controls based on the principle of least privilege" + newLine + "2. Encrypting sensitive data to ensure its security" + newLine + "3. Continuously monitoring and tracking network and data activity to detect unauthorized access or changes in real time"});
    }

    private static ExplanationPartModel s27_5() {
        return new ExplanationPartModel("Physical vulnerability", new String[]{"In the context of cybersecurity vulnerabilities, physical security is especially important for cloud infrastructure providers and large organizations managing in-house data center operations. Physical vulnerabilities can include:" + newLine + "1. Unauthorized access to server rooms" + newLine + "2. Presence of camera blind spots" + newLine + "3. Lack of adequate documentation of security measures" + newLine + "4. Failure to record physical activities performed in the data center, such as replacing storage devices" + newLine + newLine + "However, insider threats within the physical office premises, as well as the theft or loss of BYOD (Bring Your Own Device) devices, can create significant security risks for the organization. To mitigate these physical vulnerabilities, organizations must implement stringent policies governing the use of business information on BYOD devices. Additionally, access to corporate applications, services, and networks should be tightly controlled when accessed from outside the organization's physical premises."});
    }

    private static ExplanationPartModel s27_6() {
        return new ExplanationPartModel("Buffer overflow vulnerability", new String[]{"A buffer overflow occurs when a program exceeds its buffer's capacity and writes more data than it can handle. This results in the overwriting of adjacent memory, potentially causing system instability, crashes, or security vulnerabilities, as it may lead to the execution of malicious code or unauthorized access to system resources." + newLine + newLine + "There are two main types of buffer overflow attacks: " + newLine + highlightTextPurple("Stack overflow") + newLine + "- This occurs when the buffer overflows into the stack, overwriting return addresses. This can lead to the redirection of program execution or the arbitrary execution of malicious code." + newLine + newLine + highlightTextPurple("Heap overflow") + newLine + "- In this type of attack, the buffer overflows into the heap, corrupting dynamic memory structures. This can result in memory corruption, data manipulation, and potential security breaches, allowing attackers to exploit vulnerabilities for malicious purposes." + newLine + newLine + "Buffer overflows can lead to a range of issues, including system or application failures, data corruption that undermines reliability and data integrity, and even unauthorized privilege escalation. With privilege escalation, attackers may exploit the vulnerability to execute malicious code, compromising the security of the system." + newLine + newLine + highlightTextPurple("1. Validate buffer sizes and inputs ") + newLine + "- Ensure that data written to buffers is properly checked to avoid exceeding allocated space." + newLine + newLine + highlightTextPurple("2. Use safer functions ") + newLine + "- Opt for functions like strncpy instead of strcpy, which allow you to specify buffer limits and prevent overflows." + newLine + newLine + highlightTextPurple("3. Program in languages with built-in protections ") + newLine + "- Use languages like Java, C#, or Python, which include automatic memory management and built-in safeguards against buffer overflows." + newLine + newLine + highlightTextPurple("4. Use modern compilers with security features ") + newLine + "- Leverage compilers that support security enhancements like address space layout randomization (ASLR) and stack canaries, which help mitigate the impact of buffer overflow attacks."});
    }

    private static ExplanationPartModel s28_1() {
        return new ExplanationPartModel("Network-based Scanning", new String[]{"Network-based scanning focuses on discovering vulnerabilities in the network infrastructure, such as routers, switches, firewalls, and other devices that form the backbone of the network. It typically involves scanning the entire network for open ports, misconfigured services, weak encryption, and other vulnerabilities that could allow unauthorized access or exploitation of the network." + newLine + newLine + bigText(highlightTextPurple("Key Characteristics")) + newLine + "- Scans the entire network or specific network segments." + newLine + "- Detects vulnerabilities in network services, protocols, and misconfigurations." + newLine + "- Can be done remotely (without direct access to the target system)." + newLine + "- Often uses techniques like port scanning, service enumeration, and banner grabbing." + newLine + newLine + bigText(highlightTextPurple("Focus Area")) + newLine + "Network devices and services" + newLine + newLine + bigText(highlightTextPurple("Example Vulnerabilities")) + newLine + "Open ports, misconfigured firewalls, insecure protocols"});
    }

    private static ExplanationPartModel s28_2() {
        return new ExplanationPartModel("Host-based Scanning", new String[]{"Host-based scanning focuses on vulnerabilities within individual devices or hosts on the network, such as servers, workstations, and virtual machines. This type of scanning checks for operating system flaws, missing patches, insecure configurations, and potential malware infections." + newLine + newLine + bigText(highlightTextPurple("Key Characteristics")) + newLine + "- Requires access to the host or device being scanned." + newLine + "- Focuses on vulnerabilities at the operating system, software, and configuration level." + newLine + "- Can detect weaknesses like outdated patches, unauthorized software, or system misconfigurations." + newLine + "- Typically performed on a per-host basis." + newLine + newLine + bigText(highlightTextPurple("Focus Area")) + newLine + "- Operating systems and hosts (servers, workstations)" + newLine + newLine + bigText(highlightTextPurple("Example Vulnerabilities")) + newLine + "- Missing patches, malware, unauthorized software"});
    }

    private static ExplanationPartModel s29_1() {
        return new ExplanationPartModel("Application-level Scanning", new String[]{"Application-level scanning focuses on vulnerabilities in applications, whether they are web-based applications, desktop software, or mobile applications. This scanning technique identifies flaws such as SQL injection, cross-site scripting (XSS), insecure authentication, and others that could compromise the security of the application." + newLine + newLine + highlightTextPurple("Key Characteristics ") + newLine + "- Targets specific software applications." + newLine + "- Identifies flaws related to business logic, authentication, input validation, and data handling." + newLine + "- Common tools for application-level scanning include web application scanners like OWASP ZAP, Acunetix, or Burp Suite." + newLine + "- Often involves dynamic and static analysis of code, as well as penetration testing." + newLine + newLine + highlightTextPurple("Focus Area ") + newLine + "- Software applications (web, mobile, desktop)" + newLine + newLine + highlightTextPurple("Example Vulnerabilities ") + newLine + "- SQL injection, XSS, weak authentication"});
    }

    private static ExplanationPartModel s29_2() {
        return new ExplanationPartModel("Database Scanning", new String[]{"Database scanning is the process of searching for vulnerabilities in databases, such as SQL servers, MySQL, or Oracle. It looks for configuration issues, weak access controls, unencrypted data, or common SQL injection vulnerabilities that could be exploited by attackers." + newLine + newLine + bigText(highlightTextPurple("Key Characteristics ")) + newLine + "- Focuses on database systems and configurations." + newLine + "- Identifies issues like weak passwords, exposed sensitive data, insecure database configurations, and SQL injection vulnerabilities." + newLine + "- Can scan both the database server and the database itself." + newLine + "- Can also detect improper user permissions or excessive privileges." + newLine + newLine + bigText(highlightTextPurple("Focus Area ")) + newLine + "- Database servers and configurations" + newLine + newLine + bigText(highlightTextPurple("Example Vulnerabilities ")) + newLine + "- SQL injection, weak access controls, data leakage"});
    }

    private static ExplanationPartModel s2_1() {
        return new ExplanationPartModel("Types of Hackers", new String[]{"Hackers can be categorized in various ways based on their motivations, methods, and objectives. Below are the most common types of hackers:- " + newLine + space(3) + "1. Black Hat Hackers" + newLine + space(3) + "2. White Hat Hackers(Ethical Hackers)" + newLine + space(3) + "3. Gray Hat Hackers" + newLine + space(3) + "4. Red Hat Hackers" + newLine + space(3) + "5. Blue Hat Hackers" + newLine + space(3) + "6. Green Hat Hackers" + newLine});
    }

    private static ExplanationPartModel s2_2() {
        return new ExplanationPartModel("1. Black Hat Hackers", new String[]{"Black hat hackers, often referred to as crackers, are individuals who engage in malicious activities with the intent of gaining unauthorized access to computer networks, websites, and systems. Their primary goal is typically financial gain, which they achieve by stealing sensitive organizational data, draining funds from online bank accounts, or violating privacy rights to benefit criminal organizations.", newLine + newLine + "In the modern digital landscape, the majority of hackers fall into this category, operating covertly and engaging in illegal activities. Black hat hackers possess advanced technical skills and training that enable them to exploit security vulnerabilities, bypass protective measures, and infiltrate systems without the owner's consent. Their actions include stealing valuable data, distributing malware, and causing widespread damage to systems. These hackers work with a harmful and criminal intent, using their expertise to attack and disrupt, often for personal or financial benefit."});
    }

    private static ExplanationPartModel s2_3() {
        return new ExplanationPartModel("2. Gray Hat Hackers", new String[]{"Grey hat hackers occupy a space between ethical and malicious hacking. While they gain unauthorized access to systems, they do so without the intention of causing harm. Their primary aim is to uncover and expose vulnerabilities, rather than exploit them for personal gain. In some cases, they may offer to help fix these flaws after identifying them, even though their actions were initially unauthorized. For instance, a grey hat hacker might infiltrate a website or application to discover security weaknesses. While they typically don't cause damage, their actions can harm the reputation of the organization, especially when vulnerabilities are publicly revealed. Often, grey hat hackers seek recognition and credibility within the cybersecurity community, which can ultimately boost their careers as security experts."});
    }

    private static ExplanationPartModel s2_4() {
        return new ExplanationPartModel("3. White Hat Hackers", new String[]{"White hat hackers, also known as ethical hackers, are the direct opposite of black hat hackers. They leverage their technical skills to protect systems and networks from malicious cyber attacks. Often employed by businesses, government agencies, or as independent contractors, white hat hackers work to identify and resolve security vulnerabilities before they can be exploited by criminals. Their role involves using the same hacking techniques as black hat hackers but with the consent of the system owner and with the goal of improving security. These professionals might work as security analysts, researchers, or specialists, helping organizations safeguard their data and systems from potential threats."});
    }

    private static ExplanationPartModel s2_5() {
        return new ExplanationPartModel("4. Green  Hat Hackers", new String[]{"Green hat hackers are typically novices in the hacking world, lacking a deep understanding of safety protocols or the inner workings of the internet. They are motivated and eager to learn quickly, often driven by the desire to advance their skills. While their intentions are generally not malicious, their inexperience can lead them to experiment with viruses and attack methods without fully understanding the potential consequences. This lack of awareness can make them dangerous, as they might inadvertently cause harm or be unable to fix the damage they’ve caused while exploring new techniques."});
    }

    private static ExplanationPartModel s2_6() {
        return new ExplanationPartModel("5. Blue  Hat Hackers", new String[]{"Safety experts who work outside of an organization are referred to as blue hat hackers. Before launching new software, companies often invite these external experts to test the product and identify any security vulnerabilities. Occasionally, organizations will hold special meetings or \"hackathons\" where blue hat hackers can collaborate to discover weaknesses in critical internet systems. While money and recognition might not always be their primary motivation, some hackers engage in cyberattacks as a form of personal revenge, targeting individuals, employers, organizations, or governments they feel have wronged them. To damage their targets, blue hat hackers employ malicious software and various cyber threats aimed at compromising data, websites, or devices."});
    }

    private static ExplanationPartModel s2_7() {
        return new ExplanationPartModel("6. Red Hat Hackers", new String[]{"Red hat hackers, often referred to as \"eagle-eyed\" hackers, have a mission to prevent malicious actors from conducting unethical attacks. While their goal aligns with that of ethical hackers—combating cyber threats—their methods differ. Red hat hackers may employ more aggressive or even illegal tactics to disrupt and counteract cybercriminals. This could include launching cyberattacks against the systems of threat actors to neutralize their activities."});
    }

    private static ExplanationPartModel s30_1() {
        return new ExplanationPartModel("Define System Hacking", new String[]{"System hacking is the process of identifying and exploiting vulnerabilities within electronic systems to gain unauthorized access or control. Hackers, driven by various motives such as financial gain, political activism, or personal challenge, use a wide range of techniques to infiltrate systems. Common methods include phishing, where deceptive emails or messages trick individuals into revealing sensitive information, and social engineering, which manipulates people into disclosing confidential data. Additionally, brute-force attacks and password guessing are often used, where hackers attempt to crack passwords through trial and error until they gain access.", newLine + newLine + "In more advanced cases, hackers may exploit software vulnerabilities or inject malicious code to bypass security measures. Once inside the system, they can steal valuable data, alter system functions, or disrupt operations, often without leaving a trace. The ultimate goal of system hacking varies, but it often involves compromising the integrity of the target system, either for malicious intent, financial exploitation, or to create chaos. Effective cybersecurity measures are critical in defending against these evolving and increasingly sophisticated attacks."});
    }

    private static ExplanationPartModel s30_2() {
        return new ExplanationPartModel("Purpose of System Hacking: ", new String[]{"Gain access to personal data of individuals or sensitive information of organizations." + newLine + newLine + "Misuse and leak the obtained information, potentially harming the organization's reputation." + newLine + newLine + "Privilege escalation to gain higher access levels within the system." + newLine + newLine + "Execute malicious applications to monitor the system continuously."});
    }

    private static ExplanationPartModel s31_1() {
        return new ExplanationPartModel("Define Password Cracking", new String[]{bigText(highlightTextPurple("Password Cracking")) + newLine + "- Password cracking methods are employed to retrieve passwords from computer systems." + newLine + "- Cyber attackers use these techniques to gain unauthorized access to vulnerable systems." + newLine + "- Many password cracking attempts succeed because of weak or easily guessable passwords.", newLine + newLine + bigText(highlightTextPurple("Password Cracking Tools")) + newLine + newLine + highlightText("  L0phtCrack  ") + newLine + "- L0phtCrack is a password auditing and recovery tool with features like scheduling, hash extraction for 64-bit Windows versions, and network monitoring and decoding capabilities." + newLine + newLine + highlightText("  Ophcrack  ") + newLine + "- Ophcrack is a Windows password cracker that utilizes rainbow tables. It includes a Graphical User Interface and supports multiple platforms." + newLine + newLine + highlightText("  Cain & Abel  ") + newLine + "- Cain & Abel is a powerful password recovery tool that recovers various types of passwords by sniffing network traffic and using methods like dictionary, brute-force, and cryptanalysis attacks to crack encrypted passwords." + newLine + newLine + highlightText("  RainbowCrack  ") + newLine + "- RainbowCrack uses rainbow tables to crack password hashes, employing a time-memory tradeoff algorithm to improve the efficiency of cracking.", newLine + newLine + bigText(highlightTextPurple("Types of Password Attacks")) + newLine + "- It captures the security patterns used to access the phone and cracks the passcode for unlocking the iPhone, as well as the actual passwords for social messaging apps." + newLine + "- It enables you to log into their Facebook, Skype, Twitter, Pinterest, LinkedIn, Gmail, and other email accounts directly from your own computer."});
    }

    private static ExplanationPartModel s31_2() {
        return new ExplanationPartModel("How to Defend against Password Cracking", new String[]{"- Conduct regular security audits to monitor and track password attacks.", newLine + "- Avoid reusing passwords when changing them.", newLine + "- Never share passwords with others.", newLine + "- Do not use dictionary words as passwords.", newLine + "- Avoid using cleartext protocols or those with weak encryption.", newLine + "- Set a password expiration policy of 30 days.", newLine + "- Do not store passwords in an unsecured location.", newLine + "- Never use default system passwords.", newLine + "- Create strong passwords by using 8-12 alphanumeric characters, combining uppercase and lowercase letters, numbers, and symbols.", newLine + "- Ensure applications do not store passwords in memory or write them to disk in plain text.", newLine + "- Add a random string (salt) as a prefix or suffix to passwords before encrypting them.", newLine + "- Enable SYSKEY with a strong password to encrypt and protect the SAM database.", newLine + "- Avoid using easily guessable passwords like birthdates, names of spouses, children, or pets.", newLine + "- Regularly monitor server logs for signs of brute force attacks targeting user accounts.", newLine + "- Lock accounts after too many failed password attempts to prevent unauthorized access."});
    }

    private static ExplanationPartModel s31_3() {
        return new ExplanationPartModel("Types of Password Attacks ", new String[]{bigText(highlightTextPurple("Non-Electronic Attacks")) + newLine + "- Shoulder Surfing,Social Engineering,Dumpster Diving" + newLine + newLine + bigText(highlightTextPurple("Offline Attacks")) + newLine + "- Pre-Computed Hashes (Rainbow Table),Distributed Network" + newLine + newLine + bigText(highlightTextPurple("Active Online Attacks")) + newLine + "- Dictionary and Brute Forcing Attack,Hash Injection and Phishing,Trojan/Spyware/Keyloggers,Password Guessing" + newLine + newLine + bigText(highlightTextPurple("Passive Online Attacks")) + newLine + "- Wire Sniffing,Man-in-the-Middle,Replay"});
    }

    private static ExplanationPartModel s31_4() {
        return new ExplanationPartModel("1. Non-Electronic Attacks", new String[]{"An attacker doesn't need technical expertise to crack a password, making it a non-technical attack." + newLine + newLine + bigText(highlightTextPurple("Shoulder Surfing: ")) + newLine + "- Observing a user's keyboard or screen while they are logging in to capture their credentials." + newLine + newLine + bigText(highlightTextPurple("Social Engineering: ")) + newLine + "- Manipulating individuals into revealing their passwords or other sensitive information." + newLine + newLine + bigText(highlightTextPurple("Dumpster Diving: ")) + newLine + "- Searching through a user’s trash, printer waste, or desk for discarded notes containing sensitive information, such as passwords."});
    }

    private static ExplanationPartModel s31_5() {
        return new ExplanationPartModel("2. Offline Attack ", new String[]{"The attacker copies the target's password file and attempts to crack the passwords on their own system, located elsewhere." + newLine + newLine + bigText(highlightTextPurple("Rainbow Table")) + newLine + newLine + highlightText("Rainbow Table: ") + newLine + "- A rainbow table is a precomputed table that contains word lists, such as dictionary files and brute-force lists, along with their corresponding hash values." + newLine + newLine + highlightText("Compare the Hashes: ") + newLine + "- The process involves capturing the hash of a password and comparing it with a precomputed hash table. If a match is found, the password is successfully cracked." + newLine + newLine + highlightText("Easy to Recover: ") + newLine + "- Recovering passwords is simplified by comparing captured password hashes against precomputed tables." + newLine + newLine + highlightText("Precomputed Hashes: ") + newLine + "- 1qazwed -> 21c40e47dba72e77518ee3ef88ad0cc8 and 9da8dasf -> eb0f5690164ffabbed1744087a4d6761" + newLine + newLine + bigText(highlightTextPurple("Distributed Network Attack")) + newLine + "- A Distributed Network Attack (DNA) technique is used to recover passwords from hashes or password-protected files by utilizing the unused processing power of machines across a network to decrypt passwords." + newLine + "- The DNA Manager is installed in a central location, allowing machines running the DNA Client to access it over the network." + newLine + "- The DNA Manager coordinates the attack, distributing small portions of the key search to various machines across the network." + newLine + "- The DNA Client runs in the background, using only idle processor time." + newLine + "- The program leverages the combined processing power of all the clients connected to the network to crack the password."});
    }

    private static ExplanationPartModel s31_6() {
        return new ExplanationPartModel("3. Active Online Attacks", new String[]{"The attacker carries out password cracking by directly interacting with the victim's machine." + newLine + newLine + bigText(highlightTextPurple("Dictionary, Brute Forcing and Rule-based Attack")) + newLine + newLine + highlightText("Dictionary Attack: ") + newLine + "- A dictionary file is loaded into a cracking application, which then runs the file against user accounts to guess the password." + newLine + newLine + highlightText("Brute Force Attack: ") + newLine + "- The program systematically tries every possible combination of characters until the correct password is found." + newLine + newLine + highlightText("Rule-based Attack: ") + newLine + "- This attack is used when the attacker has some insight into the structure of the password, such as common patterns or certain characteristics.", newLine + newLine + bigText(highlightTextPurple("Hash Injection Attack")) + newLine + "- A hash injection attack enables an attacker to inject a compromised hash into a local session and use it to authenticate to network resources." + newLine + "- The attacker locates and extracts the hash of a logged-in domain admin account." + newLine + "- The attacker then uses the extracted hash to gain access to the domain controller.", newLine + newLine + bigText(highlightTextPurple("Trojan/Spyware/Keylogger")) + newLine + "- The attacker installs a Trojan, spyware, or keylogger on the victim's machine to capture the victim’s usernames and passwords." + newLine + "- The Trojan/Spyware/Keylogger operates in the background, secretly sending the captured user credentials back to the attacker.", newLine + newLine + bigText(highlightTextPurple("Password Guessing")) + newLine + "- The attacker compiles a list of potential passwords based on information gathered through social engineering or other methods, then manually attempts them on the victim's machine to crack the password." + newLine + space(3) + "1. Identify a valid user." + newLine + space(3) + "2. Create a list of possible passwords." + newLine + space(3) + "3. Rank the passwords based on likelihood, from highest to lowest probability." + newLine + space(3) + "4. Enter each password one by one until the correct one is found."});
    }

    private static ExplanationPartModel s31_7() {
        return new ExplanationPartModel("4. Passive Online Attacks", new String[]{"The attacker carries out password cracking without any communication with the authorized party." + newLine + newLine + bigText(highlightTextPurple("Wire Sniffing")) + newLine + "- Attackers use packet sniffer tools on a local area network (LAN) to capture and record raw network traffic." + newLine + "- The intercepted data can include sensitive information such as passwords (e.g., FTP, rlogin sessions) and emails." + newLine + "- The sniffed credentials are then exploited to gain unauthorized access to the target system.", newLine + newLine + newLine + bigText(highlightTextPurple("Man-in-the-Middle and Replay Attack")) + newLine + newLine + highlightText(" Gain Access to Communication Channels: ") + newLine + "In a Man-in-the-Middle (MITM) attack, the attacker intercepts and gains access to the communication channels between the victim and the server to extract sensitive information." + newLine + newLine + highlightText(" Use Sniffer: ") + newLine + "In a replay attack, the attacker uses a sniffer to capture packets and authentication tokens. After extracting the necessary information, the tokens are retransmitted onto the network to gain unauthorized access." + newLine + newLine + highlightText(" Considerations: ") + newLine + space(3) + "1. It is relatively difficult to execute." + newLine + space(3) + "2. The attacker must be trusted by one or both parties involved." + newLine + space(3) + "3. The attack can sometimes be thwarted by invalidating the intercepted traffic."});
    }

    private static ExplanationPartModel s32_1() {
        return new ExplanationPartModel("Define Escalating Privileges", new String[]{"An attacker may first gain access to the network using a non-admin user account, and their next objective is to escalate their privileges to gain administrative access." + newLine + newLine + "To achieve this, the attacker performs a privilege escalation attack, exploiting design flaws, programming errors, bugs, and configuration oversights in the operating system and software applications. This allows them to elevate their access to administrative levels, enabling control over the network and associated applications." + newLine + newLine + "With these elevated privileges, the attacker can access sensitive or critical information, delete files, and install malicious software like viruses, Trojans, worms, and other harmful programs that can further compromise the system’s security."});
    }

    private static ExplanationPartModel s32_2() {
        return new ExplanationPartModel("Types of Escalating Privileges", new String[]{bigText(highlightTextPurple(" Vertical Privilege Escalation: ")) + newLine + "- This involves a user or attacker gaining higher-level privileges than they originally had access to, like moving from a regular user account to an administrator or root account. This can lead to serious security risks, as it gives the attacker control over sensitive data or systems." + newLine + newLine + bigText(highlightTextPurple(" Horizontal Privilege Escalation: ")) + newLine + "- This occurs when a user or attacker uses the same level of privileges they already have but impersonates another user who shares that same level of access. For example, a user with basic privileges might exploit a vulnerability to access another user's account with the same privilege level, effectively assuming their identity."});
    }

    private static ExplanationPartModel s32_3() {
        return new ExplanationPartModel("How to Defend Against Escalating Privileges ", new String[]{"Restrict interactive logon privileges to minimize unauthorized access risks." + newLine + newLine + "Use encryption techniques to protect sensitive data both at rest and in transit." + newLine + newLine + "Enforce the principle of least privilege by running users and applications with the minimal level of access required." + newLine + newLine + "Limit the amount of code running with elevated privileges to reduce potential attack surfaces." + newLine + newLine + "Implement multi-factor authentication (MFA) to strengthen access control and authorization processes." + newLine + newLine + "Perform rigorous debugging using tools like bounds checkers and stress tests to identify potential vulnerabilities." + newLine + newLine + "Run services under unprivileged accounts to minimize the risk associated with service account compromises." + newLine + newLine + "Conduct thorough testing of the operating system and application code to identify and fix errors or bugs." + newLine + newLine + "Apply privilege separation to minimize the impact of potential programming errors and reduce attack vectors." + newLine + newLine + "Regularly patch systems to address vulnerabilities and keep the environment secure."});
    }

    private static ExplanationPartModel s33_1() {
        return new ExplanationPartModel("Define Executing Applications", new String[]{"Attackers execute malicious applications at this stage, often referred to as \"owning\" the system." + newLine + newLine + "The attacker runs malicious programs remotely on the victim's machine, with the goal of gathering sensitive information that could lead to exploitation, compromising privacy, unauthorized access to system resources, cracking passwords, capturing screenshots, installing backdoors for persistent access, and more.", newLine + newLine + bigText(highlightTextPurple("Executing Application Tools")) + newLine + newLine + highlightText("RemoteExec") + newLine + "- RemoteExec allows attackers to remotely install applications, execute programs or scripts, and update files and folders on Windows systems across a network." + newLine + "- It enables attackers to modify the registry, change local admin passwords, disable local accounts, and copy, update, or delete files and folders." + newLine + newLine + highlightText("PDQ Deploy") + newLine + "- PDQ Deploy is a software deployment tool that enables administrators to silently install nearly any application or patch across multiple systems in a network." + newLine + newLine + highlightText("DameWare Remote Support") + newLine + "- DameWare Remote Support is a remote administration tool that allows management of servers, laptops, and desktops." + newLine + "- It enables attackers to remotely control and administer Windows-based computers, potentially compromising the entire system."});
    }

    private static ExplanationPartModel s33_2() {
        return new ExplanationPartModel("Keylogger", new String[]{"Keystroke loggers are either software programs or hardware devices that track every keystroke a user types on their keyboard. These inputs are then logged to a file or transmitted to a remote location." + newLine + newLine + "Legitimate uses for keyloggers include monitoring employee activity in office or industrial settings, or allowing parents to track and supervise their children’s computer activity in a home environment." + newLine + newLine + "Attackers can use keyloggers to gather sensitive information, such as email addresses, passwords, banking details, chat room activity, IRC conversations, instant messages, and more." + newLine + newLine + "Physical keyloggers are typically placed between the keyboard and the computer’s operating system, intercepting keystrokes as they are typed.", newLine + newLine + bigText(highlightTextPurple("Types of Keystroke Loggers")) + newLine + newLine + highlightText("Hardware Keystroke Loggers:") + newLine + space(3) + "1. PC/BIOS Embedded" + newLine + space(3) + "2. Keylogger Keyboard" + newLine + space(3) + "3. External Embedded :- " + newLine + space(6) + "- Wi-Fi Keylogger" + newLine + space(6) + "- Bluetooth Keylogger" + newLine + space(6) + "- Acoustic/CAM Keylogger" + newLine + space(6) + "- PS/2 and USB Keylogger" + newLine + newLine + highlightText("Software Keystroke Loggers:") + newLine + space(3) + "1. Application Keylogger" + newLine + space(3) + "2. Kernel Keylogger" + newLine + space(3) + "3. Hypervisor-based Keylogger" + newLine + space(3) + "4. Form Grabbing Based Keylogger"});
    }

    private static ExplanationPartModel s33_3() {
        return new ExplanationPartModel("How to Defend Against Keyloggers", new String[]{"Use a pop-up blocker to prevent malicious pop-ups and potential threats." + newLine + newLine + "Install and maintain up-to-date anti-spyware/antivirus software to detect and prevent keyloggers and other malicious programs." + newLine + newLine + "Install professional firewall software along with anti-keylogging software to block unauthorized access and protect sensitive information." + newLine + newLine + "Recognize and delete phishing emails to avoid falling victim to fraudulent schemes designed to steal sensitive data." + newLine + newLine + "Use unique passwords for each online account and change them regularly to reduce the risk of password theft." + newLine + newLine + "Avoid opening junk or suspicious emails, which may contain malicious links or attachments." + newLine + newLine + "Do not click on links in unsolicited or questionable emails that could lead to malicious websites." + newLine + newLine + "Use keystroke interference software, which inserts randomized characters into every keystroke, making it harder for keyloggers to capture accurate input." + newLine + newLine + "Scan files before installation to ensure they’re safe and use tools like a registry editor or process explorer to check for potential keyloggers." + newLine + newLine + "Secure hardware systems in a locked environment and frequently inspect keyboard cables and connectors for unauthorized devices." + newLine + newLine + "Use the Windows on-screen keyboard utility to enter passwords or other sensitive information to bypass physical keyloggers." + newLine + newLine + "Install a host-based Intrusion Detection System (IDS) to monitor your system for unusual activity and block keylogger installations." + newLine + newLine + "Utilize automatic form-filling programs or a virtual keyboard to enter sensitive details like usernames and passwords securely." + newLine + newLine + "Use software that regularly scans and monitors system or network changes to detect unauthorized modifications or keylogger activity.", newLine + newLine + bigText(highlightTextPurple("Hardware Keylogger Countermeasures:")) + newLine + " - Restrict physical access to sensitive computer systems to prevent unauthorized individuals from installing hardware keyloggers." + newLine + " - Perform regular checks on all computers to ensure no unauthorized hardware devices, like keyloggers, are connected." + newLine + " - Use encryption between the keyboard and its driver to prevent keylogging devices from capturing keystrokes." + newLine + " - Install anti-keylogger software that can detect the presence of hardware keyloggers, such as Oxynger KeyShield, which provides protection against both software and hardware keylogging."});
    }

    private static ExplanationPartModel s33_4() {
        return new ExplanationPartModel("Spyware", new String[]{"Spyware is a type of malicious software designed to secretly track and collect a user's activities on their computer and the Internet, transmitting this data to a remote attacker without the user's consent.  " + newLine + newLine + "Spyware operates stealthily, often hiding its processes, files, and other components to avoid being detected or removed.  " + newLine + newLine + "Though similar to a Trojan horse, spyware is often disguised as part of seemingly harmless freeware that can be freely downloaded from the Internet.  " + newLine + newLine + "It enables attackers to gather sensitive personal or organizational information, such as email addresses, login credentials, passwords, credit card details, and banking information, putting the victim at risk of identity theft and financial loss." + newLine + newLine + bigText(highlightTextPurple("Spyware Propagation: ")) + newLine + space(3) + " - Drive-by download" + newLine + space(3) + " - Masquerading as anti-spyware" + newLine + space(3) + " - Web browser vulnerability exploits (IE)" + newLine + space(3) + " - Piggybacked software installation" + newLine + space(3) + " - Browser add-ons (Firefox)" + newLine + space(3) + " - Cookies"});
    }

    private static ExplanationPartModel s33_5() {
        return new ExplanationPartModel("How to Defend Against Spyware", new String[]{"Avoid using computer systems that are not fully under your control to reduce exposure to potential security risks." + newLine + newLine + "Adjust your browser security settings to a medium or higher level, particularly for the Internet zone, to block malicious content." + newLine + newLine + "Be cautious of suspicious emails and websites, as they may contain phishing attempts or malware." + newLine + newLine + "Enhance your computer's security by using strong passwords, enabling firewalls, and enabling any security features provided by your OS." + newLine + newLine + "Keep your software up to date and regularly patch vulnerabilities. Use a firewall with outbound protection to monitor and block unauthorized data transmissions." + newLine + newLine + "Regularly check task manager reports and MS Configuration Manager reports to identify unusual or unauthorized activity." + newLine + newLine + "Update virus definitions and scan your system for spyware on a regular basis to detect and remove threats early." + newLine + newLine + "Install and use anti-spyware software to protect your system from tracking and data-stealing programs." + newLine + newLine + "Web surf safely by avoiding risky sites and downloading files only from trusted sources." + newLine + newLine + "Avoid using administrative mode unless absolutely necessary to reduce the risk of unauthorized changes to your system." + newLine + newLine + "Avoid using public terminals for sensitive activities like online banking to prevent exposure to malicious software." + newLine + newLine + "Do not download free music files, screensavers, or smiley faces from untrusted websites, as they can contain malware." + newLine + newLine + "Be cautious with pop-up windows or web pages—never click on anything within these windows, as they may lead to malicious sites or download harmful software." + newLine + newLine + "Carefully read all disclosures, including license agreements and privacy statements, before installing any software to ensure you understand the associated risks." + newLine + newLine + "Do not store personal information on systems that are not fully secure or under your control."});
    }

    private static ExplanationPartModel s34_1() {
        return new ExplanationPartModel("Rootkits", new String[]{"Rootkits are malicious programs designed to conceal their existence and the actions of attackers, providing them with unrestricted access to the compromised server or host both during and after the attack." + newLine + "Rootkits achieve this by replacing key operating system functions and utilities with altered versions that facilitate the attacker’s control while undermining the system's security. This allows harmful operations to be carried out without detection." + newLine + "A typical rootkit often includes backdoor programs, DDoS attack tools, packet sniffers, utilities to wipe logs, IRC bots, and more, all of which enable the attacker to maintain control over the system and execute various malicious activities.", newLine + newLine + highlightTextPurple("Attacker places a rootkit by: ") + newLine + " - Scanning the web for exposed or vulnerable computers and servers." + newLine + " - Packaging malicious software disguised as games or other legitimate applications." + newLine + " - Deploying the software on public or corporate computers via social engineering tactics." + newLine + " - Executing a zero-day attack, such as privilege escalation, buffer overflow, or exploiting vulnerabilities in the Windows kernel.", newLine + newLine + highlightTextPurple("Objectives of rootkit: ") + newLine + " - To root the host system and gain remote backdoor access." + newLine + " - To mask attacker tracks and presence of malicious applications or processes." + newLine + " - To gather sensitive data, network traffic, etc. from the system to which attackers might be restricted or possess no access." + newLine + " - To store other malicious programs on the system and act as a server resource for bot updates.", newLine + newLine + bigText(highlightTextPurple("Types of Rootkits ")) + newLine + newLine + highlightText("Hypervisor Level Rootkit ") + newLine + "- Functions as a hypervisor, altering the system's boot sequence to load the host operating system as a virtual machine." + newLine + newLine + highlightText("Hardware/Firmware Rootkit ") + newLine + "- Resides in hardware devices or platform firmware, areas typically not scrutinized for code integrity. " + newLine + newLine + highlightText("Kernel Level Rootkit ") + newLine + "- Injects malicious code or replaces the original OS kernel and device driver files." + newLine + newLine + highlightText("Boot Loader Level Rootkit ") + newLine + "- Substitutes the original boot loader with one that is controlled by a remote attacker." + newLine + newLine + highlightText("Application Level Rootkit ") + newLine + "- Replaces legitimate application binaries with Trojan versions or alters the behavior of existing applications by injecting malicious code." + newLine + newLine + highlightText("Library Level Rootkits ") + newLine + "- Substitutes original system calls with fake ones to conceal the attacker’s presence and activities."});
    }

    private static ExplanationPartModel s34_2() {
        return new ExplanationPartModel("How to Defend against Rootkits", new String[]{"- Reinstall the OS and applications from a trusted source after backing up critical data." + newLine + "- Maintain well-documented automated installation procedures." + newLine + "- Conduct kernel memory dump analysis to detect rootkits." + newLine + "- Harden workstations or servers to defend against attacks." + newLine + "- Educate staff on the risks of downloading files or programs from untrusted sources." + newLine + "- Install both network and host-based firewalls." + newLine + "- Ensure access to trusted restoration media." + newLine + "- Regularly update and patch operating systems and applications." + newLine + "- Verify system file integrity using cryptographically secure digital fingerprinting." + newLine + "- Keep antivirus and anti-spyware software up to date." + newLine + "- Avoid logging into accounts with administrative privileges." + newLine + "- Follow the principle of least privilege in all system interactions." + newLine + "- Ensure antivirus software includes rootkit detection capabilities." + newLine + "- Limit the installation of unnecessary applications and disable unused features and services."});
    }

    private static ExplanationPartModel s34_3() {
        return new ExplanationPartModel("NTFS Data Stream", new String[]{"NTFS Alternate Data Streams (ADS) are hidden streams in Windows that store metadata for files, such as attributes, word count, author name, and access/modification timestamps." + newLine + newLine + "ADS enables the ability to append data to existing files without altering their functionality, size, or appearance in file browsing tools." + newLine + newLine + "This feature allows attackers to inject malicious code into files on a system, executing it without the user’s awareness or detection." + newLine + newLine + bigText(highlightTextPurple("How to Defend against NTFS Streams ")) + newLine + "- To remove NTFS streams, transfer the suspected files to a FAT partition." + newLine + "- Use third-party file integrity checkers like Tripwire to monitor and maintain the integrity of files on an NTFS partition." + newLine + "- Utilize tools like LADS and ADSSpy to detect hidden streams within files."});
    }

    private static ExplanationPartModel s34_4() {
        return new ExplanationPartModel("Steganography", new String[]{"Steganography is the practice of embedding a secret message within an ordinary one, allowing it to be extracted later at the destination to preserve data confidentiality." + newLine + newLine + "Using graphic images as a cover file is one of the most common methods for hiding data." + newLine + newLine + "Attackers may use steganography to conceal sensitive information, such as lists of compromised servers, source code for hacking tools, or plans for future attacks." + newLine + newLine + bigText(highlightTextPurple("How to Defend against NTFS Streams ")) + newLine + "- Image Steganography" + newLine + "- Document Steganography" + newLine + "- Folder Steganography" + newLine + "- Video Steganography" + newLine + "- Audio Steganography" + newLine + "- White Space Steganography" + newLine + "- Web Steganography" + newLine + "- Spam/Email Steganography" + newLine + "- DVDROM Steganography" + newLine + "- Natural Text Steganography" + newLine + "- Hidden OS Steganography"});
    }

    private static ExplanationPartModel s35_1() {
        return new ExplanationPartModel("Define Covering Tracks", new String[]{"After gaining administrator access to a system, intruders often take steps to cover their tracks in order to evade detection." + newLine + newLine + bigText(highlightTextPurple("This can be done using")) + newLine + "- Disable auditing" + newLine + "- Clearing logs" + newLine + "- Modifying logs, registry files" + newLine + "- Removing all files, folders created"});
    }

    private static ExplanationPartModel s35_2() {
        return new ExplanationPartModel("Covering Tracks Tools", new String[]{bigText(highlightTextPurple(" CCleaner  ")) + newLine + " - CCleaner is a system optimization and cleaning tool." + newLine + " - It removes temporary files, log files, registry entries, memory dumps, and clears online activity traces, such as your Internet history." + newLine + newLine + bigText(highlightTextPurple(" MRU-Blaster  ")) + newLine + " - MRU-Blaster is a Windows application designed to clean the most recently used (MRU) lists stored on your computer." + newLine + " - It helps clear temporary Internet files and cookies."});
    }

    private static ExplanationPartModel s36_1() {
        return new ExplanationPartModel("Define Malware ", new String[]{"Malware attacks refer to any type of malicious software designed to damage or disrupt a computer, server, client, network, or infrastructure, often without the knowledge of the end user.Cyber attackers create, utilize, and sell malware for various reasons, but it is most commonly used to steal personal, financial, or business information. While their motivations can differ, these attackers typically focus their tactics, techniques, and procedures (TTPs) on gaining access to privileged credentials and accounts in order to achieve their objectives." + newLine + newLine + "Cyber attackers create, utilize, and sell malware for various reasons, but it is most commonly used to steal personal, financial, or business information. While their motivations can differ, these attackers typically focus their tactics, techniques, and procedures (TTPs) on gaining access to privileged credentials and accounts in order to achieve their objectives.", newLine + newLine + bigText(highlightTextPurple("Different Ways a Malware can Get into a System")) + newLine + newLine + "- Instant Messenger applications" + newLine + "- IRC (Internet Relay Chat)" + newLine + "- Removable devices" + newLine + "- Attachments" + newLine + "- Legitimate \"shrink-wrapped\" software packaged by a disgruntled employee" + newLine + "- Browser and email software bugs" + newLine + "- NetBIOS (FileSharing)" + newLine + "- Fake programs" + newLine + "- Untrusted sites and freeware software" + newLine + "- Downloading files, games, and screensavers from Internet sites"});
    }

    private static ExplanationPartModel s36_2() {
        return new ExplanationPartModel("Type Of Malware ", new String[]{bigText(highlightTextPurple(" Viruses : ")) + newLine + "- Computer viruses are among the most widely recognized forms of malware. The term \"virus\" refers to malicious software designed to spread rapidly from one device to another. If not detected early, viruses can inflict significant damage on IT systems. A notorious example is the ILOVEYOU virus, which infected tens of millions of computers and caused billions of dollars in damage (Griffiths, 2020). This virus spread through email messages with the subject line \"I love you,\" containing harmful attachments." + newLine + newLine + bigText(highlightTextPurple(" Worms : ")) + newLine + "- A computer worm is a type of malware that shares similarities with a virus. However, the key distinction is that worms can self-replicate and spread autonomously through a network without needing user interaction. In contrast, viruses attach themselves to files or programs and require the user to open or execute them before they can propagate. One notable example of a computer worm is MyDoom, which caused an estimated $38 billion in damage and spread by emailing itself to contacts in the victim's email software (Okta, 2023)." + newLine + newLine + bigText(highlightTextPurple(" Trojans : ")) + newLine + "- A Trojan (short for \"Trojan horse\") is one of the most deceptive forms of malware. It disguises itself as a legitimate software program, like a game or utility, while secretly causing harm to the host device. Unlike viruses and worms, Trojans primarily rely on social engineering tactics to spread, tricking victims into downloading and installing them." + newLine + newLine + bigText(highlightTextPurple(" Ransomware : ")) + newLine + "- Ransomware is one of the most harmful and destructive types of malware. Once executed on the victim’s device, it encrypts files and programs, making them inaccessible until a hefty ransom is paid. Advanced ransomware variants can also spread to other devices on the network, potentially halting business operations entirely. Notable examples of highly destructive ransomware include WannaCry, Clop, Petya, and DarkSide." + newLine + newLine + bigText(highlightTextPurple(" Adware : ")) + newLine + "- Adware is a type of malware that displays intrusive and unwanted advertisements on a victim’s computer or mobile device. Devices are commonly infected with adware when users install free software or open email attachments. While adware can be irritating, it also poses more serious risks — it can slow down device performance and, in some cases, secretly collect personal information about users and their activities." + newLine + newLine + bigText(highlightTextPurple(" Spyware : ")) + newLine + "- Spyware is a type of malware designed to secretly collect data about users and their activities. This data can include browsing habits, login credentials, and other sensitive information, making spyware particularly dangerous when it operates undetected on an IT system. One notorious spyware campaign is DarkHotel, an advanced persistent threat (APT) that targets business travelers at luxury hotels (Fokker, 2022). After compromising a hotel’s Wi-Fi network, attackers deploy spyware to target high-profile individuals who may have access to valuable data. Spyware can be challenging to detect without advanced tools, often going unnoticed by users." + newLine + newLine + bigText(highlightTextPurple(" Rootkits : ")) + newLine + "- Rootkits are a type of malware that enable malicious actors to manipulate a computer system while concealing their presence from legitimate users. Once installed, a rootkit can provide the attacker with a backdoor for easier unauthorized access. Rootkits may also include features for stealing data or launching denial of service (DoS) attacks. Sadly, rootkits are notoriously difficult to detect because they can bypass or disable traditional security measures, such as antivirus software and firewalls." + newLine + newLine + bigText(highlightTextPurple(" Keyloggers : ")) + newLine + "- Keyloggers are a type of malware that track and record keystrokes and/or mouse movements of users on a device. While some keyloggers serve legitimate purposes, such as monitoring employee activity or tracking user actions during software testing, malicious keyloggers are often used to steal sensitive information like passwords or financial data." + newLine + newLine + bigText(highlightTextPurple(" Wiper Malware : ")) + newLine + "- Wiper malware is a type of malware designed to permanently delete data from a system or device, typically making it inoperable. As its name implies, wiper malware seeks to \"wipe\" a computer’s data, rendering it unrecoverable. This form of malware is often employed by threat actors with political, financial, or strategic motives." + newLine + newLine + bigText(highlightTextPurple(" Mobile Malware : ")) + newLine + "- Mobile malware is designed to infect mobile devices like smartphones, tablets, and smartwatches. Attackers create this malware to exploit vulnerabilities in mobile technologies and operating systems, such as Android and iOS. A common method of spreading mobile malware is through SMS, where users are deceived into clicking on a fraudulent link in a text message, leading them to download and install malicious software." + newLine + newLine + bigText(highlightTextPurple(" Bots/Botnets : ")) + newLine + "- Finally, a bot is an automated malware program that hijacks a user’s system and directs it to carry out various tasks, often fraudulent or illegal. Malicious actors aim to spread this bot software across as many computers as possible, forming a network of compromised devices known as a botnet. The attacker can then control the botnet and exploit it for further malicious activities, such as sending spam or launching denial of service (DoS) attacks."});
    }

    private static ExplanationPartModel s37_1() {
        return new ExplanationPartModel("Define Trojans", new String[]{"A Trojan is a type of malware where malicious code is hidden within seemingly harmless programming or data, allowing it to take control and cause damage, such as corrupting the file allocation table on a hard disk." + newLine + newLine + "Trojans are activated when users perform certain predefined actions." + newLine + newLine + "Signs of a Trojan infection include unusual system and network activity, such as the disabling of antivirus software or redirection to unfamiliar websites." + newLine + newLine + "Trojans establish a hidden communication channel between the victim's computer and the attacker, facilitating the transfer of sensitive data.", newLine + newLine + bigText(highlightTextPurple("How Hackers Use Trojans ")) + newLine + "- Delete or replace operating system's critical files." + newLine + "- Generate fake traffic to create DOS attacks." + newLine + "- Record screenshots, audio, and video of victim's PC." + newLine + "- Use victim's PC for spamming and blasting email messages." + newLine + "- Download spyware, adware, and malicious files." + newLine + "- Disable firewalls and antivirus." + newLine + "- Create backdoors to gain remote access." + newLine + "- Infect victim's PC as a proxy server for replaying attacks." + newLine + "- Use victim's PC as a botnet to perform DDoS attacks." + newLine + "- Steal information such as passwords, security codes, credit card information using keyloggers.", newLine + newLine + bigText(highlightTextPurple("Purpose of Trojans ")) + newLine + "- Remove or substitute critical operating system files." + newLine + "- Disable firewalls and antivirus software. " + newLine + "- Generate fake traffic to create DoS" + newLine + "- Use victim's PC as a botnet to perform DDoS attacks" + newLine + "- Capture sensitive information like passwords, security codes, and credit card details through keyloggers." + newLine + "- Download spyware, adware and malware" + newLine + "- Capture screenshots, audio, and video from the victim's PC." + newLine + "- Compromise the victim’s PC to use it as a proxy server for forwarding attacks." + newLine + "- Exploit the victim’s PC as part of a botnet to conduct DoS attacks, send spam, and blast email messages."});
    }

    private static ExplanationPartModel s37_2() {
        return new ExplanationPartModel("Dropper,Malicious code and Wrapper", new String[]{bigText(highlightTextPurple(" Dropper: ")) + newLine + "This code is responsible for installing malicious software onto the target system.", newLine + newLine + bigText(highlightTextPurple(" Malicious code: ")) + newLine + "This code exploits vulnerabilities in the system, granting the attacker control over the target.", newLine + newLine + bigText(highlightTextPurple(" Wrapper: ")) + newLine + "A wrapper combines a dropper, malicious code, and legitimate code into a single executable package."});
    }

    private static ExplanationPartModel s37_3() {
        return new ExplanationPartModel("Types of Trojans", new String[]{bigText(highlightTextPurple("1. VNC Trojans: ")) + newLine + "- VNC Trojans initiate a VNC server daemon on the infected system (the victim's machine)." + newLine + "- The attacker connects to the victim’s system using any VNC viewer." + newLine + "- Since VNC is often viewed as a legitimate utility, this Trojan can be hard to detect by antivirus software.", newLine + newLine + bigText(highlightTextPurple("2. HTTP/HTTPS Trojans: ")) + newLine + highlightText(" - Bypass Firewall: ") + " HTTP Trojans can bypass firewalls, operating in the reverse direction of a standard HTTP tunnel." + newLine + highlightText(" - Spawn a Child Program: ") + " Once executed on the internal host, they initiate a child program at a specified time." + newLine + highlightText(" - Access the Internet: ") + " The child program mimics a legitimate user to the firewall, allowing it to access the Internet.", newLine + newLine + bigText(highlightTextPurple("3. ICMP Trojans: ")) + newLine + "- Covert channels are methods that allow an attacker to hide data within a protocol in a way that is undetectable." + newLine + "- These channels rely on techniques known as tunneling, where one protocol is transmitted over another." + newLine + "- ICMP tunneling utilizes ICMP echo-request and echo-reply messages to carry a payload, enabling stealthy access or control of the victim’s machine.", newLine + newLine + bigText(highlightTextPurple("4. FTP  Trojans: ")) + newLine + "- FTP Trojans install an FTP server on the victim's machine, opening FTP ports." + newLine + "- The attacker can then connect to the victim’s machine via the FTP port to download any files stored on the victim's computer.", newLine + newLine + bigText(highlightTextPurple("5. Data Hiding  Trojans: ")) + newLine + "- An Encryption Trojan encrypts data files on the victim’s system, making the information inaccessible." + newLine + "- Attackers demand a ransom or compel victims to make purchases from their online stores in exchange for the password to decrypt the files.", newLine + newLine + bigText(highlightTextPurple("6. Destructive  Trojans: ")) + newLine + "- This Trojan formats all local and network drives." + newLine + "- M4sT3r is a highly dangerous and destructive variant of Trojan." + newLine + "- The user will be unable to boot the operating system." + newLine + "- Upon execution, this Trojan destroys the operating system.", newLine + newLine + bigText(highlightTextPurple("7. Botnet Trojans: ")) + newLine + "- Botnet Trojans infect a wide range of computers across different locations, forming a network of bots controlled via a Command and Control (C&C) center." + newLine + "- The botnet is used to launch various attacks on victims, including denial-of-service attacks, spamming, click fraud, and theft of financial information.", newLine + newLine + bigText(highlightTextPurple("8. Proxy Server Trojans: ")) + newLine + highlightText(" - Proxy Trojan : ") + " A Trojan Proxy is typically a standalone application that enables remote attackers to use the victim's computer as a proxy to access the Internet." + newLine + highlightText(" - Hidden Server : ") + " When infected, the Proxy Trojan initiates a hidden proxy server on the victim's computer." + newLine + highlightText(" - Infection : ") + " This technique infects thousands of machines on the Internet, turning them into proxy servers.", newLine + newLine + bigText(highlightTextPurple("9. Remote Access Trojans: ")) + newLine + "- This Trojan functions similarly to remote desktop access." + newLine + "- The hacker gains full graphical user interface (GUI) access to the remote system." + newLine + "- Notable examples of this type of Trojan include Optix Pro, MoSucker, BlackHole RAT, SSH - R.A.T., njRAT, Xtreme RAT, SpyGate RAT, Punisher RAT, DarkComet RAT, Pandora RAT, HellSpy RAT, ProRAT, Theef, Hell Raiser, and Atelier Web Remote Commander.", newLine + newLine + bigText(highlightTextPurple("10. Defacement Trojans: ")) + newLine + "- Resource editors enable users to view, edit, extract, and replace elements such as strings, bitmaps, logos, and icons from any Windows program." + newLine + "- These tools allow editing nearly every aspect of a compiled Windows program, including menus, dialog boxes, icons, and more." + newLine + "- They can be used to apply User-styled Custom Applications (UCA) to alter or deface Windows applications." + newLine + "- An example of a defaced calc.exe is shown here.", newLine + newLine + bigText(highlightTextPurple("11. E-banking Trojans: ")) + newLine + "- E-banking Trojans capture a victim’s account information before it is encrypted and send it to the attacker’s command and control center." + newLine + "- These Trojans steal sensitive data such as credit card numbers, CVV2, billing details, and more, then transmit it to remote hackers via email, FTP, IRC, or other methods.", newLine + newLine + bigText(highlightTextPurple("12. Covert Channel Trojans: ")) + newLine + "- The Covert Channel Tunneling Tool (CCTT) Trojan uses various exploitation techniques to create unauthorized data transfer channels within data streams that are permitted by a network access control system." + newLine + "- It allows attackers to obtain an external server shell from within the internal network and vice versa." + newLine + "- The Trojan establishes a TCP/UDP/HTTP CONNECT|POST channel, enabling TCP data streams (such as SSH, SMTP, POP, etc.) to flow between an external server and a machine within the internal network.", newLine + newLine + bigText(highlightTextPurple("13. Notification Trojans: ")) + newLine + "- A Notification Trojan sends the victim's IP address location to the attacker." + newLine + "- Each time the victim’s computer connects to the Internet, the attacker receives a notification.", newLine + newLine + bigText(highlightTextPurple("14. Command Shell Trojans: ")) + newLine + "- A Command Shell Trojan provides remote control over a command shell on the victim's machine." + newLine + "- A Trojan server is installed on the victim's system, opening a port for the attacker to connect. The attacker installs a client on their machine, which is used to launch the command shell on the victim's machine."});
    }

    private static ExplanationPartModel s38_1() {
        return new ExplanationPartModel("Introduction to Viruses", new String[]{"A virus is a self-replicating program that creates copies of itself by attaching to another program, the computer’s boot sector, or a document." + newLine + newLine + "Viruses are typically spread through file downloads, infected disks/flash drives, and email attachments.", newLine + newLine + highlightTextPurple("It infects other programs ") + newLine + dotPoint + " Infects other program" + newLine + dotPoint + " Transforms itself" + newLine + dotPoint + " Encrypts itself" + newLine + dotPoint + " Alters data" + newLine + dotPoint + " Corrupts files and programs" + newLine + dotPoint + " Self-replication", newLine + newLine + bigText(highlightTextPurple("Working of Viruses  ")) + newLine + newLine + highlightText("Infection Phase  ") + newLine + "- During the infection phase, the virus replicates itself and attaches to an executable (.exe) file on the system." + newLine + newLine + highlightText("Attack Phase  ") + newLine + "- Viruses are designed with trigger events that activate them, allowing them to corrupt systems." + newLine + "- Some viruses infect every time they are executed, while others only trigger under specific conditions, such as when the user performs a certain task, on a specific day or time, or during a particular event."});
    }

    private static ExplanationPartModel s38_2() {
        return new ExplanationPartModel("Introduction to Worm", new String[]{"A worm is a standalone malicious program that spreads from one computer to another, but unlike a virus, it can propagate without any human intervention." + newLine + "The worm exploits file or information transfer features within the system, enabling it to move autonomously." + newLine + "Typically, it uses computer networks to spread, taking advantage of security vulnerabilities on the target system to gain access.", newLine + newLine + bigText(highlightTextPurple("Virus vs Worm")) + newLine + newLine + highlightText("Virus") + newLine + " - A virus infects a system by embedding itself into a file or executable program." + newLine + " - It may delete or modify file content or relocate files within the system." + newLine + " - A virus alters the way a system functions, often without the user's knowledge or consent." + newLine + " - It cannot spread to other computers unless an infected file is replicated and manually sent to another system." + newLine + " - Viruses spread at a controlled, uniform rate, as programmed." + newLine + " - They are typically difficult to remove from infected machines." + newLine + newLine + highlightText("Worm") + newLine + " - A worm infects a system by exploiting vulnerabilities in the OS or application, replicating itself autonomously." + newLine + " - Worms generally do not modify stored programs; they mainly use CPU and memory resources." + newLine + " - Worms consume excessive network bandwidth, system memory, and other resources, potentially overloading servers and computer systems." + newLine + " - Once installed, a worm can replicate itself and spread through tools like IRC, Outlook, or other email programs." + newLine + " - Worms spread faster than viruses." + newLine + " - Compared to viruses, worms are easier to remove from infected systems."});
    }

    private static ExplanationPartModel s38_3() {
        return new ExplanationPartModel("Types of Viruses", new String[]{bigText(highlightTextPurple("1. System or Boot Sector Viruses: ")) + newLine + "- The boot sector virus relocates the Master Boot Record (MBR) to a different part of the hard disk and places its own code at the original location of the MBR." + newLine + "- Upon system startup, the virus executes first, and after running its code, it hands control over to the original MBR.", newLine + newLine + bigText(highlightTextPurple("2. File Viruses: ")) + newLine + "- File viruses target executable or interpreted files on the system, including file types like COM, EXE, SYS, OVL, OBJ, PRG, MNU, and BAT." + newLine + "- These viruses can be classified as either direct-action (non-resident) or memory-resident, depending on whether they remain in memory after infection.", newLine + newLine + bigText(highlightTextPurple("3. Multipartite Virus: ")) + newLine + "- Multipartite viruses simultaneously infect both the system boot sector and executable files, making them more versatile and difficult to detect or remove.", newLine + newLine + bigText(highlightTextPurple("4. Macro Viruses: ")) + newLine + "- These viruses target files created by Microsoft Word, Excel, and other Office applications." + newLine + "- Most macro viruses are written using Visual Basic for Applications (VBA), a macro language within those programs." + newLine + "- They typically infect templates or convert infected documents into template files, all while keeping the appearance of regular document files.", newLine + newLine + bigText(highlightTextPurple("5. Cluster Viruses: ")) + newLine + "- These viruses alter the directory table entries, redirecting users or system processes to the virus code instead of the intended program." + newLine + "- Only one copy of the virus exists on the disk, but it can infect all programs within the system." + newLine + "- When any program is launched, the virus executes first, and after its code runs, control is passed to the original program.", newLine + newLine + bigText(highlightTextPurple("6. Stealth/Tunneling Viruses: ")) + newLine + "- These viruses evade detection by intercepting the anti-virus software's requests to the operating system." + newLine + "- The virus can hide itself by intercepting the request to read a file and redirecting it to the virus code, rather than the operating system." + newLine + "- It then returns an uninfected version of the file to the anti-virus software, making it appear as though the file is \"clean\" and free of infection.", newLine + newLine + bigText(highlightTextPurple("7. Encryption Viruses: ")) + newLine + "- These viruses use basic encryption techniques to disguise their code." + newLine + "- The virus is encrypted with a unique key for each infected file, making each instance appear different." + newLine + "- Anti-virus scanners struggle to detect these viruses using signature-based detection methods due to the changing encryption keys.", newLine + newLine + bigText(highlightTextPurple("8. Metamorphic Viruses: ")) + newLine + highlightText(" - Metamorphic Viruses: ") + " Metamorphic viruses completely rewrite themselves each time they infect a new executable, making each instance appear entirely different from the previous one." + newLine + highlightText(" - Metamorphic Code: ") + " Metamorphic code can reprogram itself by converting its code into a temporary form and then translating it back to its original form, effectively changing its structure while keeping the same behavior." + newLine + highlightText(" - Example: ") + " An example of a metamorphic virus is E32/Simile, which consisted of over 14,000 lines of assembly code, with 90% of it dedicated to the virus's metamorphic engine.", newLine + newLine + bigText(highlightTextPurple("9. File Overwriting or Cavity Viruses: ")) + newLine + "- A cavity virus embeds itself within a host file by overwriting a section of the file with a constant value (usually nulls), without increasing the file's size or disrupting its functionality.", newLine + newLine + bigText(highlightTextPurple("10. Sparse Infector Viruses: ")) + newLine + highlightText(" - Sparse Infector Virus : ") + " A sparse infector virus only infects occasionally, such as every tenth program executed, or targets files that fall within a specific size range." + newLine + highlightText(" - Difficult to Detect: ") + " By infecting less frequently, these viruses reduce the likelihood of being detected, making them harder to identify and remove." + newLine + highlightText(" - Infection Process: ") + " For example, a sparse infector virus might activate only on a specific date, like the 15th of every month, and then execute its code.", newLine + newLine + bigText(highlightTextPurple("11. Companion/Camouflage Viruses: ")) + newLine + "- A companion virus creates a separate companion file for each executable it infects." + newLine + "- For example, it may save itself as notepad.com, so when a user runs notepad.exe (the legitimate program), the system loads notepad.com (the virus) instead, thereby executing the virus and potentially infecting the system.", newLine + newLine + bigText(highlightTextPurple("12. Shell Viruses: ")) + newLine + "- A shell virus wraps its code around the target host program’s code, making the virus appear as the original program while turning the host code into a subroutine executed by the virus." + newLine + "- Almost all boot sector viruses are shell viruses, as they attach themselves to the boot program and take control during system startup.", newLine + newLine + bigText(highlightTextPurple("13. File Extension Viruses: ")) + newLine + "- These viruses manipulate file extensions to trick users into thinking a file is safe." + newLine + "- For example, a .TXT extension typically indicates a harmless text file." + newLine + "- If file extensions are hidden, a file named BAD.TXT.VBS will appear as BAD.TXT." + newLine + "- If you're unaware that extensions are hidden, you may mistakenly believe it's just a text file and open it." + newLine + "- However, it's actually an executable Visual Basic Script (VBS) virus, which can cause serious damage to your system." + newLine + "- A key countermeasure is to disable the \"Hide extensions for known file types\" option in Windows to ensure file extensions are always visible.", newLine + newLine + bigText(highlightTextPurple("14. Add-on Viruses: ")) + newLine + "- Add-on viruses either append their code to the host program's code without altering the original, or they relocate the host code to insert their virus code at the beginning of the file.", newLine + newLine + bigText(highlightTextPurple("15. Intrusive Viruses: ")) + newLine + "- Intrusive viruses replace part or all of the host program's code with their own viral code, effectively disrupting the original functionality.", newLine + newLine + bigText(highlightTextPurple("16. Direct Action or Transient Virus: ")) + newLine + "- The virus takes control of the host program’s execution by transferring control to itself when the host code is run." + newLine + "- The virus then runs, and once the host program finishes, the virus terminates itself or exits from memory.", newLine + newLine + bigText(highlightTextPurple("17. Terminate and Stay Resident Virus (TSR): ")) + newLine + "- These viruses stay permanently in the system's memory throughout the entire work session, even after the target program has been executed and closed. They can only be removed by rebooting the system."});
    }

    private static ExplanationPartModel s39_1() {
        return new ExplanationPartModel("Intro Malware Reverse Engineering", new String[]{bigText(highlightTextPurple("What is Sheep Dip Computer?")) + newLine + "- Sheep dipping refers to the process of analyzing potentially suspicious files, incoming messages, and other data for malware." + newLine + "- A \"sheep dip\" computer is specially configured with port monitors, file monitors, network monitors, and antivirus software, and is only connected to a network under strictly controlled conditions." + newLine + "- A sheep dip computer should have, for example: " + newLine + space(6) + "1. User, group permission, and process monitors" + newLine + space(6) + "2. Port and network monitors" + newLine + space(6) + "3. Device driver and file monitors" + newLine + space(6) + "4. Registry and kernel monitors", newLine + newLine + bigText(highlightTextPurple("Anti-Virus Sensor Systems")) + newLine + "- An anti-virus sensor system is a set of software tools designed to detect and analyze malicious threats, including viruses, worms, and Trojans." + newLine + "- These systems are often used in combination with sheep dip computers to help identify and prevent the spread of malware within a controlled environment.", newLine + newLine + bigText(highlightTextPurple("Malware Analysis Procedure")) + newLine + newLine + highlightText("1. Perform Static Analysis ") + newLine + " - Conduct analysis when the malware is inactive to examine its structure and potential behavior without executing it." + newLine + newLine + highlightText("2. Collect Information ") + newLine + " - Extract string values from the binary using tools like BinText." + newLine + " - Identify packaging and compression techniques used in the malware with tools like UPX." + newLine + newLine + highlightText("3. Set Up Network Connection ") + newLine + " - Ensure the network connection is functioning properly and free from errors before running the malware." + newLine + newLine + highlightText("4. Run and Monitor the Virus ") + newLine + " - Execute the virus and track its actions, processes, and system interactions using process monitoring tools like Process Monitor and Process Explorer.\n" + newLine + newLine + highlightText("5. Record Network Traffic ") + newLine + " - Monitor network traffic and log packet content using tools like NetResident and TCPView to identify any suspicious activity." + newLine + newLine + highlightText("6. Track File, Process, and Registry Changes ") + newLine + " - Monitor the files created, processes spawned, and any changes to the system registry using tools like RegShot." + newLine + newLine + highlightText("7. Collect Detailed Information with Debugging Tools ") + newLine + " - Service requests and DNS table information." + newLine + " - Attempts for incoming and outgoing network connections."});
    }

    private static ExplanationPartModel s39_2() {
        return new ExplanationPartModel("Trojan Analysis: Neverquest", new String[]{"A new banking Trojan called Neverquest is actively targeting several popular banking websites." + newLine + newLine + "The Trojan can identify its target sites by scanning web pages for specific keywords while the victim is browsing." + newLine + newLine + "After infecting the system, the malware provides the attacker with remote control using Virtual Network Computing (VNC) and a SOCKS proxy server." + newLine + newLine + "Neverquest specifically targets banking websites and steals sensitive information like login credentials entered by customers on these sites." + newLine + newLine + "The Trojan also collects login credentials for social networking sites, such as Twitter, and sends this information to its control server." + newLine + newLine + "Once installed, the Trojan drops a randomly named DLL file with a .dat extension in the %APPDATA% folder." + newLine + newLine + "The malware then runs the DLL file automatically using regsvr32.exe through a registry key under Software\\Microsoft\\Windows\\CurrentVersion\\Run." + newLine + newLine + "Neverquest attempts to inject its malicious code into running processes and waits for the victim’s browser (e.g., iexplorer.exe or firefox.exe) to open." + newLine + newLine + "When the victim opens any banking or social networking site, the Trojan requests an encrypted configuration file from its control server." + newLine + newLine + "It generates a unique ID number, which is used in subsequent requests." + newLine + newLine + "The response from the server is encrypted and compressed using aPLib and then appended to an AP32 string with a decompression routine." + newLine + newLine + "The configuration file contains JavaScript code, a list of banking sites, social networking sites, and financial keywords." + newLine + newLine + "The JavaScript code in the configuration file modifies the contents of the targeted banking site to steal sensitive information." + newLine + newLine + "When the Trojan detects any of the keywords on a web page, it steals the full URL and any user-entered information (e.g., usernames and passwords) and sends it to the attacker." + newLine + newLine + "The Trojan sends the stolen data along with the unique ID and full URL containing the username and password." + newLine + newLine + "Additionally, it sends the entire web page content compressed with aPLib to the attacker, using the specified format."});
    }

    private static ExplanationPartModel s39_3() {
        return new ExplanationPartModel("Virus Analysis: Ransom Cryptolocker", new String[]{" Ransom Cryptolocker is a type of ransomware that, upon execution, locks the user's system, rendering it unusable." + newLine + newLine + " It also encrypts various file types present on the user's system." + newLine + newLine + " The victim is required to pay a ransom to the attacker to unlock the system and decrypt the files." + newLine + newLine + bigText(highlightTextPurple("Infection and Propagation Vectors:")) + newLine + "- Malicious Links in Spam Emails: Cryptolocker spreads via spam emails containing malicious links that lead to web pages exploiting common system vulnerabilities. " + newLine + "- Exploit Pages: These pages drop the Ransom Cryptolocker and other malicious executables onto the affected machine. " + newLine + newLine + bigText(highlightTextPurple("Characteristics and Symptoms:")) + newLine + "- File Encryption: The original files on the system are encrypted using the AES algorithm with a randomly generated key. " + newLine + "- C&C Server Connection: After infecting the system, the malware attempts to connect to a hard-coded command-and-control (C&C) server at IP address 184.164.136.134. " + newLine + "- Domain Generation Algorithm (DGA): If the connection attempt fails, the malware generates a domain name using a random algorithm and appends it with common domain suffixes like .org, .net, .co.uk, .info, .com, .biz, and .ru. " + newLine + newLine + bigText(highlightTextPurple("Encryption Technique:")) + newLine + "- AES Encryption: The malware generates a 256-bit AES key to encrypt files on the compromised system.\n" + newLine + "- Key Encryption: To prevent the AES key from being transmitted in plain text, the malware encrypts the key using an RSA public/private key pair." + newLine + "- Key Submission: The encrypted AES key is sent to the C&C server for decryption." + newLine + newLine + newLine + "Once the system is compromised, the malware displays a warning to the user, demanding ransom in exchange for decrypting the files." + newLine + newLine + "The malware maintains a list of encrypted files under the following registry entry: HKEY_CURRENT_USER\\Software\\CryptoLocker\\Files" + newLine + newLine + "Upon execution, the malware copies itself to the %AppData% folder and deletes its original binary using a batch file located at %AppData%{2E376276-3A5A-0712-2BE2-FBF2CFF7ECD5}.exe."});
    }

    private static ExplanationPartModel s39_4() {
        return new ExplanationPartModel("Virus Analysis: Ransom Cryptolocker", new String[]{" Darlloz is a Linux worm specifically designed to target the Internet of Things (IoT)." + newLine + newLine + " It primarily targets devices running Intel x86 architectures, but also focuses on systems using ARM, MIPS, and PowerPC architectures." + newLine + newLine + " These architectures are commonly found in IoT devices such as routers, set-top boxes, and security cameras." + newLine + newLine + bigText(highlightTextPurple("Darlloz Execution:")) + newLine + "- The primary goal of the Darlloz worm is to mine cryptocurrencies. " + newLine + "- Upon execution, the worm generates random IP addresses, attempts to access a specific path on the infected machine using well-known IDs and passwords, and sends HTTP POST requests to exploit vulnerabilities. " + newLine + "- If the target is unpatched, the worm downloads itself from a malicious server and begins searching for new targets to infect. " + newLine + "- Currently, the worm only infects Intel x86 systems because the downloaded URL in the exploit code is hard-coded to the ELF binary specifically for Intel architectures. "});
    }

    private static ExplanationPartModel s3_1() {
        return new ExplanationPartModel("Advantages of Ethical Hacking", new String[]{"- This helps combat cyber terrorism and safeguard national security." + newLine + newLine + "- This assists in taking preventive measures against hackers." + newLine + newLine + "- This aids in developing systems that prevent unauthorized access by hackers." + newLine + newLine + "- This provides security to banking and financial institutions." + newLine + newLine + "- This helps identify and close vulnerabilities in computer systems or networks."});
    }

    private static ExplanationPartModel s3_2() {
        return new ExplanationPartModel("Disadvantages of Ethical Hacking", new String[]{"- This may lead to corruption of files or data within an organization." + newLine + newLine + "- Malicious use of information gained through this technique is a potential risk." + newLine + newLine + "- Hiring professionals with expertise in this field may result in increased costs for the company." + newLine + newLine + "- This technique can compromise an individual’s privacy." + newLine + newLine + "- It can disrupt the normal operation of systems."});
    }

    private static ExplanationPartModel s40_1() {
        return new ExplanationPartModel("Ports ", new String[]{bigText(highlightTextPurple("Scanning for Suspicious Ports  ")) + newLine + "- Trojans often open unused ports on the victim's machine to establish a connection back to their handlers." + newLine + "- It’s important to monitor for connections to unknown or suspicious IP addresses." + newLine + "- To detect such connections, you can use the command: netstat -an in the command prompt to display active connections and listening ports." + newLine + newLine + bigText(highlightTextPurple("Port Monitoring Tools: TCPView and CurrPorts  ")) + newLine + newLine + highlightText("TCPView:") + newLine + "- TCPView provides detailed listings of all TCP and UDP endpoints on your system, including the local and remote addresses and the state of TCP connections." + newLine + newLine + highlightText("CurrPorts:") + newLine + "- CurrPorts is a network monitoring tool that displays a list of all currently opened TCP/IP and UDP ports on your local computer, helping you track active network connections."});
    }

    private static ExplanationPartModel s40_2() {
        return new ExplanationPartModel("Processes ", new String[]{bigText(highlightTextPurple("Scanning for Suspicious Processes")) + newLine + "- Trojans often disguise themselves as legitimate Windows services or hide their processes to evade detection.Some Trojans use Portable Executable (PE) files to inject their code into processes like explorer.exe or web browsers." + newLine + "- Some Trojans use Portable Executable (PE) files to inject their code into processes like explorer.exe or web browsers." + newLine + "- These injected processes appear legitimate, making it harder to detect the Trojan and helping it bypass desktop firewalls." + newLine + "- Trojans may also use rootkit techniques to hide their processes completely from detection.To identify hidden Trojans and backdoors, it’s crucial to use process monitoring tools." + newLine + "- To identify hidden Trojans and backdoors, it’s crucial to use process monitoring tools." + newLine + "- Process Monitor is a Windows tool that tracks and displays file system, registry, and process/thread activity, helping to detect suspicious behavior from Trojans or backdoors." + newLine + newLine + bigText(highlightTextPurple("Process Monitoring Tool: What's Running")) + newLine + "- What's Running provides an in-depth view of the processes and activities happening within your Windows operating system, helping you monitor and analyze system behavior."});
    }

    private static ExplanationPartModel s40_3() {
        return new ExplanationPartModel("Registry Entries ", new String[]{bigText(highlightTextPurple("Scanning for Suspicious Registry Entries")) + newLine + "- Windows automatically executes instructions in: Run,RunServices,RunOnce,RunServicesOnce,HKEY_CLASSES_ROOT\\exefile\\shell\\open\\command \"%1\" %*." + newLine + "- Scanning registry values for suspicious entries can help identify potential Trojan infections." + newLine + "- Trojans often insert malicious instructions into specific sections of the Windows registry to carry out harmful activities, such as executing their code at startup or modifying system behavior." + newLine + newLine + bigText(highlightTextPurple("Registry Entry Monitoring Tool: RegScanner")) + newLine + "- RegScanner is a tool that allows you to scan the Windows Registry, search for specific Registry values matching defined criteria, and display the results in a single list for easy analysis."});
    }

    private static ExplanationPartModel s40_4() {
        return new ExplanationPartModel("Device Drivers  ", new String[]{bigText(highlightTextPurple("Scanning for Suspicious Device Drivers ")) + newLine + "- Trojans can be installed alongside device drivers downloaded from untrusted sources, using these drivers as a shield to avoid detection." + newLine + "- It's important to scan for suspicious device drivers and verify their authenticity by ensuring they are genuine and downloaded from the original publisher's website." + newLine + "- Go to Run -> Type msinfo32 -> Software Environment -> System Drivers" + newLine + newLine + bigText(highlightTextPurple("Device Drivers Monitoring Tool: DriverView ")) + newLine + "- DriverView is a utility that displays a list of all device drivers currently loaded on the system. For each driver, it provides detailed information, including the load address, driver description, version, product name, and the company that created the driver."});
    }

    private static ExplanationPartModel s40_5() {
        return new ExplanationPartModel("Windowes Services  ", new String[]{bigText(highlightTextPurple("Scanning for Suspicious Windowes Services ")) + newLine + "- Trojans can spawn Windows services to grant attackers remote control of the victim's machine and execute malicious instructions." + newLine + "- To avoid detection, Trojans may rename their processes to appear as legitimate Windows services." + newLine + "- Trojans also use rootkit techniques to manipulate the HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Service registry keys, allowing them to hide their processes from detection." + newLine + newLine + bigText(highlightTextPurple("Windows Services Monitoring Tool: Windows Service Manager (SrvMan) ")) + newLine + "- Windows Service Manager streamlines common tasks related to Windows services. It allows users to create services (both Win32 and Legacy Driver), delete existing services, and modify service configurations—all without the need to restart Windows."});
    }

    private static ExplanationPartModel s40_6() {
        return new ExplanationPartModel("Startup Programs ", new String[]{bigText(highlightTextPurple("Scanning for Suspicious Startup Programs ")) + newLine + "- Check startup program entries in the registry: Details on how to do this are covered in the next slide." + newLine + "- Check device drivers automatically loaded: Navigate to C drive->Windows->System32->drivers to review the drivers being loaded at startup." + newLine + "- Check boot configuration: Inspect the boot.ini or bcd (bootmgr) entries for any suspicious modifications." + newLine + "- Check Windows services that start automatically: Open Run, type services.msc, and sort the list by Startup Type to identify services set to start automatically." + newLine + "- Check startup folder: C drive-> ProgramData-> Microsoft-> Windows-> Start Menu-> Programs-> Startup " + newLine + " C drive-> Users(User-Name)-> AppData-> Roaming-> Microsoft-> Windows-> Start Menu-> Programs-> Startup" + newLine + newLine + bigText(highlightTextPurple("Startup Programs Monitoring Tool: Security AutoRun ")) + newLine + "- Security AutoRun displays a list of all applications that are loaded automatically when Windows starts up, helping you monitor and control which programs run at startup."});
    }

    private static ExplanationPartModel s40_7() {
        return new ExplanationPartModel("Files and Folders ", new String[]{bigText(highlightTextPurple("Scanning for Suspicious Startup Programs  ")) + newLine + "- Trojans often modify a system’s files and folders to execute malicious actions. Use the following tools to detect and monitor system changes:" + newLine + newLine + highlightText("SIGVERIF: ") + newLine + "- This tool checks the integrity of critical system files that have been digitally signed by Microsoft." + newLine + "- To use SIGVERIF, go to Start → Run, type sigverif, and press Enter." + newLine + highlightText(" - FCIV (File Checksum Integrity Verifier): ") + newLine + "- FCIV is a command-line utility that computes MD5 or SHA1 cryptographic hashes for files, allowing you to verify file integrity." + newLine + "- You can download FCIV from http://download.microsoft.com" + newLine + newLine + highlightText("TRIPWIRE: ") + newLine + "- Tripwire is an enterprise-class system integrity verifier that scans and reports changes to critical system files, helping to detect unauthorized modifications." + newLine + newLine + bigText(highlightTextPurple("Files and Folder Integrity Checker: FastSum and WinMD5  ")) + newLine + newLine + highlightText("FastSum: ") + newLine + "- FastSum is used to check the integrity of files." + newLine + "- It computes checksums using the MD5 checksum algorithm." + newLine + newLine + highlightText("WinMD5: ") + newLine + "- WinMD5 is a Windows utility designed to compute the MD5 hashes (also known as \"fingerprints\") of files." + newLine + "- These fingerprints can be used to ensure that a file is uncorrupted and has not been altered."});
    }

    private static ExplanationPartModel s40_8() {
        return new ExplanationPartModel("Network Activities  ", new String[]{bigText(highlightTextPurple("Scanning for Suspicious Network Activities ")) + newLine + "- Trojans often connect back to their handlers and send confidential information to the attackers." + newLine + "- To detect such activities, use network scanners and packet sniffers to monitor network traffic going to malicious remote addresses." + newLine + "- Tools like Capsa can be used to monitor network traffic and identify suspicious activities being transmitted over the web."});
    }

    private static ExplanationPartModel s41_1() {
        return new ExplanationPartModel("Trojan Countermeasures", new String[]{"Avoid opening email attachments from unknown senders to reduce the risk of malware." + newLine + newLine + "Block unnecessary ports on both the hosts and firewalls to limit attack surfaces." + newLine + newLine + "Avoid accepting programs transferred via instant messaging, as they may contain malicious code." + newLine + newLine + "Harden weak, default configurations by disabling unused protocols and services, improving system security." + newLine + newLine + "Monitor internal network traffic for unusual ports or encrypted traffic, which may indicate malicious activity." + newLine + newLine + "Avoid downloading and executing applications from untrusted sources to minimize the risk of infection." + newLine + newLine + "Install patches and security updates for operating systems and applications to address vulnerabilities." + newLine + newLine + "Scan CDs and DVDs with antivirus software before using them to ensure they aren't compromised." + newLine + newLine + "Restrict permissions within the desktop environment to prevent the installation of malicious applications." + newLine + newLine + "Avoid typing commands blindly or running pre-fabricated scripts, as they may introduce malware or vulnerabilities." + newLine + newLine + "Manage local workstation file integrity through checksums, auditing, and port scanning to detect unauthorized changes." + newLine + newLine + "Run host-based antivirus, firewall, and intrusion detection software to provide layered security against threats."});
    }

    private static ExplanationPartModel s41_2() {
        return new ExplanationPartModel("Backdoor Countermeasures", new String[]{"Most commercial anti-virus products can automatically scan and detect backdoor programs before they can cause damage, providing proactive protection." + newLine + newLine + "Educate users not to install applications downloaded from untrusted internet sites or from email attachments to reduce the risk of backdoor infections." + newLine + newLine + "Use trusted anti-virus tools like McAfee, Norton, and others to detect and eliminate backdoors, ensuring your system stays secure."});
    }

    private static ExplanationPartModel s41_3() {
        return new ExplanationPartModel("Backdoor Countermeasures", new String[]{"Install anti-virus software that detects and removes infections as they appear, providing real-time protection." + newLine + newLine + "Generate an anti-virus policy for safe computing and distribute it to all staff to promote security awareness." + newLine + newLine + "Pay attention to instructions when downloading files or programs from the Internet to avoid malicious content." + newLine + newLine + "Update the anti-virus software regularly to ensure it can detect the latest threats." + newLine + newLine + "Avoid opening attachments from unknown senders, as viruses often spread via email attachments." + newLine + newLine + "Regularly maintain data backups to mitigate the risk of data corruption from virus infections." + newLine + newLine + "Schedule regular scans for all drives after installing anti-virus software to keep the system clean." + newLine + newLine + "Do not accept disks or programs without scanning them first using a current version of anti-virus software." + newLine + newLine + "Ensure that all executable code sent to the organization is approved and verified before execution." + newLine + newLine + "Do not boot the machine with an infected bootable system disk to avoid spreading malware." + newLine + newLine + "Stay informed about the latest virus threats to recognize and defend against emerging risks." + newLine + newLine + "Check DVDs and CDs for virus infections before using them to avoid introducing malware." + newLine + newLine + "Enable pop-up blockers and use an Internet firewall to reduce exposure to malicious websites and attacks." + newLine + newLine + "Run disk cleanup, registry scanners, and defragmentation at least once a week to optimize system performance and security." + newLine + newLine + "Turn on the firewall if using Windows XP to block unauthorized access and protect your network." + newLine + newLine + "Run anti-spyware or adware scans once a week to detect and remove any unwanted software." + newLine + newLine + "Avoid opening files with multiple file type extensions, as these can be disguised to execute malicious code." + newLine + newLine + "Be cautious with files sent through instant messaging platforms, as they can contain malware or viruses."});
    }

    private static ExplanationPartModel s42_1() {
        return new ExplanationPartModel("Define Sniffing ", new String[]{" Sniffing is the process of monitoring and capturing all data packets that pass through a given network." + newLine + newLine + " Sniffers are commonly used by network/system administrators to monitor and troubleshoot network traffic, ensuring smooth and secure operations." + newLine + newLine + " Attackers can also use sniffers to capture sensitive information, such as passwords, account details, and other private data transmitted over the network." + newLine + newLine + " Sniffers can be either hardware-based or software-based, and they are installed on the system to monitor network activity." + newLine + newLine + " By placing a packet sniffer on a network in promiscuous mode, a malicious intruder can capture and analyze all network traffic, potentially exposing sensitive data.", newLine + newLine + bigText(highlightTextPurple("How a Sniffer Works")) + newLine + newLine + highlightText("Promiscuous Mode : ") + newLine + "- A sniffer enables the system's Network Interface Card (NIC) to operate in promiscuous mode, allowing it to capture all the data transmitted over the network segment, not just traffic addressed to the system." + newLine + newLine + highlightText("Decoding Information : ") + newLine + "- A sniffer can continuously observe network traffic to a computer by intercepting data packets through the NIC, and it decodes the information contained within those packets.", newLine + newLine + bigText(highlightTextPurple("How an Attacker Hacks the Network Using Sniffers")) + newLine + "- An attacker plugs their laptop into a switch port." + newLine + "- They use discovery tools to map out the network topology." + newLine + "- The attacker identifies the victim’s machine as a target for their attack." + newLine + "- Using ARP spoofing, they poison the victim’s ARP cache." + newLine + "- As a result, the traffic intended for the victim is redirected to the attacker’s machine." + newLine + "- The hacker intercepts and extracts sensitive data, such as passwords, from the redirected traffic.", newLine + newLine + bigText(highlightTextPurple("Protocol Vulnerable to Sniffing")) + newLine + "- HTTP: Data is transmitted in plaintext, making it vulnerable to interception." + newLine + "- Telnet and Rlogin: Both protocols transmit keystrokes, including usernames and passwords, in plaintext." + newLine + "- POP: Passwords and data are sent in clear text, posing security risks." + newLine + "- IMAP: Passwords and data are transmitted in clear text, which can be intercepted." + newLine + "- SMTP and NNTP: Both send passwords and data in clear text, making them susceptible to eavesdropping." + newLine + "- FTP: Passwords and data are sent in clear text, which can be easily captured."});
    }

    private static ExplanationPartModel s42_2() {
        return new ExplanationPartModel("Types of Sniffing", new String[]{bigText(highlightTextPurple("Passive Sniffing")) + newLine + "- This involves sniffing traffic on a network that uses a hub, as the hub sends traffic to all connected ports." + newLine + "- It is a form of monitoring where no additional data packets are sent by the sniffer, just the observation of packets transmitted by others." + newLine + "- In a network using hubs, all devices can see all the traffic, which makes it easier for an attacker to capture the network traffic." + newLine + "- Hubs are now outdated, with most modern networks relying on switches instead.", newLine + newLine + bigText(highlightTextPurple("Active Sniffing")) + newLine + "- This technique is used to sniff a switch-based network." + newLine + "- It involves injecting Address Resolution Protocol (ARP) packets into the network to overload the switch's Content Addressable Memory (CAM) table, which is responsible for mapping hosts to their respective switch ports." + newLine + newLine + "Active Sniffing Techniques: " + newLine + space(5) + "- MAC Flooding" + newLine + space(5) + "- DNS Poisoning" + newLine + space(5) + "- ARP Poisoning" + newLine + space(5) + "- DHCP Attacks" + newLine + space(5) + "- Switch Port Stealing" + newLine + space(5) + "- Spoofing Attack"});
    }

    private static ExplanationPartModel s42_3() {
        return new ExplanationPartModel("Wiretapping", new String[]{"This is the practice of monitoring telephone and internet communications by an unauthorized third party." + newLine + newLine + "Attackers may attach a listening device—whether hardware, software, or a combination of both—to the communication line between two phones or internet-connected devices." + newLine + newLine + "Wiretapping enables the attacker to monitor, intercept, access, and record the data being transmitted in a communication system.", newLine + newLine + bigText(highlightTextPurple("Types of Wiretapping")) + newLine + newLine + highlightText("Active Wiretapping: ") + " Involves not only monitoring and recording information through wiretapping but also altering the communication as it flows between the parties." + newLine + newLine + highlightText("Passive Wiretapping: ") + " Involves simply monitoring and recording the communication without making any changes to the transmitted data.", newLine + newLine + bigText(highlightTextPurple("Lawful Interception")) + newLine + " - This is the process of wiretapping with legal authorization, enabling law enforcement agencies to selectively intercept an individual user's communication. Telecommunication standardization organizations have defined legal interception gateways to facilitate communication monitoring by authorized agencies.", newLine + newLine + bigText(highlightTextPurple("Wiretapping Case Study: PRISM")) + newLine + " - PRISM (Planning Tool for Resource Integration, Synchronization, and Management) is a tool specifically designed to collect and process information passing through American servers." + newLine + " - The PRISM program was developed by the Special Source Operations (SSO) division of the National Security Agency (NSA)." + newLine + " - PRISM is used to identify and monitor suspicious communications from targeted individuals or groups." + newLine + " - Internet traffic routed through the U.S. or data stored on U.S. servers can be intercepted and wiretapped by the NSA under this program."});
    }

    private static ExplanationPartModel s42_4() {
        return new ExplanationPartModel("How to Defend Against Sniffing ", new String[]{"Restrict physical access to network media to prevent the installation of packet sniffers." + newLine + newLine + "Implement encryption to safeguard sensitive information." + newLine + newLine + "Permanently add the gateway’s MAC address to the ARP cache to avoid ARP spoofing." + newLine + newLine + "Use static IP addresses and ARP tables to prevent attackers from injecting fake ARP entries." + newLine + newLine + "Disable network identification broadcasts, and restrict network access to authorized users to prevent detection by sniffing tools." + newLine + newLine + "Consider using IPv6 instead of IPv4 for better security." + newLine + newLine + "Opt for encrypted sessions such as SSH instead of Telnet, SCP instead of FTP, and SSL for email connections to defend against sniffing attacks." + newLine + newLine + "Use HTTPS instead of HTTP to secure user credentials and data." + newLine + newLine + "Choose switches over hubs since switches send data only to the intended recipient." + newLine + newLine + "Use SFTP instead of FTP for secure file transfers." + newLine + newLine + "Implement technologies like PGP, S/MIME, VPN, IPSec, SSL/TLS, SSH, and One-Time Passwords (OTP) for enhanced security." + newLine + newLine + "Encrypt wireless traffic using strong protocols like WPA and WPA2." + newLine + newLine + "Retrieve the MAC address directly from the NIC rather than the operating system to avoid spoofing." + newLine + newLine + "Use monitoring tools to detect if any NICs are operating in promiscuous mode."});
    }

    private static ExplanationPartModel s42_5() {
        return new ExplanationPartModel("Sniffing Detection Techniques", new String[]{bigText(highlightTextPurple("How to Detect Sniffing")) + newLine + newLine + highlightText("Promiscuous Mode  ") + newLine + " - You should check for devices operating in promiscuous mode." + newLine + " - In promiscuous mode, a network device can intercept and read all network packets in their entirety, even those not addressed to it." + newLine + newLine + highlightText("IDS (Intrusion Detection System)  ") + newLine + " - Run an IDS to monitor changes in the MAC address of certain machines (e.g., a router’s MAC address)." + newLine + " - The IDS can alert administrators to suspicious activities, helping to identify potential security threats." + newLine + newLine + highlightText("Promiscuous Mode  ") + newLine + " - Use network analysis tools like Capsa Network Analyzer to monitor the network for unusual or malicious packets." + newLine + " - These tools allow you to collect, centralize, and analyze traffic data from different network resources and technologies, helping you maintain visibility and security.", newLine + newLine + newLine + bigText(highlightTextPurple("Sniffer Detection Technique")) + newLine + newLine + highlightText("Ping Method  ") + newLine + " - Send a ping request to the suspect machine using its IP address but an incorrect MAC address. The Ethernet adapter should reject the request since the MAC address doesn’t match. However, the suspect machine running the sniffer will respond because it doesn't reject packets with a mismatched MAC address." + newLine + newLine + highlightText("ARP Method  ") + newLine + " - Only a machine operating in promiscuous mode (Machine C) stores the ARP information, which includes the mapping of IP addresses to MAC addresses." + newLine + " - The machine in promiscuous mode will respond to the ping request because it already has the correct information about the host sending the ping in its ARP cache. Other machines, on the other hand, will send an ARP probe to identify the source of the ping request." + newLine + newLine + highlightText("DNS Method  ") + newLine + " - Most sniffers perform a reverse DNS lookup to map an IP address to a machine's hostname." + newLine + " - If a machine generates reverse DNS lookup traffic, it is highly likely that the machine is running a sniffer.", newLine + newLine + newLine + bigText(highlightTextPurple("Promiscuous Detection Tool")) + newLine + newLine + highlightText("PromqryUI  ") + newLine + " - PromqryUI is a security tool developed by Microsoft that helps detect network interfaces operating in promiscuous mode." + newLine + newLine + highlightText("Nmap  ") + newLine + " - Nmap's NSE script enables you to check if a target device on a local Ethernet network has its network interface card (NIC) set to promiscuous mode.nmap --script=sniffer-detect [Target IP Address/Range of IP addresses]" + newLine + " - To detect a NIC in promiscuous mode, use the following command: nmap --script=sniffer-detect [Target IP Address/Range of IP addresses]"});
    }

    private static ExplanationPartModel s43_1() {
        return new ExplanationPartModel("Define MAC ", new String[]{"A category of network security attacks targeting the MAC address layer of a network." + newLine + newLine + "Primarily aimed at Ethernet switches." + newLine + newLine + "Focus on manipulating how switches manage and learn MAC addresses in their CAM (Content Addressable Memory) tables." + newLine + newLine + "May also involve intercepting traffic through MAC address spoofing." + newLine + newLine + highlightTextPurple("MAC Flooding") + newLine + "- Overwhelm the switch’s CAM table by sending a large number of fake MAC addresses." + newLine + newLine + highlightTextPurple("MAC Spoofing") + newLine + "- An attacker impersonates a legitimate device by altering their MAC address."});
    }

    private static ExplanationPartModel s43_2() {
        return new ExplanationPartModel("MAC Flooding", new String[]{"A network attack where an attacker sends numerous fake or random MAC addresses to a switch." + newLine + newLine + "Causes the switch’s CAM (Content Addressable Memory) table to overflow." + newLine + newLine + "Once the table is full, the switch can no longer store legitimate MAC-to-port mappings." + newLine + newLine + "The switch behaves like a hub, broadcasting traffic to all ports." + newLine + newLine + "This can allow the attacker to sniff traffic intended for other devices on the network." + newLine + newLine + bigText(highlightTextPurple("How MAC Flooding Works:")) + newLine + "- A network switch works by learning the MAC addresses of devices connected to its ports." + newLine + "- It maintains a CAM table, which maps each MAC address to a specific port." + newLine + "- This allows the switch to send frames only to the correct destination port, making network traffic more efficient." + newLine + "- The attacker sends a high volume of Ethernet frames, each with a different (fake) source MAC address." + newLine + "- The switch starts to store each of these addresses in its CAM table, until the table reaches its capacity." + newLine + "- Once the CAM table becomes full, the switch can no longer store additional MAC addresses." + newLine + "- When this happens, the switch enters a fail-safe mode where it can no longer properly forward traffic based on MAC addresses." + newLine + "- The switch broadcasts all incoming traffic to all its ports (just like a hub)." + newLine + "- This means that the attacker can sniff traffic from other devices on the network, potentially gaining access to sensitive data."});
    }

    private static ExplanationPartModel s43_3() {
        return new ExplanationPartModel("MAC Spoofing", new String[]{"A type of network attack where the attacker changes the MAC address of their device." + newLine + newLine + "This allows the attacker to impersonate another device on the network." + newLine + newLine + "The attacker can gain unauthorized access to network resources." + newLine + newLine + "Enables bypassing security controls or conducting malicious activities, such as: Man-in-the-middle (MITM) attacks. and Evading detection by security systems." + newLine + newLine + bigText(highlightTextPurple("How MAC Spoofing Works:")) + newLine + "- Each network device (such as computers, smartphones, and network hardware) has a unique MAC address assigned to its network interface card (NIC). " + newLine + "- In a MAC spoofing attack, the attacker changes their device’s MAC address to match the MAC address of another legitimate device on the same network." + newLine + "- This could be the MAC address of a trusted device or one that has access to restricted resources." + newLine + "- Once the attacker has altered their MAC address, they can send network frames that appear to come from the legitimate device they are impersonating. " + newLine + "- As a result, the attacker can cause confusion in the network or trick systems into granting access or privileges they shouldn’t have." + newLine + "- Many networks or systems may implement security measures based on MAC address filtering, where only devices with approved MAC addresses are allowed to connect." + newLine + "- By spoofing a valid MAC address, an attacker can bypass these filters and gain unauthorized access to the network." + newLine + "- If the attacker spoofs the MAC address of a trusted device (like a router or gateway), they may position themselves in the data flow, potentially intercepting or modifying network traffic." + newLine + "- This is often the precursor to a Man-in-the-Middle (MitM) attack, where the attacker can monitor or alter communication between two legitimate devices."});
    }

    private static ExplanationPartModel s44_1() {
        return new ExplanationPartModel("Define DHCP Poisoning", new String[]{"Dynamic Host Configuration Protocol (DHCP) is used to assign IP addresses to DHCP-enabled clients. The DHCP server stores valid TCP/IP configuration parameters, available IP addresses, and the lease duration for each IP. When a client requires an IP address, it sends a request to the DHCP server. The server then asks the client to provide the necessary parameters, and once received, the DHCP server sends an acknowledgment containing the assigned IP address." + newLine + newLine + "The DHCP client begins by broadcasting a DHCP Discover message to the local subnet to request an IP address." + newLine + newLine + "In response, a DHCP server sends a DHCP Offer message containing an available IP address and configuration details for the lease." + newLine + newLine + "The client signals its acceptance by selecting the offered IP address and broadcasting a DHCP Request message to confirm the offer." + newLine + newLine + "Once the server receives the request, it assigns the IP address and sends a DHCP Ack message to finalize the lease agreement." + newLine + newLine + "Upon receiving the acknowledgment, the client configures its TCP/IP settings using the provided DHCP option information and completes its TCP/IP initialization."});
    }

    private static ExplanationPartModel s44_2() {
        return new ExplanationPartModel("DHCP Poisoning Part", new String[]{bigText(highlightTextPurple(" DHCP Starvation Attack ")) + newLine + " - This is a Denial-of-Service (DoS) attack targeting DHCP servers, where the attacker broadcasts forged DHCP requests in an attempt to lease all available IP addresses within the DHCP scope." + newLine + " - As a result, legitimate users are unable to obtain or renew their IP addresses through DHCP, preventing them from accessing the network." + newLine + newLine + bigText(highlightTextPurple(" Rogue DHCP Server Attack ")) + newLine + " - The attacker sets up a rogue DHCP server on the network and responds to DHCP requests with fake IP addresses, leading to compromised network access." + newLine + " - This attack often works in conjunction with a DHCP Starvation attack, where the attacker sends false TCP/IP settings to the user after forcing them off the legitimate DHCP server, effectively disrupting their network access."});
    }

    private static ExplanationPartModel s45_1() {
        return new ExplanationPartModel("Address Resolution Protocol(ARP)", new String[]{"ARP (Address Resolution Protocol) is a stateless protocol used within a broadcast domain to ensure communication by mapping IP addresses to MAC addresses." + newLine + newLine + "It handles the mapping from Layer 3 (IP) to Layer 2 (MAC) addresses." + newLine + newLine + "ARP ensures that IP addresses are correctly bound to MAC addresses." + newLine + newLine + "When a switch broadcasts an ARP request with an IP address, it learns the associated MAC address from the response sent by the target host." + newLine + newLine + "If the MAC address mapping is unknown or not present, the source device will broadcast the request to all nodes in the network." + newLine + newLine + "Only the node with the matching MAC address for the requested IP will respond with the appropriate MAC address mapping." + newLine + newLine + "The switch will then record the MAC address and the corresponding port information in its fixed-length Content Addressable Memory (CAM) table." + newLine + newLine + "A node with the matching MAC address for the query will be the only one to respond to the packet." + newLine + newLine + "If the CAM table (Content Addressable Memory) entries are full, the switch will flood the frame to all ports, except the one from which the frame was received." + newLine + newLine + "This flooding also occurs when the destination MAC address in the frame is the broadcast address." + newLine + newLine + "MAC flooding is a technique used to turn a switch into a hub, causing the switch to broadcast all packets to every port." + newLine + newLine + "In this scenario, all users on the network can intercept the packets, even those not intended for them."});
    }

    private static ExplanationPartModel s45_2() {
        return new ExplanationPartModel("ARP Spoofing Attack", new String[]{"ARP Spoofing occurs when an attacker sends forged ARP packets over a Local Area Network (LAN)." + newLine + newLine + "In this case, the switch updates its MAC address table to associate the attacker’s MAC address with the IP address of a legitimate user or server." + newLine + newLine + "Once the switch learns the attacker’s MAC address as the legitimate user’s IP, it will begin forwarding packets to the attacker, thinking it's communicating with the legitimate user." + newLine + newLine + "Using ARP Spoofing, an attacker can steal sensitive information by intercepting packets intended for the legitimate user over the LAN." + newLine + newLine + "In addition to stealing information, ARP spoofing can be exploited for various malicious activities, such as:" + newLine + space(5) + " - Session Hijacking" + newLine + space(5) + " - Denial-of-Service (DoS) Attack" + newLine + space(5) + " - Man-in-the-Middle (MitM) Attack" + newLine + space(5) + " - Packet Sniffing" + newLine + space(5) + " - Data Interception" + newLine + space(5) + " - Connection Hijacking" + newLine + space(5) + " - VoIP Tapping" + newLine + space(5) + " - Connection Resetting" + newLine + space(5) + " - Stealing Passwords", newLine + newLine + bigText(highlightTextPurple("Threats of ARP Poisoning")) + newLine + " - By sending fake ARP messages, an attacker can redirect all communication between two machines, making it so that all traffic passes through the attacker’s PC." + newLine + newLine + " - The threats of ARP poisoning include:" + newLine + space(5) + " - Packet Sniffing" + newLine + space(5) + " - Session Hijacking" + newLine + space(5) + " - VoIP Call Tapping" + newLine + space(5) + " - Manipulating Data" + newLine + space(5) + " - Man-in-the-Middle Attack" + newLine + space(5) + " - Data Interception" + newLine + space(5) + " - Connection Hijacking" + newLine + space(5) + " - Connection Resetting" + newLine + space(5) + " - Stealing Passwords" + newLine + space(5) + " - Denial-of-Service (DoS) Attack"});
    }

    private static ExplanationPartModel s45_3() {
        return new ExplanationPartModel("ARP Poisoning Tools", new String[]{bigText(highlightTextPurple("Cain & Abel  ")) + newLine + " - Cain & Abel allows for packet sniffing across various protocols on switched LANs by hijacking IP traffic from multiple hosts simultaneously.", newLine + newLine + bigText(highlightTextPurple("WinArpAttacker  ")) + newLine + " - WinArpAttacker sends IP conflict packets to target computers rapidly, causing the redirection of all communications to the attacker.", newLine + newLine + bigText(highlightTextPurple("Ufasoft Snif  ")) + newLine + " - Ufasoft Snif is an automated ARP poisoning tool that captures passwords and email messages on the network. It is capable of operating on Wi-Fi networks as well."});
    }

    private static ExplanationPartModel s46_1() {
        return new ExplanationPartModel("Define DNS Poisoning", new String[]{"In this attack, the attacker sends fake DNS packets to the server, resulting in the injection of false entries into the DNS table for the target website." + newLine + newLine + "As a result, when a client requests the website, the DNS server resolves the domain to an IP address using the maliciously injected records, redirecting the user to a fake or malicious website set up by the attacker.", newLine + newLine + bigText(highlightTextPurple("Proxy Server DNS Poisoning")) + newLine + "- Similar to Internet DNS Spoofing, Proxy Server DNS poisoning occurs when the DNS configuration in the target's web browser is altered." + newLine + "- As a result, all web queries from the target will be directed to a malicious proxy server controlled by the attacker, which then redirects the traffic to harmful or malicious sites." + newLine + newLine + bigText(highlightTextPurple("DNS Cache Poisoning")) + newLine + "- Typically, Internet users rely on DNS servers provided by their Internet Service Provider (ISP)." + newLine + "- In a corporate network, organizations use their own DNS servers to enhance performance by caching frequently requested or previously resolved queries." + newLine + "- DNS Cache Poisoning occurs when an attacker exploits vulnerabilities in DNS software." + newLine + "- The attacker adds or alters DNS records in the cache, redirecting traffic to malicious sites."});
    }

    private static ExplanationPartModel s46_2() {
        return new ExplanationPartModel("DNS Poisoning Techniques", new String[]{" The Domain Name System (DNS) is used in networking to convert human-readable domain names into IP addresses." + newLine + newLine + " When a DNS server receives a request and doesn’t have the entry in its database, it queries another DNS server for the translation, and this process continues." + newLine + newLine + " Once a DNS server with the translation responds, it sends the information back to the requesting server, resolving the client’s query." + newLine + newLine + " If a DNS server receives a false entry, it may update its database with that information." + newLine + newLine + " To enhance performance, DNS servers maintain a cache, and any new entries are added to this cache for faster query resolution." + newLine + newLine + " However, this false entry, which poisons the DNS translation, remains in the cache until it expires." + newLine + newLine + " DNS poisoning is an attack in which attackers insert false DNS entries to redirect traffic to malicious servers, which could be controlled by the attacker."});
    }

    private static ExplanationPartModel s46_3() {
        return new ExplanationPartModel("Intranet DNS Spoofing ", new String[]{bigText(highlightTextPurple(" Local Network")) + newLine + "- Intranet DNS Spoofing typically occurs over a Local Area Network (LAN) within a switched network environment." + newLine + "- The attacker uses ARP poisoning to facilitate the Intranet DNS spoofing attack." + newLine + "- The attacker sniffers the network traffic, extracts the DNS request ID, and then responds with a fake IP translation, redirecting the traffic to a malicious site." + newLine + "- The attacker must respond quickly, before the legitimate DNS server can resolve the query, to successfully redirect the traffic." + newLine + newLine + bigText(highlightTextPurple(" Remote Network")) + newLine + "- Internet DNS Spoofing involves replacing the DNS configuration on the target machine." + newLine + "- As a result, all DNS queries from the target will be directed to a malicious DNS server controlled by the attacker, redirecting traffic to harmful sites." + newLine + "- Typically, Internet DNS spoofing is carried out by deploying a Trojan or infecting the target system to alter the DNS settings, thus directing queries to the attacker’s server."});
    }

    private static ExplanationPartModel s47_1() {
        return new ExplanationPartModel("Define Social Engineering", new String[]{"Social Engineering is an act of stealing information from humans." + newLine + newLine + "As it does not have any interaction with target system or network, it is considered as a non-technical attack." + newLine + newLine + "Social Engineering is considered as the art of convincing the target to reveal information." + newLine + newLine + "It may be physically one-to-one interaction with the target or convincing the target on any platform such as social media is a popular platform for social engineering." + newLine + newLine + "This is the fact that people are careless, or unaware of the importance of the valuable information they possess.", newLine + newLine + bigText(highlightTextPurple("Why is Social Engineering Effective")) + newLine + " - Security policies are only as strong as their weakest link, and humans are often the most vulnerable factor." + newLine + " - Social engineering attacks are difficult to detect." + newLine + " - There is no foolproof method to guarantee complete security against social engineering attacks." + newLine + " - Unlike technical threats, there is no specific software or hardware solution to defend against social engineering attacks."});
    }

    private static ExplanationPartModel s47_2() {
        return new ExplanationPartModel("Vulnerability to Social Engineering Attacks", new String[]{"Trust is one of the major vulnerabilities that lead to social engineering attacks. A user might trust another individual and unknowingly expose their credentials, allowing the attacker to exploit the situation." + newLine + newLine + "This trust can cause the second person to inadvertently reveal information to a third party, facilitating the attack." + newLine + newLine + "Organizations that are unaware of social engineering threats and lack proper countermeasures are more susceptible to these attacks." + newLine + newLine + "Insufficient employee training and education on social engineering also create vulnerabilities in an organization’s security." + newLine + newLine + "It is essential for organizations to educate their employees to recognize social engineering tactics and how to prevent them." + newLine + newLine + "Organizations must also ensure their physical infrastructure is secure." + newLine + newLine + "Employees should be restricted to their designated roles and privileges. For example, an employee in one department should not have access to sensitive areas, such as the Finance department." + newLine + newLine + "Employees with unrestricted access might engage in activities like Dumpster Diving or Shoulder Surfing, which are common social engineering tactics." + newLine + newLine + "A lack of strong security policies and privacy measures also exposes an organization to risks." + newLine + newLine + "Security policies must be robust enough to prevent employees from impersonating others." + newLine + newLine + "Privacy between unauthorized individuals and employees should be maintained to safeguard against unauthorized access or theft of sensitive information."});
    }

    private static ExplanationPartModel s47_3() {
        return new ExplanationPartModel("Phases in a Social Engineering Attack", new String[]{bigText(highlightTextPurple(" Research")) + newLine + " - The research phase involves gathering information about the target organization. This can be done through methods like dumpster diving, scanning the organization’s websites, searching for information on the internet, and even interacting with employees to collect insights." + newLine + newLine + bigText(highlightTextPurple(" Select Target")) + newLine + " - During the target selection phase, the attacker chooses a specific individual within the organization to focus on. Typically, a frustrated or stressed target is preferred, as they are more likely to disclose sensitive information." + newLine + newLine + bigText(highlightTextPurple(" Relationship")) + newLine + " - The relationship phase focuses on establishing a connection with the target in such a way that they do not recognize the attacker’s malicious intentions. As the level of trust between the attacker and the target increases, it becomes easier for the attacker to gather information." + newLine + newLine + bigText(highlightTextPurple(" Exploit")) + newLine + " - The exploit phase occurs when the attacker takes advantage of the established relationship to collect sensitive information, such as usernames, passwords, network details, and other confidential data."});
    }

    private static ExplanationPartModel s48_1() {
        return new ExplanationPartModel("1. Human-based Social Engineering :- ", new String[]{bigText(highlightTextPurple(" 1. Impersonation   ")) + newLine + " - Impersonation is a common human-based social engineering tactic where attackers pretend to be a legitimate or authorized person." + newLine + " - Attackers can use various communication channels, such as phone calls, emails, or in-person interactions, to deceive targets." + newLine + " - The goal is to manipulate the target into disclosing sensitive information." + newLine + " - Posing as a legitimate user: The attacker assumes the identity of a trusted individual to extract sensitive data." + newLine + " - Posing as an important user: Attackers impersonate a high-level person, such as a VIP or a key customer, to gain access to valuable information." + newLine + " - Posing as technical support: The attacker calls pretending to be technical support and requests credentials, such as IDs and passwords, to access data." + newLine + newLine + highlightTextPurple("Over-Helpfulness of Help Desk") + newLine + " - Help desks are often prime targets for social engineering attacks due to their role in assisting employees and customers." + newLine + " - Attackers may call a company’s help desk, impersonating someone in a position of authority or relevance, and attempt to trick the staff into revealing sensitive information." + newLine + newLine + highlightTextPurple("Third-party Authorization") + newLine + " - The attacker first identifies an authorized employee within the target organization who has access to the desired information." + newLine + " - Then, the attacker calls the organization where the information is stored, claiming that the employee has requested the data to be provided." + newLine + newLine + highlightTextPurple("Tech Support") + newLine + " - The attacker impersonates technical support staff from the target organization’s software vendors or contractors." + newLine + " - They then claim to need the user ID and password to troubleshoot an issue within the organization." + newLine + newLine + highlightTextPurple("Internal Employee/Client/Vendor") + newLine + " - The attacker dresses in business attire or an appropriate uniform to blend in and enters the target building, posing as a contractor, client, or service personnel." + newLine + " - Once inside, they may search for passwords left on terminals, look through documents on desks, or eavesdrop on confidential conversations to gather sensitive information." + newLine + newLine + highlightTextPurple("Repairman") + newLine + " - The attacker may pose as a telephone repairman or computer technician to gain access to the target organization." + newLine + " - While performing their duties, they could plant a snooping device or secretly collect passwords and other sensitive information."});
    }

    private static ExplanationPartModel s48_2() {
        return new ExplanationPartModel("1. Human-based Social Engineering :- ", new String[]{bigText(highlightTextPurple(" 2. Eavesdropping and Shoulder Surfing  ")) + newLine + newLine + highlightText("Eavesdropping Surfing") + newLine + " - Eavesdropping is a technique where an attacker secretly listens to conversations or monitors communications to gather information without the target's knowledge." + newLine + " - It doesn't just involve listening to conversations—it also includes reading or accessing any form of information without being detected." + newLine + newLine + highlightText("Shoulder Surfing ") + newLine + " - Shoulder Surfing is covered under the Footprinting section of this workbook." + newLine + " - In short, it’s a technique where an attacker gathers sensitive information by standing behind a target while they interact with it, such as entering passwords or viewing confidential data.", newLine + newLine + bigText(highlightTextPurple(" 3. Dumpster Diving   ")) + newLine + "- Dumpster Diving is the act of searching through trash to find valuable information." + newLine + "- Though an older technique, it remains effective." + newLine + "- It involves accessing discarded items like printer outputs, desk waste, or company trash to uncover phone bills, contact details, financial records, source codes, and other useful materials.", newLine + newLine + bigText(highlightTextPurple("  4. Reverse Social Engineering   ")) + newLine + "- A Reverse Social Engineering attack involves interaction between the attacker and the victim, where the attacker convinces the target that they have an existing problem or might face one in the future." + newLine + "- Once the victim is convinced, they may provide the necessary information to the attacker." + newLine + "- The process of Reverse Social Engineering typically follows these steps: " + newLine + space(5) + " 1. The attacker damages the target’s system or exploits a known vulnerability." + newLine + space(5) + " 2. The attacker then positions themselves as an authorized individual capable of solving the problem." + newLine + space(5) + " 3. The attacker gains the trust of the target and gathers sensitive information." + newLine + space(5) + " 4. Once the reverse social engineering attack is successful, the victim may even seek out the attacker for further assistance.", newLine + newLine + bigText(highlightTextPurple("  5. Piggybacking and Tailgating   ")) + newLine + "- Piggybacking and Tailgating are similar techniques." + newLine + "- Piggybacking involves an unauthorized person waiting for an authorized individual to enter a restricted area, while Tailgating occurs when the unauthorized person directly follows the authorized individual to gain access." + newLine + "- Tailgating is made easier through tactics like using fake IDs or closely following someone while passing through a checkpoint."});
    }

    private static ExplanationPartModel s48_3() {
        return new ExplanationPartModel("2. Computer-based Social Engineering", new String[]{bigText(highlightTextPurple("  1. Phishing ")) + newLine + "- Phishing is a technique where an attacker sends a fake email that appears to be legitimate to a target." + newLine + "- When the recipient clicks on a link in the email, they are often prompted to provide sensitive information." + newLine + "- Typically, the user is redirected to a counterfeit webpage that closely resembles an official website." + newLine + "- Believing the fake site to be legitimate due to its resemblance, the user ends up providing sensitive information.", newLine + newLine + bigText(highlightTextPurple("  2. Spear Phishing ")) + newLine + "- Spear Phishing is a more targeted form of phishing, focused specifically on an individual or a specific group." + newLine + "- It involves personalized phishing attacks aimed at a particular person, often based on research about the target." + newLine + "- Spear Phishing typically generates a higher response rate compared to general, random phishing attacks due to its tailored approach."});
    }

    private static ExplanationPartModel s48_4() {
        return new ExplanationPartModel("3. Mobile-based Social Engineering", new String[]{bigText(highlightTextPurple("  1. Publishing Malicious Apps ")) + newLine + "- Mobile-based Social Engineering involves publishing malicious applications on app stores, making them available for a wide audience to download." + newLine + "- These malicious apps often mimic or closely resemble popular, legitimate applications." + newLine + "- For example, an attacker may create a fake version of a well-known app, like Facebook." + newLine + "- A user may unknowingly or intentionally download this third-party malicious app instead of the official one." + newLine + "- Once the user signs in, the malicious app captures the login credentials and sends them to a remote server controlled by the attacker.", newLine + newLine + bigText(highlightTextPurple("  2. Repackaging Legitimate Apps  ")) + newLine + "- Another technique in Mobile-based Social Engineering involves repacking a legitimate application with malware." + newLine + "- The attacker first downloads a popular, in-demand app—games and antivirus apps are commonly targeted." + newLine + "- The attacker then repackages the app with malware and uploads it to a third-party app store." + newLine + "- Users may be unaware that the app is available on unofficial stores or may receive links for a free download of a paid app." + newLine + "- Instead of downloading the official version from a trusted store, the user may accidentally or intentionally download the repackaged malicious app from the third-party store." + newLine + "- Once the user signs in, the malicious app sends their login credentials to a remote server controlled by the attacker.", newLine + newLine + bigText(highlightTextPurple("  3. Fake Security Apps  ")) + newLine + "- Similar to the technique mentioned above, an attacker may develop a fake security application." + newLine + "- This fake security app may be promoted through a pop-up window that appears while the user is browsing a website on the internet or during the activation of Windows." + newLine + "- The user, believing the pop-up is legitimate, might download and install the malicious security app, unknowingly compromising their device."});
    }

    private static ExplanationPartModel s48_5() {
        return new ExplanationPartModel("Insider Attack ", new String[]{"- Social Engineering isn't always about external attackers gathering information about your organization; it can also involve insiders—employees who may or may not have privileges—spying on the organization for malicious purposes." + newLine + newLine + "- Insider attacks are those carried out by these individuals within the organization." + newLine + newLine + "- Insiders may even be supported by a competitor, who encourages them to leak sensitive information or trade secrets." + newLine + newLine + "- In addition to spying, insiders may seek to take revenge. A disgruntled employee, for example, might compromise confidential information as a way of retaliating against the organization." + newLine + newLine + "- An employee may become disgruntled due to dissatisfaction with management, facing personal issues, being demoted, or the threat of termination."});
    }

    private static ExplanationPartModel s49_1() {
        return new ExplanationPartModel("Identity theft", new String[]{"Identity theft involves stealing someone’s personal identification information." + newLine + newLine + "It is commonly used to commit fraud." + newLine + newLine + "An individual with malicious intent may gather documents like utility bills, personal details, and other relevant information to create a fake ID and impersonate the victim." + newLine + newLine + "Identity theft goes beyond just obtaining an ID card; the thief can use the stolen information to convincingly prove the fake identity and exploit it for various benefits."});
    }

    private static ExplanationPartModel s49_2() {
        return new ExplanationPartModel("How to Steal an Identity", new String[]{bigText(highlightTextPurple(" Step 1")) + newLine + " - Search for Steven's address on social networking sites (like Facebook, Twitter, etc.) or through people search websites." + newLine + " - Obtain Steven's personal bills (telephone, water, electricity) by using techniques like dumpster diving, accessing stolen emails, or stealing physical documents onsite.", newLine + newLine + bigText(highlightTextPurple(" Step 2")) + newLine + " - Go to the Department of Motor Vehicles (DMV) and claim that you’ve lost your driver’s license." + newLine + " - The DMV will ask for proof of identity, such as a utility bill (e.g., water or electricity bill)." + newLine + " - Present the stolen bills as your proof of identity." + newLine + " - Inform them that you've moved from your original address." + newLine + " - The DMV employee will ask you to complete a form for replacing your driver’s license and updating your address." + newLine + " - You will need to provide a photo for your new driver’s license." + newLine + " - Once processed, the replacement license will be sent to your new address, completing the identity theft process.", newLine + newLine + bigText(highlightTextPurple(" Step 3")) + newLine + " - Visit a bank where Steven Charles holds an account and inform them that you are interested in applying for a new credit card." + newLine + " - Let them know that you don't remember the account number and kindly ask if they can look it up using Steven Charles' name and address." + newLine + " - When the bank asks for your ID, present your driver’s license. If the ID is accepted, your new credit card will be processed and ready for you." + newLine + " - Now that you have your new credit card, you're all set for shopping! Happy spending!"});
    }

    private static ExplanationPartModel s4_1() {
        return new ExplanationPartModel("Importance of Ethical Hacking", new String[]{highlightTextPurple("Rising Demand for Ethical Hackers  ") + newLine + "- Ethical hacking plays a crucial role in testing the security systems of organizations. As cyber threats grow, ethical hackers are essential in ensuring that systems remain secure and resistant to attacks from black hat hackers. The demand for skilled ethical hackers continues to rise due to the increasing number of hacking incidents." + newLine + newLine + highlightTextPurple("Real-world Cyber Attacks  ") + newLine + "- Major companies like Google, Yahoo, Instagram, Facebook, and Uber have all been targets of cyber-attacks. For instance, a recent breach at Uber exposed the personal information of 50 million users. To combat such risks, companies often hire ethical hackers to probe their systems for weaknesses. After identifying vulnerabilities, these hackers report their findings, allowing the company to address them. Many companies also run bug bounty programs, rewarding hackers who find and report security issues." + newLine + newLine + highlightTextPurple("Protecting Critical Data  ") + newLine + "- Ethical hacking is essential in safeguarding sensitive information from malicious actors. By identifying security risks and vulnerabilities, ethical hackers help organizations secure their systems and prevent data breaches that could result in exploitation." + newLine + newLine + highlightTextPurple("National Security and Cyber Defense  ") + newLine + "- Governments often employ state-sponsored hacking to safeguard national security and protect sensitive political and intelligence data. Ethical hacking also plays a vital role in countering cyber-terrorism, ensuring the defense of critical infrastructure and preventing attacks that could jeopardize national safety." + newLine + newLine + highlightTextPurple("Adopting the Attacker’s Perspective  ") + newLine + "- Ethical hackers think like attackers, identifying potential entry points into a system. By doing so, they can address vulnerabilities before malicious hackers exploit them, strengthening the security of the organization’s infrastructure." + newLine + newLine + highlightTextPurple("Skill Development and Career Growth  ") + newLine + "- Ethical hacking provides an opportunity to learn valuable skills applicable in various roles, including software development, risk management, quality assurance testing, and network defense. These skills are transferable to multiple areas within cybersecurity and IT." + newLine + newLine + highlightTextPurple("The Value of Trained Ethical Hackers  ") + newLine + "- Within an organization, ethical hackers are a critical asset. Their expertise enables rapid and effective security testing under both normal and high-pressure conditions, ensuring the organization's software and systems are secure." + newLine + newLine + highlightTextPurple("Tools and Techniques for Security Assurance  ") + newLine + "- Ethical hackers create and refine tools and techniques to identify and eliminate system vulnerabilities. By constantly developing and updating security measures, they help organizations stay ahead of potential cyber threats." + newLine + newLine + highlightTextPurple("Proactive Security Measures  ") + newLine + "- Ethical hacking allows organizations to identify weaknesses in their software and security infrastructure. By adopting a hacker’s mindset, companies can detect vulnerabilities early and resolve them before they lead to significant security breaches, ultimately protecting the organization’s success and reputation."});
    }

    private static ExplanationPartModel s4_2() {
        return new ExplanationPartModel("Roles of Ethical Hacking", new String[]{highlightTextPurple("Obtain Full Authorization  ") + newLine + "- Before initiating any security assessment, ethical hackers must secure explicit written approval from the system owner. This ensures that the hacker is legally authorized to probe the system and its components." + newLine + newLine + highlightTextPurple("Define the Scope of the Assessment  ") + newLine + "- The ethical hacker must work with the organization to determine the exact boundaries of the testing. This includes specifying which systems, networks, or applications will be assessed, as well as any exclusions to ensure the tests remain within agreed-upon parameters." + newLine + newLine + highlightTextPurple("Report Findings  ") + newLine + "- Any vulnerabilities, flaws, or security risks discovered during the assessment must be documented and reported back to the organization promptly. This allows the organization to take appropriate action to resolve these issues." + newLine + newLine + highlightTextPurple("Confidentiality and Non-Disclosure  ") + newLine + "- Ethical hackers must keep all information gathered during the security assessment confidential. They should respect the terms of their non-disclosure agreement (NDA) with the organization, which is crucial in maintaining trust and safeguarding sensitive data." + newLine + newLine + highlightTextPurple("Erase Traces  ") + newLine + "- After completing the assessment, ethical hackers are responsible for ensuring they leave no traces of their activities. This includes removing any data, files, or changes made during testing, which helps prevent malicious hackers from exploiting any vulnerabilities that were uncovered during the evaluation."});
    }

    private static ExplanationPartModel s4_3() {
        return new ExplanationPartModel("Limitations of Ethical Hacking", new String[]{highlightTextPurple("Scope and Permission Restrictions  ") + newLine + "- Ethical hackers must always operate within the boundaries set by the client or organization. Unauthorized actions can result in legal consequences. This reinforces the importance of clear communication and defined scope before testing begins. " + newLine + newLine + highlightTextPurple("Incomplete Coverage  ") + newLine + "- Due to time, resource, and knowledge constraints, it's impossible to test every potential vulnerability in a system. Some vulnerabilities may go unnoticed, which is a key limitation of ethical hacking." + newLine + newLine + highlightTextPurple("Simulated Attacks  ") + newLine + "-  While ethical hackers simulate attacks, they may not always replicate the unpredictability and adaptability of real-world attackers, potentially leaving certain attack vectors unexamined." + newLine + newLine + highlightTextPurple("Limited Timeframe  ") + newLine + "- Time constraints often mean that not all aspects of a system can be thoroughly tested, and vulnerabilities may be missed due to the limited duration of penetration tests." + newLine + newLine + highlightTextPurple("False Positives and False Negatives  ") + newLine + "- Ethical hackers may encounter false positives (wrongly identifying issues) or false negatives (missing actual issues), which can affect the testing process and the resulting security posture." + newLine + newLine + highlightTextPurple("Complexity of Modern Systems  ") + newLine + "- The increasing complexity of software, hardware, and network systems makes it challenging for ethical hackers to fully test everything, especially newer or specialized technologies." + newLine + newLine + highlightTextPurple("Human Factor  ") + newLine + "- Ethical hackers, like all humans, are subject to biases and limitations in their knowledge, which can lead to missed vulnerabilities or incorrect assessments." + newLine + newLine + highlightTextPurple("Legal and Ethical Boundaries  ") + newLine + "- Adhering to local laws and ethical guidelines is paramount. Ethical hackers must be aware of jurisdictional differences, as what is legal in one place may not be in another." + newLine + newLine + highlightTextPurple("Post-Hack Remediation  ") + newLine + "- While ethical hackers can identify vulnerabilities, they typically aren't responsible for fixing them. This places an additional burden on organizations to act swiftly to implement solutions and mitigate risks." + newLine + newLine + highlightTextPurple("Resource Limitations  ") + newLine + "- The availability of specialized tools and resources plays a significant role in the depth of testing. Limited resources can hinder an ethical hacker's ability to conduct thorough testing, particularly in complex or sophisticated attack scenarios." + newLine + newLine + highlightTextPurple("Evolving Threat Landscape  ") + newLine + "- The cybersecurity landscape is dynamic, with new vulnerabilities and attack methods emerging regularly. Ethical hackers must stay updated, but even the best-prepared professionals may not always be able to keep pace with rapidly evolving threats."});
    }

    private static ExplanationPartModel s50_1() {
        return new ExplanationPartModel("Intro Social Engineering Countermeasures", new String[]{bigText(highlightTextPurple("How to Detect Phishing Emails")) + newLine + "- Appears to come from a trusted source like a bank, company, or social media platform, but uses a generic greeting." + newLine + "- Seems to be from someone you know, possibly someone in your contact list, but the tone feels off." + newLine + "- Creates a sense of urgency or uses threatening language to pressure you into acting quickly." + newLine + "- Contains spelling or grammatical errors that may seem unusual for a professional message." + newLine + "- Includes links to fake websites, often looking very similar to legitimate sites but with slight variations in the URL." + newLine + "- Offers deals that seem too good to be true, making it feel like a limited-time opportunity." + newLine + "- Contains official-looking logos or branding, but may have inconsistencies when you check closely." + newLine + "- Includes attachments that could contain malicious files or malware.", newLine + newLine + bigText(highlightTextPurple("Anti-Phishing Toolbar")) + newLine + newLine + highlightText("Netcraft ") + newLine + " - The Netcraft anti-phishing community functions as a large-scale neighborhood watch, allowing its most vigilant and skilled members to help protect everyone within the community from phishing attacks." + newLine + newLine + highlightText("PhishTank ") + newLine + " - PhishTank acts as a collaborative hub for data and insights on phishing threats, gathering information from various sources to provide real-time intelligence on phishing attacks.It offers an open API, allowing developers and researchers to integrate anti-phishing data seamlessly into their applications and security tools." + newLine + " - It offers an open API, allowing developers and researchers to integrate anti-phishing data seamlessly into their applications and security tools.", newLine + newLine + bigText(highlightTextPurple("Identity Theft Countermeasures")) + newLine + "- Shred or securely dispose of documents containing sensitive information." + newLine + "- Make sure your name is not listed on any market hit lists to reduce the risk of targeted scams." + newLine + "- Review your credit card statements regularly and always keep your card within sight during transactions." + newLine + "- Never share personal information over the phone, especially with unsolicited callers." + newLine + "- Empty your mailbox promptly to prevent important mail from being exposed to unauthorized access." + newLine + "- Be cautious with requests for personal data; always verify the source before providing any information." + newLine + "- Take steps to protect your personal details from being publicly disclosed." + newLine + "- Avoid displaying account or contact numbers unless absolutely necessary for a specific purpose."});
    }

    private static ExplanationPartModel s50_2() {
        return new ExplanationPartModel("Social Engineering Countermeasures", new String[]{"Good policies and procedures are ineffective if not actively taught and reinforced by employees through regular training and engagement." + newLine + newLine + "Employees should acknowledge understanding of policies by signing a statement after completing relevant training sessions." + newLine + newLine + bigText(highlightTextPurple("Password Policies")) + newLine + " 1. Implement periodic password changes to enhance security." + newLine + " 2. Avoid easily guessable passwords by enforcing complexity requirements." + newLine + " 3. Lock accounts after a set number of failed login attempts to prevent brute-force attacks." + newLine + " 4. Enforce password length and complexity requirements to reduce vulnerability." + newLine + " 5. Ensure password secrecy, avoiding sharing or writing down credentials." + newLine + newLine + bigText(highlightTextPurple("Physical Security Policies")) + newLine + " 1. Issue ID cards, uniforms, or other forms of identification for easy employee recognition." + newLine + " 2. Escort visitors within secure areas to prevent unauthorized access." + newLine + " 3. Restrict access to sensitive areas to authorized personnel only." + newLine + " 4. Shred documents that are no longer needed to prevent data leaks." + newLine + newLine + bigText(highlightTextPurple("Training")) + newLine + "- Comprehensive training programs should cover all security policies and raise awareness of social engineering tactics." + newLine + newLine + bigText(highlightTextPurple("Operation Guidelines")) + newLine + "- Ensure sensitive information is securely stored and that resources are accessible only to authorized individuals." + newLine + newLine + bigText(highlightTextPurple("Access Privileges")) + newLine + "- Create administrator, user, and guest accounts, each with appropriate access levels." + newLine + newLine + bigText(highlightTextPurple("Classification of Information")) + newLine + "- Categorize information based on its sensitivity, such as top secret, proprietary, internal use only, or public." + newLine + newLine + bigText(highlightTextPurple("Proper Incident Response Time")) + newLine + "- Establish clear guidelines for responding to social engineering attempts and other security incidents." + newLine + newLine + bigText(highlightTextPurple("Background Checks and Proper Termination Process")) + newLine + "- Conduct background checks for potential employees and ensure a thorough termination process to prevent former employees from accessing sensitive information." + newLine + newLine + bigText(highlightTextPurple("Anti-Virus/Anti-Phishing Defenses")) + newLine + "- Deploy multi-layered anti-virus defenses at both the end-user and mail gateway levels to minimize phishing and other social engineering risks." + newLine + newLine + bigText(highlightTextPurple("Two-Factor Authentication")) + newLine + "- For high-risk services like VPNs and modem pools, implement two-factor authentication as an additional security measure." + newLine + newLine + bigText(highlightTextPurple("Change Management")) + newLine + "- Documented change management processes are more secure than informal, ad-hoc procedures to ensure controlled updates and system modifications."});
    }

    private static ExplanationPartModel s51_1() {
        return new ExplanationPartModel("Denial of Service (DoS)", new String[]{" A Denial-of-Service (DoS) attack is a type of attack where a system or network’s services are disrupted or denied." + newLine + newLine + " These attacks can either fully deny service, degrade functionality, or prevent legitimate users from accessing resources." + newLine + newLine + " Several techniques can be used to execute a DoS attack, such as overwhelming the target system with a large number of requests." + newLine + newLine + " The influx of requests can overload the system's capacity, leading to a denial of service." + newLine + newLine + bigText(highlightTextPurple("Common symptoms of a DoS attack include:")) + newLine + " 1. Slow performance." + newLine + " 2. Increase in spam emails" + newLine + " 3. Unavailability of a resource" + newLine + " 4. Loss of access to a website" + newLine + " 5. Disconnection of a wireless or wired" + newLine + " 6. internet connection" + newLine + " 7. Denial of access to any internet services."});
    }

    private static ExplanationPartModel s51_2() {
        return new ExplanationPartModel("Distributed Denial of Service (DDoS)", new String[]{" A Distributed Denial-of-Service (DDoS) attack is similar to a DoS attack, but in this case, multiple compromised systems are used to target and overwhelm a specific system, causing a denial of service." + newLine + newLine + " Botnets are typically employed to carry out DDoS attacks, as they allow attackers to control numerous devices to flood the target with traffic." + newLine + bigText(highlightTextPurple("How Distributed Denial of Service Attacks Work ")) + newLine + newLine + " - Normally, the process of establishing a connection involves a series of steps, where the user sends a request to the server for authentication." + newLine + " - The server then responds with authentication approval." + newLine + " - The requesting user acknowledges the approval, and the connection is established, granting access to the server." + newLine + " - In a Denial of Service (DoS) attack, the attacker floods the server with numerous authentication requests." + newLine + " - These requests contain fake return addresses, preventing the server from locating a user to send the authentication approval to." + newLine + " - As a result, the authentication process waits for a period before closing the session." + newLine + " - Typically, the server waits over a minute before closing a session." + newLine + " - The attacker continuously sends these requests, causing the server to maintain multiple open connections, which ultimately leads to a denial of service."});
    }

    private static ExplanationPartModel s52_1() {
        return new ExplanationPartModel("Basic Categories of DoS/DDoS Attacks", new String[]{bigText(highlightTextPurple(" Volumetric Attacks")) + newLine + " - A Denial of Service (DoS) attack is carried out by sending a large volume of traffic towards the target system." + newLine + " - Volumetric attacks are designed to overload the bandwidth capacity of the target." + newLine + " - The goal of these attacks is to reduce performance and degrade services." + newLine + " - Typically, these attacks consume bandwidth in the range of hundreds of Gbps, overwhelming the system." + newLine + newLine + bigText(highlightTextPurple(" Fragmentation Attacks")) + newLine + " - DoS Fragmentation attacks involve breaking down the IP datagram into multiple smaller packets." + newLine + " - These fragmented packets must be reassembled at the destination, which consumes resources from routers." + newLine + " - Fragmentation attacks can be classified into two types:(1) UDP and ICMP fragmentation attacks,(2) TCP fragmentation attacks" + newLine + newLine + bigText(highlightTextPurple(" TCP-State-Exhaustion Attacks")) + newLine + " - TCP State-Exhaustion attacks target web servers, firewalls, load balancers, and other infrastructure components, aiming to disrupt connections by consuming the connection state tables." + newLine + " - These attacks deplete the finite number of concurrent connections that the target device can handle." + newLine + " - One of the most common types of state-exhaustion attacks is the \"Ping of Death.\"" + newLine + newLine + bigText(highlightTextPurple(" Application Layer Attacks")) + newLine + " - An application layer DDoS attack, also known as a Layer 7 DDoS attack, targets the application layer of the OSI model, leading to denial or degradation of service." + newLine + " - This type of DoS attack focuses on overloading specific services or features of a website or application, with the goal of making them unavailable or denying access to legitimate users."});
    }

    private static ExplanationPartModel s52_2() {
        return new ExplanationPartModel("DoS/DDoS Attack Techniques", new String[]{bigText(highlightTextPurple(" Bandwidth Attacks")) + newLine + " - A bandwidth attack involves using multiple sources to send requests, overwhelming the target." + newLine + " - A DoS attack launched from a single machine typically cannot generate enough traffic to overload the service." + newLine + " - Distributed DoS (DDoS) attacks, on the other hand, are highly effective at flooding the target with requests using multiple attacking systems." + newLine + " - Zombies, which are compromised machines controlled by an attacker, or handler-controlled zombies, are used to launch a DDoS attack." + newLine + " - Botnets (which are explained later in this chapter) can also be used in DDoS attacks by flooding the network with ICMP Echo packets." + newLine + " - The primary goal of a bandwidth attack is to exhaust the target's bandwidth completely, leaving no bandwidth available for legitimate users." + newLine + " - By examining the figures above, you can see how a Distributed Denial of Service attack works, where legitimate traffic is denied as the attack consumes the entire bandwidth." + newLine + newLine + bigText(highlightTextPurple(" Service Request Floods")) + newLine + " - A Service Request Flood is a type of DoS attack where the attacker floods a service, such as a web application or web server, with excessive requests, causing the service to become overloaded." + newLine + " - As a result, when a legitimate user tries to initiate a connection, it will be denied because the attacker’s repeated TCP connections have consumed all available resources, leading to exhaustion." + newLine + newLine + bigText(highlightTextPurple(" SYN Attack / Flooding")) + newLine + " - A SYN Attack, also known as SYN Flooding, takes advantage of the three-way handshake process." + newLine + " - The attacker sends a large number of SYN requests to the target server with the goal of tying up the system." + newLine + " - These SYN requests use a fake source IP address, making it impossible for the victim to respond to them." + newLine + " - The victim waits for an acknowledgment from the fake IP address, but since no response is received, the system remains stuck waiting." + newLine + " - This waiting period occupies a \"listen queue\" on the system, as it doesn't receive the expected ACK." + newLine + " - Each incomplete connection can tie up the system for up to 75 seconds." + newLine + newLine + bigText(highlightTextPurple(" ICMP Flood Attack")) + newLine + " - An Internet Control Message Protocol (ICMP) attack involves the attacker using ICMP requests to target the system." + newLine + " - ICMP is a protocol that network devices use to exchange operational information, errors, and status updates." + newLine + " - These ICMP requests and their corresponding responses consume resources of the network device." + newLine + " - By flooding the device with ICMP requests and not waiting for responses, the attacker can overwhelm the device's resources." + newLine + newLine + bigText(highlightTextPurple(" Peer-to-Peer Attacks")) + newLine + " - A peer-to-peer DDoS attack takes advantage of vulnerabilities in peer-to-peer servers or peering technologies, often using the Direct Connect (DC++) protocol to launch the attack." + newLine + " - Most peer-to-peer networks operate on the DC++ client." + newLine + " - Each client in the DC++ network is listed on a network hub." + newLine + " - Once compromised, the attacker can easily control these clients for malicious purposes." + newLine + " - Peer-to-peer networks are distributed across many hosts." + newLine + " - A single or several malicious hosts within a peer-to-peer network can initiate a DDoS attack." + newLine + " - The impact of DoS or DDoS attacks can vary depending on the topology of the peer-to-peer network." + newLine + " - By exploiting a large number of distributed hosts, an attacker can efficiently launch a DDoS attack on the target." + newLine + newLine + bigText(highlightTextPurple(" Permanent Denial-of-Service Attack")) + newLine + " - A Permanent Denial-of-Service (PDoS) attack targets hardware rather than just denying service, aiming to cause physical damage to the affected system." + newLine + " - Hardware damaged by a PDoS attack may require full replacement or reinstallation." + newLine + " - PDoS is commonly carried out using a technique known as \"Phlashing,\" which involves sending malicious firmware updates that cause irreversible damage to the hardware, effectively \"bricking\" the system." + newLine + " - Once the malicious code is inadvertently executed by the victim, the attack is triggered, leading to permanent damage." + newLine + newLine + bigText(highlightTextPurple(" Application Level Flood Attacks")) + newLine + " - Application-level attacks target the Application layer, focusing on either the application server or the client computer running the application." + newLine + " - The attacker identifies vulnerabilities or flaws in the application or operating system and exploits these weaknesses to bypass access controls, ultimately gaining privileged control over the application, system, or network." + newLine + newLine + bigText(highlightTextPurple(" Distributed Reflection Denial of Service (DRDOS)")) + newLine + " - A Distributed Reflection Denial of Service (DRDoS) attack is a type of DoS attack where intermediary and secondary victims are involved in the attack process." + newLine + " - The attacker sends requests to the intermediary victim, which then redirects the traffic to the secondary victim." + newLine + " - The secondary victim, in turn, forwards the traffic to the actual target." + newLine + " - The use of intermediary and secondary victims helps in spoofing the attack, making it harder to trace the original source."});
    }

    private static ExplanationPartModel s53_1() {
        return new ExplanationPartModel("Define Botnets", new String[]{"  Botnets are networks of compromised devices used to perform continuous malicious tasks, including launching DoS attacks." + newLine + newLine + "  These botnets typically gain access to systems through malicious scripts or codes, which alert the attacker’s master computer once the system has been infected." + newLine + newLine + "  From the master computer, the attacker can control the infected systems (or \"bots\") and issue commands, often directing them to carry out a DoS attack against a target." + newLine + newLine + bigText(highlightTextPurple("Botnet Setup")) + newLine + " - A Botnet is typically established by installing a bot on the victim’s system, often through a Trojan Horse." + newLine + " - The Trojan Horse acts as a payload, delivering the bot to the victim’s system. This is commonly done through phishing or by redirecting the victim to a malicious website or a compromised legitimate site." + newLine + " - Once the Trojan is executed, the victim's system becomes infected and controlled by the attacker, turning it into a bot that is now under the handler's control, awaiting further instructions from the Command and Control (C&C) server." + newLine + " - The Handler (or C&C) is responsible for sending commands to the infected bots, directing them to perform malicious activities such as launching a DoS attack on a primary target." + newLine + newLine + bigText(highlightTextPurple("Botnet Trojan")) + newLine + " - Blackshades NET" + newLine + " - Cythosia Botnet and Andromeda Bot" + newLine + " - PlugBot"});
    }

    private static ExplanationPartModel s53_2() {
        return new ExplanationPartModel("Scanning Vulnerable Machines", new String[]{"Various methods are employed for scanning vulnerable machines, such as Random, Hit-list, Topological, Subnet, and Permutation scanning." + newLine + newLine + bigText(highlightTextPurple("Random Scanning Technique")) + newLine + " - The infected machine randomly selects IP addresses within the IP address space and scans them for vulnerabilities." + newLine + " - Upon discovering a vulnerable machine, it breaches the system and infects it with the same script used to compromise itself." + newLine + " - The random scanning method facilitates rapid infection spread, as it targets and compromises a large number of hosts." + newLine + newLine + bigText(highlightTextPurple("Hit-List Scanning Technique")) + newLine + " - The attacker begins by gathering information on a large number of potentially vulnerable machines to create a Hit-list." + newLine + " - With this method, the attacker identifies and infects the vulnerable machines." + newLine + " - After a machine is compromised, the list is split, with half of it being assigned to the newly infected system." + newLine + " - The scanning process in Hit-list scanning occurs simultaneously across the compromised machines." + newLine + " - This technique is employed to rapidly spread and deploy malicious code within a short timeframe." + newLine + newLine + bigText(highlightTextPurple("Topological Scanning Technique")) + newLine + " - Topological Scanning collects information from the compromised system to locate additional vulnerable targets." + newLine + " - The initially infected machine searches for a URL on its disk, identifies the target, and checks for vulnerabilities." + newLine + " - Since these URLs are valid, the accuracy of this technique is very high." + newLine + newLine + bigText(highlightTextPurple("Subnet Scanning Technique")) + newLine + " - This technique is employed to scan behind a firewall, with the compromised host searching for vulnerable targets within its local network." + newLine + " - It is also used to quickly assemble a large army of zombie machines in a short period." + newLine + newLine + bigText(highlightTextPurple("Permutation Scanning Technique")) + newLine + " - Permutation scanning relies on pseudorandom permutation." + newLine + " - In this method, infected machines exchange pseudorandomly permuted IP addresses." + newLine + " - If scanning identifies an already infected system—whether through hit-list scanning or another technique—it moves on and begins scanning from the next IP in the list." + newLine + " - If scanning detects an infected system in the permutation list, it resumes scanning from a random point in the list."});
    }

    private static ExplanationPartModel s53_3() {
        return new ExplanationPartModel("Propagation of Malicious Codes", new String[]{"The three most commonly used methods for propagating malicious code are Central, Back-chaining, and Autonomous propagation." + newLine + newLine + bigText(highlightTextPurple("  Central Source Propagation")) + newLine + " - Central Source propagation relies on a central source where the attack toolkit is installed." + newLine + " - After exploiting a vulnerable machine, the attacker opens a connection on the compromised system, waiting for a file transfer." + newLine + " - The toolkit is then copied from the central source to the infected machine." + newLine + " - Once transferred, the toolkit is automatically installed on the compromised system." + newLine + " - The toolkit is used to launch further attacks, and the file transfer mechanisms typically employed for transferring malicious code (toolkit) include HTTP, FTP, or RPC." + newLine + newLine + bigText(highlightTextPurple("  Back-Chaining Propagation")) + newLine + " - Back-Chaining propagation requires the attack toolkit to be installed on the attacker's machine." + newLine + " - After exploiting a vulnerable system, the attacker opens a connection on the compromised machine, waiting for a file transfer." + newLine + " - The toolkit is then transferred from the attacker’s system to the infected machine." + newLine + " - Once the toolkit is installed on the compromised system, it begins searching for other vulnerable systems, and the process repeats." + newLine + newLine + bigText(highlightTextPurple("  Autonomous Propagation")) + newLine + " - In Autonomous propagation, the attacker exploits a vulnerable system and sends malicious code to it." + newLine + " - The toolkit is then installed on the compromised system, which searches for other vulnerable targets." + newLine + " - Unlike Central Source Propagation, this method doesn't rely on a central source or the need to plant the toolkit on the attacker's own system."});
    }

    private static ExplanationPartModel s54_1() {
        return new ExplanationPartModel("DoS and DDoS Attack Tool", new String[]{bigText(highlightTextPurple("Pandora DDoS Bot Toolkit ")) + newLine + " - The Pandora DDoS Bot Toolkit is an updated version of the Dirt Jumper DDoS toolkit." + newLine + " - It provides five different distributed denial-of-service (DDoS) attack modes." + newLine + " - It generates five attack types :- HTTP min,HTTP download,HTTP Combo,Socket Connect,Max Flood" + newLine + newLine + bigText(highlightTextPurple("Dereil")) + newLine + " - Dereil is a professional DDoS tool featuring modern attack patterns through TCP, UDP, and HTTP protocols." + newLine + newLine + bigText(highlightTextPurple("HOIC")) + newLine + " - HOIC launches DDoS attacks on any IP address, with the option for the user to select the target port and protocol." + newLine + newLine + bigText(highlightTextPurple("DoS HTTP")) + newLine + " - DoSHTTP is a Denial of Service (DoS) testing tool for HTTP floods on Windows." + newLine + " - It features URL verification, HTTP redirection, port designation, performance monitoring, and advanced reporting." + newLine + " - The tool utilizes multiple asynchronous sockets to carry out an efficient HTTP flood attack."});
    }

    private static ExplanationPartModel s54_2() {
        return new ExplanationPartModel("DoS and DDoS Attack Tool for Mobile", new String[]{bigText(highlightTextPurple("AnDOSid ")) + newLine + " - AnDOSid enables attackers to simulate a DoS attack (specifically an HTTP POST flood attack) and a DDoS attack on a web server using mobile phones." + newLine + newLine + bigText(highlightTextPurple("Low Orbit Ion Cannon (LOIC) ")) + newLine + " - The Android version of the Low Orbit Ion Cannon (LOIC) software is used for flooding packets, enabling attackers to carry out DDoS attacks on target organizations."});
    }

    private static ExplanationPartModel s55_1() {
        return new ExplanationPartModel("Countermeasures", new String[]{bigText(highlightTextPurple(" DoS/DDoS Countermeasure Strategies")) + newLine + newLine + highlightText(" 1. Absorbing the Attack :") + " - Utilize extra capacity to absorb an attack, which requires prior planning. and This approach demands additional resources." + newLine + newLine + highlightText(" 2. Degrading Services :") + " - Identify essential services and disable non-essential services." + newLine + newLine + highlightText(" 3. Shutting Down the Services :") + " - Disable all services until the attack has subsided." + newLine + newLine + bigText(highlightTextPurple(" Post-Attack Forensics")) + newLine + " - DDoS attack traffic patterns can assist network administrators in developing new filtering techniques to block attack traffic from entering or leaving the network." + newLine + " - Analyze logs from routers, firewalls, and IDS to trace the source of DoS traffic, and collaborate with intermediary ISPs and law enforcement to trace the attacker’s IP." + newLine + " - Traffic Pattern Analysis: Post-attack data can be analyzed to identify specific traits within the attacking traffic." + newLine + " - Using these identified traits, the results of traffic pattern analysis can help refine load-balancing and throttling countermeasures." + newLine + newLine + bigText(highlightTextPurple(" Techniques to Defend against Botnets")) + newLine + newLine + highlightText(" 1. RFC 3704 Filtering :") + " - Any traffic originating from unused or reserved IP addresses is considered bogus and should be filtered by the ISP before it reaches the Internet link." + newLine + newLine + highlightText(" 2. Cisco IPS Source IP Reputation Filtering :") + " - Reputation services help determine whether an IP or service is a potential threat. Cisco IPS regularly updates its database with known threats such as botnets, botnet harvesters, malware, etc., to help filter DoS traffic." + newLine + newLine + highlightText(" 3. Black Hole Filtering :") + " - A \"black hole\" refers to network nodes where incoming traffic is discarded or dropped without notifying the source that the data didn’t reach its intended recipient." + newLine + " - Black hole filtering involves discarding packets at the routing level." + newLine + newLine + highlightText(" 4. DDoS Prevention Offerings from ISPs or DDoS Services :") + " - Enable IP Source Guard (in Cisco) or similar features in other routers to filter traffic based on the DHCP snooping binding database or IP source bindings, preventing bots from sending spoofed packets."});
    }

    private static ExplanationPartModel s55_2() {
        return new ExplanationPartModel("Techniques ", new String[]{bigText(highlightTextPurple(" Detection Techniques")) + newLine + " - Detection techniques focus on identifying and distinguishing illegitimate traffic spikes and flash events from legitimate network traffic." + newLine + " - All detection methods define an attack as a significant and noticeable deviation from the established threshold of normal network traffic statistics." + newLine + newLine + bigText(highlightTextPurple(" Activity Profiling")) + newLine + " - An attack is indicated by:" + newLine + space(3) + " 1. A rise in activity levels within network flow clusters." + newLine + space(3) + " 2. An increase in the total number of distinct clusters, which may indicate a DDoS attack." + newLine + " - An activity profile is created based on the average packet rate of a network flow, which includes consecutive packets with similar packet fields." + newLine + " - The activity profile is derived by monitoring the header information of network packets." + newLine + newLine + bigText(highlightTextPurple(" Wavelet-based Signal Analysis")) + newLine + " - Wavelet analysis characterizes an input signal by its spectral components." + newLine + " - Wavelets enable simultaneous time and frequency analysis." + newLine + " - By examining the energy within each spectral window, anomalies can be detected." + newLine + " - Signal analysis identifies the specific time at which certain frequency components occur." + newLine + newLine + bigText(highlightTextPurple(" Sequential Change-Point Detection")) + newLine + newLine + highlightText(" 1. Isolate Traffic:") + " - Change-point detection algorithms are used to isolate changes in network traffic statistics that are caused by attacks." + newLine + newLine + highlightText(" 2. Filter Traffic:") + " - These algorithms filter the target traffic based on address, port, or protocol and store the resulting flow as a time series." + newLine + newLine + highlightText(" 3. Identify Attack:") + " - The sequential change-point detection technique utilizes the Cumulative Sum (Cusum) algorithm to detect and locate DoS attacks, calculating deviations between actual and expected local averages in the traffic time series." + newLine + newLine + highlightText(" 4. Identify Scan Activity:") + " - This technique can also be applied to identify typical scanning behaviors associated with network worms."});
    }

    private static ExplanationPartModel s55_3() {
        return new ExplanationPartModel("DoS/DDoS Attack Countermeasures", new String[]{bigText(highlightTextPurple(" Protect Secondary Victims")) + newLine + " - Install and regularly update anti-virus and anti-Trojan software." + newLine + " - Raise awareness about security issues and prevention techniques among all Internet users." + newLine + " - Disable unnecessary services, uninstall unused applications, and scan all files received from external sources." + newLine + " - Properly configure and frequently update the built-in defensive mechanisms in the system’s core hardware and software." + newLine + newLine + bigText(highlightTextPurple(" Detect and Neutralize Handlers")) + newLine + newLine + highlightText(" 1. Network Traffic Analysis:") + " -  Analyze communication protocols and traffic patterns between handlers and clients or handlers and agent in order to identify the network nodes that might be infected by the handlers." + newLine + newLine + highlightText(" 2. Neutralize Botnet Handlers:") + " -  There are usually few DDoS handlers deployed as compared to the number of agents. Neutralizing a few handlers can possibly render multiple agents useless, thus thwarting DDoS attacks." + newLine + newLine + highlightText(" 3. Spoofed Source Address:") + " -  There is a decent probability that the spoofed source address of DDoS attack packets will not represent a valid source address of the definite sub-network." + newLine + newLine + bigText(highlightTextPurple(" Detect Potential Attacks")) + newLine + newLine + highlightText(" 1.  Egress Filtering:") + newLine + " - Scanning the packet headers of IP packets exiting a network." + newLine + " - Egress filtering ensures that unauthorized or malicious traffic does not leave the internal network." + newLine + newLine + highlightText(" 2. Ingress Filtering:") + newLine + " - Protects against flooding attacks originating from valid IP address prefixes." + newLine + " - Allows for tracing the originator back to its true source." + newLine + newLine + highlightText(" 3. TCP Intercept:") + newLine + " - Configuring TCP Intercept helps prevent DoS attacks by intercepting and validating TCP connection requests." + newLine + newLine + bigText(highlightTextPurple(" Deflect Attacks")) + newLine + " - Systems with limited security, known as honeypots, are designed to attract attackers." + newLine + " - Honeypots help gather information about attackers, their techniques, and tools by recording system activities." + newLine + " - Implement a defense-in-depth approach with IPSes at various network points to redirect suspicious DoS traffic to multiple honeypots." + newLine + newLine + bigText(highlightTextPurple(" Mitigate Attacks")) + newLine + newLine + highlightText(" 1. Load Balancing:") + newLine + " - Increase bandwidth on critical connections to handle the extra traffic generated by an attack." + newLine + " - Replicate servers to provide additional fail-safes and protection." + newLine + " - Distribute the load evenly across servers in a multi-server architecture to mitigate the effects of a DDoS attack." + newLine + newLine + highlightText(" 2. Throttling:") + newLine + " - Configure routers to access a server with logic that throttles incoming traffic to safe levels for the server." + newLine + " - Throttling helps prevent server damage by controlling DoS traffic." + newLine + " - This approach can be extended to throttle DDoS attack traffic while allowing legitimate user traffic for improved results." + newLine + newLine + highlightText(" 3. Drop Request:") + newLine + " - Discard packets when the load increases."});
    }

    private static ExplanationPartModel s56_1() {
        return new ExplanationPartModel("Define Session Hijacking", new String[]{bigText(highlightTextPurple("What is Session Hijacking")) + newLine + " - Session hijacking is an attack where an attacker takes control of an active TCP communication session between two computers." + newLine + " - Since authentication typically happens only at the start of a TCP session, this allows the attacker to gain unauthorized access to a machine." + newLine + " - Attackers can monitor all traffic from the established TCP session, enabling identity theft, information theft, fraud, and more." + newLine + " - The attacker steals a valid session ID and uses it to authenticate themselves with the server." + newLine + newLine + bigText(highlightTextPurple("Why Session Hijacking is Successful?")) + newLine + " - No account lockout mechanism for invalid session IDs." + newLine + " - Weak session ID generation algorithms or short session IDs." + newLine + " - Insecure handling of session IDs." + newLine + " - Indefinite session expiration times." + newLine + " - Most computers using TCP/IP are susceptible to session hijacking." + newLine + newLine + bigText(highlightTextPurple("Types of Session Hijacking")) + newLine + newLine + highlightText("1. Active Attack") + newLine + " - The attacker silences one of the machines, typically the client computer, and takes over its role in the communication exchange between the workstation and the server." + newLine + " - This active attack also enables the attacker to issue commands on the network, such as creating new user accounts, which can later be used to access the network without needing to perform another session hijack." + newLine + newLine + highlightText("2. Passive Attack") + newLine + " - In a passive session hijacking attack, the attacker monitors the traffic between the workstation and the server." + newLine + " - The main goal of this passive attack is to observe network traffic and potentially capture valuable data, such as passwords." + newLine + newLine + bigText(highlightTextPurple("Spoofing vs. Hijacking")) + newLine + newLine + highlightText("1. Spoofing") + newLine + " - The attack involves impersonating another user or machine (the victim) to gain access." + newLine + " - Rather than hijacking an active session, the attacker initiates a new session using the victim's stolen credentials." + newLine + newLine + highlightText("2. Hijacking") + newLine + " - Session hijacking involves taking control of an active, ongoing session." + newLine + " - The attacker depends on the legitimate user to establish the connection and authenticate."});
    }

    private static ExplanationPartModel s56_2() {
        return new ExplanationPartModel("Session Hijacking techniques", new String[]{bigText(highlightTextPurple("Stealing")) + newLine + " - The stealing category encompasses various techniques for stealing session IDs, such as \"referrer attacks,\" network sniffing, Trojans, or other methods." + newLine + newLine + bigText(highlightTextPurple("Guessing")) + newLine + " - The guessing category involves techniques used to predict session IDs, such as observing variable components of session IDs or calculating valid IDs by deducing the sequence, among other methods." + newLine + newLine + bigText(highlightTextPurple("Brute-Forcing")) + newLine + " - Brute-forcing is the process of trying every possible combination of credentials." + newLine + " - Typically, brute-forcing is used when an attacker has information about the range of session IDs."});
    }

    private static ExplanationPartModel s56_3() {
        return new ExplanationPartModel("Session Hijacking Process", new String[]{bigText(highlightTextPurple("Sniffing into Active Session:")) + newLine + " - The attacker identifies an active session between the target and another machine and positions themselves between the two." + newLine + " - By using a sniffer like Wireshark, the attacker captures the traffic and attempts to gather information about the session." + newLine + newLine + bigText(highlightTextPurple("Monitor")) + newLine + " - The attacker monitors the traffic for vulnerable protocols, such as HTTP, Telnet, or rlogin, in an attempt to capture any valid authentication packets passing through." + newLine + newLine + bigText(highlightTextPurple("Session Id Retrieval")) + newLine + " - The attacker attempts to predict the session ID using the available information." + newLine + " - Once the target is selected, the next step in the session hijacking process is predicting the sequence number." + newLine + " - Sequence number prediction is crucial because if the attacker fails to predict the correct sequence number, the server will send reset packets and terminate the connection attempt." + newLine + " - If the attacker repeatedly guesses the sequence numbers incorrectly, the chances of the attack being detected increase." + newLine + newLine + bigText(highlightTextPurple("Stealing")) + newLine + " - In application-level hijacking, active attacks are carried out to steal the session ID." + newLine + " - Methods like man-in-the-middle attacks, cross-site scripting, and sniffing are used to steal the session ID." + newLine + " - Brute Forcing: This method is time-consuming." + newLine + " - While sequence number guessing can be done manually by skilled attackers, there are software tools available to automate the process." + newLine + newLine + bigText(highlightTextPurple("Take One of the Parties Offline")) + newLine + " - Once a session is selected and sequence numbers are predicted, one of the targets needs to be silenced." + newLine + " - This is typically achieved through a denial-of-service attack." + newLine + " - The attacker must ensure that the client computer stays offline throughout the attack; otherwise, the client may start transmitting data, causing the workstation and server to repeatedly attempt to synchronize their connections. This results in an ACK storm." + newLine + newLine + bigText(highlightTextPurple("Take over the Session and Maintain the Connection")) + newLine + " - The final phase of the session hijacking attack involves taking control of the communication session between the workstation and the server." + newLine + " - The attacker spoofs their client IP address to avoid detection and includes the sequence number predicted earlier." + newLine + " - If the server accepts this information, the attacker has successfully hijacked the communication session."});
    }

    private static ExplanationPartModel s57_1() {
        return new ExplanationPartModel("Define Application Level Session Hijacking", new String[]{"In a session hijacking attack, a session token is either stolen or predicted to gain unauthorized access to the web server." + newLine + newLine + "A session token can be compromised through various methods." + newLine + space(5) + " 1. Session sniffing" + newLine + space(5) + " 2. Predictable session token" + newLine + space(5) + " 3. Man-in-the-middle attack" + newLine + space(5) + " 4. Man-in-the-browser attack" + newLine + space(5) + " 5. Cross-site script attack" + newLine + space(5) + " 6. Cross-site request forgery attack" + newLine + space(5) + " 7. Session replay attack" + newLine + space(5) + " 8. Session fixation"});
    }

    private static ExplanationPartModel s57_2() {
        return new ExplanationPartModel("Application Level Session Hijacking 1", new String[]{bigText(highlightTextPurple(" 1. Session sniffing")) + newLine + " - The attacker uses a sniffer to capture a valid session token or session ID." + newLine + " - The attacker then utilizes the captured session token to gain unauthorized access to the web server." + newLine + newLine + bigText(highlightTextPurple("2. Predicting Session Token")) + newLine + " - The attacker can predict session IDs generated by weak algorithms and impersonate a website user." + newLine + " - Attackers analyze the variable sections of session IDs to identify any patterns." + newLine + " - This analysis is performed either manually or with the help of cryptanalytic tools." + newLine + " - Attackers collect a large number of simultaneous session IDs to gather samples within the same time window while keeping the variable constant." + newLine + newLine + bigText(highlightText("How to Predict a Session Token")) + newLine + " - Most web servers use custom algorithms or predefined patterns to generate session IDs." + newLine + " - The attacker attempts to guess or deduce the unique session ID to hijack the session." + newLine + " - Captures: The attacker captures multiple session IDs and analyzes the pattern." + newLine + newLine + bigText(highlightTextPurple("3. Man-in-the-Middle Attack")) + newLine + " - The man-in-the-middle attack is used to infiltrate an existing connection between systems and intercept messages being exchanged." + newLine + " - Attackers use various techniques to split the TCP connection into two parts: a client-to-attacker connection and an attacker-to-server connection." + newLine + " - Once the TCP connection is successfully intercepted, the attacker can read, modify, and insert fraudulent data into the intercepted communication." + newLine + " - In the case of an HTTP transaction, the TCP connection between the client and the server becomes the primary target." + newLine + newLine + bigText(highlightTextPurple("4. Man-in-the-Browser Attack")) + newLine + " - The man-in-the-browser attack uses a Trojan horse to intercept the communication between the browser and its security mechanisms or libraries." + newLine + " - It operates with an already installed Trojan horse and acts as a mediator between the browser and its security systems." + newLine + " - The primary goal of this attack is to facilitate financial fraud by manipulating transactions in Internet banking systems." + newLine + newLine + bigText(highlightText("Steps to Perform Man-in-the-Browser Attack")) + newLine + " 1. The Trojan first infects the computer's software (either the OS or an application)." + newLine + " 2. The Trojan installs malicious code (in the form of extension files) and saves it into the browser’s configuration." + newLine + " 3. After the user restarts the browser, the malicious code, now in the form of extension files, is loaded." + newLine + " 4. The extension files register a handler for every webpage visit." + newLine + " 5. When a page loads, the extension checks the URL against a list of known sites that are targeted for attack." + newLine + " 6. The user securely logs into the website." + newLine + " 7. The extension registers a button event handler when a specific page load matches a known pattern and compares it with its targeted list." + newLine + " 8. When the user clicks the button, the extension uses the DOM interface to extract all form field data and modifies the values." + newLine + " 9. The browser sends the form with the modified values to the server." + newLine + " 10. The server receives the altered values but cannot distinguish them from the original ones." + newLine + " 11. After the server processes the transaction, a receipt is generated." + newLine + " 12. The browser receives the receipt for the altered transaction." + newLine + " 13. The browser displays the receipt with the original details." + newLine + " 14. The user believes the original transaction was successfully processed by the server, unaware of any interception."});
    }

    private static ExplanationPartModel s57_3() {
        return new ExplanationPartModel("Application Level Session Hijacking 2", new String[]{bigText(highlightTextPurple("5. Cross-site Script Attack")) + newLine + " - If an attacker sends a crafted link to the victim containing malicious JavaScript, the script will execute when the victim clicks the link, carrying out the instructions set by the attacker." + newLine + newLine + bigText(highlightTextPurple("6. Cross-site Request Forgery Attack")) + newLine + " - A Cross-Site Request Forgery (CSRF) attack exploits a victim's active session with a trusted site to carry out malicious activities." + newLine + newLine + bigText(highlightTextPurple("7. Session Replay Attack")) + newLine + " - In a session replay attack, the attacker intercepts the communication between the user and the server, capturing the user's authentication token." + newLine + " - After capturing the authentication token, the attacker replays the request to the server using the stolen token, gaining unauthorized access to the server." + newLine + newLine + bigText(highlightTextPurple("8. Session Fixation")) + newLine + " - Session Fixation is an attack that enables an attacker to hijack a valid user session." + newLine + " - The attack attempts to trick the user into authenticating with a known session ID, allowing the attacker to take over the validated session once the user uses it." + newLine + " - The attacker provides a legitimate web application session ID and tries to deceive the victim's browser into using it." + newLine + " - Common techniques for executing a Session Fixation attack include using the session token in the URL argument, embedding the session token in a hidden form field, or storing the session ID in a cookie." + newLine + newLine + highlightText("Session Fixation Attack") + newLine + " - The attacker exploits a server vulnerability that permits the use of a fixed SID (Session ID)." + newLine + " - The attacker provides a valid SID to the victim and deceives them into authenticating using that SID." + newLine + newLine + highlightText("Session Hijacking Using Proxy Servers") + newLine + " - The attacker tricks the victim into clicking a bogus link that appears legitimate but redirects the user to the attacker’s server." + newLine + " - The attacker forwards the request to the legitimate server on behalf of the victim, acting as a proxy for the entire transaction." + newLine + " - During the interaction between the legitimate server and the user, the attacker captures the session information."});
    }

    private static ExplanationPartModel s58_1() {
        return new ExplanationPartModel("Network-level Session Hijacking", new String[]{"Network-level hijacking targets the transport and Internet protocols used by web applications in the application layer." + newLine + newLine + "By compromising network-level sessions, the attacker collects critical information that can later be used to exploit the application layer." + newLine + newLine + "Network-level hijacking includes :- " + newLine + space(5) + " 1. Blind Hijacking" + newLine + space(5) + " 2. UDP Hijacking" + newLine + space(5) + " 3. TCP/IP Hijacking" + newLine + space(5) + " 4. RST Hijacking" + newLine + space(5) + " 5. Man-in-the-Middle: Packet Sniffer" + newLine + space(5) + " 6. IP Spoofing: Source Routed Packets"});
    }

    private static ExplanationPartModel s58_2() {
        return new ExplanationPartModel("Network-level Session Hijacking", new String[]{bigText(highlightTextPurple(" 1. Blind Hijacking")) + newLine + " - The attacker can inject malicious data or commands into the intercepted communication within the TCP session, even if source-routing is disabled." + newLine + " - While the attacker can send the data or commands, they do not have access to see the response." + newLine + newLine + bigText(highlightTextPurple(" 2. UDP Hijacking")) + newLine + " - In a network-level session hijacking, the attacker sends a forged server reply to the victim's UDP request before the intended server can respond." + newLine + " - The attacker uses a man-in-the-middle attack to intercept the server's response to the client and sends its own forged reply." + newLine + newLine + bigText(highlightTextPurple("3. TCP/IP Hijacking")) + newLine + " - TCP/IP hijacking is a hacking technique that uses spoofed packets to seize control of a connection between a victim and a target machine." + newLine + " - When the victim's connection is disrupted, the attacker can communicate with the target machine as if they were the victim." + newLine + " - To execute a TCP/IP hijacking attack, the attacker must be on the same network as the victim." + newLine + " - The target and victim machines can be located anywhere." + newLine + newLine + highlightText("TCP/IP Hijacking Process") + newLine + " 1. The attacker sniffs the victim’s connection and uses the victim’s IP address to send a spoofed packet with a predicted sequence number." + newLine + " 2. The receiver processes the spoofed packet, increments the sequence number, and sends an acknowledgement to the victim's IP." + newLine + " 3. The victim machine is unaware of the spoofed packet, so it ignores the receiver’s ACK packet and disables the sequence number counter." + newLine + " 4. As a result, the receiver starts receiving packets with an incorrect sequence number." + newLine + " 5. The attacker causes the victim's connection with the receiver machine to become desynchronized." + newLine + " 6. The attacker tracks the sequence numbers and continuously spoofs packets that appear to come from the victim's IP." + newLine + " 7. The attacker continues communicating with the receiver machine while the victim's connection remains stalled." + newLine + newLine + bigText(highlightTextPurple("4. RST Hijacking")) + newLine + " - RST hijacking involves injecting a seemingly legitimate reset (RST) packet with a spoofed source address and a correctly predicted acknowledgment number." + newLine + " - If the hacker uses the correct acknowledgment number, they can reset the victim's connection." + newLine + " - The victim believes the reset packet came from the legitimate source and consequently resets the connection." + newLine + " - RST hijacking can be executed using packet crafting tools, like Colasoft’s Packet Builder, and TCP/IP analysis tools, such as tcpdump." + newLine + newLine + bigText(highlightTextPurple("5. Man-in-the-Middle: Packet Sniffer ")) + newLine + " - In this attack, a packet sniffer acts as an intermediary between the client and the server." + newLine + " - ARP spoofing involves deceiving the host by broadcasting an ARP request and altering its ARP table by sending forged ARP replies." + newLine + " - The packets between the client and the server are routed through the attacker’s host using two techniques:" + newLine + newLine + highlightText("Forged Internet Control Message Protocol (ICMP) :- ") + " An extension of IP that sends error messages, which the attacker can use to mislead the client and server." + newLine + newLine + highlightText("Address Resolution Protocol (ARP) Spoofing :- ") + " ARP is used to map network layer addresses (IP addresses) to link layer addresses (MAC addresses), and the attacker manipulates this mapping." + newLine + newLine + bigText(highlightTextPurple(" 6. IP Spoofing: Source Routed Packets ")) + newLine + " - The packet source routing technique is used to gain unauthorized access to a computer by leveraging the IP address of a trusted host." + newLine + " - The attacker spoofs the host’s IP address so that the server, which is managing a session with the host, accepts packets from the attacker." + newLine + " - Once the session is established, the attacker injects forged packets before the host can respond to the server." + newLine + " - The original packet from the host is lost because the server receives a packet with a sequence number that was already used by the attacker." + newLine + " - The packets are source-routed, allowing the attacker to specify the path to the destination IP."});
    }

    private static ExplanationPartModel s59_1() {
        return new ExplanationPartModel("Session Hijacking Tools", new String[]{bigText(highlightTextPurple(" Zaproxy ")) + newLine + " - The OWASP Zed Attack Proxy (ZAP) is a comprehensive penetration testing tool designed to identify vulnerabilities in web applications." + newLine + newLine + bigText(highlightTextPurple(" Burp Suite ")) + newLine + " - Burp Suite enables the attacker to intercept and modify traffic between the browser and the target application." + newLine + " - It analyzes various types of content, with automatic color coding for request and response syntax to enhance visibility." + newLine + newLine + bigText(highlightTextPurple(" JHijack ")) + newLine + " - A Java-based tool designed for assessing web application session security." + newLine + " - A straightforward Java fuzzer primarily used for numeric session hijacking and parameter enumeration."});
    }

    private static ExplanationPartModel s59_2() {
        return new ExplanationPartModel("Session Hijacking Tools for Mobile", new String[]{bigText(highlightTextPurple(" DroidSheep ")) + newLine + " - DroidSheep is a basic Android tool used for web session hijacking (sidejacking)." + newLine + " - It monitors HTTP packets transmitted over a wireless (802.11) network and extracts session IDs from these packets." + newLine + newLine + bigText(highlightTextPurple(" DroidSniff ")) + newLine + " - DroidSniff is an Android application designed for security analysis in wireless networks, capable of capturing session data from platforms like Facebook, Twitter, LinkedIn, and others."});
    }

    private static ExplanationPartModel s5_1() {
        return new ExplanationPartModel("Phases of Ethical Hacking", new String[]{"Ethical hacking is a process of detecting vulnerabilities in an application, system, or organization’s infrastructure that an attacker can use to exploit an individual or organization. They use this process to prevent cyberattacks and security breaches by lawfully hacking into the systems and looking for weak points. An ethical hacker follows the steps and thought process of a malicious attacker to gain authorized access and test the organization’s strategies and network.", newLine + newLine + "An attacker or an ethical hacker follows the same five-step hacking process to breach the network or system. The ethical hacking process begins with looking for various ways to hack into the system, exploiting vulnerabilities, maintaining steady access to the system, and lastly, clearing one’s tracks.", newLine + newLine + bigText(highlightTextPurple("The five phases of ethical hacking are:")), newLine + "1. Reconnaissance" + newLine + "2. Scanning" + newLine + "3. Access" + newLine + "4. Maintaining access" + newLine + "5. Clearing tracks"});
    }

    private static ExplanationPartModel s5_2() {
        return new ExplanationPartModel("Reconnaissance", new String[]{"Reconnaissance is the first step in ethical hacking. It’s often referred to as footprinting. Here, a hacker tries collecting various kinds of data, such as employee information, IP addresses, network topology, and domain names, using active and passive approaches. The purpose is to create a diagram of the target’s digital and physical assets.", newLine + newLine + highlightTextPurple("Active Reconnaissance:- ") + "This method involves direct interaction with the target system, which may warn the target about possible scans.", newLine + highlightTextPurple("Passive Reconnaissance:- ") + "This implies collecting data without direct contact with the target, making it untraceable.", newLine + newLine + bigText(highlightTextPurple("Popular Tools Used are")) + newLine + dotPoint + " Nmap" + newLine + dotPoint + " Whois" + newLine + dotPoint + " Maltego", newLine + newLine + bigText(highlightTextPurple("Reconnaissance Techniques Commonly Used")), newLine + newLine + highlightText("1. Google Dorking") + newLine + "- Involves using advanced search operators on Google to find specific information, such as exposed files, sensitive data, or vulnerabilities on websites." + newLine + highlightText("- Example:") + "Searching for filetype:pdf site:example.com to find all PDFs hosted on a target site.", newLine + newLine + highlightText("2. Whois Lookup") + newLine + "- The process of querying a domain's registration information to find details such as the owner's name, organization, contact information, and sometimes even the hosting provider." + newLine + "- Tools like whois can help uncover details about domains, IPs, or email addresses tied to the target.", newLine + newLine + highlightText("3. Social Engineering") + newLine + "- Tactics used to manipulate individuals into revealing confidential information or performing actions that compromise security." + newLine + "- Common methods include phishing (fraudulent emails designed to trick users into giving up login credentials) or pretexting (creating a fabricated scenario to gather information).", newLine + newLine + highlightText("4. DNS Enumeration") + newLine + "- This technique gathers information from DNS servers to map out domain names, IP addresses, and the internal structure of a target’s network." + newLine + "- Tools like dnsenum or fierce can help identify subdomains, mail servers, and other critical assets tied to a domain.", newLine + newLine + highlightText("5. Network Scanning") + newLine + "- Using tools like Nmap to discover devices on a network, determine open ports, and identify services running on those ports." + newLine + "- Network scanning helps attackers understand the attack surface and potential vulnerabilities that could be exploited."});
    }

    private static ExplanationPartModel s5_3() {
        return new ExplanationPartModel("Scanning", new String[]{"At that point, the hacker goes to the scanning stage after having enough information. Scanning recognizes open ports, active devices, and services in the targeted network. It also helps to identify areas of vulnerability that can be targeted. Scanning is usually divided into three categories:", newLine + newLine + highlightTextPurple("Port Scanning:- ") + "Finding open ports or services with Nmap or Angry IP Scanner.", newLine + highlightTextPurple("Vulnerability Scanning:- ") + "Detecting known weaknesses in systems and applications using Nessus.", newLine + highlightTextPurple("Network Mapping:- ") + "Creating a blueprint of network topology with tools such as SolarWinds.", newLine + newLine + bigText(highlightTextPurple("Popular Tools Used ")) + newLine + dotPoint + " Nessus" + newLine + dotPoint + " OpenVAS" + newLine + dotPoint + " Angry IP Scanner", newLine + newLine + bigText(highlightTextPurple("Commonly used techniques for Scanning")), newLine + newLine + highlightText("1. Port Scanning ") + " " + newLine + "- Tools like Nmap and Angry IP Scanner are used to identify open ports and services running on a target system. This helps to determine potential entry points for attacks.", newLine + newLine + highlightText("2. Vulnerability Scanning:- ") + " " + newLine + "- Tools such as Nessus or OpenVAS can be used to scan systems for known vulnerabilities, misconfigurations, and weaknesses in both software and hardware.", newLine + newLine + highlightText("3. Network Mapping ") + " " + newLine + "- With tools like SolarWinds or Wireshark, administrators can create a visual representation of the network topology, helping to identify devices, communication paths, and potential security gaps.", newLine + newLine + highlightText("4. Banner Grabbing ") + " " + newLine + "- This technique involves connecting to open ports and gathering information from the banners returned by services (e.g., HTTP, FTP). Tools like Netcat or Telnet are often used to collect details like software versions, which can help in identifying potential exploits.", newLine + newLine + highlightText("5. Ping Sweeps ") + " " + newLine + "- This technique involves sending ICMP Echo Request packets (ping) to a range of IP addresses to identify which hosts are active on the network. It helps map out devices that are online and responsive."});
    }

    private static ExplanationPartModel s5_4() {
        return new ExplanationPartModel("Gaining Access", new String[]{"During this crucial stage, the intruder utilizes the weaknesses identified during scanning for unauthorized entry into the target system. This may involve leveraging applications, operating systems, or network flaws. The objective is establishing access at different privilege levels, from user accounts to administrative control. Exploitation Methods comprise buffer overflows, SQL injection, and cross-site scripting (XSS).", newLine + newLine + bigText(highlightTextPurple("Popular Tools Used ")) + newLine + dotPoint + " Metasploit" + newLine + dotPoint + " SQLmap" + newLine + dotPoint + " Hydra", newLine + newLine + bigText(highlightTextPurple("Commonly used techniques for Scanning")), newLine + newLine + highlightText("1. Password Cracking ") + " " + newLine + highlightText("- Brute Force Attack: ") + "This method involves trying every possible combination of characters until the correct password is found. It is computationally intensive and can take a long time, especially for strong passwords." + newLine + highlightText("- Dictionary Attack: ") + "This method uses a list of common passwords or words (from a dictionary file) and tests them against the password to find a match." + newLine + highlightText("- Rainbow Tables: ") + "These are precomputed tables used to reverse cryptographic hash functions. They reduce the time needed to crack passwords but require significant storage.", newLine + newLine + highlightText("2. Exploitation of Vulnerabilities ") + " " + newLine + highlightText("- SQL Injection: ") + "A vulnerability in an application's software where an attacker inserts malicious SQL code into a query to manipulate the database and gain unauthorized access to data." + newLine + highlightText("- Buffer Overflow: ") + "A type of vulnerability where an attacker sends more data than a buffer can handle, causing the program to overwrite adjacent memory. This can lead to system crashes or allow the attacker to execute arbitrary code.", newLine + newLine + highlightText("3. Privilege Escalation ") + " " + newLine + "- This involves gaining higher access rights within a system. It can occur due to a misconfiguration, inadequate security controls, or exploiting a vulnerability in the system or software. It may involve local or remote exploits to escalate privileges from a regular user to an admin or root level.", newLine + newLine + highlightText("4. Session Hijacking ") + " " + newLine + "- Attackers can steal or intercept an active session token or session cookie to impersonate a legitimate user, allowing them to access the user’s account and data without needing to authenticate.", newLine + newLine + highlightText("5. Man-in-the-Middle (MITM) Attacks ") + " " + newLine + "- In MITM attacks, the attacker intercepts and possibly alters the communication between two parties without their knowledge. This can be used to steal sensitive data like login credentials or financial information by positioning themselves between a victim and a legitimate system or service."});
    }

    private static ExplanationPartModel s5_5() {
        return new ExplanationPartModel("Maintaining Access", new String[]{"Once inside, the intruder must maintain a presence on the target machine for further actions such as gathering or monitoring sensitive data. Therefore, backdoors, rootkits, or Trojan horses can be installed at this point to ensure continued access to the device even after it has been rebooted or patched. Persistence Techniques: Employing malicious programs, establishing concealed user accounts, or exploiting cron jobs.", newLine + newLine + bigText(highlightTextPurple("Tools Used ")) + newLine + dotPoint + " Netcat" + newLine + dotPoint + " Ngrok" + newLine + dotPoint + " Empire", newLine + newLine + bigText(highlightTextPurple("Standard Methods of Maintaining Access")), newLine + newLine + highlightText("1. Installing Backdoors ") + " " + newLine + "- Malicious actors may install software or tools that provide them with a hidden and persistent means to access the system, even after the initial breach has been mitigated.", newLine + newLine + highlightText("2. Creating Hidden User Accounts ") + " " + newLine + "-  Attackers may add new user accounts with administrative privileges that are not easily detected. These accounts allow them to bypass security measures and regain control over the system.", newLine + newLine + highlightText("3. Tunneling ") + " " + newLine + "- Tunneling, like SSH tunneling, is a technique used to create a secure communication channel between an attacker and a compromised system, often bypassing firewalls or network restrictions..", newLine + newLine + highlightText("4. Keystroke Logging ") + " " + newLine + "- This involves using software or hardware to record every keystroke made by a user, capturing sensitive information such as login credentials, credit card numbers, or personal data.", newLine + newLine + highlightText("5. Trojan Horses ") + " " + newLine + "- A Trojan is a type of malicious software that masquerades as a legitimate program or file. Once installed, it grants attackers unauthorized access to the system, often without the user's knowledge."});
    }

    private static ExplanationPartModel s5_6() {
        return new ExplanationPartModel("Clearing Track", new String[]{"The finale of ethical hacking revolves around ensuring the hacker remains under the radar. This implies wiping logs, concealing files, and manipulating timestamps to eliminate evidence or proof of any attack. The intention is to ensure that attackers can never be detected or traced via their attack methodology.", newLine + newLine + bigText(highlightTextPurple("Tools Used ")) + newLine + dotPoint + " CCleaner" + newLine + dotPoint + " Stealth Rootkit" + newLine + dotPoint + " Timestomp", newLine + newLine + bigText(highlightTextPurple("Standard Methods For Covering Tracks")), newLine + newLine + highlightText("1. Log Tampering ") + " " + newLine + "- By modifying or deleting system logs, an attacker can remove traces of their presence and actions on a system. This is often done to prevent security professionals from identifying when the system was breached or what actions the attacker took.", newLine + newLine + highlightText("2. Steganography ") + " " + newLine + "- this involves hiding malicious files, data, or communications inside other benign files, such as images, videos, or documents. By doing so, attackers can make it harder for detection tools to identify harmful content within the system.", newLine + newLine + highlightText("3. File Timestamp Alteration ") + " " + newLine + "- Attackers may change the creation, modification, or access timestamps of files to make it appear as though files were not recently altered or added. This can mislead forensic investigators and delay the identification of malicious activity.", newLine + newLine + highlightText("4. Clearing Command Histories ") + " " + newLine + "- Command history files (like .bash_history on Linux systems) can contain a record of all commands entered by a user. Attackers may clear or edit these histories to erase evidence of commands that led to the system compromise or other suspicious actions.", newLine + newLine + highlightText("5. Encryption ") + " " + newLine + "- Encrypting files or communications can make it very difficult for investigators to analyze the data. This includes both encrypting the data itself (e.g., using encryption tools) and encrypting network traffic (e.g., using SSL/TLS or VPNs). Encryption can obscure the contents of sensitive files or communications, protecting the attacker from detection and forensic analysis."});
    }

    private static ExplanationPartModel s60_1() {
        return new ExplanationPartModel("Detection Methods and Protecting ", new String[]{bigText(highlightTextPurple(" Detection Methods")) + newLine + newLine + highlightText("Manual Method ") + newLine + " - Using Packet Sniffing Software :- Normal Telnet Session and Forcing an ARP Entry" + newLine + newLine + highlightText("Automatic Method ") + newLine + " - Intrusion Detection Systems (IDS)" + newLine + " - Intrusion Prevention Systems (IPS)" + newLine + newLine + bigText(highlightTextPurple(" Protecting against Session Hijacking")) + newLine + " - Utilize Secure Shell (SSH) to establish a secure communication channel." + newLine + " - Transfer authentication cookies over HTTPS connections." + newLine + " - Implement a log-out function to allow users to end sessions securely." + newLine + " - Generate session IDs after successful login and accept only server-generated session IDs." + newLine + " - Ensure data is encrypted during transmission and adopt a defense-in-depth approach." + newLine + " - Use long, random numbers or strings as session keys for added security." + newLine + " - Employ unique usernames and passwords for each account." + newLine + " - Educate employees and minimize remote access to reduce security risks." + newLine + " - Implement a timeout function to destroy sessions when they expire." + newLine + " - Avoid sending session IDs in the URL query string." + newLine + " - Use switches instead of hubs and limit incoming connections to mitigate potential attacks." + newLine + " - Ensure both client-side and server-side protection software are active and up to date."});
    }

    private static ExplanationPartModel s60_2() {
        return new ExplanationPartModel("Methods to Prevent Session Hijacking", new String[]{bigText(highlightTextPurple(" To be Followed by Web Developers")) + newLine + " - Generate session keys using long, random strings or numbers to make it harder for attackers to guess a valid session key." + newLine + " - Regenerate the session ID upon successful login to protect against session fixation attacks." + newLine + " - Encrypt both the data and session keys during transmission between the user and web servers." + newLine + " - Immediately expire the session when the user logs out." + newLine + " - Prevent eavesdropping within the network by using secure protocols." + newLine + " - Limit the lifespan of sessions or cookies to reduce the window of opportunity for attacks." + newLine + newLine + bigText(highlightTextPurple(" To be Followed by Web Users")) + newLine + " - Avoid clicking on links received via email or instant messages (IMs)." + newLine + " - Utilize firewalls to block malicious content from entering the network." + newLine + " - Configure firewalls and browser settings to restrict cookie usage." + newLine + " - Ensure the website is certified by recognized certifying authorities." + newLine + " - Always clear your browser's history, offline content, and cookies after engaging in sensitive or confidential transactions." + newLine + " - Use HTTPS (secure transmission) instead of HTTP when transmitting sensitive data." + newLine + " - Log out from the browser by using the logout button rather than simply closing the browser."});
    }

    private static ExplanationPartModel s60_3() {
        return new ExplanationPartModel("Session Hijacking Vulnerabilities and Solutions", new String[]{highlightTextPurple("Issue :-  ") + "Telnet, rlogin" + newLine + highlightTextPurple("Solution :- ") + " OpenSSH or ssh (Secure Shell)" + newLine + highlightTextPurple("Notes :- ") + " It encrypts the data, making it difficult for an attacker to send correctly encrypted data if the session is hijacked." + newLine + newLine + highlightTextPurple("Issue :-  ") + "FTP" + newLine + highlightTextPurple("Solution :- ") + " sFTP" + newLine + highlightTextPurple("Notes :- ") + " It lowers the likelihood of a successful hijacking." + newLine + newLine + highlightTextPurple("Issue :-  ") + "HTTP" + newLine + highlightTextPurple("Solution :- ") + " SSL (Secure Socket Layer)" + newLine + highlightTextPurple("Notes :- ") + " It minimizes the probability of a successful hijacking." + newLine + newLine + highlightTextPurple("Issue :-  ") + "IP" + newLine + highlightTextPurple("Solution :- ") + " IPSec" + newLine + highlightTextPurple("Notes :- ") + " It prevents hijacking by securing IP-based communications." + newLine + newLine + highlightTextPurple("Issue :-  ") + "Any Remote Connection" + newLine + highlightTextPurple("Solution :- ") + " VPN" + newLine + highlightTextPurple("Notes :- ") + " Using encrypted VPN protocols like PPTP, L2TP, and IPSec for remote connections helps prevent session hijacking." + newLine + newLine + highlightTextPurple("Issue :-  ") + "SMB (Server Message Block)" + newLine + highlightTextPurple("Solution :- ") + " SMB signing" + newLine + highlightTextPurple("Notes :- ") + " It enhances the security of the SMB protocol and decreases the likelihood of session hijacking." + newLine + newLine + highlightTextPurple("Issue :-  ") + "Hub Network" + newLine + highlightTextPurple("Solution :- ") + " Switch Network" + newLine + highlightTextPurple("Notes :- ") + " It reduces the risk of ARP spoofing and other types of session hijacking attacks."});
    }

    private static ExplanationPartModel s61_1() {
        return new ExplanationPartModel("Define Web Server", new String[]{" A Web Server is a software and hardware system designed to host websites and deliver content over the internet or intranet." + newLine + newLine + " It serves files and other web content to users via the Hypertext Transfer Protocol (HTTP)." + newLine + newLine + " With the increasing use of both the internet and intranets, web services have become a crucial part of modern communication and business." + newLine + newLine + " Web servers are used for delivering a wide range of content, including files, emails, and other forms of data exchange." + newLine + newLine + " While all web servers support HTML for basic content delivery, they also support various application extensions such as PHP, Python, and JavaScript, depending on the server's configuration." + newLine + newLine + " Web servers can vary significantly in terms of security models, operating systems, and other features, which can affect their performance, security, and functionality." + newLine + newLine + bigText(highlightTextPurple(" Why Web Servers Are Compromised ")) + newLine + " - Incorrect file and folder permissions." + newLine + " - Setting up the server with default configurations." + newLine + " - Unneeded services running, including content management and remote access tools." + newLine + " - Security compromises due to ease-of-use decisions for business operations." + newLine + " - Absence of a defined security policy, procedures, and regular maintenance." + newLine + " - Improper authentication for external systems." + newLine + " - Default user accounts with factory-set or no passwords." + newLine + " - Redundant default, backup, or example files left on the system." + newLine + " - Misconfigurations in web servers, operating systems, and networks." + newLine + " - Flaws or vulnerabilities in server software, OS, or web applications." + newLine + " - Incorrect SSL certificates and encryption configurations." + newLine + " - Enabled administrative or debugging features that are accessible on web servers." + newLine + " - Use of self-generated certificates or default-issued certificates." + newLine + newLine + bigText(highlightTextPurple(" Impact of Webserver Attacks ")) + newLine + " - Breach of user accounts." + newLine + " - Alteration or vandalism of the website." + newLine + " - Follow-up attacks originating from the website." + newLine + " - Unauthorized root access to other applications or servers." + newLine + " - Data manipulation and theft."});
    }

    private static ExplanationPartModel s61_2() {
        return new ExplanationPartModel("Web Server Security Issue", new String[]{" Security issues on a web server may involve network-level and operating system-level attacks." + newLine + newLine + " Attackers typically exploit vulnerabilities and misconfigurations in the web server to gain access." + newLine + newLine + " Common vulnerabilities include :- " + newLine + space(3) + " - Incorrect file and directory permissions" + newLine + space(3) + " - Default configurations" + newLine + space(3) + " - Unnecessary services enabled" + newLine + space(3) + " - Insufficient security measures" + newLine + space(3) + " - Software bugs" + newLine + space(3) + " - Misconfigured SSL certificates" + newLine + space(3) + " - Debugging features left enabled" + newLine + newLine + " The server administrator must address all vulnerabilities and implement network security measures such as IPS/IDS and firewalls. " + newLine + newLine + " Potential threats and attacks against a web server are further discussed in this chapter. " + newLine + newLine + " Once a web server is compromised, it can lead to the exposure of all user accounts, service disruptions, website defacement, the initiation of additional attacks through the compromised site, unauthorized access to resources, and data theft. "});
    }

    private static ExplanationPartModel s62_1() {
        return new ExplanationPartModel("Webserver Attacks ", new String[]{bigText(highlightTextPurple(" DoS/DDoS Attacks")) + newLine + " - The techniques of DoS and DDoS attacks are discussed in detail in Chapter 9." + newLine + " - These DoS/DDoS attacks overwhelm the web server with fake requests, causing it to crash or become unavailable, leading to a denial of service for users." + newLine + newLine + bigText(highlightTextPurple(" DNS Server Hijacking")) + newLine + " - By compromising a DNS server, an attacker alters its configuration." + newLine + " - This modification redirects requests intended for a legitimate web server to a malicious server controlled by the attacker." + newLine + newLine + bigText(highlightTextPurple(" DNS Amplification Attack")) + newLine + " - A DNS Amplification attack uses the DNS recursive method to amplify the effect." + newLine + " - The attacker exploits this feature to spoof a lookup request to the DNS server." + newLine + " - The server responds to the spoofed address (the target’s address)." + newLine + " - Using botnets to amplify the request size results in a Distributed Denial of Service (DDoS) attack." + newLine + newLine + bigText(highlightTextPurple(" Directory Traversal Attacks")) + newLine + " - In this type of attack, the attacker attempts to gain access to restricted directories through a trial-and-error process, using sequences of dots and slashes." + newLine + " - By accessing directories outside the root directory, the attacker can reveal sensitive information about the system."});
    }

    private static ExplanationPartModel s62_2() {
        return new ExplanationPartModel("Webserver Attacks", new String[]{bigText(highlightTextPurple(" Man-in-the-Middle/Sniffing Attack")) + newLine + " - As described in previous chapters, in a Man-in-the-Middle attack, the attacker intercepts communication between the client and server." + newLine + " - The attacker can sniff the packets, extract sensitive information, and alter the communication." + newLine + newLine + bigText(highlightTextPurple(" Phishing Attacks")) + newLine + " - Phishing attacks involve tricking users into providing login credentials on a fake website that appears to be legitimate." + newLine + " - The stolen information, typically login details, is then used by the attacker to impersonate the user and gain unauthorized access to the target server." + newLine + newLine + bigText(highlightTextPurple(" Website Defacement")) + newLine + " - Website defacement occurs when an attacker successfully breaches a legitimate website and modifies its content or appearance." + newLine + " - This can be done using various techniques, such as SQL injection, to access the website and alter its structure." + newLine + newLine + bigText(highlightTextPurple(" Web Server Misconfiguration")) + newLine + " - Another common attack method involves exploiting vulnerabilities in the web server or website due to misconfigurations." + newLine + " - The attacker may target weaknesses like default configurations, misconfigured remote functions, default certificates, or enabled debugging features."});
    }

    private static ExplanationPartModel s62_3() {
        return new ExplanationPartModel("Webserver Attacks", new String[]{bigText(highlightTextPurple(" HTTP Response Splitting Attack")) + newLine + " - In an HTTP Response Splitting attack, the attacker sends a request that splits the server's response." + newLine + " - This causes the server to issue two responses, with the second one controlled by the attacker, allowing the user to be redirected to a malicious website." + newLine + newLine + bigText(highlightTextPurple(" Web Cache Poisoning Attack")) + newLine + " - Web Cache Poisoning attacks occur when an attacker manipulates the server’s cache by sending crafted requests." + newLine + " - The attacker replaces the actual cache entries with fake ones, which can redirect users to malicious websites." + newLine + newLine + bigText(highlightTextPurple(" SSH Brute-force Attack")) + newLine + " - In an SSH Brute-force attack, the attacker attempts to guess SSH login credentials to gain unauthorized access." + newLine + " - Once successful, the attacker can establish an encrypted communication tunnel between hosts and use it for malicious activities." + newLine + newLine + bigText(highlightTextPurple(" Web Application Attacks")) + newLine + " - Other attacks related to web applications include:" + newLine + space(5) + " - Directory Traversal" + newLine + space(5) + " - Parameter/Form Tampering" + newLine + space(5) + " - Cookie Tampering" + newLine + space(5) + " - Command Injection Attacks" + newLine + space(5) + " - Buffer Overflow Attacks" + newLine + space(5) + " - Cross-Site Scripting (XSS) Attacks" + newLine + space(5) + " - Denial-of-Service (DoS) Attacks" + newLine + space(5) + " - Unvalidated Input and File injection Attacks" + newLine + space(5) + " - Cross-Site Request Forgery (CSRF) Attack" + newLine + space(5) + " - SQL Injection Attacks" + newLine + space(5) + " - Session Hijacking"});
    }

    private static ExplanationPartModel s63_1() {
        return new ExplanationPartModel("Webserver Attack Methodology ", new String[]{bigText(highlightTextPurple(" Information Gathering")) + newLine + " - Information gathering is the process of collecting details about the targeted organization." + newLine + " - Attackers scour the Internet, newsgroups, forums, and other platforms to gather relevant information about the company." + newLine + " - Tools like Whois, Traceroute, Active Whois, and similar utilities are used to query Whois databases, providing details such as domain names, IP addresses, or autonomous system numbers." + newLine + newLine + bigText(highlightTextPurple(" Vulnerability Scanning")) + newLine + " - Perform vulnerability scanning to detect weaknesses within a network and assess the potential for exploitation." + newLine + " - Use vulnerability scanners like HP WebInspect, Acunetix Web Vulnerability Scanner, etc., to identify hosts, services, and vulnerabilities." + newLine + " - Monitor network traffic to discover active systems, network services, applications, and any existing vulnerabilities." + newLine + " - Test the web server infrastructure for misconfigurations, outdated content, and known security flaws." + newLine + newLine + bigText(highlightTextPurple(" Session Hijacking")) + newLine + " - Sniff valid session IDs to gain unauthorized access to the Web Server and snoop the data." + newLine + " - Use session hijacking techniques such as session fixation, session sidejacking, Cross-site scripting, etc. to capture valid session cookies and IDs." + newLine + " - Use tools such as Burp Suite, Firesheep, JHijack, etc. to automate session hijacking"});
    }

    private static ExplanationPartModel s63_2() {
        return new ExplanationPartModel("Webserver Attack Methodology ", new String[]{bigText(highlightTextPurple(" Webserver Footprinting")) + newLine + " - Collect important system-level information, including account details, operating system versions, software versions, server names, and database schemas." + newLine + " - Use Telnet to connect to a web server and perform footprinting, extracting details such as server names, server types, operating systems, and running applications." + newLine + " - Utilize tools like ID Serve, httprecon, and Netcraft to conduct footprinting activities." + newLine + " - Webserver Footprinting Tools :- httprecon and ID Serve" + newLine + newLine + highlightText("Enumerating Webserver Information Using Nmap ") + newLine + space(3) + " - Attackers can use advanced Nmap commands and Nmap Scripting Engine (NSE) scripts to gather detailed information about the target website." + newLine + space(3) + " - nmap -sV -O -p <target IP address> – Detect the service version and operating system." + newLine + space(3) + " - nmap -sV --script=http-enum <target IP address> – Use the HTTP enumeration script to gather more info about the web server." + newLine + space(3) + " - nmap <target IP address> -p 80 --script=http-frontpage-login – Check for a FrontPage server login page." + newLine + space(3) + " - nmap --script http-passwd --script-args http-passwd.root=/ <target IP address> – Harvest HTTP password files." + newLine + space(3) + " - Discover virtual domains with hostmap: $nmap --script hostmap <host>" + newLine + space(3) + " - Detect a vulnerable server that supports the TRACE method: $nmap --script http-trace -p80 localhost" + newLine + space(3) + " - Harvest email accounts using the http-google-email script: $nmap --script http-google-email <host>" + newLine + space(3) + " - Enumerate user directories with http-userdir-enum: $nmap -p80 --script http-userdir-enum localhost" + newLine + space(3) + " - Check for HTTP TRACE support: $nmap -p80 --script http-trace <host>" + newLine + space(3) + " - Test if a web server is protected by a WAF/IPS: $nmap -p80 --script http-waf-detect --script-args=\"http-waf-detect.uri=/testphp.vulnweb.com/artists.php,http-waf-detect.detectBodyChanges\" www.modsecurity.org" + newLine + space(3) + " - Enumerate common web applications: $nmap --script http-enum -p80 <host>" + newLine + space(3) + " - Retrieve the robots.txt file: $nmap -p80 --script http-robots.txt <host>" + newLine + newLine + bigText(highlightTextPurple(" Mirroring a Website")) + newLine + " - Mirror a website to build a comprehensive profile of its directory structure, file organization, external links, and other key elements." + newLine + " - Look for comments and other relevant items in the HTML source code to enhance the efficiency of footprinting activities." + newLine + " - Use tools like HTTrack, WebCopier Pro, BlackWidow, and others to create a mirror of the website." + newLine + newLine + bigText(highlightTextPurple(" Hacking Web Passwords")) + newLine + " - Use password cracking techniques such as brute force attack, dictionary attack, password guessing to crack Webserver passwords." + newLine + " - Use tools such as THC-Hydra, Brutus, etc"});
    }

    private static ExplanationPartModel s64_1() {
        return new ExplanationPartModel("Attack Tools :- Metasploit", new String[]{"The Metasploit Framework is a comprehensive toolkit for penetration testing, exploit development, and research, featuring hundreds of functional remote exploits for various platforms." + newLine + newLine + "It enables fully automated exploitation of web servers by taking advantage of known vulnerabilities and exploiting weak passwords through protocols like Telnet, SSH, HTTP, and SNMP." + newLine + newLine + bigText(highlightTextPurple("Metasploit Exploit Module ")) + newLine + " - It is the core module in Metasploit designed to encapsulate an exploit, allowing users to target multiple platforms with a single exploit." + newLine + " - This module includes simplified meta-information fields for ease of use." + newLine + " - With the Mixins feature, users can dynamically modify the behavior of exploits, perform brute-force attacks, and attempt passive exploitation." + newLine + " - Steps to exploit a system follow the Metasploit Framework:" + newLine + space(5) + " 1. Configuring Active Exploit" + newLine + space(5) + " 2. Verifying the Exploit Options" + newLine + space(5) + " 3. Selecting a Target" + newLine + space(5) + " 4. Selecting the Payload" + newLine + space(5) + " 5. Launching the Exploit", newLine + newLine + bigText(highlightTextPurple("Metasploit Payload Module ")) + newLine + " - The payload module creates a communication channel between the Metasploit framework and the compromised host." + newLine + " - It contains the malicious code executed when an exploit successfully compromises the target." + newLine + " - To generate payloads, begin by selecting a payload using the appropriate command." + newLine + space(5) + " 1. msf > use windows/shell_reverse_tcp" + newLine + space(5) + " 2. msf payload(shell_reverse_tcp) > generate -h", newLine + newLine + bigText(highlightTextPurple("Metasploit Auxiliary Module ")) + newLine + " - Metasploit’s auxiliary modules allow users to perform various one-time actions, such as port scanning, denial of service attacks, and fuzzing." + newLine + " - To execute an auxiliary module, you can use either the run command or the exploit command.", newLine + newLine + bigText(highlightTextPurple("Metasploit NOPS Moduel ")) + newLine + " - NOP modules create no-operation instructions, typically used to pad or block out buffers." + newLine + " - Use the generate command to create a NOP sled of a specified size and display it in the desired format with the available OPTIONS." + newLine + space(5) + " 1. b < opt>: The list of characters to avoid: \"\\x00\\xff\" " + newLine + space(5) + " 2. h: Help banner " + newLine + space(5) + " 3. s < opt>: The comma separated list of registers to save "});
    }

    private static ExplanationPartModel s64_2() {
        return new ExplanationPartModel("Attack Tools  :- Wfetch, THC-Hydra and Brutus", new String[]{bigText(highlightTextPurple("Wfetch ")) + newLine + " - WFetch enables attackers to fully customize an HTTP request and send it to a web server to view the raw HTTP request and response data." + newLine + " - It also allows attackers to test the performance of websites that include newer elements, such as Active Server Pages (ASP) or wireless protocols." + newLine + newLine + bigText(highlightTextPurple("THC-Hydra ")) + newLine + " - Hydra is a parallelized login cracker that supports a wide range of protocols for brute-force attacks." + newLine + newLine + bigText(highlightTextPurple("Brutus ")) + newLine + " - It features a multi-stage authentication engine and can establish up to 60 simultaneous connections to target systems." + newLine + " - Hydra supports various authentication modes, including no username, single username, multiple usernames, password lists, combo (username/password) lists, and customizable brute-force modes."});
    }

    private static ExplanationPartModel s64_3() {
        return new ExplanationPartModel("Webserver Security Tools", new String[]{bigText(highlightTextPurple("Web Application Security Scanners")) + newLine + highlightText("Syhunt Dynamic: ") + newLine + newLine + " Syhunt Dynamic automates web application security testing, helping to protect an organization's web infrastructure from various security threats." + newLine + newLine + highlightText("N-Stalker Web Application Security Scanner:") + newLine + " N-Stalker is a web application security scanner designed to detect vulnerabilities like SQL injection, XSS, and other known attacks." + newLine + newLine + bigText(highlightTextPurple("Web Server Security Scanners")) + newLine + newLine + highlightText("Wikto: ") + newLine + " Wikto is a web server security scanner for windows :- " + newLine + space(3) + " - Fuzzy logic error code checking" + newLine + space(3) + " - Google assisted directory mining" + newLine + space(3) + " - Back-end miner" + newLine + space(3) + " - Real time HTTP request/response monitoring" + newLine + newLine + highlightText("Acunetix Web Vulnerability Scanner:") + newLine + " - Acunetix WVS scans web applications for vulnerabilities like SQL injection, cross-site scripting, and more." + newLine + " - It comes with advanced penetration testing tools to streamline manual security audits and generates professional security audit reports, including regulatory compliance documentation." + newLine + newLine + bigText(highlightTextPurple("Web Server Malware Infection Monitoring Tool:")) + newLine + highlightText("HackAlert: ") + newLine + newLine + " - HackAlert is a cloud-based service that detects hidden zero-day malware and drive-by downloads in websites and online ads." + newLine + newLine + highlightText("QualysGuard Malware Detection: ") + newLine + " - QualysGuard Malware Detection Service scans websites to identify malware infections and potential threats."});
    }

    private static ExplanationPartModel s65_1() {
        return new ExplanationPartModel("Place and Detecting Web Server", new String[]{bigText(highlightTextPurple("Place Web Servers in Separate Secure Server Security Segment on Network")) + newLine + "- An optimal web hosting network should be structured into at least three segments: the Internet segment, a secure server segment often referred to as the demilitarized zone (DMZ), and the internal network." + newLine + "- Position the web server within the Server Security Segment (DMZ), isolating it from both the public network and the internal network." + newLine + "- Firewalls should be implemented to control traffic between the internal network and the DMZ, as well as for Internet traffic heading towards the DMZ." + newLine + newLine + bigText(highlightTextPurple("Detecting Web Server Hacking Attempts")) + newLine + "- Utilize a Website Change Detection System (WDS) to monitor and identify potential hacking attempts on the web server." + newLine + "- Website Change Detection System involves :- " + newLine + space(3) + " 1. Execute a script on the server that detects any changes made to existing executable files or the addition of new files on the server." + newLine + space(3) + " 2. Regularly compare the hash values of files on the server with their original master hash values to identify any changes in the codebase." + newLine + space(3) + " 3. Notify the user when any changes are detected on the server." + newLine + space(3) + " 4. For example, WebsiteCDS is a script that scans the entire web folder, detects any changes to the codebase, and sends an email alert to the user."});
    }

    private static ExplanationPartModel s65_2() {
        return new ExplanationPartModel("Countermeasures", new String[]{bigText(highlightTextPurple("Patches and Updates")) + newLine + "- Regularly scan for vulnerabilities, and ensure that server software is patched and updated." + newLine + "- Before applying any service packs, hotfixes, or security patches, review all relevant documentation thoroughly." + newLine + "- Apply updates on an \"as-needed\" basis, regardless of their type." + newLine + "- Test service packs and hotfixes in a representative non-production environment before deploying them to production." + newLine + "- Ensure that service packs, hotfixes, and security patch levels are uniform across all Domain Controllers (DCs)." + newLine + "- Schedule server outages in advance and ensure that a full set of backup tapes and emergency repair disks are available." + newLine + "- Have a rollback plan in place that enables the system and enterprise to revert to their previous state in case of a failed update." + newLine + "- Plan for periodic service pack upgrades as part of regular maintenance, and avoid falling more than two service packs behind." + newLine + newLine + bigText(highlightTextPurple("Protocols")) + newLine + "- Block all unnecessary ports, Internet Control Message Protocol (ICMP) traffic, and unneeded protocols like NetBIOS and SMB." + newLine + "- Harden the TCP/IP stack and consistently apply the latest patches and updates to system software." + newLine + "- For insecure protocols such as Telnet, POP3, SMTP, and FTP, implement appropriate security measures like using IPSec policies to ensure secure authentication and communication." + newLine + "- If remote access is necessary, ensure the remote connection is properly secured using tunneling and encryption protocols." + newLine + "- Disable WebDAV if not required by the application, or secure it properly if it is needed." + newLine + newLine + bigText(highlightTextPurple("Accounts")) + newLine + "- Remove all unused modules and application extensions." + newLine + "- Disable default user accounts that are not in use, which are created during the operating system installation." + newLine + "- When setting up a new web root directory, assign the minimal necessary NTFS permissions to the anonymous user accessing web content via the IIS web server." + newLine + "- Remove unnecessary database users and stored procedures, and enforce the principle of least privilege for the database application to protect against SQL query injection." + newLine + "- Implement secure web permissions, NTFS permissions, and .NET Framework access control mechanisms, including URL authorization." + newLine + "- Mitigate brute force and dictionary attacks by enforcing strong password policies and auditing logon failures with appropriate alerts." + newLine + "- Run processes using accounts with the least privilege, and ensure service and user accounts are similarly restricted." + newLine + newLine + bigText(highlightTextPurple("Files and Directories")) + newLine + "- Remove unnecessary files from .jar files." + newLine + "- Remove sensitive configuration information embedded within bytecode." + newLine + "- Avoid mapping virtual directories between different servers or over a network." + newLine + "- Regularly monitor and review network service logs, website access logs, database server logs (such as Microsoft SQL Server, MySQL, Oracle), and operating system logs." + newLine + "- Disable directory listings to prevent unauthorized browsing of directories." + newLine + "- Remove non-web files, such as archive files, backup files, text files, and header/include files, from the server." + newLine + "- Prevent serving certain file types by configuring appropriate resource mappings." + newLine + "- Store web application or website files and scripts on a separate partition or drive, separate from the operating system, logs, and other system files."});
    }

    private static ExplanationPartModel s65_3() {
        return new ExplanationPartModel("How to Defend Against ", new String[]{bigText(highlightTextPurple("1. How to Defend Against Web Server Attacks")) + newLine + newLine + highlightText("Ports") + newLine + " - Regularly audit the server’s ports to ensure no insecure or unnecessary services are active on the web server." + newLine + " - Limit inbound traffic to only port 80 for HTTP and port 443 for HTTPS (SSL)." + newLine + " - Encrypt or restrict intranet traffic as necessary." + newLine + newLine + highlightText("Server Certificates") + newLine + " - Ensure certificate data ranges are valid, and that certificates are used for their intended purpose." + newLine + " - Verify that the certificate has not been revoked and that its public key is valid up to a trusted root authority." + newLine + newLine + highlightText("Machine.config") + newLine + " - Ensure that protected resources are mapped to HttpForbiddenHandler, and remove unused HttpModules." + newLine + " - Disable tracing (<trace enable=\"false\"/>) and turn off debug compiles." + newLine + newLine + highlightText("Code Access Security") + newLine + " - Implement secure coding practices to reduce risks." + newLine + " - Restrict code access security policy settings." + newLine + " - Configure IIS to reject URLs containing ../, and apply new patches and updates regularly." + newLine + newLine + highlightText("UrlScan") + newLine + " - UrlScan is a security tool that limits the types of HTTP requests IIS will process." + newLine + " - By blocking specific HTTP requests, UrlScan helps prevent harmful requests from reaching applications on the server." + newLine + " - UrlScan screens incoming requests, filtering them based on rules set by the administrator." + newLine + newLine + highlightText("Services") + newLine + " - UrlScan can be configured to filter HTTP query string values and headers to help mitigate SQL injection attacks while the application is being fixed." + newLine + " - It generates W3C-formatted logs to facilitate easier log file analysis using solutions like Microsoft Log Parser 2.2." + newLine + newLine + highlightText("Registry") + newLine + " - Apply restrictive ACLs and block remote registry administration." + newLine + " - Secure the SAM (for stand-alone servers only)." + newLine + newLine + highlightText("IIS Metabase") + newLine + " - Ensure security-related settings are appropriately configured, and restrict access to the metabase file with hardened NTFS permissions." + newLine + newLine + highlightText("ISAPI Filters") + newLine + " - Remove unnecessary ISAPI filters from the web server." + newLine + newLine + highlightText("Shares") + newLine + " - Remove all unnecessary file shares, including default administrative shares if not needed." + newLine + " - Secure shares with restricted NTFS permissions." + newLine + newLine + highlightText("Sites and Virtual Directories") + newLine + " - Relocate sites and virtual directories to non-system partitions and use IIS Web permissions to control access." + newLine + newLine + highlightText("Script Mappings") + newLine + " - Remove all unnecessary IIS script mappings for optional file extensions to prevent the exploitation of any vulnerabilities in the ISAPI extensions that process these file types." + newLine + newLine + highlightText("Auditing and Logging") + newLine + " - Enable basic auditing on your web server and use NTFS permissions to secure the log files." + newLine + newLine + highlightText("The following is a list of actions that can be taken to defend web servers from various kinds of attacks:- ") + newLine + " - Use a dedicated machine for hosting the web server." + newLine + " - Be cautious when creating URL mappings to internal servers." + newLine + " - Avoid installing the IIS server on a domain controller." + newLine + " - Implement server-side session ID tracking, and ensure sessions are matched with time stamps, IP addresses, etc." + newLine + " - If using a database server like Microsoft SQL Server as the backend, install it on a separate server." + newLine + " - Utilize security tools provided by the web server, as well as scanners, to automate and simplify the process of securing the web server." + newLine + " - Physically secure the web server by placing it in a protected machine room." + newLine + " - Do not connect an IIS server to the Internet until it is fully hardened." + newLine + " - Restrict local login access to the machine, allowing only the administrator." + newLine + " - Configure a separate anonymous user account for each web application if hosting multiple applications." + newLine + " - Limit server functionality to support only the necessary web technologies." + newLine + " - Screen and filter incoming traffic requests to mitigate potential threats." + newLine + newLine + bigText(highlightTextPurple("2. How to Defend against HTTP Response Splitting and Web Cache Poisoning")) + newLine + newLine + highlightText("Server Admin:") + newLine + " - Always use the latest version of web server software." + newLine + " - Regularly update and patch both the operating system and web server." + newLine + " - Run a web vulnerability scanner to identify potential issues." + newLine + newLine + highlightText("Application Developers:") + newLine + " - Restrict web application access to specific, unique IP addresses." + newLine + " - Block carriage return (%0d or \r) and line feed (%0a or \n) characters." + newLine + " - Ensure compliance with RFC 2616 specifications for HTTP/1.1." + newLine + newLine + highlightText("Proxy Servers:") + newLine + " - Avoid sharing incoming TCP connections between different clients." + newLine + " - Use separate TCP connections with the proxy for each virtual host." + newLine + " - Ensure proper implementation of the \"maintain request host header\" feature." + newLine + newLine + bigText(highlightTextPurple("3. How to Defend against HTTP Response Splitting and Web Cache Poisoning")) + newLine + " - Select an ICANN-accredited registrar and encourage them to enable Registrar-Lock on your domain name." + newLine + " - Protect the registrant account information to prevent unauthorized access." + newLine + " - Incorporate DNS hijacking into your incident response and business continuity plans." + newLine + " - Utilize DNS monitoring tools/services to track DNS server IP addresses and set up alerts." + newLine + " - Avoid downloading audio and video codecs, as well as other downloaders, from untrusted websites." + newLine + " - Install antivirus software and ensure it is regularly updated." + newLine + " - Change the default router password provided by the manufacturer."});
    }

    private static ExplanationPartModel s66_1() {
        return new ExplanationPartModel("Introduction to Web Applications", new String[]{"Web applications serve as an interface between end users and web servers, enabling interactions through dynamically generated web pages or scripts executed within the client’s browser." + newLine + newLine + "Despite implementing security policies, web applications remain susceptible to various attacks, including SQL injection, cross-site scripting, and session hijacking." + newLine + newLine + "The rise of Web 2.0 technologies has expanded the attack surface, providing more opportunities for exploitation of web applications." + newLine + newLine + "Web applications, including those built on Web 2.0 technologies, are essential for supporting critical business operations like Customer Relationship Management (CRM), Supply Chain Management (SCM), and enhancing overall business efficiency."});
    }

    private static ExplanationPartModel s66_2() {
        return new ExplanationPartModel("Web 2.0 Applications", new String[]{" Web 2.0 refers to a new generation of web applications that enhance dynamic user participation, social interaction, and collaboration across the web." + newLine + newLine + bigText(highlightTextPurple(" Key features of Web 2.0 include ")) + newLine + newLine + highlightText(" 1. Interoperability: ") + newLine + " - Advanced gaming experiences" + newLine + " - Dynamic, interactive content as opposed to static pages" + newLine + " - RSS-based syndication for content distribution" + newLine + newLine + highlightText(" 2. User-Centered Design: ") + newLine + " - Social networking platforms (e.g., Flickr, Facebook, del.icio.us)" + newLine + " - Mashups integrating services like email, instant messaging, and online payment systems" + newLine + " - Wikis and collaborative tools" + newLine + " - Free web services like Google Base and Google Maps" + newLine + newLine + highlightText(" 3. Collaboration on the Web: ") + newLine + " - Easy creation, modification, and sharing of data by users" + newLine + " - Online office software (e.g., Google Docs, Microsoft Office Online)" + newLine + " - Collaborative platforms like interactive encyclopedias and dictionaries" + newLine + " - Cloud computing services such as Amazon Web Services" + newLine + newLine + highlightText(" 4. Interoperability: ") + newLine + " - Frameworks like Yahoo! UI Library and jQuery" + newLine + " - Flash-powered interactive websites" + newLine + " - Mobile applications (e.g., iPhone apps)" + newLine + " - New technologies like AJAX, powering apps such as Gmail and YouTube" + newLine + " - Blogging platforms (e.g., Wordpress)"});
    }

    private static ExplanationPartModel s66_3() {
        return new ExplanationPartModel("Vulnerability Stack", new String[]{highlightTextPurple(" Stacks Level 7 : ") + newLine + " Custom Web Applications: Business Logic Flaws Technical Vulnerabilities  " + newLine + newLine + highlightTextPurple(" Stacks Level 6 : ") + newLine + " Third Party Components: Open Source / Commercial  " + newLine + newLine + highlightTextPurple(" Stacks Level 5 : ") + newLine + " Database: Oracle / MySQL / MS SQL  " + newLine + newLine + highlightTextPurple(" Stacks Level 4 : ") + newLine + " Web Server: Apache / Microsoft IIS  " + newLine + newLine + highlightTextPurple(" Stacks Level 3 : ") + newLine + " Operating System: Windows / Linux / OS X  " + newLine + newLine + highlightTextPurple(" Stacks Level 2 : ") + newLine + " Network: Router / Switch  " + newLine + newLine + highlightTextPurple(" Stacks Level 1 : ") + newLine + " Security: IPS / IDS  "});
    }

    private static ExplanationPartModel s67_1() {
        return new ExplanationPartModel("Web App Threats 1", new String[]{bigText(highlightTextPurple("1. Improper Error Handling  ")) + newLine + " -  It is necessary to define how the system or network should behave when an error occurs. Otherwise, it may provide a chance for the attacker to break into the system. Improper error handling may lead to DoS attacks." + newLine + " - Improper error handling can expose sensitive details, such as logic flaws, default accounts, or system configurations, within the source code." + newLine + " - By leveraging information from error messages, attackers can uncover vulnerabilities and use this knowledge to launch various web application attacks." + newLine + " - Information Gathered" + newLine + space(5) + "  1. Null pointer exceptions" + newLine + space(5) + "  2. System call failure" + newLine + space(5) + "  3. Database unavailable" + newLine + space(5) + "  4. Network timeout" + newLine + space(5) + "  5. Database information" + newLine + space(5) + "  6. Web application logical flow" + newLine + space(5) + "  7. Application environment" + newLine + newLine + bigText(highlightTextPurple("2. Cookie/Session Poisoning  ")) + newLine + " - By changing the information inside the cookie, attackers bypass the authentication process and once they gain control over the network, they can either modify the content, use the system for the malicious attack, or steal information from the user's system." + newLine + highlightText(" - Cookies and Session State:") + "  Cookies are used to maintain session state in the otherwise stateless HTTP protocol, allowing web applications to remember user sessions across requests." + newLine + highlightText(" - Modifying Cookie Content:") + " Cookie poisoning involves altering the contents of a cookie (which stores personal or session data) to bypass security mechanisms and gain unauthorized access." + newLine + highlightText(" - Injecting Malicious Content:") + " Attackers can inject malicious content into cookies, altering the user’s online experience and potentially exposing sensitive data." + newLine + highlightText(" - Rewriting Session Data:") + " By using a proxy, attackers can rewrite session data, manipulate cookie information, or alter session identifiers (e.g., user IDs) to impersonate the victim." + newLine + newLine + bigText(highlightTextPurple("3. Directory Traversal  ")) + newLine + " - Attackers exploit HTTP by using directory traversal and they will be able to access restricted directories; they execute commands outside of the web server's root directory." + newLine + " - Directory traversal is a vulnerability that allows attackers to navigate outside the intended directories of a web application, potentially gaining access to sensitive files such as application code, configuration files, and critical system resources." + newLine + " - Attackers often exploit this by manipulating file path variables to include sequences like \"dot-dot-slash (../)\" or similar patterns." + newLine + " - This enables them to access files beyond the designated web server root directory, which could expose sensitive information or lead to further exploitation." + newLine + " - http://www.juggyboy.com/process.aspx=../../../../some dir/some file" + newLine + " - http://www.juggyboy.com/../../../../some dir/some file" + newLine + newLine + bigText(highlightTextPurple("4. Broken Access Control  ")) + newLine + " - Broken access control is a method used by attackers where a particular flaw has been identified related to the access control, where authentication is bypassed and the attacker compromises the network." + newLine + newLine + bigText(highlightTextPurple("5. Information Leakage  ")) + newLine + " - Information leakage can cause great losses for a company. Hence, all sources such as systems or other network resources must be protected from information leakage by employing proper content filtering mechanisms." + newLine + newLine + bigText(highlightTextPurple("6. Log Tampering  ")) + newLine + " - Logs are maintained by web applications to track usage patterns such as user login credentials, admin login credentials, etc. Attackers usually inject, delete, or tamper with web application logs so that they can perform malicious actions or hide their identities." + newLine + newLine + bigText(highlightTextPurple("7. Broken Account Management  ")) + newLine + " - Even authentication schemes that are valid are weakened because of vulnerable account management functions including account update, forgotten or lost password recovery or reset, password changes, and other similar functions." + newLine + newLine + bigText(highlightTextPurple("8. Insecure Storage  ")) + newLine + " - Web applications need to store sensitive information such as passwords, credit card numbers, account records, or other authentication information somewhere; possibly in a database or on a file system. If proper security is not maintained for these storage locations, then the web application may be at risk as attackers can access the storage and misuse the information stored. Insecure storage of keys, certificates, and passwords allow the attacker to gain access to the web application as a legitimate user." + newLine + newLine + bigText(highlightTextPurple("9. Platform Exploits  ")) + newLine + " - Users can build various web applications by using different platforms such as BEA Web logic and ColdFusion. Each platform has its various vulnerabilities and exploites associated with it." + newLine + newLine + bigText(highlightTextPurple("10. Cross-site Scripting (XSS)  ")) + newLine + " - An attacker bypasses the clients ID security mechanism and gains access privileges, and then injects malicious scripts into the web pages of a particular website. These malicious scripts can even rewrite the HTML content of the website." + newLine + " - Cross-site scripting (XSS) attacks target vulnerabilities in web pages that are dynamically generated, allowing attackers to inject malicious scripts into content that is viewed by other users." + newLine + " - This occurs when unvalidated input is included in dynamic content and sent to a user’s browser for rendering." + newLine + " - Attackers can inject harmful JavaScript, VBScript, ActiveX, HTML, or Flash into web pages, which then execute on the victim’s system, often disguised within seemingly legitimate requests."});
    }

    private static ExplanationPartModel s67_2() {
        return new ExplanationPartModel("Web App Threats 2", new String[]{bigText(highlightTextPurple("11. Security Misconfiguration  ")) + newLine + " -  Developers and network administrators should check that the entire stack is configured properly or security misconfiguration can happen at any level of an application stack, including the platform, web server, application server, framework, and custom code. Missing patches, misconfigurations, use of default accounts, etc. can be detected with the help of automated scanners that attackers exploit to compromise web application security." + newLine + " - " + highlightText(" Easy Exploitation : ") + " Security misconfigurations allow attackers to exploit vulnerabilities such as unauthorized access to default accounts, reading unused pages, leveraging unpatched flaws, and accessing or modifying unprotected files and directories." + newLine + " - " + highlightText(" Common Prevalence : ") + " Security misconfigurations can occur at any layer of the application stack, including the platform, web server, application server, framework, and custom code." + newLine + " - " + highlightText(" Example : ") + newLine + space(3) + dotPoint + " The application server’s admin console is often automatically installed and not removed, leaving it exposed." + newLine + space(3) + dotPoint + " Default accounts and passwords are frequently not changed." + newLine + space(3) + dotPoint + " An attacker may discover the standard admin pages on the server, log in using default credentials, and gain full control." + newLine + newLine + bigText(highlightTextPurple("12. Unvalidated Input  ")) + newLine + " - In order to bypass the security system, attackers tamper with the http requests, URL, headers, form fields, hidden fields, query strings etc. Users' login IDs and other related data gets stored in the cookies and this becomes a source of attack for the intruders. Attackers gain access to the victim's system using the information present in cookies. Examples of attacks caused by unvalidated input include SQL injection, cross-site scripting (XSS), buffer overflows, etc." + newLine + " - Input validation flaws are vulnerabilities in web applications where data received from the client is not properly checked or validated before being processed by the server." + newLine + " - Attackers can exploit these flaws to carry out various malicious actions, such as cross-site scripting (XSS), buffer overflows, and injection attacks, which can lead to data breaches, system malfunctions, or unauthorized access." + newLine + newLine + bigText(highlightTextPurple("13. Unvalidated Redirects and Forwards  ")) + newLine + " -  Attackers lure victim and make them click on unvalidated links that appear to be legitimate. Such redirects may attempt to install malware or trick victims into disclosing passwords or other sensitive information. Unsafe forwards may allow access control bypass, leading to:" + newLine + space(5) + "  1. Session fixation attacks" + newLine + space(5) + "  2. Security management exploits" + newLine + space(5) + "  3. Failure to restrict URL access" + newLine + space(5) + "  4. Malicious file execution" + newLine + " - Unvalidated redirects enable attackers to install malware or trick victims into disclosing passwords or other sensitive information, whereas unsafe forwards may allow access control bypass. " + newLine + newLine + bigText(highlightTextPurple("14. DMZ Protocol Attacks  ")) + newLine + " - The DMZ (\"demilitarized zone\") is a semi-trusted network zone that separates the untrusted Internet from the company's trusted internal network. An attacker who is able to compromise a system that allows other DMZ protocols has access to other DMZs and internal systems. This level of access can lead to: " + newLine + space(5) + "  1. Compromise of the web application and data" + newLine + space(5) + "  2. Defacement of websites" + newLine + space(5) + "  3. Access to internal systems, including databases, backups, and source code" + newLine + newLine + bigText(highlightTextPurple("15. Buffer Overflow  ")) + newLine + " -  A web application's buffer overflow vulnerability occurs when it fails to guard its buffer properly and allows writing beyond its maximum size." + newLine + " - Buffer overflow occurs when an application writes more data to a memory block (buffer) than it is allocated to hold." + newLine + " - This allows attackers to manipulate the target process's memory, potentially controlling its execution, crashing the process, or altering internal variables." + newLine + " - Attackers can modify function pointers to redirect program execution to malicious code stored in memory via jump or call instructions." + newLine + newLine + bigText(highlightTextPurple("16. Network Access Attacks  ")) + newLine + " - Network access attacks can majorly affect web applications, including basic level of service. They can also allow levels of access that standard HTTP application methods could not grant." + newLine + newLine + bigText(highlightTextPurple("17. Cookie Snooping  ")) + newLine + " - Attackers use cookie snooping on victim systems to analyze users' surfing habits and sell that information to other attackers, or to launch various attacks on the victims' web applications." + newLine + newLine + bigText(highlightTextPurple("18. Failure to Restrict URL Access  ")) + newLine + " - An application often safeguards or protects sensitive functionality and prevents the displays of links or URLs for protection. Attackers access those links or URLs directly and perform illegitimate operations." + newLine + newLine + bigText(highlightTextPurple("19. Obfuscation Application  ")) + newLine + " - Attackers usually work hard at hiding their attacks and avoid detection. Network and host-based intrusion detection systems (IDSs) are constantly looking for signs of well-known attacks, driving attackers to seek different ways to remain undetected. The most common method of attack obfuscation involves encoding portions of the attack with Unicode, UTF-8, or URL encoding. Unicode is a method of representing letters, numbers, and special characters to properly display them, regardless of the application or underlying platform." + newLine + newLine + bigText(highlightTextPurple("20. Security Management Exploits  ")) + newLine + " - Some attakcers target security management systems, either on networks or on the application layer, in order to modify or disable security enforcement. An attacker who exploit security management can directly modify protection policies, delete existing policies, add new policies, and modify applications, system data, and resources." + newLine + newLine + bigText(highlightTextPurple("21. Malicious File Execution  ")) + newLine + " -  Malicious file execution vulnerabilities are present in most applications. The cause of this vulnerability is because of unchecked input into a web server. Because of this, attackers execute and process files on a web server and initiate remote code execution, install the rootkit remotely, and - in at least some cases - take complete control over systems."});
    }

    private static ExplanationPartModel s67_3() {
        return new ExplanationPartModel("Web App Threats 3", new String[]{bigText(highlightTextPurple("22. Parameter/Form Tampering  ")) + newLine + " - This type of tampering attack is intended to manipulating the parameters exchanged between client and server in order to modify application data, such as user credentials and permissions, price and quantity of products, etc. This information is actually stored in cookies, hidden form fields, or URL Query Strings, and is used to increase application functionality and control. Man in the middle is one of the examples for this type of attack. Attackers use tools like Web scarab and Paros proxy for these attacks." + newLine + " - Web parameter tampering attacks involve manipulating parameters exchanged between the client and server to alter application data, such as user credentials, permissions, product prices, or quantities." + newLine + " - These attacks exploit weaknesses in integrity and logic validation, potentially leading to other vulnerabilities like XSS, SQL injection, and more." + newLine + " - Tampering with the URL parameters :- http://www.juggybank.com/cust.asp?profile=21&debit=2500" + newLine + " - Other parameters can be changed including attribute parameters :- http://www.juggybank.com/stat.asp?pg=531&status=view" + newLine + newLine + bigText(highlightTextPurple("23. Insecure Direct Object References  ")) + newLine + " - When developers expose various internal implementation objects such as files, directories, database records, or key-through references, the result is an insecure direct object reference. For example, if a bank account number is a primary key, there is chance of the application being compromised by attackers taking advantage of such references." + newLine + newLine + bigText(highlightTextPurple("24. Authentication Hijacking  ")) + newLine + " - To identify a user, every web application employs user identification such as an ID and password. How ever, once attackers compromise a system, various malicious things such as theft of services, session hijacking, and user impersonation can occur." + newLine + newLine + bigText(highlightTextPurple("25. Cross-site Request Forgery (CSRF)  ")) + newLine + " -  The cross-site request forgery method is a kind of attack where an authenticated user in made to perform certain tasks on the web application that an attackers chooses. For example, a user clicking on a particular link sent through an email or chat." + newLine + " - Cross-Site Request Forgery (CSRF) attacks take advantage of vulnerabilities in web applications, enabling an attacker to trick a user’s browser into sending malicious requests without their knowledge." + newLine + " - The attack occurs when the victim, while maintaining an active session with a trusted site, visits a malicious site that injects an HTTP request into the session, compromising the integrity of the trusted site’s actions." + newLine + newLine + bigText(highlightTextPurple("26. Broken Authentication and Session Management  ")) + newLine + " -  When security-sensitive credentials such as passwords and other useful material are not properly taken care, these types of attacks occur. Attackers compromise the credentials through these security vulnerabilities." + newLine + " - Authentication and session management vulnerabilities arise when flaws in functions like account management, session IDs, password handling, and timeouts allow attackers to impersonate users." + newLine + " - " + highlightText(" Session ID in URLs: ") + "  An attacker may intercept network traffic or trick a user into revealing their session ID, which can then be reused for malicious purposes." + newLine + " - " + highlightText(" Password exploitation: ") + "  If passwords are stored unencrypted, attackers who access the password database can exploit every user's credentials." + newLine + " - " + highlightText(" Timeout exploitation: ") + "  Improperly configured timeouts can lead to security risks if a user doesn't log out properly. An attacker can reuse the same browser session after a user closes the browser, exploiting their privileges." + newLine + newLine + bigText(highlightTextPurple("27. Insecure Cryptographic Storage  ")) + newLine + " -  Sensitive data stored in a database should be properly encrypted using cryptography. However, some cryptographic encryption methods contain inherent weakness. Thus, developers should use strong encryption methods to develop secure applications. At the same time, they must take care to store the cryptographic keys securely. If these keys are stored in insecure places, then attackers can obtain them easily and decrypt the sensitive data." + newLine + " - Insecure cryptographic storage occurs when an application uses weak or flawed encryption methods to store sensitive data in the database, compromising its security." + newLine + " - This vulnerability allows attackers to steal or alter poorly protected data, such as credit card numbers, SSNs, and other authentication credentials." + newLine + newLine + bigText(highlightTextPurple("28. Insufficient Transport Layer Protection  ")) + newLine + " -  Use SSL/TLS authentications for websites; otherwise, attackers can monitor network traffic to steal authenticated users' session cookies, making them vulnerable to threats such as account theft and phishing attacks." + newLine + " - " + highlightText(" Weak algorithms support: ") + " Insufficient transport layer protection allows weak encryption algorithms, expired, or invalid certificates to be used, compromising data security." + newLine + " - " + highlightText(" Launch attacks: ") + " A poorly configured SSL setup can enable attackers to carry out phishing and man-in-the-middle (MITM) attacks." + newLine + " - " + highlightText(" Exposes data: ") + "  This vulnerability exposes sensitive user data to untrusted third parties, potentially leading to account theft and further exploitation." + newLine + newLine + bigText(highlightTextPurple("29. Hidden Field Manipulation Attack  ")) + newLine + " -  Attackers attempting to compromise e-commerce websites mostly use these types of attacks. They manipulate hidden fields and change the data stored in them. Several online stores face this type of problem every day. Attackers can alter prices and conclude transactions, designating the prices of their choice." + newLine + " - When a user makes selections on an HTML page, those selections are typically stored as form field values and sent to the application through an HTTP request (GET or POST)." + newLine + " - HTML can also store field values in hidden fields, which aren't visible on the page but are still collected and submitted as parameters during form submissions." + newLine + " - Attackers can inspect the HTML code of the page, modify the hidden field values, and alter the POST requests sent to the server." + newLine + newLine + bigText(highlightTextPurple("30. Session Fixation Attack  ")) + newLine + " -   In a session fixation attack, the attacker tricks or attracts the user to access a legitimate web server using an explicit session ID value." + newLine + " - Session fixation occurs when an attacker tricks a user into accessing a legitimate web server with a pre-determined session ID value controlled by the attacker." + newLine + " - The attacker can then assume the victim's identity and exploit their credentials on the server." + newLine + newLine + bigText(highlightTextPurple("31. Web Services Attacks  ")) + newLine + " -  Attacker can get into the target web applications by exploiting an application integrated with vulnerable web services. An attacker injects a malicious script into a web service and is able to disclose and modify application data." + newLine + " - The evolution of web services and their increasing use in business introduces new attack vectors within application frameworks." + newLine + " - Web services rely on XML-based protocols like Web Services Definition Language (WSDL) to describe connection points, Universal Description, Discovery, and Integration (UDDI) for service discovery, and Simple Object Access Protocol (SOAP) for communication. These components are vulnerable to various web application threats."});
    }

    private static ExplanationPartModel s67_4() {
        return new ExplanationPartModel("32. Denial-of-Service (DoS) Attack", new String[]{" A denial-of-service attack is an attacking method intended to terminate the operations of a website or a server and make it unavailable to intended users. For instance, a website related to a bank or email service is not able to function for a few hours to a few days. This results in loss of time and money." + newLine + newLine + "Attackers can exhaust server resources by sending a high volume of resource-intensive requests, such as requesting large image files or dynamic pages that trigger costly search operations on backend databases." + newLine + newLine + "Application-level DoS (Denial of Service) attacks mimic the request patterns and network traffic of legitimate clients, making them difficult to detect by traditional DoS protection measures." + newLine + newLine + bigText(highlightTextPurple("Why Are Application Vulnerable?")) + newLine + " - Reasonable Use of Expectations" + newLine + " - Application Environment Bottlenecks" + newLine + " - Implementation Flaws" + newLine + " - Poor Data Validation" + newLine + newLine + bigText(highlightTextPurple("Targets")) + newLine + " - CPU, Memory, and Sockets" + newLine + " - Disk Bandwidth" + newLine + " - Database Bandwidth" + newLine + " - Worker Processes" + newLine + newLine + bigText(highlightTextPurple("Denial-of-Service (DoS) Example")) + newLine + " - User Registration DoS: The attacker could create a program that submits the registration forms repeatedly, adding a large number of spurious users to the application." + newLine + " - Login Attacks: The attacker may overload the login process by continually sending login requests that require the presentation tier to access the authentication mechanism, rendering it unavailable or unreasonably slow to respond." + newLine + " - User Enumeration: If application states which part of the user name/password pair is incorrect, an attacker can automate the process of trying common user names from a dictionary file to enumerate the users of the application." + newLine + " - Account Lock Out Attacks: The attacker may enumerate usernames and attempt to authenticate to the site using a username and incorrect passwords, which will lock out the user account after the specified number of failed attempts."});
    }

    private static ExplanationPartModel s67_5() {
        return new ExplanationPartModel("33. Injection Flaws", new String[]{"Injection flaws are web application vulnerabilities that allow untrusted data to be interpreted and executed as part of a command or query." + newLine + newLine + "Injection flaws are vulnerabilities in web applications that allow untrusted data to be executed as part of a command or query, often leading to unintended behavior." + newLine + newLine + "Attackers exploit these flaws by crafting malicious commands or queries, which can result in data loss, corruption, unauthorized access, or denial of service." + newLine + newLine + "Injection flaws are common in legacy code, especially in SQL, LDAP, and XPath queries, and can be easily detected using application vulnerability scanners or fuzzing tools." + newLine + newLine + bigText(highlightTextPurple("SQL Injection: ")) + newLine + " - This is a type of attack where SQL commands are injected by the attacker via input data; then the attacker can tamper with the data." + newLine + " - SQL injection involves injecting malicious SQL queries through user input forms." + newLine + " - These attacks allow attackers to directly manipulate the database using crafted SQL queries." + newLine + " - By exploiting a vulnerable web application, an attacker can bypass security measures and gain unauthorized access to sensitive data." + newLine + " - SQL injection can often be executed through the address bar, input fields within applications, or through search queries." + newLine + " - Note: For a thorough understanding of SQL Injection techniques and concepts, refer to Module 13: SQL Injection." + newLine + newLine + bigText(highlightTextPurple("Command Injection Attacks: ")) + newLine + newLine + highlightText("Shell Injection  ") + newLine + " - Shell injection occurs when an attacker crafts an input string to gain unauthorized shell access to a web server." + newLine + " - Common shell injection functions include system(), StarProcess(), java.lang.Runtime.exec(), System.Diagnostics.Process.Start(), and similar APIs, which can be exploited by the attacker to execute commands on the server." + newLine + newLine + highlightText("HTML Embedding  ") + newLine + " - HTML embedding is a type of attack used to deface websites by injecting extra HTML content into a vulnerable web application." + newLine + " - In this attack, user input is inserted directly into the output HTML without proper validation or sanitization, allowing attackers to inject malicious HTML or scripts." + newLine + newLine + highlightText("File Injection  ") + newLine + " - File injection allows attackers to exploit vulnerabilities by injecting malicious code into system files." + newLine + " - For example, an attacker could inject a remotely hosted file, like www.jasoneval.com, containing an exploit." + newLine + " - File injection attacks take advantage of vulnerable scripts on the server that permit the use of remote files instead of trusted files from the local file system." + newLine + newLine + highlightText("Command Injection Example  ") + newLine + " - An attacker inputs malicious code (such as an account number) along with a new password. For example:" + newLine + " - Malicious Code: www.juggyboy.com/banner.gif||newpassword||1036||60||468" + newLine + " - The last two sets of numbers represent the banner's size (width and height)." + newLine + " - When the attacker clicks the submit button, the password for account 1036 is changed to \"newpassword\"." + newLine + " - The server script expects only the URL of the banner image file in that field. However, poor input validation allows the attacker to exploit this by injecting additional data." + newLine + newLine + bigText(highlightTextPurple("LDAP Injection: ")) + newLine + " - LDAP injection involves injecting malicious LDAP statements through input fields to exploit vulnerabilities in web applications." + newLine + " - Attackers use LDAP injection techniques to bypass input validation and manipulate LDAP filters, allowing them to gain unauthorized access to databases behind the LDAP directory." + newLine + " - What is LDAP? LDAP (Lightweight Directory Access Protocol) is a protocol used by Directory Services to store and organize information based on attributes. This information is structured hierarchically in a tree of directory entries." + newLine + " - LDAP operates on a client-server model, where clients can search the directory entries using specific filters." + newLine + newLine + highlightText(" How LDAP Injection Works") + newLine + " - LDAP injection attacks are similar to SQL injection attacks, but they target user input parameters to craft malicious LDAP queries." + newLine + " - To test if an application is vulnerable to LDAP injection, an attacker can send a query with invalid input. If the LDAP server returns an error, it may indicate the application is vulnerable to code injection." + newLine + " - For example, if an attacker inputs a valid username like \"juggyboy\" and injects juggyboy)(&)), the resulting URL string might look like (&(USER=juggyboy)(&))(PASS=blah)). In this case, only the first filter ((&(USER=juggyboy)(&))) is processed by the LDAP server, which always evaluates as true. This allows the attacker to bypass authentication and log in without a valid password."});
    }

    private static ExplanationPartModel s68_1() {
        return new ExplanationPartModel(" Footprint Web Infrastructure", new String[]{" Web infrastructure footprinting is the initial phase in web application hacking. It helps attackers gather information to select potential victims and identify vulnerable web applications." + newLine + newLine + bigText(highlightTextPurple(" Server Discovery")) + newLine + " - Identifying the physical servers that host the web application." + newLine + " - Server discovery helps gather information about the location of servers and confirms whether the target server is active on the internet." + newLine + newLine + highlightText("Whois Lookup:") + newLine + " - The Whois lookup utility provides information about the IP address of the web server and associated DNS names." + newLine + newLine + highlightText("DNS Interrogation:") + newLine + "  - This process reveals details about the location and type of servers through DNS queries." + newLine + newLine + highlightText("Port Scanning:") + newLine + " - Port scanning involves attempting to connect to specific TCP or UDP ports on a server to identify which services are running." + newLine + " 1. Service discovery involves scanning the target web server to identify common ports used for various services." + newLine + " 2. Tools used for service discovery include:Nmap,NetScan Tools Pro,Sandcat Browser" + newLine + " 3. The identified services can serve as potential attack paths for web application hacking. " + newLine + " - Port 80 is used for the World Wide Web standard port." + newLine + " - Port 81 serves as an alternate port for the World Wide Web." + newLine + " - Port 88 is used for Kerberos authentication services." + newLine + " - Port 443 is associated with SSL (HTTPS)." + newLine + " - Port 900 is used by the IBM Websphere administration client." + newLine + " - Port 2301 is for Compaq Insight Manager." + newLine + " - Port 2381 is designated for Compaq Insight Manager over SSL." + newLine + " - Port 4242 is used for Microsoft Application Center Remote management." + newLine + " - Port 7001 is for BEA Weblogic." + newLine + " - Port 7002 handles BEA Weblogic over SSL." + newLine + " - Port 7070 is used for Sun Java Web Server over SSL." + newLine + " - Port 8000 serves as an alternate web server or web cache." + newLine + " - Port 8001 is an alternate web server or management port." + newLine + " - Port 8005 is designated for Apache Tomcat." + newLine + " - Port 9090 is used for the Sun Java Web Server admin module." + newLine + " - Port 10000 is assigned to the Netscape Administrator interface." + newLine + newLine + bigText(highlightTextPurple(" Service Discovery ")) + newLine + " - Identifying the services running on the web server that could be exploited as potential attack vectors." + newLine + newLine + bigText(highlightTextPurple(" Server Identification/Banner Grabbing ")) + newLine + " - Capturing server banners to determine the make and version of the web server software." + newLine + " - Server identification involves analyzing the server response header to determine the make, model, and version of the web server software." + newLine + " - Syntax: You can use the following command to interact with the server: C:\telnet [Website URL or IP address] 80" + newLine + " - Alternatively, run the command: s_client -host [target website] -port 443 openssl.exe" + newLine + " - Type GET / HTTP/1.0 to retrieve the server information." + newLine + " - Banner Grabbing Tools :- Telnet ,Netcat ,ID Serve ,Netcraft" + newLine + newLine + bigText(highlightText("Detecting Web App Firewalls and Proxies on Target Site ")) + newLine + newLine + highlightTextGreen("1. Detecting Proxies ") + newLine + " - Proxy server detection involves determining whether your requests to the target site are being routed through a proxy server." + newLine + " - Proxy servers typically add specific headers to the response header field." + newLine + " - You can use the TRACE method of HTTP/1.1 to see how the proxy server has modified the request. This helps in identifying the changes made by the proxy server." + newLine + newLine + highlightTextGreen("2. Detecting Web App Firewall ") + newLine + " - Web Application Firewall (WAF) protects web applications by analyzing incoming HTTP traffic to block malicious requests." + newLine + " - To determine if your target site is using a WAF, inspect the response cookies, as many WAFs add their own cookie to the response." + newLine + " - You can also use WAF detection tools like WAFW00F to identify which WAF is protecting the web application." + newLine + newLine + bigText(highlightTextPurple(" Hidden Content Discovery ")) + newLine + " - Hidden content discovery involves uncovering content and functionality that isn’t accessible from the main visible pages, which could be exploited to gain unauthorized access or elevate user privileges within the application." + newLine + newLine + " - Extracting content and functionality not directly linked or visible from the main website, often through unlinked pages or hidden features." + newLine + " - This type of attack allows attackers to access sensitive information such as backup copies of live files, configuration files, log files containing sensitive data, backup archives with snapshots of files within the web root, and new features that are not linked to the main application." + newLine + newLine + highlightText("1.  Web Spidering ") + newLine + " - Web spiders can automatically discover hidden content and functionality by parsing HTML along with client-side JavaScript requests and responses, helping attackers identify unlinked or hidden parts of the application." + newLine + " - Web Spidering Tools :- OWASP Zed Attack Proxy,Burp Suite,WebScarab" + newLine + newLine + highlightText("2. Attacker-Directed Spidering ") + newLine + " - The attacker gains access to all of the application’s functionality and uses an intercepting proxy to monitor all incoming and outgoing requests and responses." + newLine + " - The intercepting proxy analyzes the application’s responses, reporting any content and functionality it uncovers, including hidden or unlinked elements." + newLine + " - Tool: OWASP Zed Attack Proxy" + newLine + newLine + highlightText("3. Brute-Forcing ") + newLine + " - Use automation tools like Burp Suite to send a large number of requests to the web server, attempting to guess the names or identifiers of hidden content and functionality." + newLine + newLine + highlightText("4. Web Spidering Using Burp Suite ") + newLine + " - Configure your web browser to use Burp Suite as a local proxy." + newLine + " - Access the target application by visiting every possible link/URL and submitting all available forms." + newLine + " - Browse the application both with and without JavaScript enabled, and with and without cookies enabled." + newLine + " - Review the site map generated by Burp Suite to identify any hidden content or functionality." + newLine + " - Repeat these steps recursively until no additional content or functionality is found." + newLine + newLine + highlightText("5. Web Crawling Using Mozenda Web Agent Builder ") + newLine + " - Mozenda Web Agent Builder is a tool that crawls websites and extracts pages of information." + newLine + " - The software supports various features such as logins, result indexing, AJAX, borders, and more." + newLine + " - The extracted data can be accessed online, exported, and utilized through an API."});
    }

    private static ExplanationPartModel s68_2() {
        return new ExplanationPartModel("Attack Web Servers and App Client ", new String[]{bigText(highlightTextPurple(" Attack Web Servers")) + newLine + " - After identifying the web server environment, perform a scan using a web server vulnerability scanner to detect any known vulnerabilities." + newLine + " - Launch web server attack to exploit identified vulnerabilities." + newLine + " - Tools used :- UrlScan,Nikto,Nessus,Acunetix Web Vulnerability,WebInspect" + newLine + " - Launch Denial-of-Service (DoS) against web server  :- DoSHTTP, Hping, Loci and Xoic, SYN Flooding, Slowloris, DRDos." + newLine + newLine + highlightText("Web Server Hacking Tool: WebInspect") + newLine + newLine + " - WebInspect is a tool used to identify security vulnerabilities in web applications." + newLine + " - It performs interactive scans through an advanced user interface." + newLine + " - Attackers can exploit the vulnerabilities identified by WebInspect to launch web service attacks." + newLine + newLine + bigText(highlightTextPurple(" Attack Web App Client")) + newLine + " - Attackers interact with server-side applications in unexpected ways to perform malicious actions, access unauthorized data, and harm end users." + newLine + newLine + highlightText(" 1. Cross-Site Scripting (XSS) :- ") + "  Attackers bypass client-side security mechanisms to gain access privileges, then inject malicious scripts into a website's pages. These scripts can even modify the HTML content of the website." + newLine + newLine + highlightText(" 2. HTTP Header Injection :- ") + "  Attackers inject a malicious response into an HTTP header, splitting the response into multiple parts. This can lead to website defacement, cache poisoning, and triggering cross-site scripting attacks." + newLine + newLine + highlightText(" 3. Request Forgery Attack :- ") + "  In this attack, attackers exploit the trust that a website or web application places in a user's browser. By embedding a link on a page, the attacker causes the user's browser to unknowingly perform actions on an authenticated site." + newLine + newLine + highlightText(" 4. Privacy Attacks :- ") + " A privacy attack involves tracking a user’s activity using persistent browser states that have been leaked to a remote site." + newLine + newLine + highlightText(" 5. Redirection Attacks :- ") + " Attackers create links or scripts that resemble legitimate websites, but they redirect the user to a malicious site, where attackers can steal credentials and other sensitive information." + newLine + newLine + highlightText(" 6. Frame Injection :- ") + " When input is not validated properly, attackers inject malicious code through frames. This vulnerability affects browsers and scripts that fail to validate untrusted input, and it typically occurs in HTML pages that use frames." + newLine + newLine + highlightText(" 7. Session Fixation :- ") + " In a session fixation attack, attackers hijack valid user sessions by using a known session ID. They trick the user into accessing a genuine web server with that session ID, thus gaining control over the session." + newLine + newLine + highlightText(" 8. ActiveX Attacks :- ") + " Attackers deceive victims through email or crafted links, exploiting loopholes in ActiveX to execute remote code and gain access privileges equal to that of an authorized user."});
    }

    private static ExplanationPartModel s68_3() {
        return new ExplanationPartModel("Perform Injection Attacks and Attack Authorization Schemes ", new String[]{bigText(highlightTextPurple(" Attack Web Servers")) + newLine + " - Attackers manipulate HTTP requests to bypass application authorization schemes by modifying input fields such as user ID, username, access group, cost, filenames, file identifiers, and more." + newLine + " - Initially, attackers gain access to a web application with a low-privileged account, then escalate their privileges to access protected resources or perform unauthorized actions." + newLine + " - Attackers use sources such as the following to perform authorization attacks :- Parameter Tampering,POST Data,Uniform Resource Identifier,HTTP Headers,Cookies,Hidden Tags" + newLine + newLine + bigText(highlightTextPurple(" Perform Injection Attacks")) + newLine + " - Injection Attacks occur when attackers supply malicious input that is syntactically correct according to the interpreted language, breaking the application's normal flow and security." + newLine + newLine + highlightText(" 1. Web Scripts Injection :- ") + " When user input is directly used in dynamically executed code, attackers can enter crafted input that breaks the intended data context, leading to the execution of unauthorized commands on the server." + newLine + newLine + highlightText(" 2. OS Commands Injection :- ") + " Attackers exploit applications that use user input in system-level commands by injecting malicious code to exploit the underlying operating system." + newLine + newLine + highlightText(" 3. SMTP Injection :- ") + " By injecting arbitrary SMTP commands into the conversation between an application and the SMTP server, attackers can send large volumes of spam emails." + newLine + newLine + highlightText(" 4. SQL Injection :- ") + " Attackers enter a series of malicious SQL queries in input fields to manipulate the database directly, often bypassing security measures." + newLine + newLine + highlightText(" 5. LDAP Injection :- ") + " Attackers take advantage of non-validated user input to manipulate LDAP filters, allowing them to gain unauthorized access to databases." + newLine + newLine + highlightText(" 6. XPath Injection :- ") + " Malicious input is entered to manipulate an XPath query, which can interfere with the application’s logic and retrieve sensitive data." + newLine + newLine + highlightText(" 7. Buffer Overflow :- ") + " Attackers inject large amounts of bogus data that exceed the input field's capacity, potentially causing a crash or allowing further exploits." + newLine + newLine + highlightText(" 8. Canonicalization :- ") + " Attackers manipulate file path variables (e.g., using ../) to traverse and access restricted directories, bypassing access control mechanisms."});
    }

    private static ExplanationPartModel s68_4() {
        return new ExplanationPartModel("Analyze Web Applications", new String[]{"Analyze the active application's functionality and technologies to identify the attack surfaces it exposes, which could be exploited by attackers." + newLine + newLine + bigText(highlightTextPurple("Identify Entry Points for User Input:")) + newLine + " - Review the generated HTTP requests to find user input entry points, such as forms or query parameters, that could be targets for injection or other attacks." + newLine + " - Examine URL, HTTP Header, query string parameters, POST data, and cookies to identify all user input fields that can potentially be exploited in attacks like injection or session hijacking." + newLine + " - Identify HTTP header parameters that the application processes as user inputs, such as:User-Agent, Referer, Accept, Accept-Language, and Host headers." + newLine + " - Determine URL encoding techniques and other encryption measures, such as SSL (Secure Sockets Layer), used to secure web traffic and prevent interception or tampering of sensitive data during transmission." + newLine + " - Tools used :- Burp Suite,HttPrint,WebScarab,OWASP Zed Attack Proxy" + newLine + newLine + bigText(highlightTextPurple("Identify Server-Side Functionality:")) + newLine + " - Examine the application's behavior and responses to understand the server-side structure and functionality, which could reveal areas of vulnerability." + newLine + " - Perform detailed server fingerprinting by analyzing HTTP headers and the HTML source code to identify the server-side technologies being used (e.g., web server software, programming languages, frameworks)." + newLine + " - Examine URLs for file extensions, directories, and other elements that might reveal the underlying structure or technologies of the application (e.g., .php, .asp, /admin/, etc.)." + newLine + " - Examine error page messages, as they can provide valuable information about the server, such as directory paths, software versions, and other details that can help identify vulnerabilities." + newLine + " - Examine session tokens :- JSESSIONID - Java ,ASPSESSIONID - IIS server ,ASP.NET_SessionId - ASP.NET ,PHPSESSID - PHP " + newLine + newLine + bigText(highlightTextPurple("Identify Server-Side Technologies:")) + newLine + " - Use fingerprinting techniques, like HTTP fingerprinting, to determine the technologies running on the server (e.g., web server software, programming languages, frameworks)." + newLine + " - Examine the page source and URLs to make an educated guess about the internal structure and functionality of the web application. By analyzing patterns in URLs, file paths, and the page source, you can gain insights into the application's logic, architecture, and potential vulnerabilities." + newLine + " - Tools used :-   GUN Wget ,Teleport Pro ,BlackWidow" + newLine + newLine + bigText(highlightTextPurple("Map the Attack Surface:")) + newLine + " - Identify the various attack surfaces exposed by the application, and assess the vulnerabilities associated with each surface, which could be exploited for unauthorized access or attacks." + newLine + "1. Client-Side Validation -> Injection Attack,Authentication Attack" + newLine + "2. Injection Attack -> Privilege Escalation, Access Controls" + newLine + "3. Database Interaction -> SQL Injection, Data Leakage" + newLine + "4. Cleartext Communication\t-> Data Theft, Session Hijacking" + newLine + "5. File Upload and Download -> Directory Traversal" + newLine + "6. Error Message -> Information Leakage" + newLine + "7. Display of User-Supplied -> Data  Cross-Site Scripting" + newLine + "8. Email Interaction -> Email Injection" + newLine + "9. Dynamic Redirects -> Redirection, Header Injection" + newLine + "10. Application Codes -> Buffer Overflows" + newLine + "11. Login -> Username Enumeration, Password Brute-Force" + newLine + "12. Third-Party Application -> Known Vulnerabilities Exploitation" + newLine + "13. Session State -> Session Hijacking, Session Fixation" + newLine + "14. Web Server Software -> Known Vulnerabilities Exploitation"});
    }

    private static ExplanationPartModel s68_5() {
        return new ExplanationPartModel("Attack Authentication Mechanism", new String[]{"Attackers can exploit design and implementation flaws in web applications, such as failing to enforce strong password policies or inadequately securing credentials during transmission, to bypass authentication mechanisms and gain unauthorized access." + newLine + newLine + bigText(highlightTextPurple(" User Name Enumeration :- ")) + newLine + " - Login Error Messages: If the application provides specific error messages indicating which part of the username or password is incorrect, attackers can use a trial-and-error method to guess valid usernames and passwords." + newLine + " - Account Enumeration via Sequence: Some applications automatically generate usernames based on a sequence (e.g., user101, user102, etc.). Attackers can discover this pattern and enumerate through potential usernames to find valid accounts." + newLine + " - Note on Account Lockout: User enumeration via error messages may not be effective if the application implements an account lockout policy, which locks the account after a certain number of failed login attempts, preventing further guesses." + newLine + newLine + bigText(highlightTextPurple(" Password Attacks :- ")) + newLine + newLine + bigText(highlightText("1. Password Functionality Exploits")) + newLine + newLine + highlightTextGreen("Password Changing ") + newLine + " - Determine password change functionality by spidering the application or creating a login account." + newLine + " - Test by inputting random strings into the 'Old Password', 'New Password', and 'Confirm New Password' fields. Analyze any errors or unexpected behavior to identify vulnerabilities in the password change functionality." + newLine + newLine + highlightTextGreen("Password Recovery ") + newLine + " - The \"Forgot Password\" feature often presents challenges for users. If the number of attempts isn't limited, attackers can use brute force or social engineering to guess the answers to recovery questions." + newLine + " - Recovery emails: If the challenge is solved, some applications may send a unique recovery URL or the existing password to an email address, which could be controlled by the attacker." + newLine + newLine + highlightTextGreen("\"Remember Me\" Exploit") + newLine + " - \"Remember Me\" functionality is often implemented using persistent cookies (e.g., RememberUser=jason) or session identifiers (e.g., RememberUser=ABY112010)." + newLine + " - Attackers can exploit this by enumerating usernames or predicting session identifiers, enabling them to bypass authentication mechanisms and gain unauthorized access." + newLine + newLine + bigText(highlightText("2. Password Guessing")) + newLine + newLine + highlightTextGreen("Password List:") + " Attackers compile a list of likely passwords by leveraging commonly used passwords, social engineering techniques, and information gathered from footprinting the target. They then attempt each password in turn until the correct one is found." + newLine + newLine + highlightTextGreen("Password Dictionary:") + " Attackers may create a dictionary of potential passwords using tools like Dictionary Maker. These dictionaries are used to perform dictionary attacks, where every word in the dictionary is tried against the application." + newLine + newLine + highlightTextGreen("Tools for Password Guessing:") + " Password guessing can be done manually or with the help of automated tools. Some popular tools for this purpose include:WebCracker, Brutus, Burp Intruder, THC-Hydra,etc." + newLine + newLine + bigText(highlightText("3. Brute-forcing")) + newLine + newLine + highlightTextGreen("Rute-Forcing Attacks:") + " In a brute-force attack, attackers systematically try all possible combinations of characters (including letters, numbers, and special characters) to crack login passwords." + newLine + newLine + highlightTextGreen("Password Cracking Tools:") + " Attackers can use various password-cracking tools to automate this process, including :- Burp Suite, Brutus, and SensePost Crowbar." + newLine + newLine + bigText(highlightTextPurple(" Session Attacks: Session ID Prediction/Brute-Forcing  ")) + newLine + newLine + highlightText("Session ID Capture :- ") + "In the first step, the attacker collects valid session ID values by sniffing traffic from authenticated users. This can be done by intercepting network traffic or using tools like Wireshark." + newLine + newLine + highlightText("Session ID Analysis :- ") + "The attacker then analyzes the captured session IDs to understand the session ID generation process, including the structure of the session ID, the information used to create it (such as user name or timestamp), and any encryption or hashing algorithms employed to protect the session ID." + newLine + newLine + highlightText("Exploiting Predictable Session ID Generation: ") + "If the session ID generation mechanism is weak (e.g., using predictable information such as the username, timestamp, or client IP address), attackers can easily guess valid session IDs. For example, a session ID based on the timestamp might follow a predictable pattern, making it easier to guess." + newLine + newLine + highlightText("Brute Force Attack: ") + "Additionally, attackers can implement a brute-force attack to generate and test different session ID values, systematically trying all possible combinations until they find one that grants access to the application." + newLine + newLine + bigText(highlightTextPurple(" Cookie Exploitation: Cookie Poisoning  ")) + newLine + newLine + highlightText("Cookie Theft :- ") + "If cookies contain sensitive information such as passwords or session identifiers, attackers can steal them using techniques like script injection or eavesdropping (e.g., by intercepting network traffic on an unsecured network)." + newLine + newLine + highlightText("Replaying or Altering Cookies :- ") + "Once attackers have stolen a cookie, they can replay it (using the same cookie) or alter its contents (e.g., modifying session identifiers or passwords) to bypass web application authentication and gain unauthorized access." + newLine + newLine + highlightText("Cookie Trapping Tools :- ") + "Attackers can use tools like OWASP ZAP (Zed Attack Proxy) or Burp Suite to intercept, capture, and manipulate cookies to exploit vulnerabilities."});
    }

    private static ExplanationPartModel s68_6() {
        return new ExplanationPartModel("Attack Session Management Mechanism", new String[]{"Attackers target vulnerabilities in an application’s session management mechanism to bypass authentication controls. This allows them to impersonate privileged users and gain unauthorized access to sensitive parts of the application." + newLine + newLine + bigText(highlightTextPurple(" Attacking Session Token Generation Mechanism ")) + newLine + newLine + highlightText("1. Weak Encoding Example ") + newLine + "- https://www.juggyboy.com/checkout?SessionToken=%75%73%65%72%3D%6A%61%73%6F%6E%3B%61%70%70%3D%61%64%6D%69%6E%3B%64%61%74%65%3D%32%33%2F%31%31%2F%32%30%31%30" + newLine + "- When an attacker observes the hex-encoded ASCII string, such as user=jason;app=admin;date=23/11/2010, they may be able to predict a new session token by altering predictable elements (in this case, the date field). For example, changing the date to 24/11/2010 and using this modified token could allow the attacker to impersonate a valid user and conduct unauthorized transactions with the server." + newLine + newLine + highlightText("2. Session Token Prediction ") + newLine + "- Attackers acquire a valid session token by intercepting traffic or by legitimately logging into the application and examining it for any form of encoding (such as hex-encoding or Base64) or any identifiable pattern." + newLine + "- If any useful information can be extracted or reverse-engineered from the session token sample, attackers try to predict tokens that might have been issued to other users of the application." + newLine + "- The attackers then send numerous requests using the guessed tokens to a session-reliant page to check if any of the tokens are valid." + newLine + newLine + bigText(highlightTextPurple(" Attacking Session Tokens Handling Mechanism: Session Token Sniffing ")) + newLine + "- Attackers capture application traffic using tools like Wireshark or an intercepting proxy such as Burp Suite. If HTTP cookies are used to transmit session tokens and the secure flag is not enabled, attackers can replay the cookie to gain unauthorized access to the application." + newLine + "- Using session cookies, attackers can carry out session hijacking, session replay, and Man-in-the-Middle attacks."});
    }

    private static ExplanationPartModel s68_7() {
        return new ExplanationPartModel("Attack Data Connectivity", new String[]{"Database connection strings are used to establish a link between applications and database engines." + newLine + newLine + "An example of a typical connection string for connecting to a Microsoft SQL Server database might look like this: \"Data Source=Server, Port; Network Library=DBMSSOCN; Initial Catalog=DataBase; User ID=Username; Password=pwd;\"" + newLine + newLine + "Database connectivity attacks target the method in which applications connect to the database, rather than exploiting database queries themselves." + newLine + newLine + bigText(highlightTextPurple(" Connection String Injection")) + newLine + "In a delegated authentication environment, attackers inject additional parameters into a connection string by appending them using a semicolon. This often happens when dynamic string concatenation is used to build connection strings based on user input, making it vulnerable to manipulation.Connection Pool DoS (Denial of Service): Attackers analyze the connection pooling settings of the target application, craft a large malicious SQL query, and execute multiple queries simultaneously. This can consume all available connections in the pool, causing database queries from legitimate users to fail." + newLine + newLine + bigText(highlightTextPurple(" Connection String Parameter Pollution (CSPP) Attacks")) + newLine + "Attackers exploit the connection string by overwriting the values of existing parameters. This can potentially alter the behavior of the connection or bypass security controls.Connection Pool DoS (Denial of Service): Attackers analyze the connection pooling settings of the target application, craft a large malicious SQL query, and execute multiple queries simultaneously. This can consume all available connections in the pool, causing database queries from legitimate users to fail." + newLine + newLine + bigText(highlightTextPurple(" Connection Pool DoS (Denial of Service)")) + newLine + "Attackers analyze the connection pooling settings of the target application, craft a large malicious SQL query, and execute multiple queries simultaneously. This can consume all available connections in the pool, causing database queries from legitimate users to fail."});
    }

    private static ExplanationPartModel s68_8() {
        return new ExplanationPartModel("Attack Web Services", new String[]{"Web services operate on top of legacy web applications, and any vulnerability in a web service can quickly expose underlying application logic and business logic flaws, making them susceptible to a wide range of attacks." + newLine + newLine + "Various types of attacks used to attack web services are :- SOAP Injection,XML Injection,WSDL Probing Attacks,Information Leakage,Application Logic Attacks,Database Attacks" + newLine + newLine + bigText(highlightTextPurple(" SOAP Injection")) + newLine + " - The attacker injects malicious query strings into user input fields to bypass the web service’s authentication mechanisms and gain unauthorized access to backend databases." + newLine + " - This attack functions similarly to SQL Injection, where the injected input manipulates database queries to achieve malicious objectives." + newLine + newLine + bigText(highlightTextPurple(" XML Injection")) + newLine + " - Attackers inject malicious XML data and tags into user input fields to manipulate the XML schema or populate the XML database with fraudulent entries." + newLine + " - XML injection can be exploited to bypass authorization, escalate privileges, or trigger Denial of Service (DoS) attacks on web services." + newLine + newLine + bigText(highlightTextPurple(" Web Services Probing Attacks")) + newLine + " - The attacker intercepts the WSDL (Web Services Description Language) document from the web service traffic and analyzes it to understand the application's purpose, its functional components, entry points, and message types." + newLine + " - The attacker then creates a series of valid requests by selecting operations and formulating request messages according to the XML Schema rules, which can be submitted to the web service." + newLine + " - Using these requests, the attacker injects malicious content into SOAP requests and analyzes any resulting errors to identify potential security vulnerabilities and weaknesses in the system." + newLine + newLine + bigText(highlightTextPurple(" Web Services Parsing Attacks")) + newLine + " - Parsing Attacks exploit vulnerabilities and weaknesses in the XML parser's processing capabilities to either create Denial-of-Service (DoS) attacks or generate logical errors during web service request processing." + newLine + newLine + highlightText("Recursive Payloads :- ") + "The attacker submits a well-formed SOAP document containing infinite processing loops, which causes the XML parser to become stuck in a cycle, consuming CPU resources and potentially causing a system crash or slowdown." + newLine + newLine + highlightText("Oversize Payloads :- ") + "Attackers send an exceptionally large payload, overwhelming the system's resources and making web services unavailable to legitimate users." + newLine + newLine + bigText(highlightTextPurple("Web Service Attack Tools")) + newLine + newLine + bigText(highlightText("1. SoapUI ")) + newLine + " - SoapUI is a web service testing tool that supports various protocols, including SOAP, REST, HTTP, JMS, AMF, and JDBC." + newLine + " - An attacker can leverage SoapUI to conduct web service probing, SOAP injection, XML injection, and parsing attacks on web services, allowing them to test for vulnerabilities and manipulate request and response data." + newLine + newLine + bigText(highlightText("2. XMLSpy ")) + newLine + " - Altova XMLSpy is the XML editor and development environment for modeling, editing, transforming, and debugging XML-related technologies."});
    }

    private static ExplanationPartModel s69_1() {
        return new ExplanationPartModel("Web Application Hacking Tools :- Burp Suite Processional and WebScarab ", new String[]{bigText(highlightTextPurple(" Burp Suite Processional ")) + newLine + " - Burp Suite is an integrated platform used for conducting security testing of web applications. It provides a variety of tools to perform tasks such as scanning for vulnerabilities, intercepting traffic, and analyzing web application behavior to identify security issues." + newLine + newLine + bigText(highlightTextPurple(" WebScarab ")) + newLine + " - WebScarab is a framework designed for analyzing applications that communicate using HTTP and HTTPS protocols." + newLine + " - It enables attackers to intercept, review, and modify requests made by the browser before they reach the server, as well as review and modify server responses before they are sent back to the browser. This allows attackers to manipulate application behavior and test for vulnerabilities."});
    }

    private static ExplanationPartModel s69_2() {
        return new ExplanationPartModel("Web Application Hacking Tools :- CookieDigger ", new String[]{bigText(highlightTextPurple(" CookieDigger ")) + newLine + " - CookieDigger is a tool that helps identify weak cookie generation and insecure session management practices in web applications." + newLine + " - It works by collecting and analyzing cookies issued by a web application for multiple users." + newLine + " - The tool reports on the predictability and entropy of the cookies, and checks if critical information, like usernames and passwords, are included in the cookie values, which could expose sensitive data to attackers."});
    }

    private static ExplanationPartModel s6_1() {
        return new ExplanationPartModel("Data Breach", new String[]{highlightTextPurple("Home Depot Hack") + newLine + " The Home Depot data breach took place in 2014 when cybercriminals infiltrated the retailer's payment card system. The breach impacted around 56 million credit and debit card accounts, along with personal information from 53 million customers. The attackers gained access by exploiting credentials from a third-party vendor, allowing them to penetrate Home Depot's network. This breach was particularly notable because it exposed vulnerabilities in large-scale retail systems and compromised sensitive payment information. In response, Home Depot invested millions of dollars to enhance its security measures and provide compensation to affected customers.", newLine + newLine + highlightTextPurple("eBay  Hack") + newLine + " In May 2014, eBay experienced a significant data breach in which cybercriminals accessed the personal data of 145 million users. The breach involved the theft of encrypted passwords, email addresses, physical addresses, phone numbers, and dates of birth. The attackers gained entry by compromising employee credentials, and eBay did not detect the breach until several months later. In response, the company advised all users to change their passwords, emphasizing the need for robust authentication measures. This incident highlighted the critical importance of maintaining strong security practices to protect user data.", newLine + newLine + highlightTextPurple("Google Play Hack") + newLine + " In 2017, Google Play encountered a significant security breach when hackers successfully distributed malicious apps on the platform. These apps contained malware designed to steal sensitive user data, including login credentials and financial information. The attack primarily targeted users who unknowingly installed the compromised apps. In response, Google swiftly removed the malicious apps from the Play Store and took additional steps to enhance security. This incident underscored the risks associated with downloading third-party applications and highlighted the importance of carefully reviewing app permissions before installation."});
    }

    private static ExplanationPartModel s6_2() {
        return new ExplanationPartModel("Ethical Hacking terminologies", new String[]{highlightTextPurple("Adware : ") + "Software that displays unwanted ads on your system, often forcing them to appear in your browser or applications.", newLine + newLine + highlightTextPurple("Attack : ") + "A deliberate action targeting a system to gain unauthorized access, steal sensitive data, or cause damage.", newLine + newLine + highlightTextPurple("Back door : ") + "A hidden method of bypassing normal authentication mechanisms, allowing unauthorized access to a system or software.", newLine + newLine + highlightTextPurple("Bot : ") + "An automated program designed to carry out specific tasks repeatedly at higher speeds than human users, often used for tasks like sending requests or creating objects.", newLine + newLine + highlightTextPurple("Botnet : ") + "A network of infected computers, controlled remotely, often used for malicious activities like sending spam or launching distributed denial of service (DDoS) attacks.", newLine + newLine + highlightTextPurple("Brute force attack : ") + "A method of attempting to crack passwords or encryption by trying all possible combinations until the correct one is found.", newLine + newLine + highlightTextPurple("Buffer Overflow : ") + "A flaw where more data is written to a buffer than it can hold, leading to potential memory corruption or code execution vulnerabilities.", newLine + newLine + highlightTextPurple("Clone phishing : ") + "The act of modifying a legitimate email to create a fake copy, tricking the recipient into clicking on harmful links or providing personal information.", newLine + newLine + highlightTextPurple("Cracker : ") + "Someone who breaks into systems, bypasses software protections, or removes restrictions, often with malicious intent.", newLine + newLine + highlightTextPurple("Denial of Service (DoS) : ") + "An attack aimed at making a network resource unavailable by overwhelming it with traffic or requests.", newLine + newLine + highlightTextPurple("DDoS (Distributed Denial of Service) : ") + "A variant of DoS where multiple compromised systems are used to flood a target with requests, making it harder to block.", newLine + newLine + highlightTextPurple("Exploit Kit : ") + "A tool designed to search for vulnerabilities in client systems and exploit them to install malicious software.", newLine + newLine + highlightTextPurple("Exploit : ") + "A piece of software or sequence of commands that takes advantage of a vulnerability or bug in a system to gain unauthorized access.", newLine + newLine + highlightTextPurple("Firewall : ") + "A security system designed to control incoming and outgoing network traffic based on predetermined security rules, acting as a barrier against unauthorized access.", newLine + newLine + highlightTextPurple("Keystroke Logging : ") + "The process of tracking keyboard inputs to record sensitive information such as login credentials or personal data, often done without the user's knowledge.", newLine + newLine + highlightTextPurple("Logic Bomb : ") + "A type of malware that triggers an action when certain conditions are met, such as a time or event-based trigger, similar to a time bomb.", newLine + newLine + highlightTextPurple("Malware : ") + "Malicious software that is designed to harm or exploit any device or network, including viruses, worms, ransomware, spyware, and more.", newLine + newLine + highlightTextPurple("Master Program : ") + "The main tool used by hackers to control a network of infected machines (bots) to execute tasks like DDoS attacks or send spam.", newLine + newLine + highlightTextPurple("Phishing : ") + "A fraudulent attempt to acquire sensitive personal information, typically through email, by masquerading as a trustworthy entity.", newLine + newLine + highlightTextPurple("Phreaker : ") + "A person who illegally manipulates phone systems, often to make free calls or tap into communication lines.", newLine + newLine + highlightTextPurple("Rootkit : ") + "Malicious software designed to hide its presence or other malicious programs on a system, providing ongoing privileged access to the attacker.", newLine + newLine + highlightTextPurple("Shrink Wrap Code : ") + "Software vulnerabilities that arise from unpatched or poorly configured programs, often targeted in attacks.", newLine + newLine + highlightTextPurple("Social Engineering : ") + "Manipulating people into revealing confidential information by exploiting psychological tricks rather than technical vulnerabilities.", newLine + newLine + highlightTextPurple("Spam : ") + "Unsolicited or irrelevant messages, often sent in bulk, usually for advertising purposes.", newLine + newLine + highlightTextPurple("Spoofing : ") + "Impersonating a trusted entity by falsifying data, like an IP address, to gain unauthorized access to a system.", newLine + newLine + highlightTextPurple("Spyware : ") + "Software that secretly monitors a user's activities or collects personal data, often without the user's consent.", newLine + newLine + highlightTextPurple("Spyware : ") + "A type of cyberattack where malicious SQL statements are inserted into a database query to manipulate or access sensitive data.", newLine + newLine + highlightTextPurple("Threat : ") + "A potential danger that could exploit a vulnerability in a system, compromising its security.", newLine + newLine + highlightTextPurple("Trojan : ") + "A type of malicious software that disguises itself as a legitimate program but carries out harmful actions once executed, like stealing data or corrupting files.", newLine + newLine + highlightTextPurple("Virus : ") + "A self-replicating program that infects a system by attaching itself to other files and usually causes damage like data corruption.", newLine + newLine + highlightTextPurple("Vulnerability : ") + "A weakness in a system or software that can be exploited by attackers to gain unauthorized access or cause damage.", newLine + newLine + highlightTextPurple("Worm : ") + "A type of malware that replicates itself across networks, often without changing any files but consuming system resources and spreading infections.", newLine + newLine + highlightTextPurple("Cross-site Scripting (XSS) : ") + "A vulnerability in web applications that allows attackers to inject malicious scripts into web pages viewed by other users.", newLine + newLine + highlightTextPurple("Zombie Drone : ") + "A computer that has been hijacked and is used anonymously to carry out malicious tasks, such as sending spam or participating in DDoS attacks."});
    }

    private static ExplanationPartModel s6_3() {
        return new ExplanationPartModel("Elements of Information Security", new String[]{bigText(highlightTextPurple("Confidentiality  ")) + newLine + "- Confidentiality refers to the principle of ensuring that sensitive information is only accessible to authorized individuals, systems, or processes. It aims to prevent unauthorized access to data and is a key element of information security. Confidentiality can be upheld through various techniques, including:" + newLine + newLine + highlightText("Encryption") + " : Converting data into an unreadable format that can only be deciphered by individuals with the correct decryption key." + newLine + newLine + highlightText("Access Control") + " : Restricting access to data and resources, typically enforced through methods such as passwords, biometrics, or multi-factor authentication." + newLine + newLine + highlightText("Data Classification") + " : Categorizing data based on its sensitivity level and implementing corresponding access controls to safeguard it." + newLine, newLine + newLine + bigText(highlightTextPurple("Integrity  ")) + newLine + "- Integrity refers to maintaining the accuracy, consistency, and trustworthiness of data throughout its entire lifecycle. It involves safeguarding data from unauthorized alterations, tampering, or corruption. To ensure data integrity, several key practices can be employed:" + newLine + newLine + highlightText("Hashing") + " : This technique involves generating a unique fixed-size string (hash) for data. Even the smallest change in the data results in a completely different hash, allowing easy detection of tampering." + newLine + newLine + highlightText("Checksums and Digital Signatures") + " : These cryptographic methods are used to validate the integrity of data and messages, providing assurance that the data has not been modified during transmission or storage." + newLine + newLine + highlightText("Data Validation") + " : Ensuring that data is entered and stored correctly according to predefined standards and rules helps to maintain data accuracy and consistency." + newLine, newLine + newLine + bigText(highlightTextPurple("Availability  ")) + newLine + "- Availability ensures that information and systems are accessible and operational when required. It is vital for maintaining business continuity and minimizing downtime. To safeguard availability, the following measures are typically implemented:" + newLine + newLine + highlightText("Redundancy") + " : Establishing backup systems, hardware, or networks to ensure failover capability in the event of a failure, minimizing the risk of service disruption." + newLine + newLine + highlightText("Disaster Recovery and Business Continuity Plans") + " :  Creating detailed strategies for the rapid recovery of data and restoration of systems following an outage or disaster, ensuring minimal impact on operations." + newLine + newLine + highlightText("Network and System Monitoring") + " : Continuously monitoring systems and networks to ensure their performance and to detect potential issues before they affect availability, ensuring systems can handle the expected workload efficiently." + newLine});
    }

    private static ExplanationPartModel s6_4() {
        return new ExplanationPartModel("Motives, Goals, and Objectives of Information Security Attacks", new String[]{highlightTextPurple("Attacks = Motive (Goal) + Method + Vulnerability : ") + newLine + " " + newLine + highlightText("Motive (Goal) ") + " : The attacker’s primary reason for launching the attack, such as financial gain, espionage, or disruption." + newLine + newLine + highlightText("Method ") + " : The techniques, tools, and strategies used to carry out the attack." + newLine + newLine + highlightText("Vulnerability ") + " : A weakness in the system, network, or security controls that can be exploited to achieve the attacker's goal.", newLine + newLine + bigText(highlightTextPurple("Motive Origin : ")) + newLine + "- A motive for an attack arises from the understanding that the target system contains or processes something valuable. This perceived value drives attackers to target the system, aiming to exploit vulnerabilities for their personal, political, or financial gain.", newLine + newLine + bigText(highlightTextPurple("Attacker Methods : ")) + newLine + "- To achieve their motives, attackers use various tools and techniques to exploit vulnerabilities in computer systems, security policies, or network controls. These attacks may be executed via malware, phishing, social engineering, or brute force methods, depending on the type of vulnerability present.", newLine + newLine + bigText(highlightTextPurple("Motives Behind Information Security Attacks : ")) + newLine + newLine + highlightText("Disrupting Business Continuity") + " : Attacks aimed at causing operational disruption, such as DDoS attacks or ransomware, to bring business operations to a halt." + newLine + newLine + highlightText("Information Theft") + " : Stealing valuable data like financial records, intellectual property, or personal information for fraudulent activities, identity theft, or espionage." + newLine + newLine + highlightText("Manipulating Data") + " : Altering data or systems to deceive users or cause financial or operational damage. This may involve changing records or planting misinformation." + newLine + newLine + highlightText("Creating Fear and Chaos") + " : Cyberattacks on critical infrastructure (e.g., power grids, healthcare systems) are designed to cause widespread disruption, fear, and panic." + newLine + newLine + highlightText("Propagating Religious or Political Beliefs") + " : Hacktivism, where attackers target organizations to promote a political, ideological, or religious cause, often involving defacement of websites or leaking sensitive information." + newLine + newLine + highlightText("Achieving the State’s Military Objectives") + " : Nation-state actors may conduct cyberattacks to further their geopolitical or military interests, including cyber espionage or sabotage." + newLine + newLine + highlightText("Damaging the Reputation of the Target") + " : Attacks aimed at discrediting an individual or organization, usually for political, business, or personal reasons, may involve data breaches, defamation, or public exposure of sensitive information." + newLine + newLine + highlightText("Taking Revenge") + " : Personal grievances can drive attacks, where an individual seeks retaliation against a person, company, or institution that they believe has wronged them."});
    }

    private static ExplanationPartModel s6_5() {
        return new ExplanationPartModel("Top Information Security Attack Vectors", new String[]{"Information security refers to the processes and protocols designed to safeguard sensitive, private, or confidential information from unauthorized access, misuse, destruction, alteration, or disruption. This includes securing data in various forms—whether printed, digital, or otherwise—from external and internal threats.", newLine + newLine + "An attack vector is a pathway or method through which an attacker (or hacker) can gain unauthorized access to a computer or network to execute a harmful action or deliver a malicious payload. Attack vectors take advantage of system vulnerabilities, which may include software weaknesses, hardware flaws, or even human error. Examples of attack vectors include email attachments, web pages, pop-up ads, text messages, chat rooms, or social engineering tactics. These attack methods involve both software (and sometimes hardware) and can exploit human fallibility, where an administrator or user may inadvertently disable security measures.", newLine + newLine + "While firewalls and antivirus software are commonly used to block these attack vectors, no security measure is entirely foolproof. As hackers continuously evolve their techniques, previously effective defense strategies may become outdated. The most common malicious payloads delivered through these vectors include viruses (which themselves can act as attack vectors), Trojan horses, worms, and spyware. In this context, if an attack vector were compared to a guided missile, the payload would be similar to the warhead at the tip of the missile—carrying out the actual harmful action once the vector successfully penetrates the system's defenses.", newLine + newLine + newLine + bigText(highlightTextPurple("Information Security Threat Categories ")) + newLine + newLine + highlightText("Network Threats") + newLine + "- Information gathering,Sniffing and eavesdropping,Spoofing,Session hijacking and Man-in-the-Middle attack,DNS and ARP poisoning,Password-based attacks,Denial-of-Service attacks\t,Compromised-Key attack\t,Firewall and IDS attack" + newLine + newLine + highlightText("Host Threats ") + newLine + "- Malware attacks,Footprinting,Profiling,Password attacks,Denial-of-service attacks,Arbitrary code execution,Unauthorized access,Privilege escalation,Backdoor attacks" + newLine + newLine + highlightText("Application Threats ") + newLine + "- Improper data/input validation,Phishing,Security misconfiguration,Information disclosure,Broken session management,Buffer overflow issues,Cryptography attacks,SQL injection,Improper error handling and exception management", newLine + newLine + bigText(highlightTextPurple("Cloud Computing Threats")) + newLine + "- Cloud computing allows for the on-demand delivery of IT resources, where infrastructure and applications are provided to subscribers as a metered service over a network. While cloud storage offers convenience, it also exposes sensitive data to potential risks. A vulnerability in one customer’s application or cloud environment could potentially allow hackers to access data from other customers within the same cloud infrastructure.", newLine + newLine + bigText(highlightTextPurple("Mobile Threats")) + newLine + "- Smartphones, increasingly used for both personal and business purposes, are a prime target for cybercriminals due to their widespread use and relatively weaker security measures. Users may unknowingly download malicious apps (APKs), which can damage other applications, steal data, or transmit sensitive information to attackers. Additionally, cybercriminals can remotely access a device’s camera and microphone, enabling surveillance of the user’s activities and communications, which may be used to facilitate further attacks.", newLine + newLine + bigText(highlightTextPurple("Botnets")) + newLine + "- A botnet is a network of compromised devices controlled by cybercriminals to execute large-scale attacks, such as Distributed Denial of Service (DDoS). Botnets can carry out harmful actions like spreading malware, sending spam, stealing data, and disrupting services. Conventional antivirus software may fail to detect botnets, so specialized tools are necessary to identify and remove these threats.", newLine + newLine + bigText(highlightTextPurple("Insider Attack")) + newLine + "- An insider attack occurs when a trusted individual, such as an employee or contractor with authorized access to an organization’s systems, uses their access to carry out a malicious act. These attacks can be particularly dangerous because the attacker already has knowledge of the organization's network infrastructure and internal processes.", newLine + newLine + bigText(highlightTextPurple("Ransomware")) + newLine + "- Ransomware is a type of malicious software that restricts access to a computer’s files or system and demands a ransom for the decryption key. It is often distributed through malicious email attachments, infected software, compromised websites, or vulnerable servers. Once installed, the ransomware can lock or encrypt the victim’s files, rendering them inaccessible until the ransom is paid.", newLine + newLine + bigText(highlightTextPurple("Viruses and Worms")) + newLine + "- Viruses and worms are among the most common types of malware. A virus is a self-replicating program that attaches itself to legitimate software or files, spreading when those files are executed. A worm, on the other hand, is a self-contained program that replicates itself and spreads across networks, often exploiting vulnerabilities in operating systems or network services to infect other systems.", newLine + newLine + bigText(highlightTextPurple("APT (Advanced Persistent Threats)")) + newLine + "- Advanced Persistent Threats (APTs) are long-term, targeted attacks designed to steal sensitive information from organizations without being detected. These attacks are stealthy, causing minimal disruption to the affected systems. APTs typically exploit vulnerabilities in applications, operating systems, or embedded systems over an extended period, often targeting government organizations, large corporations, and industries involved in national security.", newLine + newLine + bigText(highlightTextPurple("Phishing")) + newLine + "- Phishing is a social engineering technique in which attackers send fraudulent emails, pretending to be from legitimate sources, to steal personal information such as usernames, passwords, or credit card details. These emails often contain malicious links or attachments that, once clicked, can compromise the victim’s security or install malware.", newLine + newLine + bigText(highlightTextPurple("Web Application Threats")) + newLine + "- Web applications are common targets for attacks such as SQL injection and cross-site scripting (XSS). These attacks often exploit vulnerabilities in poorly written code, such as failure to validate user input or sanitize outputs. Successful attacks can lead to stolen credentials, data leakage, website defacement, or the installation of malicious scripts for phishing or further exploitation.", newLine + newLine + bigText(highlightTextPurple("IoT Threats")) + newLine + "- The Internet of Things (IoT) refers to devices connected to the internet, ranging from smart home products to industrial sensors. Many IoT devices have limited security capabilities due to constraints like memory, battery life, and processing power. This lack of robust security makes them highly vulnerable to attacks, as cybercriminals can exploit these weaknesses to access or control the devices, steal data, or launch attacks across connected networks."});
    }

    private static ExplanationPartModel s70_1() {
        return new ExplanationPartModel("Encoding Schemes", new String[]{" Web applications employ various encoding schemes to safely handle unusual characters and binary data in a way that ensures proper transmission and processing. These encoding techniques help prevent data corruption and security issues when handling special characters or binary content." + newLine + newLine + bigText(highlightTextPurple("Types of Encoding Schemes: ")) + newLine + newLine + bigText(highlightText("1. URL Encoding ")) + newLine + " - URL encoding converts data into a valid ASCII format so it can be safely transmitted over HTTP." + newLine + " - It replaces unusual ASCII characters with a \"%\" symbol followed by the character's two-digit ASCII code in hexadecimal." + newLine + " - Example\"%0a\" = New Line , \"%20\" = Space" + newLine + newLine + bigText(highlightText("2. HTML Encoding ")) + newLine + " - HTML encoding is used to represent characters in a way that they can safely be included in an HTML document." + newLine + " - It defines HTML entities for representing special characters." + newLine + " - Example &amp; = &,&lt; = <,&gt; = >" + newLine + newLine + bigText(highlightText("3. Unicode Encoding ")) + newLine + " - 16-bit Unicode Encoding: Replaces unusual Unicode characters with %u followed by the character's Unicode code point in hexadecimal.(Example: %u2215 (Represents the division symbol \"∕\"))" + newLine + " - UTF-8 Encoding: A variable-length encoding standard that uses each byte expressed in hexadecimal, prefixed by %. Example: %c2%a9 (Represents the copyright symbol \"©\"), %e2%89%a0 (Represents the not equal symbol \"≠\")" + newLine + newLine + bigText(highlightText("4. Base64 Encoding ")) + newLine + " - Base64 encoding converts binary data into ASCII characters for safe transmission, often used for encoding email attachments or user credentials." + newLine + " - Example \"cake\" in binary: 01100011 01100001 01101011 01100101 and Base64 encoding: Y2FrZQ==" + newLine + newLine + bigText(highlightText("5. Hex Encoding ")) + newLine + " - Hex encoding uses the hexadecimal value of each character to represent a collection of characters when transmitting binary data." + newLine + " - Example  \"Hello\" encoded in hex: 48 65 6c 6c 6f and \"Jason\" encoded in hex: 4a 61 73 6f 6e"});
    }

    private static ExplanationPartModel s70_2() {
        return new ExplanationPartModel("How to Defend Against", new String[]{bigText(highlightTextPurple(" How to Defend Against SQL Injection Attacks")) + newLine + " - Restrict the length of user input" + newLine + " - Implement custom error messages" + newLine + " - Monitor database traffic using Intrusion Detection Systems (IDS) and Web Application Firewalls (WAF)" + newLine + " - Disable potentially risky commands like xp_cmdshell" + newLine + " - Isolate the database server from the web server" + newLine + " - Always use the POST method and a low-privilege account for database connections" + newLine + " - Operate the database service account with minimal permissions" + newLine + " - Relocate extended stored procedures to a dedicated server" + newLine + " - Utilize type-safe variables or functions (e.g., IsNumeric()) to ensure type safety" + newLine + " - Validate and sanitize user input before passing it to the database" + newLine + newLine + bigText(highlightTextPurple(" How to Defend Against Command Injection Flaws")) + newLine + " - Conduct thorough input validation" + newLine + " - Escape any potentially dangerous characters" + newLine + " - Leverage language-specific libraries to avoid issues with shell commands" + newLine + " - Implement both input and output encoding" + newLine + " - Use a secure API that eliminates the need for the interpreter" + newLine + " - Organize requests so that all provided parameters are handled as data, not executable content" + newLine + " - Employ parameterized SQL queries to prevent SQL injection" + newLine + " - Use modular separation of shell commands from the kernel" + newLine + newLine + bigText(highlightTextPurple(" How to Defend Against XSS Attacks")) + newLine + " - Validate all headers, cookies, query strings, form fields, and hidden fields (i.e., all parameters) against strict specifications." + newLine + " - Implement a web application firewall (WAF) to block malicious script execution." + newLine + " - Encode both input and output and filter meta-characters in user input." + newLine + " - Filter script output to mitigate XSS vulnerabilities by preventing malicious content from reaching users." + newLine + " - Use testing tools extensively during the design phase to identify and eliminate potential XSS vulnerabilities before deployment." + newLine + " - Convert all non-alphanumeric characters to HTML character entities when displaying user input in search engines and forums." + newLine + " - Do not fully trust HTTPS-secured websites in terms of XSS protection." + newLine + " - Develop standardized or signed scripts using private and public keys to verify that the script is authenticated and has not been tampered with." + newLine + newLine + bigText(highlightTextPurple(" How to Defend Against DoS Attack ")) + newLine + " - Configure the firewall to block external Internet Control Message Protocol (ICMP) traffic." + newLine + " - Secure remote administration and connectivity testing with strong access controls." + newLine + " - Disable the use of unnecessary functions, such as gets, strcpy, and prevent overwriting return addresses." + newLine + " - Protect sensitive information from being overwritten or exposed." + newLine + " - Conduct thorough input validation to ensure data integrity." + newLine + " - Prevent execution of data manipulated or provided by an attacker."});
    }

    private static ExplanationPartModel s70_3() {
        return new ExplanationPartModel("Web Application Attack Countermeasures", new String[]{bigText(highlightTextPurple(" Unvalidated Redirects and Forwards:")) + newLine + " - Avoid using redirects and forwards whenever possible." + newLine + " - If destination parameters are necessary, validate and ensure the supplied value is legitimate and authorized for the user." + newLine + newLine + bigText(highlightTextPurple(" Cross-Site Request Forgery (CSRF):")) + newLine + " - Log off immediately after using a web application and clear your browser’s history." + newLine + " - Disable your browser and websites from saving login credentials." + newLine + " - Verify the HTTP Referrer header and ignore URL parameters when processing a POST request." + newLine + newLine + bigText(highlightTextPurple(" Broken Authentication and Session Management:")) + newLine + " - Always use SSL (HTTPS) for authenticated areas of the application." + newLine + " - Ensure user credentials and identities are stored securely, preferably in a hashed format." + newLine + " - Never submit session data through GET or POST methods." + newLine + newLine + bigText(highlightTextPurple(" Insecure Cryptographic Storage:")) + newLine + " - Avoid weak cryptographic algorithms and ensure strong encryption methods are used." + newLine + " - Generate encryption keys offline and store them in a secure manner." + newLine + " - Encrypt sensitive data stored on disk and make sure it cannot be easily decrypted." + newLine + newLine + bigText(highlightTextPurple(" Insufficient Transport Layer Protection:")) + newLine + " - Redirect all non-SSL requests to the secure (SSL) version of your site." + newLine + " - Set the 'secure' flag on all cookies that hold sensitive information." + newLine + " - Configure your SSL provider to use only strong algorithms." + newLine + " - Ensure that SSL certificates are valid, not expired, and match the domain names used." + newLine + " - Enforce SSL or other encryption technologies for backend and internal connections." + newLine + newLine + bigText(highlightTextPurple(" Directory Traversal:")) + newLine + " - Implement access controls to protect sensitive areas of the website." + newLine + " - Apply necessary checks or hotfixes, such as filtering Unicode characters, to prevent directory traversal exploits." + newLine + " - Regularly update web servers with the latest security patches." + newLine + newLine + bigText(highlightTextPurple(" Cookie/Session Poisoning:")) + newLine + " - Do not store passwords or sensitive data in plain text or weakly encrypted form in cookies." + newLine + " - Set an expiration time (timeout) for cookies." + newLine + " - Associate authentication cookies with specific IP addresses." + newLine + " - Ensure users have access to a logout function that clears sensitive session data." + newLine + newLine + bigText(highlightTextPurple(" Security Misconfiguration:")) + newLine + " - Configure security mechanisms correctly and disable unused services." + newLine + " - Set appropriate roles, permissions, and accounts, and change default account credentials." + newLine + " - Regularly scan for security vulnerabilities and apply the latest security patches." + newLine + newLine + bigText(highlightTextPurple(" LDAP Injection Attacks:")) + newLine + " - Perform validation on all user input, checking for type, pattern, and domain value conformity." + newLine + " - Keep LDAP filters as specific as possible to minimize attack vectors." + newLine + " - Limit the amount of data returned by LDAP queries to reduce exposure." + newLine + " - Implement strict access controls for the LDAP directory." + newLine + " - Perform dynamic testing and source code analysis to identify vulnerabilities." + newLine + newLine + bigText(highlightTextPurple(" File Injection Attacks:")) + newLine + " - Rigorously validate user input to prevent malicious file uploads or executions." + newLine + " - Consider implementing a chroot jail to restrict file access." + newLine + " - For PHP, disable allow_url_fopen and allow_url_include in php.ini." + newLine + " - Disable register_globals and use E_STRICT to catch uninitialized variables in PHP." + newLine + " - Carefully vet all file and stream functions, such as stream_*, to prevent exploits."});
    }

    private static ExplanationPartModel s71_1() {
        return new ExplanationPartModel("Define SQL Injections", new String[]{bigText(highlightTextPurple("What is SQL Injections")) + newLine + " - SQL injection is a type of attack where the attacker exploits unvalidated user input to inject arbitrary data or SQL commands; harmful queries are crafted and when processed by the backend database, they lead to unintended outcomes." + newLine + " - The attacker needs to have knowledge of the underlying database and must use various strings to craft harmful queries and submit them to the target." + newLine + newLine + bigText(highlightTextPurple("How Does SQL Work On a Website")) + newLine + " - A website consists of three main components: the Frontend, Backend, and Database." + newLine + " - The frontend of a website is built using technologies like HTML, CSS, and JavaScript." + newLine + " - On the backend, scripting languages like Python, PHP, Perl, and others are used." + newLine + " - The server-side typically includes databases such as MySQL, Oracle, and MS SQL Server, which execute the queries." + newLine + " - When you make a query, you usually send a GET request to the website." + newLine + " - In return, the website sends a response containing HTML code." + newLine + " - Using tools like the Postman API, you can test and inspect the responses from different websites." + newLine + newLine + bigText(highlightTextPurple("Detecting SQL Injection Vulnerabilities")) + newLine + " - Input validation testing: Test input fields by inserting special characters like --, ;, ', or \"\" to check if they trigger errors or unintended behavior." + newLine + " - Automated tools: Utilize tools like SQLMap, Burp Suite, or OWASP ZAP to automatically scan for vulnerabilities." + newLine + " - Source code review: Examine the source code for insecure practices, such as directly embedding user input into SQL queries." + newLine + " - Monitor error messages: Look out for unexpected or overly detailed error messages, which may suggest the application is vulnerable." + newLine + " - Penetration testing: Conduct regular penetration tests to identify and address security weaknesses."});
    }

    private static ExplanationPartModel s71_2() {
        return new ExplanationPartModel("Why Bother about SQL Injection?", new String[]{bigText(highlightTextPurple(" Authentication Bypass ")) + newLine + "- This type of attack allows an attacker to bypass authentication, logging into an application without valid credentials and gaining administrative access." + newLine + newLine + bigText(highlightTextPurple(" Information Disclosure ")) + newLine + "- Attackers can use SQL injection to retrieve sensitive data stored in the database." + newLine + newLine + bigText(highlightTextPurple(" Compromised Data Integrity ")) + newLine + "- Attackers might alter data, deface web pages, or inject malicious content into the database or webpages." + newLine + newLine + bigText(highlightTextPurple(" Compromised Availability of Data ")) + newLine + "- Attackers could delete critical data, logs, or audit information stored in the database." + newLine + newLine + bigText(highlightTextPurple(" Remote Code Execution ")) + newLine + "- This type of attack can enable attackers to compromise the host operating system." + newLine + newLine + highlightTextPurple("Example :- ") + newLine + " - In the following example, the username is restricted to alphanumeric characters and underscores, with a length between 8 and 20 characters (these rules can be adjusted as needed)." + newLine + newLine + " if (preg_match(\"/^\\w{8,20}$/\", $_GET['username'], $matches)) {" + newLine + "   $result = mysqli_query(\"SELECT * FROM CUSTOMERS WHERE name = $matches[0]\");" + newLine + "} else {" + newLine + "   echo \"Username not accepted\";" + newLine + "}" + newLine + newLine + " Now, consider the issue illustrated below:" + newLine + newLine + " $name = \"Qadir'; DELETE FROM CUSTOMERS;\";" + newLine + " mysqli_query(\"SELECT * FROM CUSTOMERS WHERE name='{$name}'\");" + newLine + newLine + " - The goal of the function is to fetch a record from the CUSTOMERS table where the name column matches the user-provided name." + newLine + " - Normally, $name would contain just alphanumeric characters or spaces." + newLine + " - However, by appending a new query (DELETE FROM CUSTOMERS), the original query becomes malicious, resulting in the deletion of all records from the CUSTOMERS table." + newLine + " - Luckily, in MySQL, the mysqli_query() function does not allow query stacking or execution of multiple SQL queries in one call. If attempted, the query fails." + newLine + " - However, with other database extensions like SQLite and PostgreSQL, query stacking is possible, executing all queries in one go and creating a significant security vulnerability."});
    }

    private static ExplanationPartModel s71_3() {
        return new ExplanationPartModel("SQL Injection Methodology and Server-side Technologies", new String[]{bigText(highlightTextPurple("SQL Injection Methodology")) + newLine + newLine + highlightText(" Retrieving Hidden Data ") + newLine + "- Attackers modify or manipulate SQL queries to access data that is otherwise hidden or unavailable to regular users." + newLine + newLine + highlightText(" Interfering with Application Logic ") + newLine + "- SQL queries are altered to disrupt the logic of the application or system, potentially causing unexpected behavior." + newLine + newLine + highlightText(" Union-based Attacks ") + newLine + "- Attackers use the UNION SQL operator to access data from multiple database tables, often retrieving unauthorized information." + newLine + newLine + highlightText(" Testing the Database ") + newLine + "- Attackers test the database to extract sensitive data and details about the database structure and version." + newLine + newLine + highlightText(" Blind SQL Injection ") + newLine + "- Another common method involves blind SQL injection, where attackers use queries that do not display data directly but infer information based on responses." + newLine + newLine + bigText(highlightTextPurple("SQL Injection and Server-side Technologies")) + newLine + newLine + highlightText(" Server-side Technologies ") + newLine + "- Powerful server-side platforms like ASP.NET, paired with database servers, enable developers to easily build dynamic, data-driven websites." + newLine + newLine + highlightText(" Exploitation ") + newLine + "- Hackers can exploit the capabilities of ASP.NET and SQL to launch SQL injection attacks, gaining unauthorized access to data." + newLine + newLine + highlightText(" Susceptible Databases ") + newLine + "- Relational databases like SQL Server, Oracle, IBM DB2, and MySQL are all vulnerable to SQL injection attacks." + newLine + newLine + highlightText(" Attack Overview ") + newLine + "- SQL injection attacks do not take advantage of specific software flaws but instead target websites that fail to implement secure coding practices for interacting with relational databases."});
    }

    private static ExplanationPartModel s72_1() {
        return new ExplanationPartModel("Tools :- SQLDict,SQLExec and SQL2.exe", new String[]{bigText(highlightTextPurple("SQLDict")) + newLine + " - SQLdict is a dictionary-based attack tool designed for SQL Server." + newLine + " - It helps test the strength of SQL Server accounts to determine if they are vulnerable to attacks." + newLine + newLine + bigText(highlightTextPurple("SQLExec")) + newLine + " - SQLExec allows the execution of commands on compromised Microsoft SQL Servers using the xp_cmdshell stored procedure." + newLine + " - It utilizes the default sa account with a NULL password, though this can be easily modified." + newLine + newLine + bigText(highlightTextPurple("SQL2.exe")) + newLine + " - SQL2 is a UDP buffer overflow remote exploit tool for hacking SQL Servers."});
    }

    private static ExplanationPartModel s72_2() {
        return new ExplanationPartModel("Tools  :- Sqlbf and SQLSmack", new String[]{bigText(highlightTextPurple("Sqlbf")) + newLine + " - Sqlbf is a tool used for auditing the strength of Microsoft SQL Server passwords offline. It operates in either BruteForce mode or Dictionary attack mode.:- select name, password from master..sysxlogins" + newLine + " - On a 1 GHz Pentium machine with 256MB of RAM, it can make about 750,000 guesses per second.:- select name, password from master..sysxlogins" + newLine + " - To use the tool, you need password hashes from the sysxlogins table in the master database. These hashes are relatively easy to retrieve, but you need privileged access, such as an sa account.:- select name, password from master..sysxlogins" + newLine + " - The query to retrieve the password hashes is:- select name, password from master..sysxlogins" + newLine + " - To perform a dictionary attack on the hashes, use the command: sqlbf u hashes.txt -d dictionary.dic -r out.rep\n" + newLine + newLine + bigText(highlightTextPurple("SQLSmack")) + newLine + " - SQLSmack is a Linux-based remote command execution tool for Microsoft SQL Server (MSSQL)." + newLine + " - The tool allows attackers, when provided with a valid username and password, to execute commands remotely using the master..xp_cmdshell stored procedure."});
    }

    private static ExplanationPartModel s73_1() {
        return new ExplanationPartModel("Type : In-band,Out-of-band and Time-based Blind", new String[]{bigText(highlightTextPurple("1. In-band SQL Injection")) + newLine + " - In-band SQL Injection is the most common form of SQL injection, where the attacker directly submits malicious SQL queries through the application interface." + newLine + " - This technique allows attackers to extract sensitive data or manipulate the database." + newLine + " - Example: SELECT * FROM users WHERE id = 1; -- OR 1=1 --" + newLine + newLine + bigText(highlightTextPurple("2. Out-of-band SQL Injection ")) + newLine + " - Out-of-band SQL Injection involves the attacker using a different communication channel (like DNS or HTTP requests) to exfiltrate data from the database." + newLine + " - Although this method is less frequent, it can be highly effective." + newLine + " - Example: SELECT * FROM users WHERE id = 1; -- ;" + newLine + newLine + bigText(highlightTextPurple("3. Time-based Blind SQL Injection")) + newLine + " - In Time-based Blind SQL Injection, the attacker sends a query that forces a time delay (using a command like SLEEP), which helps them infer whether a condition is true or false based on the response time." + newLine + " - Example: SELECT * FROM users WHERE id = 1 AND 1=1 SLEEP(5);"});
    }

    private static ExplanationPartModel s73_2() {
        return new ExplanationPartModel("Type : Error-based and Blind ", new String[]{bigText(highlightTextPurple("4. Error-based SQL Injection")) + newLine + " - Error-based SQL Injection exploits database error messages to gain information about the database structure." + newLine + " - Attackers can use the information in the error messages to refine their attacks and craft more sophisticated payloads." + newLine + " - Example: SELECT * FROM users WHERE id = 1' -- ;" + newLine + newLine + bigText(highlightText("Type of Error-based SQL Injection ")) + newLine + newLine + highlightTextGreen("(1) System Stored Procedures: ") + "Attackers may exploit database stored procedures to carry out attacks." + newLine + newLine + highlightTextGreen("(2) End-of-Line Comment: ") + "By injecting code followed by end-of-line comments, attackers can nullify legitimate code and manipulate queries. Example: SELECT * FROM user WHERE name = 'x' AND userid IS NULL; --';" + newLine + newLine + highlightTextGreen("(3) Illegal or Logically Incorrect Queries: ") + "Attackers might inject incorrect or logically flawed queries to learn about database elements like parameters, data types, or table names." + newLine + newLine + highlightTextGreen("(3) Tautology: ") + "This approach involves injecting always-true conditions to ensure that queries always return results. Example: SELECT * FROM users WHERE name = '' OR '1'='1';" + newLine + newLine + highlightTextGreen("(4) Union SQL Injection: ") + "The \"UNION SELECT\" statement allows attackers to combine their query results with data from other tables. Example: SELECT Name, Phone, Address FROM Users WHERE Id=1 UNION ALL SELECT creditCardNumber,1,1 FROM CreditCardTable;" + newLine + newLine + bigText(highlightTextPurple("5. Blind SQL Injection")) + newLine + " - In Blind SQL Injection, the attacker doesn’t receive error messages but can infer information about the database by analyzing the application’s behavior." + newLine + " - The attacker uses boolean conditions to test different aspects of the database’s structure." + newLine + " - Example: SELECT * FROM users WHERE id = 1 AND 1=1;" + newLine + newLine + bigText(highlightText("Type of Blind SQL Injection ")) + newLine + newLine + highlightTextGreen("(1) No Error Message: ") + "Unlike traditional SQL injection, blind SQL injection doesn’t reveal error messages, making it harder for attackers to gather direct feedback." + newLine + newLine + highlightTextGreen("(2) Generic Page: ") + "Instead of an error message, the attacker is shown a generic custom page, masking the results of the attack." + newLine + newLine + highlightTextGreen("(3) Time-Intensive: ") + "Blind SQL injection can be time-consuming, as the attacker needs to send multiple queries to deduce each bit of information from the database."});
    }

    private static ExplanationPartModel s74_1() {
        return new ExplanationPartModel("Preventing SQL Injection Attacks part 1", new String[]{bigText(highlightTextPurple("1. Use Prepared Statements and Parameterized Queries")) + newLine + " - Prepared statements and parameterized queries ensure that user inputs are treated as data, not executable SQL code." + newLine + " - This approach effectively prevents SQL injection attacks." + newLine + " - Example in PHP (using MySQLi) :- " + newLine + " $stmt = $conn->prepare(\"SELECT * FROM users WHERE username = ? AND password = ?\");" + newLine + " $stmt->bind_param(\"ss\", $username, $password);" + newLine + " $stmt->execute();" + newLine + newLine + bigText(highlightTextPurple("2. Employ Stored Procedures")) + newLine + " - Stored procedures are pre-written SQL queries stored in the database." + newLine + " - These procedures help prevent SQL injection since they don't build SQL queries dynamically." + newLine + " - Example: " + newLine + "CREATE PROCEDURE GetUserByUsername (IN username VARCHAR(50))" + newLine + "BEGIN" + newLine + "   SELECT * FROM users WHERE username = username;" + newLine + "END;" + newLine + newLine + bigText(highlightTextPurple("3. Whitelist Input Validation")) + newLine + " - Validate user inputs before using them in SQL queries." + newLine + " - Only allow specific characters or patterns (e.g., alphanumeric input) for fields like usernames or email addresses."});
    }

    private static ExplanationPartModel s74_2() {
        return new ExplanationPartModel("Preventing SQL Injection Attacks part 2", new String[]{bigText(highlightTextPurple("4. Use ORM Frameworks")) + newLine + " - Object-Relational Mapping (ORM) frameworks such as Hibernate or Entity Framework help prevent SQL injection by automatically generating secure queries, eliminating the need for manual query construction." + newLine + newLine + bigText(highlightTextPurple("5. Restrict Database Privileges")) + newLine + " - Grant users the minimum necessary database privileges." + newLine + " - Restrict permissions for actions like DROP TABLE or ALTER, ensuring that applications can only perform essential operations (e.g., SELECT, INSERT)." + newLine + newLine + bigText(highlightTextPurple("6. Error Handling")) + newLine + " - Configure the database and application to avoid displaying detailed error messages to end users." + newLine + " - Instead, log errors internally and show generic error messages to users to prevent exposing sensitive system information."});
    }

    private static ExplanationPartModel s75_1() {
        return new ExplanationPartModel("Define Cloud and Cloud Computing", new String[]{bigText(highlightTextPurple(" What is Cloud?")) + newLine + " - The term \"Cloud\" refers to a network or the internet." + newLine + " - Essentially, the Cloud is something stored and accessed remotely." + newLine + " - Cloud services can be provided over public or private networks, including WAN, LAN, or VPN." + newLine + " - Applications like email, web conferencing, and customer relationship management (CRM) are run on the cloud." + newLine + newLine + bigText(highlightTextPurple(" What is Cloud Computing?")) + newLine + " - Cloud Computing involves remotely managing, configuring, and accessing hardware and software resources." + newLine + " - It provides online services such as data storage, infrastructure, and software applications." + newLine + " - Cloud computing allows for platform independence, as software doesn't need to be installed locally on your computer." + newLine + " - As a result, cloud computing enables businesses to be more mobile and collaborative." + newLine + newLine + bigText(highlightTextPurple("Advantages of Cloud Computing")) + newLine + newLine + highlightText(" Cost Efficiency :- ") + "Cloud computing uses a pay-as-you-go model, which helps reduce capital expenses for infrastructure, especially beneficial for small and medium-sized businesses." + newLine + newLine + highlightText(" Flexibility and Scalability :- ") + "Cloud services allow you to scale resources based on demand, ensuring that businesses can handle workloads efficiently without large investments in hardware during low-demand periods." + newLine + newLine + highlightText(" Collaboration and Accessibility :- ") + "Cloud computing allows easy access to data and applications from anywhere, promoting team collaboration through shared documents and real-time updates." + newLine + newLine + highlightText(" Automatic Maintenance and Updates :- ") + "Cloud providers, like AWS, handle infrastructure management and automatic updates, ensuring access to the latest software and technologies, so businesses can focus on operations and innovation." + newLine + newLine + bigText(highlightTextPurple("Disadvantages of Cloud Computing")) + newLine + newLine + highlightText(" Security Concerns :- ") + " Storing sensitive data on external servers raises security issues, which is a major concern for cloud computing." + newLine + newLine + highlightText(" Downtime and Reliability :- ") + " Although cloud services are generally reliable, they can experience unexpected downtimes or disruptions due to server issues, network problems, or maintenance, which can affect business operations." + newLine + newLine + highlightText(" Dependency on Internet Connectivity :- ") + " Cloud services heavily depend on a stable and high-speed internet connection. In regions with poor internet access, users may encounter difficulties accessing data and applications." + newLine + newLine + highlightText(" Cost Management Complexity :- ") + " While cloud services offer a pay-as-you-go pricing model, it can lead to complexity in managing costs. Without careful monitoring and resource optimization, organizations may face unexpected expenses. Effective cost management requires ongoing attention."});
    }

    private static ExplanationPartModel s75_2() {
        return new ExplanationPartModel("Top Languages for Cloud Computing", new String[]{"The demand for cloud professionals is increasing." + newLine + newLine + "To build a career in cloud computing, proficiency in certain languages is essential. The most in-demand languages include:" + newLine + space(5) + " - SQL (Structured Query Language)" + newLine + space(5) + " - R Programming" + newLine + space(5) + " - Python Programming" + newLine + space(5) + " - Perl Programming" + newLine + space(5) + " - Ruby Programming"});
    }

    private static ExplanationPartModel s75_3() {
        return new ExplanationPartModel("How Cloud Computing Works?", new String[]{"Cloud computing enables users to access and use computing resources like servers, storage, databases, and software over the internet." + newLine + newLine + "This model removes the need for users to own or manage physical infrastructure, as cloud providers handle all maintenance and management." + newLine + newLine + "IaaS (Infrastructure as a Service): Users rent virtualized hardware resources like virtual machines and storage to build and run their applications." + newLine + newLine + "PaaS (Platform as a Service): Provides a platform for developers to create, deploy, and manage applications without managing underlying infrastructure." + newLine + newLine + "SaaS (Software as a Service): Delivers software applications over the internet, accessible through web browsers without installation." + newLine + newLine + "Cloud services rely on vast networks of data centers with geographically distributed servers, ensuring high availability and reliability." + newLine + newLine + "Users can access cloud resources through various devices (computers, smartphones, tablets) from anywhere with an internet connection." + newLine + newLine + "Cloud providers offer flexible pricing options, such as pay-as-you-go or subscription-based, allowing users to scale resources based on their needs and avoid upfront costs." + newLine + newLine + "Data redundancy and backup are built into cloud systems to reduce the risk of data loss, with integrated security measures to protect user data." + newLine + newLine + "Elasticity allows cloud resources to be dynamically adjusted based on demand, optimizing performance and cost-efficiency." + newLine + newLine + "Cloud computing has revolutionized industries by enhancing scalability, collaboration, and accessibility, fostering innovation and increasing business efficiency."});
    }

    private static ExplanationPartModel s76_1() {
        return new ExplanationPartModel("Cloud Deployment Models", new String[]{bigText(highlightTextPurple(" Public Cloud:")) + newLine + " - In a public cloud, a cloud provider hosts services and infrastructure over a network (the internet)." + newLine + " - Multiple users can access these services as they are available over a public network." + newLine + " - Security is generally lower in this model due to the shared nature of the resources." + newLine + " - It is a highly scalable model, with varying maintenance costs. Amazon Web Services (AWS) is a popular example of a public cloud." + newLine + newLine + bigText(highlightTextPurple(" Private Cloud:")) + newLine + " - In a private cloud, the cloud provider hosts services and infrastructure on a private network." + newLine + " - Typically, only a single client (e.g., a corporation) can access this cloud, based on their specific needs." + newLine + " - The security level is higher than that of a public cloud since access is restricted." + newLine + " - The owner of the private cloud has full control over the resources and their usage." + newLine + " - An example of a private cloud is internal servers within a corporation’s premises." + newLine + newLine + bigText(highlightTextPurple(" Hybrid Cloud:")) + newLine + " - A hybrid cloud combines elements of both public and private clouds." + newLine + " - This model can include multiple cloud servers, some public and some private." + newLine + " - Workload distribution is flexible, with computing happening on either internal or external servers." + newLine + " - Non-critical workloads may be handled by the public cloud, while sensitive or critical operations are managed by the private cloud."});
    }

    private static ExplanationPartModel s76_2() {
        return new ExplanationPartModel("Cloud Service Models", new String[]{bigText(highlightTextPurple(" Infrastructure as a Service (IaaS)")) + newLine + " - IaaS focuses on providing the essential infrastructure needed to host a cloud, including physical or virtual servers." + newLine + " - The cloud provider offers APIs, storage, and network resources necessary to run an IT platform." + newLine + " - Clients can select the infrastructure according to their requirements." + newLine + " - This service is cost-effective, as it follows a subscription-based model, meaning clients pay only for the services they use." + newLine + " - IaaS is beneficial for businesses of all sizes—small, medium, or large." + newLine + newLine + bigText(highlightTextPurple(" Platform as a Service (PaaS)")) + newLine + " - In the PaaS model, cloud providers offer a complete software stack along with the required infrastructure." + newLine + " - This platform allows clients to perform development work using the software hosted on the provider’s systems." + newLine + " - Clients can develop web applications tailored to their business needs and choose features that suit their requirements." + newLine + " - PaaS is especially useful for companies with a global presence, as developers across various locations can collaborate." + newLine + " - An example of PaaS could be an e-commerce website's payment system, which could be hosted on a remote banking merchant server to securely handle sensitive data." + newLine + newLine + bigText(highlightTextPurple(" Software as a Service (SaaS)")) + newLine + " - SaaS is one of the most common forms of cloud computing." + newLine + " - This model involves delivering software applications over the internet." + newLine + " - The software is hosted by the cloud provider, and clients can access it via the internet."});
    }

    private static ExplanationPartModel s77_1() {
        return new ExplanationPartModel("Security", new String[]{" A defense-in-depth strategy should be implemented to secure the cloud architecture." + newLine + newLine + " At the application level, a proper Software Development Life Cycle (SDLC) should be followed, and using a web application firewall (WAF) is highly recommended." + newLine + newLine + " At the information level, implementing encryption, key management, and access control lists (ACLs) can safeguard data." + newLine + newLine + " At the management level, it’s essential to conduct regular patch management, configuration management, and monitoring." + newLine + newLine + " Multiple layers of defense across the cloud environment will enhance security." + newLine + newLine + " Other critical measures include load balancing, disaster recovery planning, and ensuring strong Quality of Service (QoS) and Service Level Agreements (SLAs) with cloud providers." + newLine + newLine + " Implementing strong key encryption, logging and auditing, and robust authentication and authorization mechanisms are key to securing cloud services." + newLine + newLine + " Strong security policies for users, regular vulnerability and risk assessments, and an incident detection and response system are crucial."});
    }

    private static ExplanationPartModel s77_2() {
        return new ExplanationPartModel("Security Issues", new String[]{bigText(highlightTextPurple("Data Loss:")) + newLine + " - Data loss, also referred to as data leakage, is a major concern in cloud computing." + newLine + " - Since data is managed by third parties, any security breach may expose sensitive information to unauthorized parties." + newLine + newLine + bigText(highlightTextPurple("Hacker Interference and Insecure APIs:")) + newLine + " - Cloud services communicate over the internet using APIs, making them vulnerable to hacker interference if not properly protected." + newLine + " - Publicly available services may expose vulnerabilities that hackers can exploit, putting the data at risk." + newLine + newLine + bigText(highlightTextPurple("User Account Hijacking:")) + newLine + " - Account hijacking is a serious threat where hackers gain unauthorized access to a user or organization’s account and can perform malicious activities." + newLine + newLine + bigText(highlightTextPurple("Changing Service Providers (Vendor Lock-In):")) + newLine + " - Transitioning from one cloud provider to another can be difficult due to differences in services, technologies, and pricing models." + newLine + " - Data migration issues and potential cost differences complicate switching providers." + newLine + newLine + bigText(highlightTextPurple("Lack of Skilled Personnel:")) + newLine + " - Cloud computing requires skilled professionals to manage services and migration processes, which can be challenging for organizations without the right expertise." + newLine + newLine + bigText(highlightTextPurple("Denial of Service (DoS) Attacks:")) + newLine + " - DoS attacks flood systems with excessive traffic, causing them to become unresponsive." + newLine + " - These attacks can result in data loss and require substantial resources to recover." + newLine + newLine + bigText(highlightTextPurple("Shared Resources:")) + newLine + " - Cloud environments rely on shared infrastructure. If one customer’s data is compromised, other customers on the same infrastructure may also be affected, risking breaches in confidentiality and integrity.\n" + newLine + newLine + bigText(highlightTextPurple("Compliance and Legal Issues:")) + newLine + " - Different regions and industries have specific regulatory requirements for data storage and handling." + newLine + " - Ensuring compliance in a cloud environment, especially across multiple jurisdictions, can be complex." + newLine + newLine + bigText(highlightTextPurple("Data Encryption:")) + newLine + " - Data encryption is essential to prevent unauthorized access, particularly for data at rest." + newLine + " - While data in transit is often encrypted, ensuring that stored data is also encrypted is critical." + newLine + newLine + bigText(highlightTextPurple("Insider Threats:")) + newLine + " - Employees or service providers with privileged access to cloud systems may misuse their privileges, intentionally or unintentionally causing security breaches." + newLine + " - Strong access controls and monitoring are necessary to mitigate these threats." + newLine + newLine + bigText(highlightTextPurple("Data Location and Sovereignty:")) + newLine + " - It’s important to know where your data is stored physically, as this impacts compliance with data protection laws and regulations." + newLine + " - Cloud providers may store data in various global locations, raising concerns about who has access to it." + newLine + newLine + bigText(highlightTextPurple("Loss of Control:")) + newLine + " - Using cloud services means entrusting third parties with your data and applications, resulting in a loss of direct control." + newLine + " - This can lead to concerns about data ownership, access, and availability." + newLine + newLine + bigText(highlightTextPurple("Incident Response and Forensics:")) + newLine + " - Investigating security incidents in the cloud can be challenging due to the shared nature of cloud services." + newLine + " - Understanding the cause of an incident and identifying responsible parties requires careful analysis." + newLine + newLine + bigText(highlightTextPurple("Data Backup and Recovery:")) + newLine + " - Relying on cloud providers for backup and recovery can pose risks, especially during outages or data loss incidents." + newLine + " - Organizations must have a strong backup and recovery plan in place to ensure data availability." + newLine + newLine + bigText(highlightTextPurple("Vendor Security Practices:")) + newLine + " - Cloud service providers vary in their security practices, so it’s important to assess their security measures and certifications to ensure they align with your organization’s needs." + newLine + newLine + bigText(highlightTextPurple("IoT Devices and Edge Computing:")) + newLine + " - The rise of IoT devices and edge computing increases the attack surface." + newLine + " - These devices often lack robust security controls and may be targeted to gain unauthorized access to cloud resources." + newLine + newLine + bigText(highlightTextPurple("Social Engineering and Phishing:")) + newLine + " - Attackers may use social engineering tactics to trick users or cloud providers into revealing sensitive information or granting unauthorized access." + newLine + newLine + bigText(highlightTextPurple("Inadequate Security Monitoring:")) + newLine + " - Without proper monitoring and alerting systems, detecting and responding to security incidents promptly is difficult." + newLine + " - Regular monitoring is essential for timely threat detection and response."});
    }

    private static ExplanationPartModel s78_1() {
        return new ExplanationPartModel("Benefits,Threats and Attacks", new String[]{bigText(highlightTextPurple("Economical Benefits:")) + newLine + newLine + highlightText("  1. Reduced Infrastructure Costs") + newLine + "- Cloud computing significantly lowers the need for physical infrastructure investments." + newLine + newLine + highlightText("  2. Lower Maintenance Costs ") + newLine + "- With cloud providers managing the infrastructure, businesses can reduce the costs of maintaining physical servers and hardware." + newLine + newLine + highlightText("  3. Lower Total Ownership Cost ") + newLine + "- Companies don’t need to purchase hardware and software, resulting in lower overall ownership costs." + newLine + newLine + highlightText("  4. Fewer Capital Expenditures ") + newLine + "- With cloud services, businesses can avoid heavy upfront costs for IT infrastructure, paying instead for what they use on a subscription basis." + newLine + newLine + bigText(highlightTextPurple("Operational Benefits")) + newLine + newLine + highlightText(" 1. Flexibility ") + newLine + "- Cloud computing allows businesses to easily scale resources up or down as needed." + newLine + newLine + highlightText(" 2. Resilience") + newLine + "- Cloud providers offer high availability, ensuring that systems remain operational even in the event of a failure." + newLine + newLine + highlightText(" 3. Efficiency") + newLine + "- Cloud services optimize resource use and ensure businesses can quickly meet demands." + newLine + newLine + highlightText(" 4. Backup and Disaster Recovery ") + newLine + "- Cloud solutions often include built-in backup and recovery options, reducing the risk of data loss." + newLine + newLine + highlightText(" 5. Automatic Updates ") + newLine + "- Cloud services handle updates automatically, ensuring that systems are always running on the latest software without manual intervention." + newLine + newLine + highlightText(" 6. Scalability ") + newLine + "- Cloud services can dynamically scale resources based on demand, which is especially useful for businesses with fluctuating workloads." + newLine + newLine + highlightText(" 7. Rapid Application Deployment ") + newLine + "- Applications can be deployed quickly, reducing time-to-market for new services or products." + newLine + newLine + bigText(highlightTextPurple("Staffing Benefits")) + newLine + newLine + highlightText(" 1. Reduced Staffing Requirements ") + newLine + "- Cloud computing can reduce the need for large in-house IT teams, as the cloud provider manages much of the infrastructure." + newLine + newLine + highlightText(" 2. Less Staff Training ") + newLine + "- With cloud services, less in-depth training is required, as providers manage most of the technical aspects." + newLine + newLine + highlightText(" 3. Resource Sharing ") + newLine + "- Cloud environments enable sharing of resources, which leads to cost savings and efficiency." + newLine + newLine + bigText(highlightTextPurple("Security Benefits:")) + newLine + newLine + highlightText(" 1. Automatic Patch Application and Updates: - ") + newLine + "Cloud providers handle patch management and software updates automatically, reducing the burden on internal teams." + newLine + newLine + highlightText(" 2. Lower Security Configuration Costs: - ") + newLine + "Cloud services often come with built-in security features, reducing the need for businesses to invest heavily in security configurations." + newLine + newLine + highlightText(" 3. Rapid Response to Security Breaches: - ") + newLine + "Cloud providers typically have dedicated security teams that can respond quickly to any threats or breaches." + newLine + newLine + highlightText(" 4. Improved Disaster Recovery: - ") + newLine + "Cloud platforms offer enhanced disaster recovery options, ensuring business continuity in the event of data loss." + newLine + newLine + highlightText(" 5. Audit and Monitoring: - ") + newLine + "Cloud providers typically handle security auditing and monitoring, reducing the need for internal teams to manage these tasks." + newLine + newLine + highlightText(" 6. Better Security Management: - ") + newLine + "Cloud services offer centralized security management, streamlining processes and ensuring better protection for data and resources."});
    }

    private static ExplanationPartModel s78_2() {
        return new ExplanationPartModel("Threats and Attacks", new String[]{bigText(highlightTextPurple(" 1. Deletion without Backup:")) + newLine + "- Accidental or malicious deletion of data without proper backups can result in permanent data loss." + newLine + newLine + bigText(highlightTextPurple(" 2. Data Breach:")) + newLine + "- Unauthorized access to sensitive data, which can lead to exposure of private information." + newLine + newLine + bigText(highlightTextPurple(" 3. Hardware Failures:")) + newLine + "- Cloud services depend on physical servers, and any failure in the hardware could cause service disruptions." + newLine + newLine + bigText(highlightTextPurple(" 4. Natural Disasters:")) + newLine + "- Events like earthquakes, floods, or fires can affect data centers, leading to potential data loss or service outages." + newLine + newLine + bigText(highlightTextPurple(" 5. Authentication Attacks:")) + newLine + "- Attackers may attempt to bypass authentication mechanisms to gain unauthorized access to cloud services." + newLine + newLine + bigText(highlightTextPurple(" 6. VM (Virtual Machine) Level Attacks:")) + newLine + "- Attacks targeting virtualized environments can compromise the entire VM and potentially affect multiple clients." + newLine + newLine + bigText(highlightTextPurple(" 7. Malicious Insiders:")) + newLine + "- Employees or contractors with access to the cloud infrastructure can intentionally cause harm or steal data." + newLine + newLine + bigText(highlightTextPurple(" 8. Unknown Risk Profile:")) + newLine + "- Cloud service providers may not disclose all potential risks, leaving clients unaware of certain vulnerabilities." + newLine + newLine + bigText(highlightTextPurple(" 9. Vulnerable Co-existents:")) + newLine + "- Other clients on the same cloud infrastructure may introduce risks. If their data is compromised, it might affect the overall environment." + newLine + newLine + bigText(highlightTextPurple(" 10. Compliance Risks:")) + newLine + "- Cloud services may not comply with industry-specific regulations or standards, resulting in legal and compliance issues for businesses." + newLine + newLine + bigText(highlightTextPurple(" 11. E-Discovery Challenges Across Borders:")) + newLine + "- Legal challenges in retrieving data across different jurisdictions, especially when dealing with international cloud providers." + newLine + newLine + bigText(highlightTextPurple(" 12. Loss of the Encoding Key:")) + newLine + "- In cloud encryption, losing the key to decrypt data can result in permanent data loss or inaccessibility." + newLine + newLine + bigText(highlightTextPurple(" 13. Unauthorized Access:")) + newLine + "- Attackers might exploit weak security controls to access cloud resources without proper authorization." + newLine + newLine + bigText(highlightTextPurple(" 14. Account, Service & Traffic Hijacking:")) + newLine + "- Attackers may hijack accounts, cloud services, or data traffic, leading to unauthorized actions and disruptions." + newLine + newLine + bigText(highlightTextPurple(" 15. Man-in-the-Middle (MITM) Attacks:")) + newLine + "- Interception of communication between the cloud service and the user, which can allow attackers to eavesdrop or alter data." + newLine + newLine + bigText(highlightTextPurple(" 16. Denial-of-Service (DoS) Attacks:")) + newLine + "- Overloading cloud services with traffic to make them unavailable to legitimate users." + newLine + newLine + bigText(highlightTextPurple(" 17. Cloud Service Provider Bankruptcy:")) + newLine + "- A provider may go out of business, causing customers to lose access to their data or services." + newLine + newLine + bigText(highlightTextPurple(" 18. Data Hostage by Cloud Provider:")) + newLine + "- If a dispute arises with a cloud provider, they might hold your data hostage, making it difficult to access." + newLine + newLine + bigText(highlightTextPurple(" 19. Separation of Private Data:")) + newLine + "- It's essential to ensure that a company's private data is isolated from other clients to prevent potential vulnerabilities from affecting the whole environment." + newLine + newLine + bigText(highlightTextPurple(" 20. Cross-Border Data Transfer:")) + newLine + "- Transferring data across borders can complicate legal issues, potentially exposing private information to additional vulnerabilities." + newLine + newLine + bigText(highlightTextPurple(" 21. SQL Injection Attacks:")) + newLine + "- Attackers exploit vulnerabilities in web applications to inject malicious SQL code and gain unauthorized access to databases." + newLine + newLine + bigText(highlightTextPurple(" 22. Cross-Site Scripting (XSS):")) + newLine + "- Attackers inject malicious scripts into web applications, which can be executed by unsuspecting users." + newLine + newLine + bigText(highlightTextPurple(" 23. Cryptanalysis Attacks:")) + newLine + "- These attacks target the encryption used by cloud services, attempting to break the encryption and access the data." + newLine + newLine + bigText(highlightTextPurple(" 24. Side-Channel Attacks:")) + newLine + "- Attackers exploit physical and electronic characteristics of a system (e.g., power consumption or electromagnetic emissions) to gather secret information." + newLine + newLine + bigText(highlightTextPurple(" 25. Social Engineering Attacks:")) + newLine + "- Attackers manipulate or deceive individuals into disclosing sensitive information or performing actions that compromise security." + newLine + newLine + bigText(highlightTextPurple(" 26. DNS Attacks:")) + newLine + "- Attacks targeting the Domain Name System (DNS), redirecting users to malicious sites or disrupting services."});
    }

    private static ExplanationPartModel s79_1() {
        return new ExplanationPartModel("Cloud Computing Architecture", new String[]{" The architecture of cloud computing is a combination of both SOA (Service Oriented Architecture) and EDA (Event Driven Architecture).The cloud architecture is generally divided into two sections:" + newLine + newLine + "The key components of cloud computing architecture include client infrastructure, applications, services, runtime cloud, storage, infrastructure, management, and security.The cloud architecture is generally divided into two sections:" + newLine + newLine + "The cloud architecture is generally divided into two sections:" + newLine + newLine + bigText(highlightTextPurple("1. Frontend")) + newLine + " - The frontend of cloud architecture refers to the client-side part of the cloud computing system. - It encompasses all user interfaces and applications that clients use to access cloud services or resources. - For example, a web browser used to interact with a cloud platform." + newLine + newLine + bigText(highlightTextPurple("2. Backend")) + newLine + " - The backend refers to the cloud infrastructure that is managed by the service provider. - It holds the resources, manages them, and enforces security measures. - Additionally, it involves large-scale storage, virtual machines, traffic control mechanisms, deployment models, and more."});
    }

    private static ExplanationPartModel s79_2() {
        return new ExplanationPartModel("Components and Benefits of Cloud Computing Architecture", new String[]{bigText(highlightTextPurple("Components of Cloud Computing Architecture")) + newLine + newLine + highlightText("Client Infrastructure") + newLine + "- Part of the frontend, this refers to the user interfaces and applications necessary to access the cloud platform. In other words, it provides a graphical interface for user interaction with the cloud." + newLine + newLine + highlightText("Application") + newLine + "- A backend component that refers to the software or platform provided to the client. This is where services are delivered according to the client's needs." + newLine + newLine + highlightText("Service") + newLine + "- Refers to the major cloud service types (SaaS, PaaS, IaaS) and manages which services are accessed by the user." + newLine + newLine + highlightText("Runtime Cloud") + newLine + "- This backend component offers the execution environment or platform for virtual machines." + newLine + newLine + highlightText("Storage") + newLine + "- Provides scalable and flexible storage services, along with managing stored data." + newLine + newLine + highlightText("Infrastructure") + newLine + "- Refers to the hardware and software components, including servers, storage, networking devices, and virtualization software." + newLine + newLine + highlightText("Management") + newLine + "- Involves overseeing backend components like applications, services, runtime clouds, storage, infrastructure, and security systems." + newLine + newLine + highlightText("Security") + newLine + "- This backend element ensures the implementation of security mechanisms to protect cloud resources, systems, and infrastructure from unauthorized access." + newLine + newLine + highlightText("Internet") + newLine + "- Serves as the bridge between the frontend and backend, enabling communication and interaction between the two." + newLine + newLine + highlightText("Database") + newLine + "- Provides storage for structured data in the backend, such as SQL and NoSQL databases (e.g., Amazon RDS, Microsoft Azure SQL Database, Google Cloud SQL)." + newLine + newLine + highlightText("Networking") + newLine + "- Provides networking infrastructure for applications in the cloud, including load balancing, DNS, and virtual private networks." + newLine + newLine + highlightText("Analytics") + newLine + "- Offers analytical capabilities in the cloud, such as data warehousing, business intelligence, and machine learning." + newLine + newLine + bigText(highlightTextPurple("Benefits of Cloud Computing Architecture")) + newLine + " - Simplifies the overall cloud computing system." + newLine + " - Enhances data processing capabilities." + newLine + " - Increases security." + newLine + " - Facilitates modularization." + newLine + " - Improves disaster recovery." + newLine + " - Enhances user accessibility." + newLine + " - Reduces IT operational expenses." + newLine + " - Delivers higher reliability." + newLine + " - Provides scalability."});
    }

    private static ExplanationPartModel s7_1() {
        return new ExplanationPartModel("Definition and Purpose", new String[]{"Footprinting refers to the process of collecting detailed information about a target system or organization from publicly available resources. The purpose of footprinting is to understand the target's infrastructure, identify potential security risks, and gather data that could be useful for further testing and exploitation.", newLine + newLine + highlightTextPurple(" Definition  ") + newLine + "- Footprinting is the reconnaissance phase in ethical hacking, where hackers gather information such as domain names, IP addresses, network structure, software versions, and other publicly available data.", newLine + newLine + highlightTextPurple(" Purpose  ") + newLine + "- The main goal is to map out the target's security posture, identify potential entry points, and plan the ethical hacking process accordingly. This information helps ethical hackers find vulnerabilities that could be exploited by malicious actors."});
    }

    private static ExplanationPartModel s7_2() {
        return new ExplanationPartModel("Types of Footprinting", new String[]{"Footprinting can be performed using two different approaches: " + highlightText("Active and Passive"), newLine + newLine + bigText(highlightTextPurple("Active Footprinting")) + newLine + newLine + highlightText(" Description  ") + newLine + " - The hacker directly interacts with the target systems. It involves sending queries or probing the target's servers, networks, and other systems to gather detailed information.", newLine + newLine + highlightText(" Tools and Techniques  ") + newLine + "1. Network Scanners (e.g., Nmap, Nessus)" + newLine + "2. DNS Queries" + newLine + "3. Ping Sweeps", newLine + newLine + highlightText(" Advantages  ") + newLine + "- Provides a large amount of detailed information and is more likely to yield precise results.", newLine + newLine + highlightText(" Disadvantages  ") + newLine + "- It can alert the target, as the activities are easily detectable through logs or monitoring systems.", newLine + newLine + bigText(highlightTextPurple("Passive  Footprinting")) + newLine + newLine + highlightText("  Description  ") + newLine + "- Passive footprinting involves collecting information without directly interacting with the target systems. This method relies on gathering publicly available data without triggering alerts or notifications.", newLine + newLine + highlightText("  Tools and Techniques  ") + newLine + "1. WHOIS Databases" + newLine + "2. Social Media Platforms" + newLine + "3. Public Search Engines" + newLine + "4. DNS Records (by querying public DNS servers)", newLine + newLine + highlightText("  Advantages  ") + newLine + "- No risk of detection or triggering any defensive mechanisms, as it only uses data already made available to the public.", newLine + newLine + highlightText("  Disadvantages  ") + newLine + "- May not provide as much detailed or precise information as active footprinting."});
    }

    private static ExplanationPartModel s7_3() {
        return new ExplanationPartModel("Importance in the Ethical Hacking Process", new String[]{highlightTextPurple(" Understanding the Target ") + newLine + "- It helps ethical hackers gain a comprehensive understanding of the target's network and systems. This knowledge forms the basis for the entire penetration testing process.", newLine + newLine + highlightTextPurple(" Identifying Vulnerabilities ") + newLine + "- By collecting information, ethical hackers can spot potential vulnerabilities such as outdated software, exposed services, or misconfigured systems.", newLine + newLine + highlightTextPurple(" Minimizing Risk ") + newLine + "- Footprinting allows the hacker to choose attack methods that are more likely to succeed, reducing the chances of causing damage or alerting the target prematurely.", newLine + newLine + highlightTextPurple(" Developing an Attack Plan ") + newLine + "- Accurate footprinting provides insights that help ethical hackers design an effective and efficient testing strategy, ensuring the most critical vulnerabilities are prioritized."});
    }

    private static ExplanationPartModel s80_1() {
        return new ExplanationPartModel("Introduction to Mobile Platforms", new String[]{"Mobile devices have become an essential part of daily life." + newLine + newLine + "Attackers can easily compromise mobile networks due to various vulnerabilities, with most attacks occurring because of untrusted apps." + newLine + newLine + "SMS is another method attackers use to gain access to mobile devices by sending phishing or spam messages to users." + newLine + newLine + bigText(highlightTextPurple("Common Mobile Operating Systems")) + newLine + space(5) + " 1. Android" + newLine + space(5) + " 2. iOS" + newLine + space(5) + " 3. Windows" + newLine + space(5) + " 4. Blackberry"});
    }

    private static ExplanationPartModel s80_2() {
        return new ExplanationPartModel("Android", new String[]{"Android holds a significant share of the global mobile market due to its user-friendliness." + newLine + newLine + "It operates on a Linux-based OS and uses the Dalvik virtual machine to run Java files by converting them into .dvk files for faster performance." + newLine + newLine + "Android leverages native libraries and modules for various functions." + newLine + newLine + "Applications communicate with each other via messages called intents." + newLine + newLine + bigText(highlightTextPurple("Key Android Components:")) + newLine + newLine + highlightText("1. Applications") + newLine + "- Home, Browser, Monitor Application, Confirmation Screen, etc." + newLine + newLine + highlightText("2. Application Framework") + newLine + "- Activity Manager, Window Manager, Content Providers, View System, Package Manager, Telephony Manager, Resource Manager, Location Manager, Notification Manager." + newLine + newLine + highlightText("3. Libraries") + newLine + "- Surface Manager, Media Framework, SQLite, OpenGL ES, FreeType, WebKit, SGL, SSL, libc." + newLine + newLine + highlightText("4. Android Runtime") + newLine + "- Core Libraries, Dalvik Virtual Machine." + newLine + newLine + highlightText("5. Linux Kernel") + newLine + "- Display Driver, Keypad Driver, Camera Driver, Wi-Fi Driver, Flash Memory Driver, Audio Drivers, Binder (IPC) Driver, Power Management.  "});
    }

    private static ExplanationPartModel s80_3() {
        return new ExplanationPartModel("ios", new String[]{"iOS uses proprietary software, making it more secure than open-source operating systems. However, this also limits its vulnerability to attacks." + newLine + newLine + bigText(highlightTextPurple("Jailbreaking")) + newLine + newLine + " - Jailbreaking allows users to bypass restrictions, gaining administrative privileges and enabling the download of third-party applications or extensions." + newLine + " - However, jailbreaking may void the device’s warranty, lead to malware infections, and cause performance issues." + newLine + " - There are three types of jailbreaking:" + newLine + newLine + highlightText("1. Tethered Jailbreaking") + newLine + "- After jailbreaking, the device loses the patched kernel and may become partially nonfunctional, requiring re-jailbreaking with the same computer each time it restarts." + newLine + newLine + highlightText("2. Semi-tethered Jailbreaking") + newLine + "- After restarting, the device is no longer jailbroken but can still be used normally until re-jailbroken." + newLine + newLine + highlightText("3. Untethered Jailbreaking") + newLine + "- Once jailbroken, the device remains jailbroken even after a reboot, with the kernel fully patched."});
    }

    private static ExplanationPartModel s81_1() {
        return new ExplanationPartModel("Types of Android Attacks :- Untrusted APK’s,SMS,Email", new String[]{bigText(highlightTextPurple(" Untrusted APK’s")) + newLine + " - Attackers often trick users into downloading applications from untrusted or unofficial sources." + newLine + " - These APK files may contain malicious software, granting attackers remote access to the mobile device once the APK is installed by the user." + newLine + newLine + bigText(highlightTextPurple(" SMS")) + newLine + " - Users may receive suspicious SMS messages promising large rewards or bounties." + newLine + " - Clicking on links in such messages can redirect users to malicious websites, compromising sensitive information or leading to financial losses." + newLine + newLine + bigText(highlightTextPurple(" Email")) + newLine + " - Phishing emails can redirect users to harmful websites, putting their personal details at risk." + newLine + " - Spam emails can steal sensitive information by tricking users into providing it."});
    }

    private static ExplanationPartModel s81_2() {
        return new ExplanationPartModel("Types of Android Attacks :- Spying,App sandboxing issues,Rooting", new String[]{bigText(highlightTextPurple(" Spying")) + newLine + " - Certain applications may secretly spy on users and send sensitive data back to remote attackers without the user’s knowledge." + newLine + newLine + bigText(highlightTextPurple(" App sandboxing issues")) + newLine + " - Sandboxing is the process of testing an app in a controlled environment to detect and protect against potential threats." + newLine + " - If there are issues with sandboxing, malicious apps may bypass this protection, potentially causing harm to the device." + newLine + newLine + bigText(highlightTextPurple(" Rooting")) + newLine + " - Rooting is the process of gaining administrative privileges to increase the speed and performance of an Android device." + newLine + " - However, this action is not recommended by Android authorities." + newLine + " - Rooting a device can void its warranty and open the door for malware infections, as it allows attackers to take remote control of the device."});
    }

    private static ExplanationPartModel s82_1() {
        return new ExplanationPartModel("Define Mobile Device Management", new String[]{" - In the age of BYOD (Bring Your Own Device) policies, where employees are permitted to use their personal devices on the corporate network, there are numerous benefits as well as challenges." + newLine + newLine + " - Companies can reduce their infrastructure expenses." + newLine + newLine + " - It can boost work efficiency." + newLine + newLine + " - MDM (Mobile Device Management) software is a tool that monitors and oversees the BYOD devices." + newLine + newLine + " - These platforms enforce various security protocols that the devices must adhere to." + newLine + newLine + " - MDMs track and report any suspicious or harmful activities from BYOD devices within the corporate network." + newLine + newLine + " - It also assists administrators in deploying and maintaining different applications across all devices." + newLine + newLine + " - MDM software aids administrators in implementing various policies to ensure business continuity, security, configuration management over the air, software distribution, and more."});
    }

    private static ExplanationPartModel s82_2() {
        return new ExplanationPartModel("There are still several drawbacks:", new String[]{" - The potential for personal data to mix with corporate data." + newLine + newLine + " - If compromised devices are connected to corporate networks, it could jeopardize the security of the entire network." + newLine + newLine + " - Corporates may struggle to monitor all the downloads and app installations employees are making on their personal devices." + newLine + newLine + " - The risk of data leakage." + newLine + newLine + " - The threat posed by stolen devices." + newLine + newLine + " - Disgruntled employees might cause significant harm." + newLine + newLine + " - There is always the risk of information theft, fraud, espionage, and other security breaches."});
    }

    private static ExplanationPartModel s82_3() {
        return new ExplanationPartModel("An administrator must:", new String[]{" - Develop robust security policies." + newLine + newLine + " - Implement complex password requirements." + newLine + newLine + " - Regularly update antivirus software." + newLine + newLine + " - Define and publish enterprise cloud policies." + newLine + newLine + " - Set session timeouts via the network gateway."});
    }

    private static ExplanationPartModel s83_1() {
        return new ExplanationPartModel("Define Cryptography", new String[]{"Cryptography is the study and application of methods for secure communication in the presence of third parties, known as adversaries." + newLine + newLine + " It involves creating and assessing protocols that prevent malicious third parties from obtaining information exchanged between two parties, thus ensuring various aspects of information security." + newLine + newLine + " Secure Communication refers to the situation where the message or data exchanged between two parties cannot be accessed by an adversary." + newLine + newLine + " In Cryptography, an adversary is a harmful entity aiming to access valuable information or data, thus compromising the principles of information security." + newLine + newLine + " Data Confidentiality, Data Integrity, Authentication, and Non-repudiation are key principles of contemporary cryptography." + newLine + newLine + " Confidentiality refers to specific rules and regulations typically enforced under confidentiality agreements to ensure that information is restricted to authorized individuals or locations." + newLine + newLine + " Data Integrity involves ensuring that the data remains accurate and consistent throughout its entire lifecycle." + newLine + newLine + " Authentication is the process of verifying that the data being claimed by the user actually belongs to them." + newLine + newLine + " Non-repudiation ensures that a person or party involved in a contract or communication cannot deny the authenticity of their signature on a document or the sending of a message." + newLine + newLine + bigText(highlightTextPurple("Features Of Cryptography")) + newLine + newLine + highlightText(" 1. Confidentiality ") + newLine + "- Information can only be accessed by the intended recipient, and no one else can retrieve it." + newLine + newLine + highlightText(" 2. Integrity ") + newLine + "- Information cannot be altered during storage or transmission between the sender and intended receiver without detecting any unauthorized changes." + newLine + newLine + highlightText(" 3. Non-repudiation ") + newLine + "- The sender or creator of the information cannot deny their intention to transmit it at a later time." + newLine + newLine + highlightText(" 4. Authentication ") + newLine + "- The identities of both the sender and receiver are verified. The source and destination of the information are also confirmed." + newLine + newLine + highlightText(" 5. Interoperability ") + newLine + "- Cryptography enables secure communication across different systems and platforms." + newLine + newLine + highlightText(" 6. Adaptability ") + newLine + "- Cryptography evolves continuously to counteract emerging security threats and keep pace with technological advancements." + newLine + newLine + bigText(highlightTextPurple("Limitations of Cryptography")) + newLine + " - Cryptography heavily relies on Key Management." + newLine + " - If the keys (public and private) are lost or stolen, your sensitive data may no longer be secure." + newLine + " - Therefore, keeping track of keys is crucial." + newLine + " - Human Error is also a potential risk." + newLine + " - Since cryptography depends on people using it correctly, mistakes by developers in its setup or use can create vulnerabilities that attackers might exploit." + newLine + " - Managing cryptographic resources can also be challenging." + newLine + " - Encrypting and decrypting messages requires computational power and time." + newLine + " - Encrypting large amounts of data can slow down processes." + newLine + " - Even if the cryptography itself is strong, its implementation can be vulnerable." + newLine + " - Improper implementation in software or systems can leave openings for attackers." + newLine + " - This means cryptographic systems must be carefully designed and rigorously tested." + newLine + " - Cryptography doesn't protect against all types of threats." + newLine + " - While it's an excellent method to protect data in transit or at rest, it cannot safeguard against every threat." + newLine + " - For example, it cannot prevent someone from stealing your password or accessing your device when it's unlocked."});
    }

    private static ExplanationPartModel s83_2() {
        return new ExplanationPartModel("Benefits of Cryptography ", new String[]{bigText(highlightTextPurple("Confidentiality")) + newLine + " - Cryptography is valuable for keeping our messages and data private." + newLine + " - It transforms the original data into an encoded format so only the intended recipient can interpret it." + newLine + " - For instance, if you're discussing your project with a colleague via a messaging app, you definitely want to keep the conversation private and protected from third parties or hackers." + newLine + " - Cryptography helps by converting the message into a secret code, ensuring that only you and your colleague can understand it." + newLine + newLine + bigText(highlightTextPurple("Security")) + newLine + " - With cryptography, we can safeguard our data from being altered or tampered with by unauthorized entities." + newLine + " - Cryptography acts like a secure vault." + newLine + " - It ensures that our sensitive information stays protected from intruders and hackers." + newLine + " - Even if someone attempts to read or change your data, cryptography makes it extremely difficult for them to do so without the correct key." + newLine + newLine + bigText(highlightTextPurple("Authentication")) + newLine + " - Cryptography is also essential in confirming that a message truly comes from an authorized sender, ensuring it's not fraudulent or spam." + newLine + " - When you receive a message, it's crucial to verify that it's genuinely from the authorized person." + newLine + " - Cryptography provides an additional layer of security by marking messages to prove the sender's authenticity." + newLine + " - It's like a secret handshake that only you and your colleague know." + newLine + newLine + bigText(highlightTextPurple("Integrity")) + newLine + " - Cryptography ensures that data cannot be altered without proper authorization, thereby enhancing reliability." + newLine + " - It guarantees that the message you receive is exactly the same as the one sent, without any modifications during transmission." + newLine + " - This helps you trust the information you receive."});
    }

    private static ExplanationPartModel s83_3() {
        return new ExplanationPartModel("Drawbacks of Cryptography", new String[]{" Strictly encrypted, authenticated, and digitally signed information can become difficult to access, even for legitimate users, during critical decision-making moments if the system is compromised by an attacker who disables the network." + newLine + newLine + " Encryption alone cannot guarantee high availability, which is a crucial aspect of information security." + newLine + newLine + " Additional strategies are necessary to defend against threats like denial of service attacks or complete system outages." + newLine + newLine + " Another important consideration for information security is access control, which cannot rely solely on cryptography." + newLine + newLine + " Likewise, businesses must develop and enforce clear policies and procedures." + newLine + newLine + " Cryptography does not protect against vulnerabilities and threats that arise from improper policies, procedures, or management." + newLine + newLine + " These risks can be mitigated by implementing the right policies and backup systems." + newLine + newLine + " Cryptography can be costly." + newLine + newLine + " It incurs significant time and financial investments." + newLine + newLine + " Introducing cryptographic techniques into information processing can lead to delays in operations." + newLine + newLine + " Deploying public key cryptography requires the establishment and maintenance of a public key infrastructure, which can be expensive." + newLine + newLine + " The strength of a cryptographic method is based on the computational complexity of the mathematical problems it relies on." + newLine + newLine + " Any advancements in solving these problems or increases in computing power can potentially weaken encryption methods."});
    }

    private static ExplanationPartModel s84_1() {
        return new ExplanationPartModel("Classical Cryptography", new String[]{bigText(highlightTextPurple(" 1. Hieroglyphic Cryptography:")) + newLine + " - The earliest recorded use of cryptography dates back to around 1900 BCE, during Egypt’s Old Kingdom, in the form of non-standard hieroglyphs." + newLine + " - Hieroglyphs were a secret mode of communication used by the Egyptians to exchange messages." + newLine + " - This encrypted text was only understood by the king’s scribes, who would transmit messages on the king's behalf." + newLine + newLine + bigText(highlightTextPurple(" 2. Caesar Cipher:")) + newLine + " - The ancient Greeks were well-known for their use of ciphers." + newLine + " - The Caesar Cipher, also called the Shift Cipher, is one of the oldest and simplest cryptographic techniques." + newLine + " - It’s a form of Substitution Cipher where each letter in a word is replaced by a set number of positions in the alphabet." + newLine + " - For instance, with a shift of 3, A becomes D, B becomes E, and so on. ex. x->a y->b z->c a->d b->e c->f d->g e->h f->i" + newLine + newLine + bigText(highlightTextPurple(" 3. Vigenère Cipher:")) + newLine + " - In the 16th century, Vigenère created a cipher where the encryption key is repeated to cover the entire message, and the ciphertext is produced by adding each message character with the corresponding key character, modulo 26." + newLine + " - While this approach was innovative, it was still vulnerable to attacks, with the security relying heavily on the secrecy of the encryption key." + newLine + newLine + bigText(highlightTextPurple(" 4. Hebern Rotating Machine:")) + newLine + " - In the early 19th century, Hebern developed the Hebern Rotating Machine." + newLine + " - This machine used a single rotor where the secret key was embedded within a rotating disc, which contained a substitution table." + newLine + " - Each key press on the keyboard resulted in the output of ciphertext." + newLine + " - This cipher could be broken by analyzing letter frequencies." + newLine + newLine + bigText(highlightTextPurple(" 5. Enigma Machine:")) + newLine + " - Cryptography played a crucial role in the success of the Allied forces during both World War I and World War II." + newLine + " - During World War II, electromechanical cipher machines became widely used." + newLine + " - One of the most famous stories from the war is the cracking of the German Enigma machine by the Allies." + newLine + " - Like all rotor machines, Enigma was a combination of electromechanical subsystems." + newLine + " - It consisted of three to five rotors." + newLine + " - When a key was pressed, one or more rotors would rotate, scrambling the letter and producing a new output." + newLine + " - The Enigma cipher was ultimately broken by the Polish cryptanalysts."});
    }

    private static ExplanationPartModel s84_2() {
        return new ExplanationPartModel("Applications Cryptography", new String[]{bigText(highlightTextPurple(" 1. Computer Passwords:")) + newLine + " - Cryptography plays a crucial role in computer security, particularly in the creation and management of passwords." + newLine + " - When a user logs in, their password is hashed and compared to the previously stored hash." + newLine + " - Passwords are hashed and encrypted before they are stored." + newLine + " - This process ensures that passwords are encrypted, so even if a hacker gains access to the password database, they won’t be able to read the passwords." + newLine + newLine + bigText(highlightTextPurple(" 2. Digital Currencies:")) + newLine + " - Cryptography is used to secure transactions and prevent fraud in digital currencies such as Bitcoin." + newLine + " - Complex algorithms and cryptographic keys are employed to protect transactions, making it virtually impossible to tamper with or counterfeit them." + newLine + newLine + bigText(highlightTextPurple(" 3. Secure Web Browsing:")) + newLine + " - Cryptography ensures online browsing security by protecting users from eavesdropping and man-in-the-middle attacks." + newLine + " - Public key cryptography is used in protocols like Secure Sockets Layer (SSL) and Transport Layer Security (TLS) to encrypt data transmitted between web servers and clients, establishing a secure communication channel." + newLine + newLine + bigText(highlightTextPurple(" 4. Electronic Signatures:")) + newLine + " - Electronic signatures are the digital counterpart of handwritten signatures and are used for signing documents." + newLine + " - Digital signatures are created using cryptography and can be validated using public key cryptography." + newLine + " - In many countries, electronic signatures are legally binding, and their use is growing rapidly." + newLine + newLine + bigText(highlightTextPurple(" 5. Authentication:")) + newLine + " - Cryptography is employed for authentication in various scenarios, such as logging into a computer, accessing a bank account, or connecting to a secure network." + newLine + " - Authentication protocols use cryptographic methods to verify the user's identity and ensure they have the appropriate access rights to a resource." + newLine + newLine + bigText(highlightTextPurple(" 6. Cryptocurrencies:")) + newLine + " - Cryptography is fundamental to cryptocurrencies like Bitcoin and Ethereum, where it is used to secure transactions, prevent fraud, and maintain the integrity of the network." + newLine + " - Complex cryptographic algorithms and keys safeguard transactions, making them extremely difficult to tamper with or forge." + newLine + newLine + bigText(highlightTextPurple(" 7. End-to-End Internet Encryption:")) + newLine + " - End-to-end encryption is employed to protect two-way communications, including video calls, instant messages, and emails." + newLine + " - This ensures that even if the message is intercepted, only the intended recipient can read it." + newLine + " - End-to-end encryption is commonly used in messaging apps like WhatsApp and Signal, offering users a high level of security and privacy."});
    }

    private static ExplanationPartModel s85_1() {
        return new ExplanationPartModel("Symmetric Key Cryptography", new String[]{" Symmetric key encryption, also known as private key cryptography, secret key cryptography, or single key encryption, uses the same key for both encryption and decryption processes." + newLine + newLine + " In these systems, all users must have access to the same private key." + newLine + newLine + " Private keys can be shared using techniques like Diffie-Hellman key agreement, or more commonly, through a secure key exchange method, such as a pre-established secure communication channel, like a private courier or a secured line." + newLine + newLine + " This means we can use the same key to lock and unlock messages." + newLine + newLine + " It’s similar to having a secret code that only you and your friend know." + newLine + newLine + " Symmetric key cryptography is simple and fast, with both parties sharing the key securely." + newLine + newLine + " Examples of symmetric cryptography include DES, Triple DES, Blowfish, and AES." + newLine + newLine + bigText(highlightTextPurple("Symmetric key algorithms are divided into two categories: ")) + newLine + newLine + highlightText(" 1. Block Cipher:") + " The algorithm operates on a fixed-size block of data. For example, it encrypts eight bytes of plaintext at a time when the block size is eight. If the data is larger than the block size, the encryption process repeats multiple times for the data." + newLine + newLine + highlightText(" 2. Stream Cipher:") + " These ciphers process data one bit (or byte) at a time, rather than in blocks. A stream cipher uses the key to generate a keystream, which is then XORed with the plaintext data."});
    }

    private static ExplanationPartModel s85_2() {
        return new ExplanationPartModel("Asymmetric Key Cryptography", new String[]{" In contrast to symmetric encryption, asymmetric cryptography uses two separate keys: one for encryption and another for decryption." + newLine + newLine + " These keys can be reused multiple times, and since they are used only once per message, they do not need to be kept secret." + newLine + newLine + " Public-key systems are the most common example of asymmetric key cryptography." + newLine + newLine + " In this method, two keys are used: a private key and a public key." + newLine + newLine + " Another name for these algorithms is public key algorithms (PKA)." + newLine + newLine + " Asymmetric cryptography is considered more secure than symmetric encryption because only the recipient's private key can decrypt the message, even though one of the keys (the public key) is available to everyone." + newLine + newLine + bigText(highlightTextPurple("Examples of asymmetric key cryptography include: ")) + newLine + newLine + highlightText("1. RSA (Rivest-Shamir-Adleman): ") + "One of the first widely used public-key cryptosystems, introduced in 1977 by its authors." + newLine + newLine + highlightText("2. Elliptic Curve Cryptography (ECC): ") + "A modern asymmetric encryption technique that uses elliptic curve algebraic structures to generate strong cryptographic keys."});
    }

    private static ExplanationPartModel s85_3() {
        return new ExplanationPartModel("Hash Functions", new String[]{" A hash function is a mathematical process that takes an input (such as text, numbers, or files) and converts it into a fixed-length string called a \"hash\"." + newLine + newLine + " You can think of a hash as a fingerprint for your data." + newLine + newLine + " Hash functions can process any amount of data but always output a fixed-length value." + newLine + newLine + " The resulting output is much smaller than the input data." + newLine + newLine + " For example, imagine you own a library with millions of books. You wouldn’t want to search through every page of every book to find a specific one. Instead, you’d use an index to connect unique page numbers (hashes) to book titles (data)." + newLine + newLine + " Hash functions work similarly by storing and retrieving data efficiently." + newLine + newLine + bigText(highlightTextPurple(" The following qualities define a good hash function: ")) + newLine + newLine + highlightText("1. Collision-resistant: ") + "If any part of the data changes, the hash is completely different, ensuring data integrity." + newLine + newLine + highlightText("2. One-way: ") + "It’s impossible to reverse the process and retrieve the original data from the hash, which ensures data security."});
    }

    private static ExplanationPartModel s86_1() {
        return new ExplanationPartModel("Cryptographic Algorithms", new String[]{"A cryptographic algorithm is a sequence of procedures used to transform plaintext into ciphertext." + newLine + newLine + "It is also referred to as an encryption algorithm." + newLine + newLine + "The algorithm utilizes an encryption key to obscure the information, converting it into a format that cannot be easily read." + newLine + newLine + "Similarly, a decryption key is used to reverse the process, turning the ciphertext back into readable plaintext." + newLine + newLine + highlightTextPurple("Types of Cryptographic Algorithms") + newLine + space(5) + "- AES :- Advanced Encryption Standard" + newLine + space(5) + "- DES :- Data Encryption Standard" + newLine + space(5) + "- RSA :- Rivest  Shamir Adleman Algorithm" + newLine + space(5) + "- SHA :- Secure Hash Algorithm"});
    }

    private static ExplanationPartModel s86_2() {
        return new ExplanationPartModel("Types of Cryptographic Algorithms", new String[]{bigText(highlightTextPurple(" 1. Advanced Encryption Standard (AES)")) + newLine + newLine + " - AES (Advanced Encryption Standard) is a widely-used encryption algorithm that utilizes the same key for both encryption and decryption. It is a symmetric block cipher with block sizes of 128 bits, 192 bits, or 256 bits." + newLine + " - AES is considered the successor to the older DES (Data Encryption Standard) algorithm, which will be covered later in this article." + newLine + " - AES comes in different variations depending on the number of rounds: AES-128 uses 10 rounds, AES-192 uses 12 rounds, and AES-256 uses 14 rounds." + newLine + newLine + bigText(highlightText("Characteristics of AES Algorithm")) + newLine + newLine + highlightTextGreen(" 1. Multiple key sizes :- ") + "AES supports three key sizes: 128, 192, and 256 bits." + newLine + newLine + highlightTextGreen(" 2. Security :- ") + "AES offers strong security mechanisms to protect against threats." + newLine + newLine + highlightTextGreen(" 3. Versatility :- ") + "It works well in both hardware and software implementations." + newLine + newLine + highlightTextGreen(" 4. Wide adoption :- ") + "AES is widely used in various applications, such as Google Cloud, Facebook, and password managers." + newLine + newLine + bigText(highlightTextPurple(" 2. Data Encryption Standard (DES)")) + newLine + newLine + " - DES is an older encryption algorithm that converts 64-bit plaintext data into 48-bit encrypted ciphertext." + newLine + " - It employs symmetric keys, meaning the same key is used for both encryption and decryption." + newLine + " - While DES is considered outdated by today’s standards, it remains a foundational encryption method for learning about more advanced algorithms." + newLine + newLine + bigText(highlightText("Characteristics of DES ")) + newLine + newLine + highlightTextGreen(" 1. Symmetric key :- ") + "As a symmetric-key algorithm, DES uses the same key for both encryption and decryption." + newLine + newLine + highlightTextGreen(" 2. Efficient hardware implementation :- ") + "DES was designed to be efficient in hardware, offering fast encryption and decryption operations." + newLine + newLine + highlightTextGreen(" 3. Cipher technique :- ") + "It combines transposition and substitution ciphers." + newLine + newLine + highlightTextGreen(" 4. Building block :- ") + "DES serves as a basis for many other cryptographic algorithms." + newLine + newLine + bigText(highlightTextPurple(" 3. RSA Algorithm (Rivest Shamir Adleman Algorithm)")) + newLine + newLine + " - RSA is a fundamental asymmetric encryption algorithm that uses two distinct keys for encryption and decryption." + newLine + " - The RSA algorithm operates on a block cipher concept, transforming plaintext into ciphertext and vice versa." + newLine + " - Asymmetric encryption means it uses a pair of keys: a public key for encryption and a private key for decryption. The public key is available to everyone, while the private key is kept secret." + newLine + newLine + bigText(highlightText("Characteristics of RSA Algorithm")) + newLine + newLine + highlightTextGreen(" 1. Security :- ") + "RSA is considered to be highly secure and is widely used for secure data transmission." + newLine + newLine + highlightTextGreen(" 2. Speed :- ") + "The RSA algorithm is known for its relatively fast encryption and decryption operations." + newLine + newLine + highlightTextGreen(" 3. Two keys :- ") + "RSA uses two separate keys: the public key for encryption and the private key for decryption." + newLine + newLine + highlightTextGreen(" 4. Key exchange :- ") + "RSA enables secure key exchange, allowing two parties to securely exchange a key without transmitting it over the network." + newLine + newLine + bigText(highlightTextPurple(" 4. Secure Hash Algorithm (SHA)")) + newLine + newLine + " - SHA is used to generate unique, fixed-length digital fingerprints of input data, known as hashes." + newLine + " - Variations of SHA, such as SHA-2 and SHA-3, are commonly used to ensure data integrity and authenticity." + newLine + " - Even a minor change in the input data results in a drastically different hash value, indicating a loss of data integrity." + newLine + " - Hashing refers to the process of storing key-value pairs using a hash function within a hash table." + newLine + newLine + bigText(highlightText("Characteristics of Secure Hash Algorithm (SHA) ")) + newLine + newLine + highlightTextGreen(" 1. Security :- ") + " SHA-256 is highly regarded for its strong security features, helping to prevent collision attacks where different inputs produce the same hash value. Websites often use SHA to store passwords securely." + newLine + newLine + highlightTextGreen(" 2. One-way hashing :- ") + "  SHA is commonly used for one-way hashing, making it ideal for storing sensitive data such as passwords. The fixed-length hash output simplifies indexing and comparisons. Even a small change in the input message causes a drastic change in the hash value." + newLine + newLine + highlightTextGreen(" 3. Avalanche effect :- ") + " A small change in the input, even a single bit, results in a completely different hash value, known as the avalanche effect." + newLine + newLine + highlightTextGreen(" 4. Variable input, fixed output :- ") + " SHA accepts variable input lengths but always produces a fixed-length output."});
    }

    private static ExplanationPartModel s87_1() {
        return new ExplanationPartModel("Define Digital signatures", new String[]{"Digital signatures are a form of message authentication based on public-key cryptography." + newLine + newLine + "Just like handwritten signatures are used in the physical world to authenticate messages, digital signatures serve a similar purpose in the digital realm by linking the signatory to the data." + newLine + newLine + "A digital signature binds an individual or entity to digital information, ensuring the integrity of the message." + newLine + newLine + "This link can be verified independently by the receiver or any third party." + newLine + newLine + "A digital signature is a cryptographic value calculated from the data and a secret key that is only known to the signer." + newLine + newLine + "In practice, the recipient needs assurance that the message truly came from the sender and that the sender cannot later deny sending it." + newLine + newLine + "This is especially important in business applications where disputes over exchanged data are common." + newLine + newLine + bigText(highlightTextPurple("Importance of Digital Signature")) + newLine + newLine + highlightText(" 1. Message Authentication:") + newLine + " - When the verifier uses the sender’s public key to validate the digital signature, it ensures that only the sender, who possesses the corresponding private key, could have signed the message." + newLine + newLine + highlightText(" 2. Data Integrity:") + newLine + " - If an attacker modifies the data, the digital signature verification will fail, as the hash of the altered data will not match the output of the verification algorithm. The receiver can therefore safely conclude that the data has been tampered with." + newLine + newLine + highlightText(" 3. Non-repudiation:") + newLine + " - Since the signer is assumed to be the only one who knows the private key used to create the signature, they cannot deny having signed the data. In case of a dispute, the receiver can present the data along with its digital signature as proof to a third party."});
    }

    private static ExplanationPartModel s87_2() {
        return new ExplanationPartModel("Model of Digital Signature", new String[]{" Each participant in the system has a public-private key pair." + newLine + newLine + " Generally, separate keys are used for encryption/decryption and for signing/verification. The private key used for signing is called the signature key, and the public key is referred to as the verification key." + newLine + newLine + " The signer generates a hash of the data by feeding it into a hash function." + newLine + newLine + " The hash value, along with the signature key, is input into a signature algorithm, producing the digital signature. This signature is appended to the data, and both the signature and the data are sent to the verifier." + newLine + newLine + " The verifier uses the public key and the digital signature in a verification algorithm, which produces an output value." + newLine + newLine + " The verifier also runs the same hash function on the received data to generate its own hash value." + newLine + newLine + " For verification, the verifier compares the hash value with the output from the verification algorithm. If they match, the digital signature is considered valid." + newLine + newLine + " Since the digital signature is generated using the signer’s private key, and only the signer knows this key, the signer cannot later deny having signed the data."});
    }

    private static ExplanationPartModel s88_1() {
        return new ExplanationPartModel("Wireless Hacking", new String[]{"With the growing use of wireless networks, the frequency of wireless attacks has surged dramatically." + newLine + newLine + "Wi-Fi networks are particularly susceptible to hacking because their signals can be intercepted and exploited from virtually anywhere." + newLine + newLine + "Wireless hacking refers to an assault on wireless networks or access points that exposes sensitive data, including Wi-Fi passwords, admin portal access, authentication credentials, and other private information." + newLine + newLine + "The primary goal of wireless hacking is to gain unauthorized access to a secured Wi-Fi network." + newLine + newLine + "As Wi-Fi usage has expanded, so has the frequency of wireless-based attacks." + newLine + newLine + "Any unauthorized access to wireless networks or access points that exposes valuable data is considered wireless hacking." + newLine + newLine + "This data could include Wi-Fi passwords, admin portal access, or other authentication details." + newLine + newLine + "To grasp the concept of wireless hacking, it's essential to understand the protocols that govern wireless networks." + newLine + newLine + "Most attacks target vulnerabilities in the internal layers of the protocol stack. IEEE 802.11 sets the standards for wireless networks. Below are some of the key algorithms used in Wi-Fi networks:" + newLine + newLine + highlightTextPurple("1. WEP (Wired Equivalent Privacy) ") + newLine + "- WEP utilizes a 40-bit key and a 24-bit initialization vector. It employs RC4 for encryption and CRC32 for integrity. Due to the small size of the initialization vector (24 bits), there's a high likelihood that the same key will be reused after about 5,000 packets. WEP is outdated and has been found to be easily cracked due to multiple vulnerabilities." + newLine + newLine + highlightTextPurple("2. WPA and WPA2 ") + newLine + "- WPA was initially introduced as a temporary fix for devices lacking WPA2 support. WPA is now considered insecure and obsolete. WPA2 remains the most secure option to date. The tools mentioned later will describe methods for attacking WPA and WPA2, though the success of these attacks is heavily reliant on the time involved and available computing power."});
    }

    private static ExplanationPartModel s88_2() {
        return new ExplanationPartModel("Wireless Terminologies and Network", new String[]{bigText(highlightTextPurple(" Wireless Terminologies ")) + newLine + newLine + highlightText(" GSM :- ") + "A global system for mobile communication, widely used for mobile networks across the world." + newLine + newLine + highlightText(" Bandwidth :- ") + "Refers to the amount of data that can be transmitted over a connection in a given amount of time." + newLine + newLine + highlightText(" BSSID :- ") + "The unique MAC address of an access point that defines a Basic Service Set (BSS)." + newLine + newLine + highlightText(" ISM Band :- ") + "A set of frequency bands reserved for industrial, scientific, and medical applications that are available internationally." + newLine + newLine + highlightText(" Access Point :- ") + "A device that allows wireless devices to connect to a network." + newLine + newLine + highlightText(" Hotspot :- ") + "A location where a wireless network is available for public use, often offering internet access." + newLine + newLine + highlightText(" Association :- ") + "The process in which a wireless device connects to an access point." + newLine + newLine + highlightText(" Orthogonal Frequency-Division Multiplexing (OFDM) :- ") + "A method for transmitting digital data over multiple carrier frequencies to improve signal quality." + newLine + newLine + highlightText(" Direct-Sequence Spread Spectrum (DSSS) :- ") + "A technique where the original data signal is combined with a pseudo-random noise spreading code to enhance transmission." + newLine + newLine + highlightText(" Frequency-Hopping Spread Spectrum (FHSS) :- ") + "A technique that changes the carrier frequency rapidly across different frequency channels to reduce interference." + newLine + newLine + bigText(highlightTextPurple(" Wireless Network")) + newLine + newLine + "- Wi-Fi refers to wireless local area networks (WLAN) based on the IEEE 802.11 standard." + newLine + "- It is a widely adopted technology for wireless communication over radio channels." + newLine + newLine + "- Devices such as smartphones, laptops, video game consoles, and more use Wi-Fi to access the internet or other network resources through wireless access points." + newLine + newLine + bigText(highlightText("Advantages")) + newLine + newLine + highlightTextGreen(" 1. Easy installation :- ") + "No need for extensive wiring through walls or ceilings, making installation quick and simple." + newLine + newLine + highlightTextGreen(" 2. Remote connectivity :- ") + "Wi-Fi makes it easier to connect devices in locations where running cables would be difficult." + newLine + newLine + highlightTextGreen(" 3. Mobility :- ") + "Users can access the network from anywhere within the range of the access point." + newLine + newLine + highlightTextGreen(" 4. Public access :- ") + "Many public places like airports, cafes, and libraries offer Wi-Fi connections for internet access." + newLine + newLine + bigText(highlightText("Disadvantages")) + newLine + newLine + highlightTextGreen(" 1. Security concerns :- ") + "Wi-Fi networks can be vulnerable to hacking if not properly secured, and security may not always meet user expectations." + newLine + newLine + highlightTextGreen(" 2. Bandwidth limitations :- ") + "As more devices connect to a network, the available bandwidth can decrease, potentially slowing down the connection." + newLine + newLine + highlightTextGreen(" 3. Hardware upgrades :- ") + "Improvements in Wi-Fi standards may require new wireless cards or access points to take advantage of enhanced features." + newLine + newLine + highlightTextGreen(" 4. Interference :- ") + "Other electronic devices, such as microwaves and cordless phones, can interfere with Wi-Fi signals, leading to degraded performance."});
    }

    private static ExplanationPartModel s88_3() {
        return new ExplanationPartModel("Authentication", new String[]{bigText(highlightTextPurple("Open Authentication")) + newLine + " - When a client wants to connect to an open access point, it first sends a probe request. The access point (AP) responds with a probe response." + newLine + " - The client then sends an authentication request." + newLine + " - Upon receiving an authentication response from the AP, the client establishes an association with the access point." + newLine + newLine + bigText(highlightTextPurple("Centralized  Authentication")) + newLine + " - In a corporate environment, rather than having each access point verify a client’s authentication details, a centralized server takes on the task of verifying clients." + newLine + " - RADIUS (Remote Authentication Dial-In User Service) is a centralized authentication server that authenticates clients who wish to connect to the access point." + newLine + newLine + bigText(highlightTextPurple("Shared Key Authentication Process ")) + newLine + " - In this method, the client first sends a probe request, and the access point responds with a probe response." + newLine + " - The client then sends an authentication request to the AP, which in turn sends an authentication challenge to the client." + newLine + " - The client must then respond to the challenge with the shared key (a pre-configured secret)." + newLine + " - The access point verifies the client's response with the correct shared key, authenticates the client, and, if successful, the client can then establish a connection with the access point."});
    }

    private static ExplanationPartModel s88_4() {
        return new ExplanationPartModel("Important Terms", new String[]{bigText(highlightTextPurple("Access Point ")) + newLine + "- A device that allows mobile devices, computers, and other wireless-enabled devices to connect to a wireless network. It serves as the bridge between the wireless network and the wired network." + newLine + newLine + bigText(highlightTextPurple("SSID (Service Set Identifier) ")) + newLine + "- A unique name that identifies a specific wireless network. It's a human-readable text that is broadcasted by the access point and is used to distinguish one wireless network from another." + newLine + newLine + bigText(highlightTextPurple("BSSID (Basic Service Set Identifier) ")) + newLine + "- The MAC address of the access point. It uniquely identifies the wireless access point in a network." + newLine + newLine + bigText(highlightTextPurple("Bandwidth ")) + newLine + "- The amount of data that can be transmitted over a connection in a given amount of time. It determines how much information can be transferred through the network." + newLine + newLine + bigText(highlightTextPurple("Wireless Transmission Standards:")) + newLine + newLine + highlightText(" 1. 802.11a :- ") + "This standard offers a data rate of 54 Mbps and operates on the 5 GHz frequency. It has a range of up to 50 feet." + newLine + newLine + highlightText(" 2. 802.11b :- ") + "Provides a slower data rate of 11 Mbps and uses the 2.4 GHz frequency. It has a longer range of up to 150 feet." + newLine + newLine + highlightText(" 3. 802.11g :- ") + "Operates on the 2.4 GHz frequency and has a data rate of 54 Mbps, similar to 802.11a, but with a shorter range of around 50 feet." + newLine + newLine + highlightText(" 4. 802.11n :- ") + "Supports a data rate of 300 Mbps and can operate on both 2.4 GHz and 5 GHz frequencies. It offers a range of up to 175 feet, making it more versatile for larger coverage areas."});
    }

    private static ExplanationPartModel s89_1() {
        return new ExplanationPartModel("Bluetooth Attacks", new String[]{bigText(highlightTextPurple("1. Bluejacking")) + newLine + newLine + highlightText("Definition ") + newLine + "-  Definition: A Bluetooth attack that is commonly used for pranks, where hackers send unsolicited messages to devices within range." + newLine + newLine + highlightText("Impact ") + newLine + "-  Impact: It is typically not a serious threat because it doesn’t give hackers access to the device's data. The messages are simply sent as spam." + newLine + newLine + highlightText("Access ") + newLine + "-  Access: Hackers can’t gain access to the device or its data; they can only send random messages to it." + newLine + newLine + bigText(highlightTextPurple("2. Bluesnarfing")) + newLine + newLine + highlightText("Definition ") + newLine + "- A more serious Bluetooth attack that allows hackers to access a device and its data without the user’s consent." + newLine + newLine + highlightText("Impact ") + newLine + "- Bluesnarfing can steal sensitive data, such as photos, contacts, emails, and calendar information. This attack can occur even if the device is in undiscoverable mode." + newLine + newLine + highlightText("Prevention ") + newLine + "- While being non-discoverable makes it harder for hackers to locate the device, it’s not a foolproof solution. However, keeping the device hidden helps reduce the chances of being targeted." + newLine + newLine + bigText(highlightTextPurple("3. Bluebugging")) + newLine + newLine + highlightText("Definition ") + newLine + "- A type of Bluetooth attack where hackers gain control of a device to monitor calls, emails, text messages, and even browse the internet." + newLine + newLine + highlightText("Impact ") + newLine + "- Attackers can also make calls on the device without the user knowing." + newLine + newLine + highlightText("Vulnerable Devices ") + newLine + "- Bluebugging is more likely to affect older or outdated devices that have security vulnerabilities in their Bluetooth protocols."});
    }

    private static ExplanationPartModel s89_2() {
        return new ExplanationPartModel("Wi-Fi Attacks", new String[]{bigText(highlightTextPurple("1. Evil Twin Attack:")) + newLine + newLine + highlightText("Definition ") + newLine + "- In this attack, the attacker sets up a fake access point (AP) with the same or a similar name as a legitimate AP, usually near a corporate or public area." + newLine + newLine + highlightText("Impact ") + newLine + "- When a user connects to this fake AP, thinking it’s the genuine one, the attacker can intercept authentication details, including usernames, passwords, and other sensitive information." + newLine + newLine + highlightText("Outcome ") + newLine + "- The attacker can then compromise the connection, gaining unauthorized access to the network or sensitive data." + newLine + newLine + bigText(highlightTextPurple("2. Jamming Signals:")) + newLine + newLine + highlightText("Definition ") + newLine + "- An attacker can disrupt the wireless network by intentionally creating interference or \"noise\" on the network." + newLine + newLine + highlightText("Impact ") + newLine + "- By jamming the signal, the attacker can cause connection disruptions, making it difficult or impossible for legitimate users to access the network." + newLine + newLine + highlightText("Tools ") + newLine + "- There are tools specifically designed to flood the frequency band with interference, effectively blocking or slowing down the network." + newLine + newLine + bigText(highlightTextPurple("3. Misconfiguration Attacks:")) + newLine + newLine + highlightText("Definition ") + newLine + "- These attacks occur when a router or network device is set up with weak or default configurations." + newLine + newLine + highlightText("Impact ") + newLine + "- Attackers can easily exploit weak passwords, unpatched vulnerabilities, or outdated encryption algorithms to gain unauthorized access to the network." + newLine + newLine + highlightText("Example ") + newLine + "- Using default admin credentials or weak encryption (like WEP) can make it easy for attackers to compromise a system." + newLine + newLine + bigText(highlightTextPurple("4. Honey Spot Attack:")) + newLine + newLine + highlightText("Definition ") + newLine + "- This is a type of social engineering attack where the attacker sets up a fake access point with the same SSID as a public or trusted network (e.g., a coffee shop Wi-Fi or airport hotspot)." + newLine + newLine + highlightText("Impact ") + newLine + "- Users who unknowingly connect to the fake network are at risk of having their data intercepted, as the attacker can monitor and manipulate the traffic passing through the fake AP." + newLine + newLine + highlightText("Goal ") + newLine + "- To capture sensitive information such as passwords, emails, or personal data." + newLine + newLine + bigText(highlightTextPurple("5. Unauthorized/Ad-Hoc Connection Attacks:")) + newLine + newLine + highlightText("Definition ") + "- In this attack, the attacker may use malware or Trojans to enable an ad-hoc (direct device-to-device) connection on a user's device, bypassing traditional network security." + newLine + newLine + highlightText("Impact ") + "- Since ad-hoc connections typically lack robust encryption, attackers can exploit the connection to gain unauthorized access or compromise sensitive information." + newLine + newLine + highlightText("Example ") + "- An attacker could use malware to enable an ad-hoc connection on an employee's device, allowing them to directly communicate with the network without encryption, making the data vulnerable to interception."});
    }

    private static ExplanationPartModel s8_1() {
        return new ExplanationPartModel("Open Source Intelligence (OSINT)", new String[]{"Open Source Intelligence (OSINT) involves gathering publicly available information from open sources, such as websites, social media, blogs, public records, and online databases. OSINT is a passive technique that allows ethical hackers to collect crucial data without directly interacting with the target systems, making it harder to detect.", newLine + newLine + bigText(highlightTextPurple("Key Methods of OSINT")), newLine + newLine + highlightText(" Social Media Scraping  ") + newLine + "- Information from platforms like LinkedIn, Facebook, Twitter, and Instagram can provide insight into organizational structure, employees, and potential weaknesses.", newLine + newLine + highlightText(" Web Scraping  ") + newLine + "- Automated tools can be used to gather information from public websites, forums, and blogs. This can include data like employee names, email addresses, or network infrastructure details.", newLine + newLine + highlightText(" Public Databases  ") + newLine + "- Websites like Shodan, Censys, or VirusTotal provide data on exposed services and IP addresses that are publicly accessible.", newLine + newLine + highlightText(" Search Engines  ") + newLine + "- Advanced Google search operators (known as Google Dorking) can help uncover sensitive information indexed by search engines, like exposed documents or configuration files.", newLine + newLine + bigText(highlightTextPurple("Advantages of OSINT")), newLine + "- Low risk of detection as it only involves gathering publicly available information.", newLine + "- Can provide valuable insights into the organization’s operations, employee structure, and technological infrastructure.", newLine + newLine + bigText(highlightTextPurple("Disadvantages of OSINT")), newLine + "- The data collected may not always be up-to-date or complete.", newLine + "- Gathering actionable intelligence may require piecing together data from various sources."});
    }

    private static ExplanationPartModel s8_2() {
        return new ExplanationPartModel("Social Engineering", new String[]{"Social Engineering involves manipulating or deceiving individuals within an organization to gain confidential or sensitive information. It is one of the most effective techniques to gather intelligence and break into systems, as it exploits human behavior rather than relying solely on technical vulnerabilities.", newLine + newLine + bigText(highlightTextPurple("Common Social Engineering Tactics")), newLine + newLine + highlightText("Phishing  ") + newLine + "- Sending fraudulent emails or messages to trick recipients into revealing sensitive information (e.g., login credentials or financial details).", newLine + newLine + highlightText("Pretexting  ") + newLine + "- Creating a fabricated scenario to gain a person’s trust and convince them to divulge sensitive information (e.g., pretending to be from IT support).", newLine + newLine + highlightText("Tailgating  ") + newLine + "- Gaining physical access to a secure location by following authorized personnel without proper credentials.", newLine + newLine + highlightText("Baiting  ") + newLine + "- Luring individuals into clicking on malicious links or downloading infected files by offering something enticing, such as free software or a prize.", newLine + newLine + bigText(highlightTextPurple("Advantages of Social Engineering")), newLine + "- Highly effective since it exploits human error or trust rather than relying solely on system vulnerabilities.", newLine + "- Can often bypass technical defenses like firewalls or encryption. ", newLine + newLine + bigText(highlightTextPurple("Disadvantages of Social Engineering")), newLine + "- Relies on manipulating people, which can be difficult to execute without knowledge of the target’s environment or personnel.", newLine + "- May require high levels of skill and subtlety to avoid detection."});
    }

    private static ExplanationPartModel s8_3() {
        return new ExplanationPartModel("DNS Interrogation", new String[]{"DNS Interrogation is a technique used to gather information about a target domain name system (DNS), which translates domain names (like example.com) into IP addresses that machines can understand. By interrogating DNS servers, ethical hackers can obtain valuable details about the target's network infrastructure.", newLine + newLine + bigText(highlightTextPurple("Key Methods of DNS Interrogation")), newLine + newLine + highlightText(" DNS Zone Transfer  ") + newLine + "- A method where DNS records are transferred from a master DNS server to a secondary server. Misconfigured DNS servers may allow an attacker to retrieve all records related to a domain, revealing details like IP addresses, subdomains, and mail servers.", newLine + newLine + highlightText(" DNS Lookup  ") + newLine + "- By querying DNS servers, an ethical hacker can find information about the domain's authoritative nameservers, mail servers (MX records), and associated IP addresses.", newLine + newLine + highlightText(" Reverse DNS Lookup  ") + newLine + "- Identifying the domain name associated with an IP address, which can help determine the owner of a particular IP and identify related infrastructure.", newLine + newLine + bigText(highlightTextPurple("Advantages of DNS Interrogation")), newLine + "- Provides critical infrastructure information about the target's domain.", newLine + "- Often easy to perform using publicly available tools (e.g., nslookup, dig).", newLine + newLine + bigText(highlightTextPurple("Disadvantages of DNS Interrogation")), newLine + "- May not yield comprehensive data if the target has well-configured DNS servers.", newLine + "- Misconfigured DNS servers can expose sensitive information, which could alert the target to potential security issues."});
    }

    private static ExplanationPartModel s8_4() {
        return new ExplanationPartModel("WHOIS Information Gathering", new String[]{"WHOIS Information Gathering is the process of querying WHOIS databases to gather details about domain registration information. These databases store information about domain name owners, registrars, and administrative contacts. WHOIS data can provide valuable insights into the ownership and management of a domain, which can help ethical hackers during their reconnaissance.", newLine + newLine + bigText(highlightTextPurple("Key Information Obtained from WHOIS")), newLine + newLine + highlightText("  Registrant Information  ") + newLine + "- Name, organization, and contact details of the domain owner.", newLine + newLine + highlightText("  Domain Registrar  ") + newLine + "- The company or organization responsible for registering the domain name.", newLine + newLine + highlightText("  Domain Expiration Date  ") + newLine + "- Knowing when a domain will expire can help an attacker plan their attack (e.g., if the domain is about to expire, the organization may be less vigilant).", newLine + newLine + highlightText("  Nameservers  ") + newLine + "- Details of the DNS servers associated with the domain, which can reveal additional infrastructure.", newLine + newLine + bigText(highlightTextPurple("Advantages of WHOIS Gathering")), newLine + "- Provides direct information about the ownership and management of a domain, which can be useful for identifying attack vectors.", newLine + "- The data is often publicly available and can be accessed easily using WHOIS lookup tools.", newLine + newLine + bigText(highlightTextPurple("Disadvantages of WHOIS Gathering")), newLine + "- Some domain owners may use WHOIS privacy services to obscure their registration details, limiting the amount of available information.", newLine + "- Frequent access to WHOIS data may raise red flags with domain registrars or organizations."});
    }

    private static ExplanationPartModel s90_1() {
        return new ExplanationPartModel("Tools:- Aircrack-ng,Kismet and OmniPeek", new String[]{bigText(highlightTextPurple("1. Aircrack-ng")) + newLine + " - Aircrack-ng is a widely used suite of tools designed for monitoring, attacking, testing, and decrypting WiFi networks." + newLine + " - It is compatible with Windows, Linux, OS X, and operates via command line." + newLine + " - This tool is effective for attacking and decrypting WPA and WEP security protocols." + newLine + " - The attack process is straightforward." + newLine + " - It captures and monitors network packets, and after accumulating sufficient data, it attempts to recover the password." + newLine + " - A key requirement is having a wireless card capable of injecting packets into the network; without this, cracking won't be possible." + newLine + newLine + bigText(highlightTextPurple("2. Kismet")) + newLine + " - Kismet is a free software, written in C++, used for sniffing TCP, UDP, DHCP, and ARP packets." + newLine + " - It is a passive tool, meaning it does not interact with the network but simply observes." + newLine + " - It can identify hidden networks and is often used in wardriving activities." + newLine + " - The captured packets can be exported to WireShark for further analysis." + newLine + " - Available for Linux, Windows, and other platforms." + newLine + newLine + bigText(highlightTextPurple("3. OmniPeek")) + newLine + " - OmniPeek is a protocol analyzer and packet sniffer tool." + newLine + " - Developed by Savvis, it is designed exclusively for the Windows platform." + newLine + " - The tool offers a wealth of features if you have a solid understanding of network protocols." + newLine + " - Packets can be stored in an SQL database for further decoding and analysis." + newLine + " - It also supports over 40 API plugins, with more available through the MyPeek community portal." + newLine + " - This tool is commercially available."});
    }

    private static ExplanationPartModel s90_2() {
        return new ExplanationPartModel("Tools:- InSSIDer,WepAttack", new String[]{bigText(highlightTextPurple("4. InSSIDer")) + newLine + " - The name “InSSIDer” highlights its focus on wireless network scanning and analysis." + newLine + " - It is a wireless scanner tool that works on both Windows and OS X platforms." + newLine + " - Although it was initially open-source, it is no longer available as such." + newLine + " - The tool retrieves information from wireless cards and helps in selecting the most optimal channel with the strongest signal." + newLine + " - Signal strength is displayed graphically over time." + newLine + " - Different versions are available, so you can choose one based on your specific needs (though finding the version may require some effort)." + newLine + newLine + bigText(highlightTextPurple("5. WepAttack")) + newLine + " - WepAttack can be used to crack 802.11 WEP Keys using a dictionary-based approach." + newLine + " - The tool can capture the network dump file received from pcap or libpcap etc." + newLine + " - The tool is open source and supports the Linux platform." + newLine + " - One thing to be noted here is that the attack is active and not passive in nature." + newLine + " - The tool will just test the dictionary words to get the working key." + newLine + " - The key requirement for this is a working LAN card. "});
    }

    private static ExplanationPartModel s91_1() {
        return new ExplanationPartModel("Types :- WEP,WPA,WPA2,EAP,WPA2 Enterprise,TKIP,CCMP,AES,802.11i,RADIUS,LEAP ", new String[]{bigText(highlightTextPurple("WEP (Wired Equivalent Privacy)")) + newLine + " - WEP is an early encryption protocol for IEEE 802.11 wireless networks." + newLine + " - It is considered outdated and vulnerable, as it can be easily cracked." + newLine + newLine + bigText(highlightTextPurple("WPA (Wi-Fi Protected Access)")) + newLine + " - WPA is a more advanced wireless encryption standard that utilizes TKIP, MIC, and AES encryption." + newLine + " - It incorporates a 48-bit IV, 32-bit CRC, and TKIP encryption to secure wireless networks." + newLine + newLine + bigText(highlightTextPurple("WPA2 (Wi-Fi Protected Access II)")) + newLine + " - WPA2 uses AES (128-bit) and CCMP for secure wireless data transmission." + newLine + " - It offers stronger security compared to WPA, as AES is more resistant to attacks." + newLine + newLine + bigText(highlightTextPurple("EAP (Extensible Authentication Protocol):")) + newLine + " - EAP is a framework that supports a variety of authentication methods, including token cards, Kerberos, and certificates." + newLine + newLine + bigText(highlightTextPurple("WPA2 Enterprise:")) + newLine + " - WPA2 Enterprise combines WPA2 encryption with EAP standards for enhanced security, typically used in larger, enterprise-level networks." + newLine + newLine + bigText(highlightTextPurple("TKIP (Temporal Key Integrity Protocol):")) + newLine + " - TKIP is a security protocol designed to replace WEP in WPA, providing stronger encryption for wireless networks."});
    }

    private static ExplanationPartModel s91_2() {
        return new ExplanationPartModel("Types :- CCMP,AES,802.11i,RADIUS,LEAP ", new String[]{bigText(highlightTextPurple("CCMP (Counter Mode with Cipher Block Chaining Message Authentication Code Protocol):")) + newLine + " - CCMP uses 128-bit keys and a 48-bit IV to ensure secure data transmission with replay detection." + newLine + newLine + bigText(highlightTextPurple("AES (Advanced Encryption Standard):")) + newLine + " - AES is a symmetric-key encryption method used in WPA2 to replace the weaker TKIP, offering stronger security." + newLine + newLine + bigText(highlightTextPurple("802.11i:")) + newLine + " - 802.11i is an IEEE amendment that specifies the security protocols for 802.11 wireless networks, ensuring better protection." + newLine + newLine + bigText(highlightTextPurple("RADIUS (Remote Authentication Dial-In User Service):")) + newLine + " - RADIUS is a centralized system for managing authentication, authorization, and accounting for network access." + newLine + newLine + bigText(highlightTextPurple("LEAP (Lightweight Extensible Authentication Protocol):")) + newLine + " - LEAP is a proprietary authentication protocol developed by Cisco for wireless LAN security."});
    }

    private static ExplanationPartModel s92_1() {
        return new ExplanationPartModel("Intrusion Detection System (IDS)", new String[]{"An IDS monitors both inbound and outbound network traffic for suspicious activity." + newLine + newLine + "It scans traffic for known signatures and patterns, triggering an alarm if a match is detected." + newLine + newLine + "An IDS can be positioned either outside or inside a firewall." + newLine + newLine + "It's important to understand how data flows through the network before deploying an IDS to ensure proper configuration." + newLine + newLine + highlightText(" Signature Recognition ") + newLine + "- The IDS attempts to identify events where network resources are misused by matching known attack patterns." + newLine + newLine + highlightText(" Anomaly Detection ") + newLine + "- This method identifies intrusions by detecting deviations from the established normal behavior of users or system components." + newLine + newLine + highlightText(" Protocol Anomaly Detection ") + newLine + "- This type focuses on discovering irregularities in how network protocols, such as TCP/IP, are implemented by different vendors." + newLine + newLine + bigText(highlightTextPurple("IDS Alert Categories")) + newLine + newLine + highlightText("True Positive :- ") + "A legitimate attack is detected and an alert is raised." + newLine + newLine + highlightText("False Positive :- ") + "An alert is raised, but there is no actual attack." + newLine + newLine + highlightText("False Negative :- ") + "A legitimate attack occurs but the IDS fails to raise an alarm." + newLine + newLine + highlightText("True Negative :- ") + "No attack occurs, and the IDS does not trigger any alerts." + newLine + newLine + bigText(highlightTextPurple("General Indicators of Intrusions")) + newLine + newLine + highlightText(" 1. File System Intrusions:") + newLine + " - Appearance of unfamiliar files or programs." + newLine + " - Unauthorized changes in file permissions." + newLine + " - Unexpected changes in file sizes." + newLine + " - Rogue files that don’t match the master list of approved, signed files." + newLine + " - Missing files." + newLine + newLine + highlightText(" 2. Network Intrusions:") + newLine + " - Repeated probing of available services on devices." + newLine + " - Connections originating from unusual or unexpected locations." + newLine + " - Frequent remote login attempts." + newLine + " - Sudden spikes in log data volume." + newLine + newLine + highlightText(" 3. System Intrusions:") + newLine + " - Incomplete or missing logs." + newLine + " - Unusually slow system performance." + newLine + " - Logs with incorrect permissions or missing entirely." + newLine + " - Modifications to system software or configuration files." + newLine + " - Presence of unusual graphical user interfaces (GUIs) or text messages." + newLine + " - Gaps in system accounting records." + newLine + " - Unexpected system crashes or reboots." + newLine + " - Presence of unfamiliar processes."});
    }

    private static ExplanationPartModel s92_2() {
        return new ExplanationPartModel("Types of IDS", new String[]{bigText(highlightTextPurple(" 1. Network-Based Intrusion Detection Systems (NIDS):")) + newLine + " - Operates in promiscuous mode, capturing network traffic and detecting patterns indicative of potential intrusions." + newLine + " - It can identify attacks such as Denial of Service (DoS), port scanning, and unauthorized login attempts by monitoring network activity." + newLine + newLine + bigText(highlightTextPurple(" 2. Host-Based Intrusion Detection Systems (HIDS):")) + newLine + " - Monitors and audits specific host systems for suspicious events." + newLine + " - Less common due to the overhead involved in continuously tracking events on each individual system." + newLine + newLine + bigText(highlightTextPurple(" 3. Log File Monitoring IDS (LFM IDS):")) + newLine + " - Focuses on monitoring log files, looking for irregular or unusual entries that may suggest an attack." + newLine + newLine + bigText(highlightTextPurple(" 4. File Integrity Checking:")) + newLine + " - Keeps an eye on critical files to ensure they have not been modified or tampered with."});
    }

    private static ExplanationPartModel s93_1() {
        return new ExplanationPartModel("Firewalls", new String[]{" A firewall is a hardware or software solution designed to block unauthorized access to or from a private network." + newLine + newLine + " It is placed at a network junction or gateway to control traffic." + newLine + newLine + " It inspects all incoming and outgoing messages to detect any malicious activity." + newLine + newLine + bigText(highlightTextPurple(" Types of Firewalls")) + newLine + newLine + highlightText(" 1. Hardware Firewall") + newLine + " A dedicated, standalone device used to filter network traffic via packet filtering." + newLine + " It is commonly employed in large enterprise networks." + newLine + " Provides higher levels of security, faster performance, and minimal interference." + newLine + " More costly, harder to configure, and requires more space." + newLine + newLine + highlightText(" 2. Software Firewall") + newLine + " A software program installed on individual computers to monitor traffic." + newLine + " It filters traffic only for the system on which it’s installed." + newLine + " Typically cheaper and easier to configure, ideal for personal or home use." + newLine + " Consumes system resources, difficult to uninstall, and may not be suitable for environments that demand fast response times." + newLine + newLine + bigText(highlightTextPurple(" Firewall Limitations")) + newLine + " - A firewall cannot protect against new viruses, backdoors, or insider threats." + newLine + " - It won’t address network design flaws or misconfigurations." + newLine + " - Firewalls are not replacements for antivirus or antimalware solutions." + newLine + " - Social engineering attacks cannot be prevented by a firewall." + newLine + " - It cannot prevent misuse of passwords." + newLine + " - Firewalls do not block attacks from higher layers of the protocol stack." + newLine + " - They cannot protect against dial-in attacks or threats from common ports and applications." + newLine + " - Firewalls are unable to analyze or filter tunneled traffic effectively."});
    }

    private static ExplanationPartModel s93_2() {
        return new ExplanationPartModel("Firewall Technologies", new String[]{bigText(highlightTextPurple(" 1. Packet Filtering Firewall")) + newLine + " - Operates at the network layer, often as part of a router." + newLine + " - It evaluates each packet against a set of defined rules and either forwards or drops the packet based on criteria such as source and destination IP addresses, port numbers, protocol, TCP flags, direction, or interface." + newLine + newLine + bigText(highlightTextPurple(" 2. Circuit-Level Gateway Firewall")) + newLine + " - Works at the session layer (TCP layer)." + newLine + " - It allows data from remote computers to appear as if it originated from the firewall itself." + newLine + " - This firewall monitors the establishment of sessions and allows or denies them but does not filter individual packets." + newLine + newLine + bigText(highlightTextPurple(" 3. pplication-Level Firewall")) + newLine + " - These gateways (or proxies) filter traffic at the application layer." + newLine + " - Incoming and outgoing traffic is restricted to specific services, with all other traffic denied." + newLine + " - Proxies may block certain protocols (like FTP or Telnet) and filter based on specific application commands (e.g., HTTP POST)." + newLine + " - Active application firewalls examine requests and allow only legitimate ones." + newLine + " - Passive application firewalls log incoming requests without blocking them, functioning similarly to an IDS." + newLine + newLine + bigText(highlightTextPurple(" 4. Stateful Multilayer Inspection Firewall")) + newLine + " - Combines features from packet filtering, circuit-level, and application-level firewalls." + newLine + " - It filters network traffic and checks the legitimacy of session packets while also evaluating packet content at the application layer." + newLine + newLine + bigText(highlightTextPurple(" 5. Application Proxy")) + newLine + " - This type of firewall serves as a proxy server, filtering connections based on services and protocols." + newLine + " - For example, an FTP proxy will only allow FTP traffic through the firewall." + newLine + newLine + bigText(highlightTextPurple(" 6. Network Address Translation (NAT)")) + newLine + " - Divides IP addresses into two groups." + newLine + " - NAT allows local devices (LAN) to use a single public IP address for internet access." + newLine + " - It modifies packet headers to make it appear as if they originated from the firewall itself." + newLine + " - NAT acts as a firewall by only permitting inbound connections that originate from the internal network, blocking those from the outside." + newLine + newLine + bigText(highlightTextPurple(" 7. Virtual Private Network (VPN)")) + newLine + " - A VPN is a private network established over public networks." + newLine + " - It secures sensitive data through encapsulation and encryption, making the transmission more secure over untrusted networks." + newLine + " - Devices that run the VPN software can connect to the VPN for secure communication."});
    }

    private static ExplanationPartModel s93_3() {
        return new ExplanationPartModel("Firewall Architecture", new String[]{bigText(highlightTextPurple(" 1. Bastion Host")) + newLine + " - A bastion host is specially configured to safeguard network resources from potential attacks." + newLine + " - It typically has two interfaces: one public and one private." + newLine + newLine + bigText(highlightTextPurple(" 2. Screened Subnet (DMZ)")) + newLine + " - The Demilitarized Zone (DMZ) hosts systems that offer public-facing services." + newLine + " - These hosts respond to public requests, but none of them are directly accessible from the private network." + newLine + " - The private zone remains unreachable by external users." + newLine + newLine + bigText(highlightTextPurple(" 3. Multi-homed Firewall")) + newLine + " - This type of firewall has multiple interfaces, allowing for further segmentation and enhanced security control." + newLine + " - Each interface serves specific security goals." + newLine + newLine + bigText(highlightTextPurple(" 4. DeMilitarized Zone (DMZ)")) + newLine + " - The DMZ acts as a buffer network between the internal secure network and the external internet." + newLine + " - It is typically created using a firewall with three or more interfaces." + newLine + " - It hosts publicly accessible servers, allowing internet users to connect to them without directly accessing the internal network."});
    }

    private static ExplanationPartModel s94_1() {
        return new ExplanationPartModel("Honeypot", new String[]{" A honeypot is a decoy system set up to lure and trap individuals attempting to infiltrate an organization's network." + newLine + newLine + " It has no real value for production or business functions." + newLine + newLine + " Any activity directed towards it is likely part of a probe, attack, or attempt to compromise the system." + newLine + newLine + " It can log port access attempts and monitor the attacker’s keystrokes." + newLine + newLine + " Honeypots can be useful for detecting early signs of attacks."});
    }

    private static ExplanationPartModel s94_2() {
        return new ExplanationPartModel("Types of Honeypots", new String[]{bigText(highlightTextPurple(" 1. Low Interaction Honeypots")) + newLine + " - Simulate only a limited set of services and applications found on a target system or network." + newLine + " - Primarily used to gather high-level information about attack methods, such as network scans and worm activity." + newLine + newLine + bigText(highlightTextPurple(" 2. Medium Interaction Honeypots")) + newLine + " - Simulate a full operating system along with its services and applications." + newLine + " - These honeypots can respond to predefined commands, which increases the risk of intrusion but allows for more realistic data collection." + newLine + newLine + bigText(highlightTextPurple(" 3. High interaction Honeypots")) + newLine + " - Simulate all possible services and offer the most comprehensive level of interaction." + newLine + " - These honeypots capture detailed information about attack techniques, tools used, and the attacker's intent." + newLine + newLine + bigText(highlightTextPurple(" 4. Production Honeypots")) + newLine + " - Designed to mimic actual production networks." + newLine + " - They help detect internal flaws and identify potential attackers within an organization’s network." + newLine + newLine + bigText(highlightTextPurple(" 5. Research Honeypots")) + newLine + " - Primarily used in research environments, such as government or military institutions." + newLine + " - These are typically high-interaction honeypots designed to capture in-depth information on how attacks are executed, which vulnerabilities are targeted, and the methods used by attackers."});
    }

    private static ExplanationPartModel s95_1() {
        return new ExplanationPartModel("Evading IDS", new String[]{bigText(highlightTextPurple(" 1. Insertion Attack")) + newLine + " - An attacker inserts data into the IDS by sending packets it would typically ignore, tricking the IDS into accepting malicious traffic." + newLine + " - This occurs when the IDS is less strict about packet validation than the end system, allowing the attacker to sneak extra traffic past the IDS." + newLine + " - The IDS concludes the extra packets are harmless, while the destination system may reject them." + newLine + newLine + bigText(highlightTextPurple(" 2. Evasion")) + newLine + " - The attacker sends portions of the malicious request in separate packets, some of which are rejected by the IDS, allowing parts of the attack to bypass detection." + newLine + " - The attacker exploits this to manipulate the host system while the IDS fails to notice the intrusion, as fewer packets are detected by the IDS compared to the number received by the destination." + newLine + newLine + bigText(highlightTextPurple(" 3. Denial-of-Service (DoS) Attack")) + newLine + " - IDS often relies on centralized logging servers, which can be targeted in a DoS attack." + newLine + " - By attacking these servers, the attacker can prevent intrusion attempts from being logged or monitored, hindering the IDS's ability to detect threats." + newLine + newLine + bigText(highlightTextPurple(" 4. Obfuscation")) + newLine + " - Attackers encode the payload of the attack, modifying the attack pattern in ways that confuse the IDS." + newLine + " - Using techniques like Unicode encoding or polymorphic code, attackers bypass signature-based IDS by altering attack strings in a way that still allows the attack to be understood by the target system." + newLine + " - Encrypted protocols (e.g., HTTPS) also prevent IDS from inspecting the content of the packets." + newLine + newLine + bigText(highlightTextPurple(" 5. False Positive Generation")) + newLine + " - Attackers deliberately craft packets that trigger false alarms in the IDS, flooding it with alerts." + newLine + " - These false positives obscure the real attack traffic, making it more difficult for security personnel to identify genuine threats." + newLine + newLine + bigText(highlightTextPurple(" 6. Session Splicing")) + newLine + " - The attacker splits the attack data into several small packets, which are then sent separately." + newLine + " - If the IDS doesn’t reconstruct these packets before checking them against intrusion signatures, the attack can bypass detection." + newLine + " - The attacker can also introduce delays between packets, forcing the IDS to stop reassembling the traffic and letting the attack pass undetected." + newLine + newLine + bigText(highlightTextPurple(" 7. Unicode Evasion")) + newLine + " - Unicode, a character encoding system, treats characters differently, and some IDS systems improperly handle this encoding." + newLine + " - Attackers exploit this by converting the attack string into Unicode, avoiding detection while still making the attack understandable by the target server." + newLine + newLine + bigText(highlightTextPurple(" 8. Fragmentation Attack")) + newLine + " - Attackers exploit different timeout settings for fragment reassembly between the IDS and the target system." + newLine + " - If the IDS times out before the final fragment is received but the target system can reassemble it, the IDS misses the attack, allowing the target to process it without detection." + newLine + newLine + bigText(highlightTextPurple(" 9. Overlapping Fragments")) + newLine + " - Attackers send tiny fragmented packets with overlapping TCP sequence numbers to confuse the IDS, causing it to miss parts of the attack while the target system processes it correctly." + newLine + newLine + bigText(highlightTextPurple(" 10. TTL (Time-to-Live) Attacks")) + newLine + " - The attacker uses TTL values to gather information about the network’s topology, often using tools like traceroute." + newLine + " - By manipulating TTL values, the attacker sends fragments to the IDS that may be dropped, while the target system receives them correctly." + newLine + newLine + bigText(highlightTextPurple(" 11. Invalid RST Packets")) + newLine + " - By sending an RST packet with an invalid checksum to the IDS, the attacker can trick the IDS into thinking the connection has ended, causing it to stop processing further packets." + newLine + " - Meanwhile, the target system checks the RST and discards it, continuing communication." + newLine + newLine + bigText(highlightTextPurple(" 12. Urgency Flag")) + newLine + " - IDS systems often do not consider the urgent pointer in TCP packets, causing discrepancies between the packet sets seen by the IDS and the target system." + newLine + " - This results in the IDS not properly monitoring or logging certain packets, potentially allowing attacks to bypass detection." + newLine + newLine + bigText(highlightTextPurple(" 13. Polymorphic Shellcode")) + newLine + " - Polymorphic shellcode changes its appearance with each execution, making it harder for signature-based IDS systems to detect." + newLine + " - By using encoding techniques and placing a decoder before the shellcode, the attack avoids detection because it doesn’t match known signatures." + newLine + newLine + bigText(highlightTextPurple(" 14. ASCII Shellcode")) + newLine + " - ASCII shellcode uses ASCII values for shell commands, which makes it harder for pattern-based IDS to identify." + newLine + " - While limited in scope, it can bypass some IDS systems, though countermeasures can convert ASCII shellcode back into its original form." + newLine + newLine + bigText(highlightTextPurple(" 15. Application-Layer Attacks")) + newLine + " - These attacks exploit vulnerabilities in the application layer, often using compression techniques to hide malicious code." + newLine + " - Signature-based IDS systems can struggle to detect such attacks because the malicious content is compressed, making it harder to identify." + newLine + newLine + bigText(highlightTextPurple(" 16. Desynchronization")) + newLine + " - Pre-Connection SYN: The attacker sends an initial SYN packet with an invalid sequence number before a legitimate connection begins, desynchronizing the IDS's view of the traffic." + newLine + " - Post-Connection SYN: The attacker sends a SYN packet after a connection is established with a different sequence number, forcing the IDS to resynchronize and miss legitimate traffic." + newLine + newLine + bigText(highlightTextPurple(" 17. Encryption")) + newLine + " - Encryption prevents IDS systems from inspecting the contents of packets, as the encrypted data cannot be read by the IDS." + newLine + " - Attackers can exploit this by encrypting malicious traffic to evade detection while still reaching the target system." + newLine + newLine + bigText(highlightTextPurple(" 18. Flooding")) + newLine + " - Flooding attacks overwhelm the IDS with excessive traffic, creating noise that makes it harder to detect actual attack traffic." + newLine + " - The sheer volume of data can overload the IDS, causing it to miss or fail to analyze malicious packets properly."});
    }

    private static ExplanationPartModel s95_2() {
        return new ExplanationPartModel("Evading Firewalls", new String[]{bigText(highlightTextPurple(" 1. Firewalking")) + newLine + " - Firewalking uses Time-to-Live (TTL) values in IP packets to map networks and identify gateway access control list (ACL) filters." + newLine + " - An attacker sends a TCP or UDP packet to the firewall with a TTL set to one hop higher than the firewall's." + newLine + " - If the packet passes through, a TTL exceeded response will be sent back, indicating the path through the firewall." + newLine + newLine + bigText(highlightTextPurple(" 2. Banner Grabbing")) + newLine + " - Banners are messages that identify the services running on specific ports." + newLine + " - This technique, called banner grabbing, helps attackers identify service types and versions." + newLine + " - Common services that reveal banners include FTP, Telnet, and web servers." + newLine + newLine + bigText(highlightTextPurple(" 3. IP Address Spoofing")) + newLine + " - IP Address spoofing is a technique where an attacker impersonates a trusted host to hide their identity." + newLine + " - Attackers may modify the IP header and source address bits to bypass firewall restrictions." + newLine + " - It’s used in various attacks like hijacking websites, hijacking browsers, or gaining unauthorized network access." + newLine + newLine + bigText(highlightTextPurple(" 4. Source Routing")) + newLine + " - Source routing lets the packet sender determine the path the packet will take through the network." + newLine + " - Normally, routers decide on the next hop by examining the destination IP address." + newLine + " - In source routing, the sender has control over some routing decisions, which could help attackers avoid firewalls." + newLine + newLine + bigText(highlightTextPurple(" 5. Tiny Fragments")) + newLine + " - Attackers can create tiny packet fragments that split TCP header information across multiple fragments." + newLine + " - Many firewalls or intrusion detection systems (IDS) that filter based on packet headers might miss the fragmented packets." + newLine + " - If the firewall only inspects the first fragment, this attack can bypass filtering rules." + newLine + newLine + bigText(highlightTextPurple(" 6. Using IP Address in Place of URL")) + newLine + " - Instead of typing a blocked website domain name, the attacker can directly enter the IP address in the browser’s address bar to bypass the restriction." + newLine + newLine + bigText(highlightTextPurple(" 7. Using Proxy Server")) + newLine + " - Attackers may use VPNs or proxy servers to encrypt their traffic and mask their real source, bypassing firewall filters." + newLine + newLine + bigText(highlightTextPurple(" 8. ICMP Tunneling")) + newLine + " - ICMP tunneling involves embedding a backdoor shell within the data section of ICMP echo packets." + newLine + " - Many firewalls do not inspect the payload of ICMP packets, making this method effective for evading detection." + newLine + newLine + bigText(highlightTextPurple(" 9. ACK Tunneling")) + newLine + " - ACK tunneling sends a backdoor application using TCP packets with the ACK flag set." + newLine + " - The ACK bit is part of the TCP protocol, typically used to acknowledge packet receipt, but attackers exploit it to bypass firewalls." + newLine + newLine + bigText(highlightTextPurple(" 10. HTTP Tunneling")) + newLine + " - HTTP tunneling allows attackers to hide other types of traffic (such as FTP) inside HTTP or HTTPS packets." + newLine + " - This can be used to bypass firewalls that only inspect the HTTP protocol, allowing unauthorized data transfer." + newLine + newLine + bigText(highlightTextPurple(" 11. SSH Tunneling")) + newLine + " - Attackers use SSH (Secure Shell) to create an encrypted tunnel that securely sends all traffic from a local machine to a remote system, evading perimeter security controls." + newLine + newLine + bigText(highlightTextPurple(" 12. Through External Systems")) + newLine + " - An attacker may collaborate with a legitimate external system user to access a corporate network." + newLine + " - The attacker intercepts user traffic, steals session IDs and cookies, and then bypasses the firewall." + newLine + " - This allows the attacker to access the internal network and execute malicious code on the compromised system." + newLine + newLine + bigText(highlightTextPurple(" 13. Through MITM Attack (Man-in-the-Middle)")) + newLine + " - Attackers manipulate DNS servers or use routing techniques to perform a man-in-the-middle (MITM) attack." + newLine + " - For example, the attacker poisons the DNS server, leading a victim’s request for a site (like www.certifiedhacker.com) to redirect to a malicious server controlled by the attacker." + newLine + " - The attacker can then intercept or modify the victim’s HTTP traffic, leading to the execution of malicious code on the victim’s machine." + newLine + newLine + bigText(highlightTextPurple(" 14. Through Content")) + newLine + " - In this method, attackers send malicious content to a user, tricking them into opening it." + newLine + " - Once opened, the malicious code is executed on the user’s system." + newLine + newLine + bigText(highlightTextPurple(" 15. Through XSS Attack (Cross-Site Scripting)")) + newLine + " - XSS attacks target vulnerabilities in web applications where input parameters are improperly processed." + newLine + " - By injecting malicious HTML into a website, attackers can bypass web application firewalls (WAF) and execute scripts on users' browsers."});
    }

    private static ExplanationPartModel s95_3() {
        return new ExplanationPartModel("Detecting Honeypots", new String[]{bigText(highlightTextPurple(" 1. Detecting Presence of Layer 7 Tar Pits:")) + newLine + " - Examine the response time from the service for latency anomalies." + newLine + newLine + bigText(highlightTextPurple(" 2. Detecting Presence of Layer 4 Tar Pits:")) + newLine + " - Investigate the TCP window size, where tar pits persist in acknowledging incoming packets despite the TCP window size being reduced to zero." + newLine + newLine + bigText(highlightTextPurple(" 3. Detecting Presence of Layer 2 Tar Pits:")) + newLine + " - Search for responses tied to a unique MAC address that acts as a black hole." + newLine + " - Ensure you're on the same Layer 2 network." + newLine + newLine + bigText(highlightTextPurple(" 4. Detecting Honeypots Running on VMWare:")) + newLine + " - Reference IEEE standards to identify MAC address ranges assigned to VMware Inc." + newLine + newLine + bigText(highlightTextPurple(" 5. Detecting Presence of Honeyd Honeypots:")) + newLine + " - Use time-based TCP fingerprinting techniques." + newLine + newLine + bigText(highlightTextPurple(" 6. Detecting Presence of User Mode Linux Honeypots:")) + newLine + " - Analyze system files such as /proc/mounts, /proc/interrupts, and /proc/cmdline." + newLine + newLine + bigText(highlightTextPurple(" 7. Detecting Presence of Sebek-based Honeypots:")) + newLine + " - Sebek logs all accessed data via the read() function before transferring it to the network, potentially leading to congestion. Investigate network layer congestion." + newLine + newLine + bigText(highlightTextPurple(" 8. Detecting Presence of Snort Inline Honeypots:")) + newLine + " - Capture outgoing packets through another host and analyze any modifications in the packets, which could indicate Snort_inline activity." + newLine + newLine + bigText(highlightTextPurple(" 9. Detecting Fake Access Points:")) + newLine + " - Fake APs only broadcast beacon frames without generating any fake traffic. An attacker monitoring the network can detect these by identifying the lack of additional traffic." + newLine + newLine + bigText(highlightTextPurple(" 10. Detecting Presence of Bait and Switch Honeypots:")) + newLine + " - Examine specific TCP/IP parameters, including round-trip time (RTT), TTL, and TCP timestamps."});
    }

    private static ExplanationPartModel s96_1() {
        return new ExplanationPartModel("Defending Against IDS Evasion", new String[]{" Disable unused switch ports to prevent unauthorized access." + newLine + newLine + " Conduct a thorough analysis of unclear or ambiguous network traffic." + newLine + newLine + " Utilize TCP FIN or RST packets to forcefully terminate harmful TCP sessions." + newLine + newLine + " Monitor for codes beyond 0x90 to protect against polymorphic shellcode." + newLine + newLine + " Educate users to recognize attack patterns and ensure timely updates and patches." + newLine + newLine + " Deploy IDS after a detailed assessment of network topology, traffic patterns, and host counts." + newLine + newLine + " Implement a traffic normalizer to eliminate potential ambiguities in packet streams before they reach the IDS." + newLine + newLine + " Ensure the IDS properly handles fragmented packets, reassembling them in the correct order." + newLine + newLine + " Define a DNS server for client resolvers in routers and similar network devices." + newLine + newLine + " Secure all communication devices (modems, routers, switches, etc.) with strong security practices." + newLine + newLine + " Block ICMP TTL expired packets to prevent certain types of evasion." + newLine + newLine + " Regularly update antivirus definitions to stay ahead of new threats." + newLine + newLine + " Use traffic normalization tools at the IDS to reduce evasion attempts." + newLine + newLine + " Retain attack data for future forensic analysis and improvements."});
    }

    private static ExplanationPartModel s96_2() {
        return new ExplanationPartModel("Defending Against Firewall Evasion", new String[]{" Configure the firewall to automatically filter out intruder IP addresses." + newLine + newLine + " Set a strict firewall rule set that blocks all traffic except necessary services." + newLine + newLine + " When possible, assign a unique user ID to run firewall services, avoiding root or administrator accounts." + newLine + newLine + " Set up a remote syslog server and secure it from unauthorized access." + newLine + newLine + " Regularly monitor firewall logs and investigate suspicious entries." + newLine + newLine + " Disable all FTP connections to or from the network by default." + newLine + newLine + " Review and document all inbound and outbound traffic that is permitted through the firewall." + newLine + newLine + " Regularly perform risk assessments to identify any vulnerable firewall rules." + newLine + newLine + " Monitor access to firewalls and restrict who can modify their configuration." + newLine + newLine + " Clearly specify both source and destination IP addresses as well as allowed ports in firewall rules." + newLine + newLine + " Notify the security administrator of any changes to the firewall settings and document them." + newLine + newLine + " Secure physical access to the firewall to prevent tampering." + newLine + newLine + " Make regular backups of the firewall rule set and configuration files for recovery." + newLine + newLine + " Schedule periodic security audits to ensure the firewall is operating optimally."});
    }

    private static ExplanationPartModel s97_1() {
        return new ExplanationPartModel("Ways of Detecting Attacks", new String[]{bigText(highlightTextPurple(" Signature-based Detection:")) + newLine + " - A database of known attack patterns is matched against incoming packets." + newLine + " - When a match is found, the IDS triggers an alert to notify the administrator." + newLine + newLine + bigText(highlightTextPurple(" Behavior-based Detection:")) + newLine + " - Current traffic behavior is compared with a baseline, and any significant deviations or anomalies will prompt an alert to the administrator." + newLine + newLine + bigText(highlightTextPurple(" Protocol Anomaly-based Detection:")) + newLine + " - If any protocol behaves unusually or deviates from expected norms at entry points, the IDS will notify the administrator of the anomaly."});
    }

    private static ExplanationPartModel s97_2() {
        return new ExplanationPartModel("Evasion Techniques", new String[]{bigText(highlightTextPurple(" Reducing Packet Count:")) + newLine + " - By sending fewer packets to the IDS while directing more packets to the target, the IDS may miss detecting certain attack patterns due to packet loss, even though the attack is successfully carried out on the target." + newLine + newLine + bigText(highlightTextPurple(" Encryption:")) + newLine + " - Encrypted data is not recognizable by the IDS since it cannot inspect the contents of encrypted packets." + newLine + newLine + bigText(highlightTextPurple(" Encoding:")) + newLine + " - Attackers can use encoding methods (e.g., ASCII, hexadecimal) to disguise malicious payloads, making it difficult for the IDS to identify the attack." + newLine + newLine + bigText(highlightTextPurple(" Exploiting IDS Reassembly Timeouts:")) + newLine + " - Attackers can send many fragmented packets to the IDS. If the IDS cannot reassemble them quickly enough before timing out, the IDS may fail to detect the attack, bypassing detection." + newLine + newLine + bigText(highlightTextPurple(" Honeybot:")) + newLine + " - A honeypot designed to attract attackers and study their behavior on the network. A high-interaction honeypot offers attackers full access to services, allowing for a detailed analysis of attack methods. A low-interaction honeypot limits the services exposed, capturing only basic attack data. The goal is to analyze attack patterns and update the signature database with new findings."});
    }

    private static ExplanationPartModel s98_1() {
        return new ExplanationPartModel("Define IoT Hacking", new String[]{"IoT hacking refers to unauthorized access, manipulation, or exploitation of Internet of Things (IoT) devices." + newLine + newLine + "These devices cover a wide range of internet-connected objects, from everyday items like smart thermostats and refrigerators to complex systems such as industrial sensors, healthcare monitors, and smart city technologies." + newLine + newLine + "Due to their internet connectivity and often minimal security features, IoT devices are prime targets for cybercriminals." + newLine + newLine + "IoT hacking typically involves identifying and exploiting vulnerabilities in these devices or their networks." + newLine + newLine + "These attacks can range from simple techniques like guessing default passwords to more complex methods like exploiting unpatched software vulnerabilities." + newLine + newLine + bigText(highlightTextPurple("IoT Vulnerabilities and Attacks")) + newLine + newLine + highlightText("I1 :- ") + "Insecure Web Interfaces – Weak credentials, no account lockouts, etc." + newLine + newLine + highlightText("I2 :- ") + "Insufficient Authentication/Authorization – Flaws due to internal network assumptions." + newLine + newLine + highlightText("I3 :- ") + "Insecure Network Services – Susceptible to buffer overflow or DoS attacks." + newLine + newLine + highlightText("I4 :- ") + "Lack of Transport Encryption/Integrity – Unencrypted data transmission." + newLine + newLine + highlightText("I5 :- ") + "Privacy Concerns – Personal data collection risks." + newLine + newLine + highlightText("I6 :- ") + "Insecure Cloud Interfaces – Easily guessable credentials." + newLine + newLine + highlightText("I7 :- ") + "Insecure Mobile Interfaces – Weak credentials in mobile access." + newLine + newLine + highlightText("I8 :- ") + "Insufficient Security Configurability – Default passwords/configurations cannot be changed." + newLine + newLine + highlightText("I9 :- ") + "Insecure Software/Firmware – Lack of updates or update-checking mechanisms." + newLine + newLine + highlightText("I10 :- ") + "Poor Physical Security – Devices can be easily stolen." + newLine + newLine + highlightText("Sybil Attack :- ") + "Fake identities to create the illusion of network traffic." + newLine + newLine + highlightText("HVAC Attacks :- ") + "Targeting Heating, Ventilation, and Air Conditioning systems." + newLine + newLine + highlightText("Rolling Code Attacks :- ") + "Jamming key fob signals to steal codes." + newLine + newLine + highlightText("BlueBorne Attack :- ") + "Bluetooth device vulnerabilities."});
    }

    private static ExplanationPartModel s98_2() {
        return new ExplanationPartModel("IoT Hacking Methodology", new String[]{bigText(highlightTextPurple(" Information Gathering ")) + newLine + " - Collecting data about IoT devices, often using tools like Shodan (IoT search engine) or Foren6 (IoT traffic sniffer)." + newLine + newLine + bigText(highlightTextPurple(" Vulnerability Scanning ")) + newLine + " - Scanning for weaknesses in IoT devices, using tools such as:" + newLine + space(5) + "1. Nmap" + newLine + space(5) + "2. RIoT Vulnerability Scanner" + newLine + space(5) + "3. beSTORM" + newLine + space(5) + "4. IoTsploit" + newLine + space(5) + "5. IoT Inspector" + newLine + newLine + bigText(highlightTextPurple(" Launching Attacks ")) + newLine + " - Common tools used for exploiting IoT devices include:" + newLine + space(5) + "1. Firmalyzer" + newLine + space(5) + "2. KillerBee" + newLine + space(5) + "3. JTAGulator" + newLine + space(5) + "4. Attify" + newLine + newLine + bigText(highlightTextPurple(" Gaining Access ")) + newLine + " - The goal is to access the device or system using standard penetration testing techniques." + newLine + newLine + bigText(highlightTextPurple(" Maintaining Access ")) + newLine + " - Maintaining access through backdoors or other methods to ensure ongoing control."});
    }

    private static ExplanationPartModel s99_1() {
        return new ExplanationPartModel("Definition IoT Hacking", new String[]{bigText(highlightTextPurple("Definition")) + newLine + " - A system of devices using sensors, software, storage, and electronics to collect, analyze, store, and share data." + newLine + newLine + bigText(highlightTextPurple("Three Basic Components:")) + newLine + space(5) + " 1. Sensing Technology" + newLine + space(5) + " 2. IoT Gateways" + newLine + space(5) + " 3. The Cloud" + newLine + newLine + bigText(highlightTextPurple("Architecture Levels in IoT")) + newLine + newLine + highlightText(" 1. Edge Technology Layer  ") + "- Includes sensors, RFID tags, and devices." + newLine + newLine + highlightText(" 2. Access Gateway Layer  ") + "- Handles initial data processing and message routing." + newLine + newLine + highlightText(" 3. Internet Layer  ") + "- Vital for enabling communication across networks." + newLine + newLine + highlightText(" 4. Middleware Layer  ") + "- Manages data and device operations, including aggregation and analysis." + newLine + newLine + highlightText(" 5. Application Layer  ") + "- Delivers services and data to end-users."});
    }

    private static ExplanationPartModel s99_2() {
        return new ExplanationPartModel("Operating Systems for IoT Devices", new String[]{bigText(highlightTextPurple("RIOT OS ")) + newLine + "- Optimized for embedded systems, actuator boards, and sensors; energy-efficient." + newLine + newLine + bigText(highlightTextPurple("ARM mbed OS ")) + newLine + "-  Primarily used on wearables and low-powered devices." + newLine + newLine + bigText(highlightTextPurple("RealSense OS X ")) + newLine + "- Intel’s OS for depth-sensing, often in cameras and sensors." + newLine + newLine + bigText(highlightTextPurple("Nucleus RTOS ")) + newLine + "- Used in aerospace, medical, and industrial applications." + newLine + newLine + bigText(highlightTextPurple("Brillo ")) + newLine + "- Android-based, typically found in thermostats." + newLine + newLine + bigText(highlightTextPurple("Contiki ")) + newLine + "- Designed for low-power devices, like street lighting and sound monitoring." + newLine + newLine + bigText(highlightTextPurple("Zephyr ")) + newLine + "- Lightweight OS for low-resource devices." + newLine + newLine + bigText(highlightTextPurple("Ubuntu Core ")) + newLine + "- Common in robots and drones; \"snappy\" OS." + newLine + newLine + bigText(highlightTextPurple("Integrity RTOS ")) + newLine + "- Used in aerospace, medical, defense, industrial, and automotive sensors." + newLine + newLine + bigText(highlightTextPurple("Apache Mynewt ")) + newLine + "- For devices using Bluetooth Low Energy (BLE)."});
    }

    private static ExplanationPartModel s99_3() {
        return new ExplanationPartModel(" Methods of Communicating in IoT", new String[]{bigText(highlightTextPurple("Device to Device ")) + newLine + "- Direct communication between devices." + newLine + newLine + bigText(highlightTextPurple("Device to Cloud ")) + newLine + "- Communication with a cloud service." + newLine + newLine + bigText(highlightTextPurple("Device to Gateway ")) + newLine + "- Communication via a gateway before reaching the cloud." + newLine + newLine + bigText(highlightTextPurple("Back-End Data Sharing ")) + newLine + "- Similar to device-to-cloud, but enables data usage by third parties."});
    }

    private static ExplanationPartModel s9_1() {
        return new ExplanationPartModel("Define Passive Footprinting ", new String[]{"Passive Footprinting refers to the process of gathering information about a target without directly interacting with or alerting the target system. The primary goal is to collect publicly available data to understand the target's network and infrastructure. Unlike active footprinting, which involves scanning and probing the target's systems, passive footprinting operates silently and doesn't risk detection. This makes it a valuable reconnaissance tool for ethical hackers."});
    }

    private static ExplanationPartModel s9_2() {
        return new ExplanationPartModel("Gathering Information Without Direct Interaction", new String[]{"The ethical hacker avoids sending requests or probes that could directly engage with the target system. Instead, they rely on collecting publicly available data that is already in the public domain. This method is often stealthy and difficult to detect, making it ideal for the initial stages of ethical hacking, especially when the goal is to avoid alerting the target.", newLine + newLine + bigText(highlightTextPurple("Common Techniques in Passive Footprinting")), newLine + newLine + highlightText("Public Data Mining  ") + newLine + "- Searching through websites, social media, and public records to gather insights about the target.", newLine + newLine + highlightText("WHOIS Data  ") + newLine + "- Querying domain name registration databases to extract details about domain owners, administrators, and associated IP addresses.", newLine + newLine + highlightText("DNS Records  ") + newLine + "- Investigating DNS records that are publicly available and may reveal information about domain names, subdomains, mail servers, and IP addresses.", newLine + newLine + "The key advantage of passive footprinting is that it does not involve direct interaction with the target's network, making it less likely to trigger defensive mechanisms like firewalls or intrusion detection systems. "});
    }

    private static ExplanationPartModel s9_3() {
        return new ExplanationPartModel("Publicly Available Information", new String[]{"Publicly available information is a goldmine for ethical hackers engaged in passive footprinting. Information about the target can often be obtained from various online sources without the need to interact directly with the target systems. Common data sources include:- ", newLine + newLine + bigText(highlightTextPurple("Website Scraping and Analysis")), newLine + newLine + highlightText(" Website Content ") + newLine + "- Public websites often contain valuable data such as employee names, email addresses, contact details, and even specific technologies being used (e.g., JavaScript frameworks, CMS platforms).", newLine + newLine + highlightText(" Metadata  ") + newLine + "- Documents like PDFs, Word files, and images found on the website may contain metadata revealing additional information, such as authors, software used, or file paths.", newLine + newLine + highlightText(" Public Blogs and Forums  ") + newLine + "- Often, organizations or individuals will inadvertently leak sensitive information in blog posts, forums, or comments.", newLine + newLine + bigText(highlightTextPurple("WHOIS Data ")), newLine + newLine + "- WHOIS databases store public records about domain name registrations." + newLine + newLine + highlightText(" Registrant's Name and Contact Information ") + newLine + "- Details about the organization or person that owns the domain.", newLine + newLine + highlightText(" Registrar Information  ") + newLine + "- The company through which the domain was registered.", newLine + newLine + highlightText(" Nameservers  ") + newLine + "- Information about DNS servers, which can provide insight into the organization's infrastructure.", newLine + newLine + "WHOIS data can provide crucial details for the first step in the reconnaissance process, such as identifying the organization behind a domain and understanding the network's ownership and administrative details. "});
    }

    private static ExplanationPartModel s9_4() {
        return new ExplanationPartModel("Analyzing Network Infrastructure", new String[]{"Passive footprinting also involves understanding the structure of the target's network. This can be achieved by examining publicly available details about IP address ranges, domain names, and other network-related data.", newLine + newLine + bigText(highlightTextPurple("Techniques to Analyze Network Infrastructure:- ")), newLine + newLine + highlightText(" Public IP Address Listings  ") + newLine + "- Many organizations list their IP address ranges, either explicitly (e.g., on their website or in publicly available documents) or implicitly (via DNS records). Identifying these IP ranges helps to map out the organization's network. ", newLine + newLine + highlightText(" Network Tools  ") + newLine + "- Tools like Shodan and Censys can be used to search for exposed devices and services on the internet, offering insights into the target's infrastructure (e.g., web servers, routers, and firewalls).", newLine + newLine + highlightText(" SSL Certificates  ") + newLine + "- Websites often use Secure Socket Layer (SSL) certificates, which may include details about the organization’s domain and public IP addresses. Tools like SSL Labs' SSL Test can help identify such certificates. ", newLine + newLine + "By analyzing the network infrastructure, ethical hackers can begin to map the target’s digital footprint, revealing valuable information about its network topology, exposed services, and more. "});
    }

    private static ExplanationPartModel s9_5() {
        return new ExplanationPartModel("DNS Zone Transfer", new String[]{"A DNS Zone Transfer is a method where DNS records are transferred between DNS servers. This technique is used to gather detailed information about the domain, including subdomains, IP addresses, and mail servers. If a target’s DNS servers are misconfigured to allow zone transfers, this data can be accessed without directly interacting with the target.", newLine + newLine + bigText(highlightTextPurple("Key Insights from DNS Zone Transfers ")), newLine + newLine + highlightText("Subdomains  ") + newLine + "- By retrieving the full DNS zone, ethical hackers can uncover all the subdomains associated with the domain, such as mail.target.com or ftp.target.com. These subdomains may have different security postures or be more vulnerable to attack. ", newLine + newLine + highlightText("IP Address Mapping  ") + newLine + "-  DNS zone transfers may provide mappings of domain names to specific IP addresses, helping hackers identify where web servers, mail servers, and other resources are located.", newLine + newLine + highlightText("Service Information  ") + newLine + "-  Zone transfers can also reveal records related to the services operating on those subdomains, such as mail servers (MX records) or name servers (NS records).  ", newLine + newLine + "While DNS zone transfers can yield valuable data, many modern organizations configure their DNS servers to prevent unauthorized zone transfers. However, misconfigured DNS servers still exist, making this a useful technique in passive footprinting. "});
    }

    private static ExplanationPartModel s9_6() {
        return new ExplanationPartModel("Domain Name Analysis", new String[]{"Analyzing domain names can reveal significant information about the target’s organizational structure, history, and digital footprint. The domain name itself often provides clues about the target’s business, geography, and even the technologies they use.", newLine + newLine + bigText(highlightTextPurple("What to Look for in Domain Name Analysis ")), newLine + newLine + highlightText("Registrar Information  ") + newLine + "- WHOIS data provides the registrar, which may be a known provider associated with certain types of companies or regions. ", newLine + newLine + highlightText("Historical Information  ") + newLine + "- By using tools like DomainTools or Wayback Machine, ethical hackers can gather historical data about the domain, such as old website content or previous owners. This could highlight any changes in infrastructure or ownership that might have introduced vulnerabilities. ", newLine + newLine + highlightText("TLD (Top-Level Domain) Analysis  ") + newLine + "- The domain’s TLD (e.g., .com, .org, .gov) can sometimes give insight into the geographical location or type of business. This can be helpful for identifying organizational relationships or potential targets.", newLine + newLine + highlightText("Subdomain Structure  ") + newLine + "- The structure of subdomains (e.g., “admin.target.com” or “dev.target.com”) can reveal the organization’s internal segmentation. This is useful for identifying potential areas to attack or systems that are more exposed than others."});
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static String space(int i) {
        StringBuilder sb = new StringBuilder();
        for (int i2 = 0; i2 < i; i2++) {
            sb.append("&nbsp;");
        }
        return String.valueOf(sb);
    }
}
