Spider R&D

Software Task 1
Greetings from SPIDER R&D!

Welcome to the SPIDER R&D Inductions ‘25! Over the upcoming weeks, you
will take on a series of tasks designed to help you learn and explore different
areas of technology and research.

The inductions will be conducted in two stages:

1. Task 1
2. Task 2

This is Task 1, divided into two sections: Common and Domain-Specific.

For Task 1, you are required to complete:

1. Three Basic Tasks: Choose any three tasks from the following areas:
○ Computer Networking
○ Cyber Security
○ Application Development
○ UI/UX
○ Blockchain
○ Machine Learning

2. One Domain-Specific Task (mandatory): Choose one task from the

following specialized areas:
○ Computer Networking
○ Cyber Security
○ Application Development
○ UI/UX
○ Blockchain
○ Machine Learning
Getting Started

The tasks are designed to cater to a range of skill levels, ensuring that
even beginners can learn and progress. While you may encounter
challenges along the way, perseverance is key. It is normal to face
difficulties; overcoming them will be part of your learning experience.

Support and Resources

If you run into any issues or need assistance, do not hesitate to reach out
to any member of the club. We are here to help you navigate through the
tasks and ensure a fruitful learning journey.

General Instructions:

● Carefully read and comprehend the problem statement before you

begin.Misunderstandings and incorrect completion of tasks will not be
acceptable. Do not hesitate to seek clarification if you're unsure about
any aspect.
● The goal is for you to understand the underlying concepts and write
your own code. While it's okay to look up code snippets for reference,
directly copying someone else's code is forbidden.
● For complex tasks, divide them into smaller, manageable modules.
Focus on completing each module individually. This approach makes
the task easier and ensures steady progress and a sense of
accomplishment as you complete each part.
● The Internet is a powerful tool. Use it to search for solutions to your
queries and doubts. Most questions can be resolved with a quick
search. However,make sure you understand the solutions you find
and can explain them.
● If you encounter any issues or have any questions, feel free to
contact us.
 You can post your queries in the WhatsApp group or send a private
message to one of us. We are here to support you and provide
guidance as needed.
● Write clear and concise documentation for your code. Use
comments to explain the purpose of complex code sections. This will
not only help others understand your work but also aid you in
recalling your thought process later.
● Test your code thoroughly to ensure it works as expected. Debug
any issues that arise and verify that all parts of your code function
correctly. Consider edge cases and test your code under different
scenarios.
● Use version control systems like Git to keep track of changes in
your code. This allows you to revert to previous versions if something
goes wrong.
● The deadline for Task 1 is 2nd June.

🙂
We are excited to have you on board and look forward to see your
progress. Good luck from the Spider R&D family!
BASIC
TASKS
Application Development

Hammer Strength Game

Note: You can develop it as a web or mobile application.

Create an interactive fairground-style "Hammer Strength Test" game where

players aim for precision and timing.

Core Features:

●​ A stick/needle swings back and forth continuously between 0° and 180°

●​ The player clicks a button or presses a key to stop the swing
●​ The closer the final angle is to 90°, the higher the score
●​ A perfect stop at 90° gives the maximum score of 100
●​ The score decreases linearly (or exponentially) as the stopped angle
deviates from 90°
●​ Use the provided images to design the game layout:
○​ Strength meter background – shows the arc (without the hammer)
○​ Hammer image – to represent the hit action or placed decoratively
●​ Build a basic UI that integrates these visuals
●​ After the stop, display the final score clearly to the player

Brownie Points Challenges:

●​ Variable Speed: Stick swings between 0°–180° with realistic motion —

faster near 90°, slower at edges.
●​ Two-Player Mode: Each player takes one turn. Use different keys or
alternate input. Compare scores and declare the winner.

The task will be evaluated based on the following:

●​ UI and Creativity
●​ Completion of task
●​ Responsiveness and Clean code

Assets:
Resources
Computer Networking

This analysis aims to provide insights into the traffic patterns and behaviors
within a basic PCAP file. The capture likely contains multiple protocols and file
transfers, which may highlight potential signs of interest or suspicious activity.

Please make sure to go through all the resources provided to you to better
understand the concepts behind network traffic, packet captures, and common
protocols. This will help you accurately answer the questions below and enhance
your understanding of packet analysis.

PCAP File:
https://drive.google.com/drive/folders/1qUph4Y9dmgcAiNmm3srn0KS4zGpnwdlI?usp=sharing

Analysis Questions:

1.​ What types of traffic (HTTP, DNS, FTP, etc.) are present?​

2.​ How many DNS queries were made in total?​

3.​ What types of DNS queries were made?​

4.​ What is a Loopback Interface?​

5.​ How many .txt files were requested? List their names.​

6.​ One .txt file contains base64-encoded content. Identify and decode it.
What does it contain?​

7.​ Was any attempt made to distract the analyst using decoy files? Explain.​

8.​ Are there any known ports being used for uncommon services?​

9.​ How many HTTP GET requests are visible in the capture?​
 10.​ What User-Agent was used to make the HTTP requests?

Once you have answered all of the questions above, please compile your
responses into a document and submit it. Ensure that your answers are clear
and concise, and make use of the resources provided to understand the relevant
concepts.

Resources:

Wireshark:
https://www.wireshark.org/download.html
https://www.wireshark.org/docs/wsug_html_chunked/
​
Wireshark Basics (Packet Sniffing):
https://www.youtube.com/watch?v=qTaOZrDnMzQ
CyberSecurity

Google Dork-Based Asset Discovery

Using Google Dorks, enumerate digital artifacts (documents, credentials, login
panels, backups, and configurations) exposed on the internet for a given target
organisation (perform for atleast 3-4 organisations) using publicly available
Google search techniques.

Instructions:

Step 1: Target Setup

You are given a domain: tesla.com

You may use any ethical/educational targets of your choice, such as

example.com, google.com, or any .edu/.gov/.org domain.

Step 2: Use Google Dorks to Find and Record the Following:

●​ Public Documents (PDF, XLSX, DOCX,etc)

●​ Login Pages / Admin Panels
●​ Public Backup / Config Files
●​ Exposed Logs / Errors
●​ Emails & Contact Info
●​ Git Folders and Env Files

Deliverables:

1.​ A simple report (text or markdown) including:

○​ Dorks used
○​ 2–3 valid results per category (with links or screenshots)​

Resources:
https://youtu.be/H1zKQ7z3hN4?si=qDvNxfKA3cwT3RPb
https://youtu.be/hrVa_dhD-iA?si=HoNmq_gqpgjLiIYu
https://www.exploit-db.com/google-hacking-database
UI/UX

Coffee House
Design a landing page for a coffee company featuring a dynamic hero
section, interactive product showcase, customer testimonials, and key
relevant information.

Resources

Figma resources are readily available on the internet and you can choose
any one of them to learn the basics. You can refer to the following
resources as well :

1.Figma Basics : https://youtu.be/bI6q16ffdgQ?feature=shared

2. Practice : https://youtu.be/bI6q16ffdgQ?feature=shared

3. 3D Animations in figma prototyping:

https://youtu.be/hb1NDTdVZUI?feature=shared
https://youtu.be/J6DjxHXXZGw?feature=shared

Make sure to learn different features in figma and implement in your design
such as autolayout , prototyping etc

​
Blockchain
Polynomic Vault
Implement the core logic of Shamir’s Secret Sharing Scheme, a fundamental
cryptographic method used to split a secret (like a private key) into multiple parts,
such that only a subset (threshold) of them is needed to reconstruct the original
secret.

Implement SSS in your preferred programming language (Python/JavaScript

recommended).

Use polynomial-based splitting to divide a number (secret) into n shares.

Require only k out of n shares to reconstruct the secret.

Demonstrate the reconstruction using Lagrange Interpolation.

Resources:

Basics of Cryptography
●​ https://www.geeksforgeeks.org/cryptography-tutorial
●​ https://www.oracle.com/java/technologies/jpl2-crypto.html
Devops
Context

A monorepo in Spider has been compromised. Malicious configuration files (.env)

were found containing suspicious environment variables. As part of the DevOps
team, you are assigned to audit, sanitize, and secure the repository contents.

Task Overview
Create a Bash-based tool named vault_sweeper to:

1.​ Recursively scan specified directories for sensitive or malformed

environment files.
2.​ Validate and sanitize the contents of these files based on security
constraints.
3.​ Create a directory called logs/ and add the respective logs in it. Create a
user called maintainer and ensure the directory can be accessed only by
the same.
4.​ Collect and log metadata such as file user, permissions, ACLs, and
modification details inside the logs/ directory.
5.​ Generate secure output files from valid data.

File Discovery and Validation

1.​ File Discovery:
●​ Take one directory path as input.
●​ Go through all files and folders inside it (including hidden files),
checking them one by one.
●​ Look for environment files (.env, .env.example, etc.).
2.​ Validation and Sanitization:
●​ Check each line in the environment files.
●​ Keep only the valid environment variables.
●​ Remove lines that are unsafe or incorrectly written.
3.​ Rules for Validation:
 Valid Lines (Keep these):
●​ API_KEY=validkey123 # No spaces around
`=`, only letters/numbers/underscores in key
●​ SAFE_ONE=value1 # Correct format
●​ DEBUG=false # Correct format

Invalid Lines (Reject these):

●​ PASSWORD = secret123 # Space around

equals sign
●​ SERVER-NAME=web01 # Hyphen in variable
name
●​ export PATH=$PATH:/tmp # Modifies PATH
variable
●​ USER_EMAIL="admin@example" # Unnecessary quotes
●​ LOG_LEVEL= info # Space after equals
sign

Reject any key like PASSWORD, SECRET, TOKEN, or any key that
modifies

system variables like PATH.

4.​ Metadata and Logging:

Capture and log the following in metadata.log file inside the logs directory
made earlier:

●​ File path
●​ User, permissions
●​ ACLs and extended attributes
●​ Number of valid/invalid lines
●​ Identity of last modifier
●​ Rejected lines
 Example: metadata.log

●​ File: /path/to/repo/.env
●​ User: UID=1001 (user1), GID=1001 (group1)
●​ Permissions: 0644
●​ Valid Lines: 3
●​ Invalid Lines: 5
●​ Rejected Lines:
■​ - PASSWORD = secret123
■​ - SERVER-NAME=web01
■​ - export PATH=$PATH:/tmp
■​ - USER_EMAIL="admin@example"
■​ - LOG_LEVEL= info

Output

●​ Store sanitized variables in a secure environment file named .env.sanitized.

●​ Save all logs and metadata in a separate metadata.log file.
●​ Ensure proper file permissions and ownership.

Example Secure Environment File:

●​ API_KEY=validkey123
●​ SAFE_ONE=value1
●​ DEBUG=false

Bonus Task
●​ Detect and log files with SUID, SGID, sticky bit, or extended attributes.
●​ Prompt the user whether to lock down sanitized files.
●​ Set up a scheduled cronjob with a scan script that sends an alert to a specific user when
issues are detected.

Example Suspicious File Detection:

●​ Warning: File /path/to/repo/.env has world-writable permissions (0666)

●​ Warning: File /path/to/repo/config.sh has execute permissions (0755)​
Deliverables
●​ A script that implements all requirements
●​ Sample input files (malformed and valid)
●​ Generated secure output and log files under a vault/ directory

Resources:
●​ Bash Guide for Beginners by Machtelt Garrels.
●​ Advanced Bash-Scripting Guide by Mendel Cooper.
●​ Linux Basics For Hackers
Machine Learning
Vehicle Image Classification

You are given a dataset containing a curated set of images of various types
of motor vehicles across 7 classes: Auto Rickshaws, Bikes, Cars,
Motorcycles, Planes, Ships, and Trains. You have to use a pre-existing
model - ResNet18 to classify these images into their respective categories.

Link to Dataset:
https://www.kaggle.com/datasets/mohamedmaher5/vehicle-classification

●​ Upload the Vehicles dataset folder to Google Colab.

●​ Enable GPU by going to Runtime > Change runtime type and
selecting GPU.
●​ Import necessary libraries like torch, torchvision, os, and matplotlib.
●​ Load and preprocess the dataset using ImageFolder with resizing,
normalization, and tensor conversion.
●​ Import ResNet18 from torchvision.models and replace its final layer
with one that has 7 output classes.
●​ Train the model on the entire dataset for a few epochs using an
optimizer and loss function.
●​ Print the final loss and accuracy after training with a test dataset
(include validation set if needed).
●​ Choose one image from each class, run predictions using the trained
model, and display the results with matplotlib.

Resources:
1.​ Google colab:
Google Colab Tutorial for Beginners | Get Started with Google …
Upload the dataset to collab in the upload section in the left side.
2.​ PyTorch: https://www.learnpytorch.io/
3.​ OpenCV: https://www.youtube.com/watch?v=oXlwWbU8l2o&t=2151s
 4.​ NumPy: https://www.youtube.com/watch?v=QUT1VHiLmmI
5.​ Pandas: https://www.youtube.com/watch?v=vmEHCJofslg&t=3176s
6.​ Matplotlib: https://www.youtube.com/watch?v=3Xc3CA655Y4

Note: You are allowed to utilize all resources available online. You will be
evaluated in the PIs based on your code and your conceptual
understanding gained from the given resources. Do not simply copy paste
from AI.

Evaluation Criteria:
You will be judged based on your ability to complete the mentioned task
with the highest accuracy given the model and the dataset to be used. You
will also be judged based on the theory behind the task and some other
basic concepts of AI and ML in your following PI.

Some resources that can be followed to learn the theoretical concepts

could be:
1.​ https://cs50.harvard.edu/ai/2024/
2.​ Resnet Explained

Submission details:
Code + Proper Comments in Google Collab. ​
Further details will be sent with the submission link.

Expected output:
DOMAIN
SPECIFIC
TASKS
Application Development

Disc Battle 4

Note: You can develop either a web application or a mobile application for
completing the tasks

Binod and Vinod are tired of playing the same old board games over and over
again. Determined to break the monotony, Binod decides to create a two-player
game that is strategic and packed with new features, and exciting power-ups to
keep the players engaged. Help him code the game with the following rules.

Rules:
●​ Two players take turns dropping red and yellow coloured discs into the
chosen columns in a 6-row×7-column grid.

●​ The disc falls to the lowest available space in the chosen column.

●​ At the start of each turn, the opponent selects one column to block. The
current player is not allowed to drop a disc into the blocked column during
that turn.
Example:
❖​ It's Player 1's turn.
❖​ Player 2 blocks column 4.
❖​ Player 1 cannot drop their disc into column 4 for that turn.

After blocking, there must be at least one available column where the
current player can drop a disc. If not, then no column should be blocked for
that turn.

●​ The goal is to connect 4 discs of the same colour - vertically, horizontally,

or diagonally.

●​ The first player to do so wins. If the board fills up without any winner, then
it’s a draw.

Level 1:
●​ Implement the game with the above mentioned rules.
 ●​ Include a timer for each player. If the timer reaches zero, the opponent
wins.
●​ Include a leaderboard that is displayed at the end of each game. Use local
storage to persist scores/statistics across sessions.

Level 2:
●​ Allow each player a limited number of power-ups that can be used
strategically throughout the game (like extra time, reducing opponent’s
time, extra turn for the player, etc). You can include your own custom
power-ups also.
●​ Include sound effects in the game and provide a toggle to enable or
disable sound effects.
●​ Provide an option to change from light themed background to dark themed
background and vice versa.

Level 3:
●​ Implement an undo feature in the game.
●​ Implement a feature where the user can see a replay of the game.

Note: Completion of Level 1 is sufficient for completing the task. But it is

recommended to complete Level 2 and 3 for extra points.

The task will be evaluated based on the following:

●​ UI and Creativity
●​ Completion of task
●​ Responsiveness and Clean code

Resources:

For Web:
Docs:
●​ HTML Tutorial
●​ Learn CSS
●​ JavaScript Tutorial
●​ The Modern JavaScript Tutorial
●​ MDN Web Docs
Videos:
●​ HTML Crash Course For Absolute Beginners
●​ CSS Crash Course For Absolute Beginners
●​ JavaScript Crash Course For Beginners

For Mobile Application:

1.​ React Native:
●​ Installation and Setup
●​ React Native Documentation : React Native Documentation
●​ React Native courses:
❖​ The Complete React Native Course: from zero to hero by
programming with Mash: react native course
❖​ FreeCodeCamp: free code camp tutorial
❖​ Building a full stack React Native app crash course: Building
a full stack react native app

2.​ Flutter:
●​ Installation and Setup
●​ Flutter Documentation : Documentation
●​ Flutter Tutorial for Beginners by Net Ninja :
❖​ Old playlist:
https://youtube.com/playlist?list=PL4cUxeGkcC9jLYyp2Aoh6h
cWuxFDX6PBJ&si=6zTcRvPUptV2vFaP
❖​ New playlist:
https://youtube.com/playlist?list=PL4cUxeGkcC9giLVXCHSQ
mWqlHc9BLXdVx&si=wcQ2os0MRYSipmzn
●​ Flutter Master class by Mitch Koko:
https://www.youtube.com/watch?v=TclK5gNM_PM
Computer Networking

You are hired as a network engineer to design and implement a secure and
scalable computer network for a newly established office. The office consists of
multiple departments distributed across the floor as shown in the provided floor
plan. Your task is to ensure robust connectivity and efficient resource sharing.
Use Cisco Packet Tracer to simulate a office network with the below details

Requirements:

Teams Number of Data Ports Required

Engineering 16

Sales 8

Marketing 4
Admin 4

MR 8

IT 4

Servers 4

Total 48
Switch Configuration

Router Configuration

VLAN Name VLAN No Network ID Router Interface Default Gateway

Engineering 10 192.168.1.0/24 Fa0/0.10 192.168.1.1/24

Sales 20 192.168.2.0/24 Fa0/0.20 192.168.2.1/24

Marketing 30 192.168.3.0/24 Fa0/0.30 192.168.3.1/24

Admin 40 192.168.4.0/24 Fa0/0.40 192.168.4.1/24

MR 50 192.168.5.0/24 Fa0/0.50 192.168.5.1/24

IT 60 192.168.6.0/24 Fa0/0.60 192.168.6.1/24

Servers 70 192.168.7.0/24 Fa0/0.70 192.168.7.1/24

Procedure:

●​ Connect The Switches and Routers

●​ Configure Host Name, trunk ports and VTP in S1,S2,S3 and S4
●​ Configure Host Name and enable the interface fa0/0 in R1
●​ Create VLAN database in S1
 ●​ Allocate ports to VLANs in S1,S2,S3 and S4
●​ Configure sub interfaces in the router
●​ Configure DHCP server and test it
●​ Configure WEB server and test it
●​ Configure DNS server and test it

Resources:

Networking Concepts:​

Networking Fundamentals Part 1: https://youtu.be/q4TFy4YpNsE

Networking Fundamentals Part 2: https://youtu.be/XtrCwLlqrFk

TCP IP Model – Introduction : https://youtu.be/9YJnoaL2dYk

TCP IP vs OSI: https://youtu.be/IiFCJQ8AoJU

TCP IP Application Transport Layers : https://youtu.be/zJi8M06vAzU

TCP IP Network Layer: https://youtu.be/mAtjhOTKDWY

TCP IP Data Link, Physical layers: https://youtu.be/OncryuCGdmI

IPv4 Subnetting Part 1: https://youtu.be/lLCv-4vK5Sc

IPv4 Subnetting Part 2: https://youtu.be/ALOGBUHHSL0

IPv4 Subnetting Part 3: https://youtu.be/JtZn4RhcmbY

Networking Simulation Softwares:​

GNS3: https://docs.gns3.com/docs/
Cisco Packet Tracer:
https://skillsforall.com/resources/lab-downloads?courseLang=en-US
https://skillsforall.com/skillsforall/files/Cisco_Packet_Tracer_Download_and_Insta
llation_Instructions.pdf

Wireshark:
https://www.wireshark.org/download.html
https://www.wireshark.org/docs/wsug_html_chunked/

Additional Concepts:​

MAC Addressing & ARP: https://www.youtube.com/watch?v=cn8Zxh9bPio

​
DNS (Domain Name System): https://www.youtube.com/watch?v=72snZctFFtA
​
DHCP (Dynamic Host Configuration Protocol):
https://www.youtube.com/watch?v=e6-TaH5bkjo
​
NAT (Network Address Translation):
https://www.youtube.com/watch?v=FTUV0t6JaDA
​
Routing Basics: https://www.youtube.com/watch?v=vevwaRi_KBk
​
Switching vs Routing: https://www.youtube.com/watch?v=O5jAQwAN8mo
​
Firewall Basics: https://www.youtube.com/watch?v=Fli0GD_9OEU
​
Wireshark Basics (Packet Sniffing):
https://www.youtube.com/watch?v=qTaOZrDnMzQ
​
Basic Network Commands: https://www.youtube.com/watch?v=rurs7cdT5cc
Blockchain
Decentralized Research Vault:

Bharani is part of a research group that frequently uploads important papers and
findings. However, the team wants a way to store documents in a decentralized,
tamper-proof system so authorship can be proved, and data can’t be lost or
manipulated. Bharani decides to build a decentralized app that leverages
Ethereum and IPFS. Help Bharani build this system with the following features:

Concept:

A decentralized platform where users can upload research papers. Each upload
is stored on IPFS and logged permanently on Ethereum with author details,
timestamp, and IPFS hash. In advanced levels, papers will be minted as
soulbound NFTs to prove authorship without making them transferable.

Level 1: Core Concepts — Ethereum + IPFS

●​ Implement a frontend form to: (Prefer React or js framework)​

○​ Upload PDF research papers.​

○​ Input paper title and author name.​

●​ Store the uploaded paper on IPFS (via web3.storage, Infura, or Pinata).​

●​ Deploy a simple Ethereum smart contract with:​

○​ uploadPaper(title, author, ipfsHash) function.​

○​ Paper struct with fields: title, author, ipfsHash, uploader

address, timestamp.​

●​ On submission, interact with the contract to store the metadata.

 ●​ Display a public feed of all uploaded papers using on-chain data + IPFS
links.
●​ Add wallet connection via Metamask.
●​ Use Sepolia or Polygon Mumbai for testing.

Level 2: Ownership & Identity — Soulbound NFTs + Validation

●​ Extend the system to mint a non-transferable (soulbound) NFT when a

paper is uploaded, using the author's wallet address as the owner.​

○​ Include metadata like title, ipfsHash, author, timestamp.​

○​ Use OpenZeppelin contracts with restrictions on transfer functions.​

●​ NFTs should be viewable in the frontend under a "My Uploads" section.​

●​ Validate whether an address is the original uploader using ownerOf()

checks.

Bonus:

●​ Add a badge/reputation system for users based on number of uploads.

Level 3: Integrate zero-knowledge proofs for selective disclosure:

●​ Allow researchers to prove ownership of papers without revealing their full

identity.
●​ Enable users to prove they have access to a paper without revealing which
specific paper.
●​ Implement a zkSNARK or zkSTARK protocol for privacy-preserving
verification.
Resources

Complete Blockchain architecture and implementation

Learn Blockchain, Solidity, and Full Stack Web3 Development with JavaScr…
Lesson 0 | Introduction - Solidity & Foundry Full Course

https://www.geeksforgeeks.org/blockchain/
https://cryptozombies.io/

Solidity official documentation (optional):

https://docs.soliditylang.org/en/v0.8.30/introduction-to-smart-contracts.html
CyberSecurity
Level 1: Recon

Objective:​
Understand the surface of a web application using reconnaissance tools and
manual inspection.

Task:

●​ Perform recon on http://testphp.vulnweb.com

●​ Identify and document:​
• IP address​
• DNS info​
• Tech stack (server, CMS, etc.)​
• Subdomains (if any)​
• Open ports/services​
• Directory structure (using ffuf, dirsearch)​
• Page titles, parameters, forms
●​ Identity difference between passive and active recon.

Tools:​
nslookup, whois, nmap, whatweb, httpx, ffuf, dirsearch, subfinder,
waybackurls, etc

Level 2: OWASP Top 10 Vulnerabilities (Lab Practice)

Objective:​
Learn about common web app vulnerabilities and how to exploit them safely.

Task:​
Study and practice OWASP Top 10 vulnerabilities like:

●​ SQL Injection (SQLi)

●​ Cross-Site Scripting (XSS)
●​ Insecure Direct Object References (IDOR)
 ●​ And others from the OWASP list​

Platforms:

●​ PortSwigger Labs → https://portswigger.net/web-security

●​ OWASP Juice Shop (online/local setup)

Level 3: Live Recon & Exploitation

Objective:​
Apply knowledge from Level 1 & 2 on the Spider Server

Task:

●​ Perform recon on the Spider Server​

●​ Find and document:​

• IP address, OS, and tech stack​
• Services in use​
• Hidden subdomains​
• One subdomain hosts an intentionally vulnerable app – try exploiting it​

Submission:

●​ Asset find out, active and inactive domains, IPs, DNS records
●​ Recon & exploitation report with learnings
●​ Screenshots of bugs or proof-of-concepts (PoC)
●​ Payloads & methods used
●​ References and tools utilised

Resources
Kali Linux Setup
 ●​ Virtual Machine (Recommended for Beginners)
○​ Use: VirtualBox or VMware Workstation Player for Windows , For
mac use UTM
○​ Kali ISO: https://www.kali.org/get-kali/
○​ Guide: Kali Linux VM Installation Guide
●​ Windows Subsystem for Linux (WSL2)
○​ Use: Kali on WSL2 (for Windows users not comfortable with VMs)
○​ Guide: Kali on WSL Setup

Kali Linux on Windows in 5min (WSL 2 GUI)

Install Kali Linux on Windows 11

Kali Linux on Mac M1 & M2 using UTM

Linux Basics
Once setup is done , refer to these videos if you starting with Linux and wanted
to explore
Linux for Ethical Hackers (Kali Linux Tutorial)
Basic of linux
linux

Practice

●​ Bandit (OverTheWire):

Complete at least levels 0-20 of Bandit

Networking Basics

Topics to Cover:

●​ OSI Model & TCP/IP Model

●​ IP addressing, Subnetting
●​ Ports and Protocols (TCP vs UDP)
●​ DNS, DHCP, NAT
●​ Common networking commands (ping, traceroute, dig, netcat,
telnet,whois,SSH)
 https://www.youtube.com/@NetworkChuck
https://www.youtube.com/playlist?list=PLc5rXIqickU1fJkB1vmgedDQa3QO
HNPxY

Intro to Networking

https://hackertarget.com/nmap-cheatsheet-a-quick-reference-guide/

Bug Bounty Resources

Burpsuite

Web Security Academy (PortSwigger): https://portswigger.net/web-security

active-passive-reconnaissance

Red Team Reconnaissance Techniques

Web Application Pentesting

https://www.youtube.com/c/InsiderPhD
UI UX
Jewellery Company Website
Your client is Pandora, a leading international jewellery brand, which designs,
manufactures and markets hand-finished and contemporary luxury jewellery
made from high- quality materials at accessible price points.

They have come to you seeking help. They want to go online where they can
showcase their design collection and make it accessible to international
customers as well.

Design a high-fidelity mockup for their website, incorporating modern design

elements and advanced Figma features such as 3D animation and prototyping.
Create a moodboard, User journey and wireframes for the pages and then
design the website with them. The website can have upto 5 - 8 pages.

Bonus Task for Brownie points:

As a UI/UX developer, you are expected to know the frontend tech stack as
well. After designing the website, provide the frontend code for it.

Resources:

Figma resources are readily available on the internet and you can choose
any one of them to learn the basics. You can refer to the following
resources as well :

1.Figma Basics : https://youtu.be/bI6q16ffdgQ?feature=shared

2. Practice : https://youtu.be/bI6q16ffdgQ?feature=shared

3. 3D Animations in figma prototyping:

https://youtu.be/hb1NDTdVZUI?feature=shared
https://youtu.be/J6DjxHXXZGw?feature=shared

Make sure to learn different features in figma and implement in your design
such as autolayout , prototyping etc.
Devops

Dockerizing a Web Application

Containerization has become a fundamental practice in modern development
and operations workflows. Docker, as the leading containerization platform,
allows developers to package applications with all their dependencies into
standardized units called containers, ensuring consistent behavior across
different environments. This task will help you understand the practical aspects of
containerizing a simple web application using Docker.

Concept and Overview

Your task is to containerize a full-stack web application using Docker and Docker
Compose. The application consists of a React frontend, a Rust backend using
Actix-Web framework, and a PostgreSQL database.

Repo Link: Devops-Inductions-25-Task1 repository

The process involves:

1.​ Understanding the application structure and dependencies

2.​ Creating appropriate Dockerfile(s)
3.​ Building and running Docker containers
4.​ Implementing best practices for containerization
5.​ (Advanced) Setting up multi-container environments with Docker Compose

Task Details

Level 1: Basic Dockerization

●​ Create a Docker setup that allows all components of the application to run in containers:
●​ Frontend (React)
●​ Backend (Rust/Actix-Web)
●​ Database (PostgreSQL)

●​ Fork and clone the repository:

https://github.com/Vedansh-05/Devops-Inductions-25-Task1
●​ Examine the application structure to understand its components
●​ Create a Dockerfile in the respective directory with:
○​ An appropriate base image
 ○​ Required dependency installations
○​ Copy application files
○​ Expose necessary port(s)
○​ Define the command to start the application
●​ Build the Docker image
●​ Run a container from your image and verify the application works
●​ The containers should be properly networked so that they can communicate with each
other
●​ Document your process and any challenges faced(Important)

Level 2: Advanced Containerization

●​ The containers should be properly networked so that they can

communicate with each other
●​ Push your image to a public registry (Docker Hub)
●​ Create a .dockerignore file to exclude unnecessary files
●​ Create a Docker Compose setup for the application
○​ Create a docker-compose.yml file in the root directory
○​ Define all three services (frontend, backend, database)
○​ Configure networking between containers
○​ Set up environment variables
○​ Define volumes for data persistence
○​ Implement container networking

Deliverables
1.​ Complete Dockerfile(s)
2.​ Docker Compose file
3.​ Documentation explaining:
○​ Your approach and reasoning
○​ Instructions to build and run the application
○​ Challenges faced and solutions implemented
4.​ Create a README.md file explaining how to:
○​ Build and run the application using Docker Compose
○​ Access the application once it's running
○​ Troubleshoot common issues
5.​ Submit a link to your repository
Resources:
-​ https://www.markdownguide.org/
-​ https://docs.docker.com/
-​ https://docs.docker.com/get-started/
-​ https://docker-curriculum.com/
-​ https://www.freecodecamp.org/news/the-docker-handbook/
Machine Learning

The domain specific task for Machine Learning will be released along with the
hardware and research aspect of the task separately soon. If you wish to pursue
this domain specifically then wait for the updates on the task in the
announcements group in whatsapp. In the meantime get ready for some drilling
during your PI on the theory and code of the task :)
ALL THE BEST
FOR YOUR
INDUCTIONS!