ACCEPTABLE USE POLICY (AUP)
D.R.D Security Private Limited – Training Wing
Effective Date: 01 July 2026
Last Updated: 01 July 2026
Version: 1.0
- Introduction
This Acceptable Use Policy (“Policy” or “AUP”) governs the use of all digital platforms, training infrastructure, learning management systems (LMS), websites, virtual laboratories, cloud laboratories, virtual machines, cybersecurity practice environments, research platforms, discussion forums, communication channels, APIs, software, hardware, applications, and all services operated by D.R.D Security Private Limited (“D.R.D Security”, “Company”, “we”, “our”, or “us”).
This Policy applies to every visitor, student, trainee, instructor, employee, contractor, affiliate, research participant, mentor, volunteer, chapter member, guest user, and any individual or organization accessing any service provided by D.R.D Security.
Accessing or using our Services constitutes your unconditional acceptance of this Policy.
Failure to comply with this Policy may result in immediate suspension or permanent termination of access without prior notice and may lead to civil and criminal proceedings under applicable laws.
- Scope
This Policy applies to all Company-operated systems, including but not limited to:
- Official Website
- Student Portal
- Learning Management System (LMS)
- Online Courses
- Virtual Machines
- Cybersecurity Labs
- Cloud Labs
- Digital Forensics Labs
- Capture The Flag (CTF) Platforms
- Research Platforms
- AI Training Platforms
- Community Forums
- Discord Servers
- WhatsApp Communities
- Telegram Channels
- Video Conference Sessions
- Email Services
- APIs
- Internal Networks
- Remote Labs
- VPN Access
- Software Downloads
- Digital Libraries
- Cloud Storage
- Assessment Portals
- Certification Platforms
- Future digital services operated by D.R.D Security.
- Lawful Use Requirement
Users shall access and use Company Services solely for lawful educational, research, training, certification, and authorized cybersecurity purposes.
Users shall comply with all applicable laws of India, including but not limited to:
- Information Technology Act, 2000
- Information Technology (Amendment) Act, 2008
- Indian Penal Code, 1860 (or its successor legislation, where applicable)
- Bharatiya Nyaya Sanhita, 2023
- Bharatiya Nagarik Suraksha Sanhita, 2023
- Bharatiya Sakshya Adhiniyam, 2023
- Digital Personal Data Protection Act, 2023
- Copyright Act, 1957
- Trade Marks Act, 1999
- Patents Act, 1970
- Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules
- Any applicable CERT-In Directions
- Any applicable Government of India notifications
- Any other applicable central, state, or international laws.
- Strictly Prohibited Activities
The following activities are strictly prohibited under all circumstances.
4.1 Unauthorized Access
Users shall not:
- Attempt unauthorized access to any system.
- Circumvent authentication mechanisms.
- Escalate privileges.
- Exploit vulnerabilities.
- Access another user’s account.
- Attempt password guessing.
- Conduct brute-force attacks.
- Use stolen credentials.
- Use leaked credentials.
- Perform credential stuffing.
- Bypass licensing restrictions.
- Modify security controls.
4.2 Cyber Attacks
Users shall not use Company infrastructure to perform:
- Hacking
- Unauthorized penetration testing
- Malware deployment
- Virus creation
- Worm creation
- Trojan development
- Ransomware
- Spyware
- Keyloggers
- Rootkits
- Botnets
- Cryptojacking
- DDoS attacks
- DoS attacks
- Phishing
- Smishing
- Vishing
- Business Email Compromise
- SQL Injection
- XSS attacks
- CSRF attacks
- Command Injection
- Buffer Overflow attacks
- Zero-Day exploitation
- Social engineering
- Wireless attacks
- Evil Twin attacks
- Rogue Access Points
- DNS attacks
- ARP Spoofing
- MITM attacks
- Session Hijacking
- Unauthorized scanning
- Reconnaissance against third parties
- Mass exploitation
- Any offensive activity outside expressly authorized training environments.
4.3 Use Outside Authorized Labs
Training exercises are strictly limited to environments officially designated by D.R.D Security.
Users shall not:
- Attack public IP addresses.
- Attack production servers.
- Scan third-party networks.
- Test client infrastructure.
- Attack government systems.
- Attack banking infrastructure.
- Attack telecom infrastructure.
- Attack educational institutions.
- Attack healthcare systems.
- Attack cloud providers.
- Attack any individual or organization without explicit written authorization.
Any misuse shall be solely the responsibility of the user.
4.4 Malware
Users shall not upload, distribute, develop, execute, transmit, or host:
- Malware
- Viruses
- Trojans
- Ransomware
- Spyware
- Keyloggers
- Malicious payloads
- Exploit kits
- Malicious scripts
- Backdoors
- Remote Access Trojans
- Credential stealers
- Botnet software
- Cryptocurrency miners
- Obfuscated malicious code
- Weaponized exploits
- Any malicious software intended for unlawful use.
4.5 Intellectual Property Violations
Users shall not:
- Copy course materials.
- Redistribute training content.
- Record live classes without written permission.
- Sell Company content.
- Upload pirated software.
- Share licensed tools.
- Share paid course materials.
- Remove copyright notices.
- Reverse engineer proprietary software unless expressly permitted by law.
- Misuse Company trademarks or branding.
4.6 Academic Misconduct
Users shall not:
- Cheat during examinations.
- Impersonate another candidate.
- Share examination answers.
- Use unauthorized AI tools where prohibited.
- Circumvent examination controls.
- Manipulate grading systems.
- Submit plagiarized assignments.
- Purchase assignments.
- Share certification assessments.
- Use unauthorized proxies during examinations.
4.7 Community Abuse
Users shall not:
- Harass other users.
- Bully participants.
- Threaten individuals.
- Publish defamatory statements.
- Spread misinformation.
- Promote hate speech.
- Discriminate based on protected characteristics.
- Publish obscene or unlawful content.
- Share confidential information.
- Spam communities.
- Advertise without authorization.
- Create fake accounts.
- Impersonate staff.
- Misrepresent affiliation with D.R.D Security.
4.8 System Abuse
Users shall not:
- Consume excessive resources.
- Abuse virtual machines.
- Mine cryptocurrency.
- Host unrelated websites.
- Run unauthorized servers.
- Perform bandwidth abuse.
- Attempt persistence after account suspension.
- Bypass usage quotas.
- Modify system configurations.
- Disable security monitoring.
- User Responsibilities
Users agree to:
- Maintain confidentiality of credentials.
- Use strong passwords.
- Enable Multi-Factor Authentication where available.
- Report suspected vulnerabilities responsibly.
- Immediately report compromised accounts.
- Keep contact information accurate.
- Maintain professional conduct.
- Follow instructor guidance.
- Respect intellectual property rights.
- Protect confidential information.
- Responsible Vulnerability Disclosure
If a user discovers a security vulnerability affecting Company systems, the user shall:
- Report the issue privately to D.R.D Security.
- Avoid public disclosure before written authorization.
- Not exploit the vulnerability beyond what is reasonably necessary to verify its existence.
- Not access unrelated data.
- Not modify or destroy information.
Responsible reporting shall not guarantee immunity from legal action if activities exceed authorized testing.
- Monitoring and Logging
To protect users and Company infrastructure, D.R.D Security reserves the right, to the fullest extent permitted by law, to:
- Monitor user activity.
- Log authentication events.
- Record IP addresses.
- Monitor network traffic.
- Record laboratory activity.
- Capture audit logs.
- Monitor downloads.
- Monitor uploads.
- Preserve digital evidence.
- Investigate suspicious activities.
- Cooperate with law enforcement authorities.
Users should have no expectation of privacy while using Company infrastructure except as required under applicable law.
- Enforcement
Violation of this Policy may result in one or more of the following actions without prior notice:
- Warning
- Temporary suspension
- Permanent account termination
- Revocation of certifications
- Removal from courses
- Cancellation of memberships
- Blocking of IP addresses
- Confiscation of lab access
- Reporting to educational institutions
- Reporting to employers where appropriate and legally permissible
- Reporting to CERT-In
- Reporting to law enforcement agencies
- Civil legal proceedings
- Criminal prosecution
- Recovery of damages
- Recovery of investigation costs
- Recovery of legal expenses.
- Limitation of Liability
Users acknowledge that they are solely responsible for their actions while using Company Services.
D.R.D Security shall not be liable for any loss, damages, prosecution, penalties, claims, liabilities, or legal consequences arising from a user’s misuse of Company infrastructure or violation of applicable law.
- Indemnification
Users agree to defend, indemnify, and hold harmless D.R.D Security Private Limited, its directors, officers, employees, instructors, consultants, affiliates, partners, licensors, successors, and agents from and against any and all claims, liabilities, damages, losses, penalties, costs, expenses, investigations, judgments, settlements, and reasonable legal fees arising out of or related to:
- Violation of this Policy;
- Violation of applicable law;
- Infringement of intellectual property rights;
- Misuse of Company systems;
- Unauthorized or unlawful activities conducted using Company Services.
- Reservation of Rights
D.R.D Security reserves the absolute right, at its sole discretion, to:
- Suspend or terminate access;
- Restrict functionality;
- Remove content;
- Modify or discontinue services;
- Update security controls;
- Amend this Policy at any time.
Continued use of the Services following publication of any amendments constitutes acceptance of the revised Policy.
- Governing Law and Jurisdiction
This Policy shall be governed by and construed in accordance with the laws of the Republic of India.
Any dispute arising out of or relating to this Policy shall be subject to the exclusive jurisdiction of the competent courts located in Lucknow, Uttar Pradesh, India, unless otherwise required by applicable law.
- Contact Information
D.R.D Security Private Limited
Training Wing
Email: legal@drdsecurity.com
Website: https://drdsecurity.com
For reporting security vulnerabilities, abuse, copyright complaints, or violations of this Policy, users should contact the Company through the official channels published on the Company’s website.

