GREENS TECHNOLOGIES

• Greens Technologies is the name that signifies the best

training institute with placement in the field of software testing
and programming in the IT sector.We are recognized as the
best institute for software and languages course with the most
advanced and high-quality trainers. We are always being a
channel for many students as well as IT professionals where
we take them to the next level and as a result, they get placed
in good MNC companies. Apart from the regular learning and
training courses we offer language training by good experts to
make you as a good masterpiece.
• Our core competency lies with the advanced and real time
experience we have with the current real time experience we
have with the current trends in the IT industry.We not only
train, but also transform you into a perfect sculpture with our IT
development courses for delivering a world class best proven
technical solution for various companies.
• Greens Technologies is One – Stop – Solution for all those who
are looking for training and learning programs of all types
with placements.
 Introduction
• Importance of Security – Application Stack
• Okta – data breach, Sony Pictures
• What is Cybersecurity.
• Scopes in Cybersecurity
• Openings for Cybersecurity
• Pre-requisitesfor cybersecurity
• Future Opportunities and salary package
• Our Course content discussion
• Difference Between Information Security and Cyber Security
• Difference between Cybersecurity and Ethical Hacking
• Types of Hackers
• The Hacking Methodology
• Cyber Security Policies
 Networking Basics
 Basic Terminologies of Computer Networks
 Types of Enterprise Computer Networks
 Types of Computer Network Architecture
 Network Devices
 OSI Model
 Network Protocols
 Network Topology

Kali Linux
 Kali linux Setup and Tools
 Kali linux Features and Usage
 Kali Linux Commands
Threat Modelling
 Introduction to Threat Modelling:
 What is Threat Modelling?
 Why do we need Threat Modelling?
 Bugs and their role in Threat Modelling
 Understanding Vulnerabilities
 Prioritization and Risk Minimization:
 How to prioritize bugs and minimize risks
 Which projects benefit from Threat Modelling?
 When is the right time to start the Threat Modelling approach?
 Teams involved for Threat Modelling concept
 6 Steps in Threat Modelling
 STRIDE & DREAD frameworks
 Overview of Threat Modelling tools and techniques
 NMAP
• Introduction to Nmap
• Host Discovery and Ping Scanning
• Three-Way Handshake
• Nmap Scan Techniques and Port Specification
• Port States in Nmap
• Service and OS Detection, OS, and Version
Detection
• Firewall, IPS, IDS Spoofing
• Nmap Script Engine - Advanced Scanning
• ZenMap
• Conclusion
 SNORT
• Introduction to Intrusion Detection Systems (IDS)
• Intrusion Detection Methodology
• Types of Intrusion Detection and Prevention
Systems
• Snort Installation Scenarios
• Snort Fundamentals and Configuration
• Snort Rule Syntax
• Learning How to Craft Basic Snort Rules
• Detecting Known Vulnerabilities with Snort Rules
• Detecting Novel Vulnerabilities with Snort Rules
 Suricata

 Suricata Introduction
 Suricata Installation
 Configuration
 Rules

Wireshark

 Introduction
 Installation Network Activity Tracking
  Importance of Code Review
 What is SAST
Application  What is DAST
Code Review  What is IAST
 Integrating Gitlab with SAST & DAST Tools.
 How to use Gitlab as a pipeline tool.
 Sonar Cloud
• Benefits of using Sonar cloud
• Sonar cloud (Cloud-Based Accessibility) Vs Sonar qube
• Code Quality Improvement
• Early Bug Detection
• Security Vulnerability Detection
• Code Duplication Detection
• Comprehensive Code Review
• Integration with CI/CD Pipelines
• Support for Multiple Languages
• Customizable Quality Gates
 OWASP ZAP
• Benefits of using OWASP ZAP
• Open-Source flexibility
• Integration OWASP ZAP with GitLab.
• Detecting Vulnerability using OWASP ZAP.

SNYK
• Benefits of using SNYK
• Continuous Monitoring and Compliance
• Dependency Monitoring
• Early Detection of Vulnerabilities
• Integration into Development Workflow
Trivy
• Introduction to Trivy
• Trivy Installation
• OS Packages and Software Dependencies Scanning
• Docker Image and Git Repository Scanning
• Infrastructure as Code (IAC) Issues and Misconfigurations Scanning

Nessus
• Introduction to Nessus
• Nessus Installation
• Host Discovery
• Penetration Testing
• Vulnerability Assessments

Checkmarx
• Introduction to Checkmarx
• Checkmarx Installation
• Features and Advantages of Checkmarx
• Uses of Checkmarx
• Static Application Security Testing (SAST)
 Google Dorking
1. Definition and Purpose - Explanation of Google Dorking and its
applications.
2. Insight into the anatomy of URLs relevant to Google Dorking.
3. Examples and breakdown of the syntax used in Google Dorking.
4. Key principles and ethical considerations when performing Google
Dorking.
5. Explanation of Google Dorking operators and modifiers
6. Basic Operators & Advanced Operators
7. Practical aspects of Google Dorking.
8. Step-by-step guide on identifying directory listing vulnerabilities.
9. Exploring techniques to find SQL injection vulnerabilities.
10. Dorking for Web Server Versions
 OWASP Top 10 Vulnerabilities
1)Broken Access Control

2)Cryptographic Failures

3)Injections

4)Insecure Design:

5)Security Misconfiguration

6)Vulnerable and Outdated Components

7)Identification and Authentication Failures

8)Software and Data Integrity Failures

9)Security Logging and Monitoring Failures

10)Server-Side Request Forgery (SSRF)

Common Web Attacks
• SQL Injection Denial of Service (DoS) Attack
• Distributed Denial of Service (DDoS) Attack
• Man-in-the-Middle (MitM) Attack
• DNS Spoofing
• Password Attacks
• Brute Force Attack
• Phishing
• Malware
• Password Spraying
• Cross-Site Scripting (XSS)
• Server-Side Request Forgery (SSRF)

Cybersecurity Defences
 Acunetix
 Introduction
 What is Accunetix
 What Accunetix can scan
 Setting Up Accunetix
 Scanning Techniques
 Integration with DevOps
 Common Vulnerabilities Detected by Accunetix
 Best Practices for Secure Development

Splunk-SIEM
 Splunk Tool Setup
 Log Monitoring
 Splunk Features and Usage
Penetration Testing
 Definition of Penetration
 Understanding Penetration Testing
 Risk Mitigation
 Vulnerability Discovery and Remediation
 Continuous Improvement of Security Posture

 Importance of Penetration Testing

 Challenge of Penetration Testing

 Types of Penetration Testing

 Network Penetration Testing
 White Box Testing: Illuminating the Inner Workings
 Black Box Testing: Unveiling the Unknown
 Grey Box Testing: Balancing Insight and Objectivity
 Wireless Penetration Testing
 Physical Penetration Testing
  The Penetration Testing Process
 Planning: Crafting a Strategic Blueprint for Success
 Scanning
 Gaining Access or Exploitation
 Maintaining Access
 Analysis & Reporting

 Famous Tools Used in Penetration Testing

 Metasploit: Unleashing Power in Exploitation
 Nmap: Mapping Networks for Informed Security
 Wireshark: Peering into Network Traffic
 Burp Suite: Safeguarding Web Applications

MetaSploit
Modules
 Metasploit Introduction
 Definition
 History of Metasploit
 Metaspolit Modules
 Payload Module
 Exploitation Module
 Nops Module
 Auxiliary Module
 Evasion Module
 Post Exploitation Module
 Encoders Module
 Benefits of Metasploit
 Metasploit Architecture
 Benefits of Metasploit
 Conculsion

 Basics of Metasploit Framework

 Modules of Metasploit Framework
 Exploits
 Payloads
 Auxiliaries
 EncodersComponents of Metasploit Framework
 msfconsole
 Metasploit location directories
 Basic commands of Metasploit Framework
 Show command
 Search anything within Metasploit The use command
 Get the description of the module with the info command See the options you need to specify for the
modules
 Use the set command to set a value to a variable Choose the Payload
 Check if the exploit will work or not
 A penetration test walkthrough
 Target identification and Host discovery Port scanning & Service detection Vulnerability Analysis
 Exploiting Vulnerabilities
 Exploiting the VSFTPD vulnerability Keeping the sessions in the background Exploiting samba smb
 Exploiting VNC
 Burp Suite
 Burpsuite Introduction
 Burpsuite work Flow
 Burpsuite working process
 Burpsuite Package Discussion.
 Community Edition vs Professional vs Enterprise versions Discussion.
 Burpsuite Pen Testing Process.
 Burpsuite Features.
 Community Edition
 Getting started
 System requirements
 Download and install
 Configure Network and CA Certificate On Browser
 Intercepting HTTP traffic
 Modifying requests
 Setting the target scope
 Reissuing requests
 Running your first scan [Pro only]
 Generating a report [Pro only]
 Testing workflow
 Intruder Process
 Decoder Process
 Repeater process
 Target Scope And Site Map
 Proxy and Http History.
 Comparer
 Extension using BApp and API Process flow.
 Intercept Hands-On Concept
 Password Manager
• What is a Password Manager?
• Importance of Using a Password Manager.
• Password Manager - Multi-cloud Usage.
• Hands-on Experience with Password Managers
• LastPass, One password manager.
 Brute Force Attack

 Understanding the Brute force Attacks

 Strategies for Brute Force Attacks
 Best practices and Case Studies
 Continuous Improvement and Future Trends.
 Preventions Steps of Brute Force Attack
 Conculsion
AWS CLOUD SERVICES:
INTRODUCTION TO CLOUD COMPUTING
 Introduction to Cloud and AWS services
 AWS History
 Private vs Public
 IaaS vs SaaS vs PaaS
 Scope for AWS
 Features in AWS

ELASTIC COMPUTE CLOUD(EC2)

 Introduction to EC2
 Launching EC2 Server
 Hosting Web Application
 Elastic Block Store [EBS] use cases
 Elastic IP creation
  Amazon Machine Image [AMI]
 Snapshots creation from Volume

SIMPLE STORAGE SERVICES (S3)

 Creating and deleting buckets
 Adding objects to buckets
 Getting objects
 Deleting objects
 Creation of a static website using S3 storage
 Uses of S3 storage
 Working with Permissions of S3.
 Discussing lifecycles in S3
 conclusion
IDENTITY & ACCESS MANAGEMENT(IAM)
 Creation of user accounts in AWS
 Setting up multi factor Authentication (MFA)
 Roles in IAM
 Groups in IAM
 Delegation of permissions for users
 Creation of custom policies for delegation ❖ Account settings

ELB & AUTO SCALING WITH WAF

 What is Elastic Load Balancer
 Setup ELB & ASG Hands-ons
 Benefits of ELB & ASG WITH WAF
VIRTUAL PRIVATE CLOUD (VPC)
 Different types of networks that can be setup in AWS
 Understanding Public vs Private
 Creating a new VPC
 Setting up Routing Table, & Security Groups
 Creation of Internet Gateway
 Connecting to instances in the gateway
 Usage of NATGATEWAY
 OverView

KMS-Key Management Service

 Importance for encryption
 symmetric and asymmetric keys and Hands-on
RELATIONAL DB SERVICE(RDS)
 Selecting the Engine
 Configuring the Database Engine
 Creating your Database
 Setting up automatic backups
 Authorizing access to the DB via DB SecurityGroups

ROUTE 53
 Describe Hosted zones and Domain Name understanding
 How to create Hosted zones
 Hosting a website with custom domain name
 Understanding routing policies
 AWS Security Services
AWS Inspector:
• Introduction to AWS Inspector
• Overview and Purpose
• Security Assessment with AWS Inspector
• Key Concepts and Components
• Setting up AWS Inspector
• Configuring Assessment Targets
• Defining Rules Packages
• Understanding Agents and Agents Installation
• Running Assessments
• Scheduling and Executing Assessments
• Interpreting Assessment Results
• Fine-tuning Assessment Configurations
Macie:
• Introduction to AWS Macie
• Overview and Purpose
• Sensitive Data Identification
• Configuring Macie
• Enabling Macie in AWS Console
• Macie Dashboard
• Generating and Interpreting Reports
• Integration with CloudWatch
• Best Practices for Data Privacy
• Macie integration with S3
Trusted Advisor:
• Understanding AWS Trusted Advisor
• Trusted Advisor Checks Categories
• Cost Optimization Checks
• Recommendations for Cost Savings
• Resource Usage
• Security Checks
• Access Control and Permissions
• Network Security Best Practices
• Data Security Recommendations
• Performance and Reliability Checks
• Monitoring and Performance Optimization
• High Availability Best Practices
• Fault Tolerance and Redundancy
GuardDuty:
• Introduction to AWS GuardDuty
• Threat Detection and Monitoring
• Key Features and Benefits
• Configuring GuardDuty
• Enabling GuardDuty in AWS Console
• Setting Up and Managing Detectors
• Tuning Detection Settings
• Interpreting Findings and Alerts
• Understanding Findings Investigating and Responding to Alerts
AWS Secrets Manager:
• Introduction to AWS Secrets Manager
• Overview and Use Cases
• Managing Sensitive Information
• Creating and Managing Secrets
• Storing Database Credentials
• API Keys and Access Tokens
• Rotating Secrets for Security
• Integrations and Automation
• Automating Secret Rotation
• Security and Auditing
• Access Control and Permissions
• Monitoring Secret Usage
THANK YOU