 Welcome to the Hack Your Future with Cybersecurity projects. I'm thrilled to have you here as we embark on this exciting journey into the world of cybersecurity. The field of cybersecurity can be both fascinating and challenging to break into. With the increasing complexity of digital threats and the demand for skilled professionals, it's no wonder that many aspiring individuals find it difficult to enter this ever-evolving industry. But fear not, in this course I will be your trusted guide, leading you through the all the necessary steps to successfully launch your cybersecurity career. Throughout this course, we will focus on five major steps that will pave the way for your entry into the cybersecurity field. Each step is designed to provide you with the knowledge, experience and skills needed to stand out and secure your dream job. The first step is all about self-discovery. We will start by identifying the specific role within cybersecurity that aligns with your interests and strengths. With an array of diverse opportunities available, it's crucial to find a path that resonates with you. By understanding your unique skills and passion, we will ensure that you embark on the career that brings out the best in you. Once we have identified your desired role, we will dive deep into gaining the foundational knowledge required to excel in cybersecurity. I will provide you with valuable advice on what core concepts and skills you should focus on to build a strong technical foundation. With that solid understanding of the fundamentals, you will be equipped to tackle the challenges that lie ahead. However, theory alone is not enough in the cybersecurity realm. To truly excel, hands-on experience is the key. In this step, we will engage in different projects that will allow you to apply your knowledge in practical situations. These projects will not only sharpen your skills, but also provide you with a portfolio of work that showcases your abilities to potential employers. That brings us to your resume. A well-crafted resume is your ticket to grab the attention of recruiters in the competitive cybersecurity job market. In this step, I will guide you through the process of creating a professional resume that highlights your strengths and accomplishments effectively. We will include our projects to help you present yourself as a standout candidate. Finally, we will focus on branding and networking in the field of cybersecurity. Building a personal brand and establishing a professional network are vital aspects of securing your dream job. We will explore how to leverage your projects, create meaningful connections and develop a strong personal brand that sets you apart from other candidates. By the end of this course, you will have gained the necessary expertise, experience and tools to embark on a successful career in cybersecurity. Not only will you be equipped with the technical knowledge, but you will also have a portfolio, an impressive resume and the confidence to thrive in the cybersecurity field. Without waiting any longer, let's unlock the door to your future together. I would like to start by sharing my personal story to further illustrate that breaking into the cybersecurity field is indeed achievable, even without formal education or any certifications. A few years ago, I was passionate about cybersecurity but faced the challenge of not having a college degree or any certification in the field. I was watching YouTube videos and tutorials on how to hack. I sought out virtual labs and vulnerable systems to practice my skills and gain real-world experience. Through this process, I developed a deep understanding of different cybersecurity concepts, tools and techniques. However, knowledge alone wasn't enough to secure a job in the field. I realized the importance of showcasing my abilities to potential employers. This led me to embark on a cybersecurity project that demonstrated my practical skills and problem-solving capabilities. I have spent months working on this project inside the company, as I knew security operational center should open next year in my city. During the job interview, I emphasized my project and the challenges I overcame while working on it. I highlighted my dedication to self-improvement, my ability to learn quickly and my passion for cybersecurity. These qualities combined with the practical experience came from my project made a significant impact. It was through this journey that I was able to secure a position as a security analyst at Verizon, one of the largest companies in the world. Today, I work as a consultant for a company partnered with Microsoft where I face new and exciting challenges on daily basis. My role involves collaborating with national companies in the energy, government and banking sectors to architect and design robust security solutions. I find great satisfaction in helping organizations strengthen their security posture and protect themselves from evolving cyber threats. The diversity of clients and sectors I work with gives me engage and allows me to constantly learn and grow as a cybersecurity professional. And now, I want to pass on the knowledge I have gained through my journey to help others on their own path to success. This course serves as blueprint offering you valuable insights and guidance that help me overcome challenges and reach my goals. So let's embark on this exciting adventure together. Let's turn your interest for cybersecurity into a rewarding and impactful career. Welcome. In this video, we will begin with discussion about entry level position in cybersecurity. Whether you are just starting your journey or looking to transition into the field, understanding these roles is a crucial first step. Cybersecurity offers a wide range of opportunities and it can be overwhelming to navigate all the different positions available. That's why we are focusing on entry level roles today. Each role we will discuss may appeal to different individuals based on their unique strengths and career goals. This video serves as starting point to help you explore the possibilities and find the right fit for you. The very first role I want to talk about is a security analyst. As security analyst, you will be responsible for monitoring network activity, investigating security incidents and analyzing vulnerabilities. This role is ideal for individuals who possess strong analytical skills, attention to detail and the ability to think critically. If you enjoy problem solving, have a technical aptitude and can work well under pressure, a career as security analyst might be the right choice for you. Next job position I want to mention is IT Auditor. IT Auditors evaluate an organization's IT infrastructure and processes to ensure compliance with security standards and regulations. This role requires individuals who have a solid understanding of IT systems, risk management and auditing principles. Attention to detail, excellent communication skills and the ability to translate technical concepts into non-technical terms are key attributes for success in this role. Moving on to network security engineer position. Network security engineers design, implement and maintain secure network architectures to protect against cyber threats. This role demands individuals who have a strong understanding of network protocols, firewalls and intrusion detection systems. It is suitable for individuals who enjoy working with network infrastructure, possess problem solving skills and can effectively collaborate with cross-functional teams. One of the more recent and growing positions is cloud security engineer. People in this role focus on securing cloud-based platforms and services, ensuring data protection and privacy. This role requires individuals who are familiar with cloud technologies such as Amazon Web Services or Microsoft Azure and have a deep understanding of cloud security best practices. If you are comfortable working with cloud environments, have a passion for data security and can adapt to evolving cloud technologies, this role might be a good fit. Lastly, I want to mention penetration tester position. Penetration testers, also known as ethical hackers, stimulate cyber attacks to identify vulnerabilities in systems and applications. They require a high level of technical expertise and knowledge of hacking techniques. It's important to note that reaching this role without prior experience can be more challenging. Individuals who are skilled in programming possess a deep understanding of computer systems and have relentless curiosity for uncovering security flaws by Excel as penetration testers. Remember, there are countless other roles and specialties within cybersecurity that we won't cover in this video. Consider this as a stepping stone to your learning journey. As you progress and gain more knowledge, I encourage you to explore additional resources. Research different roles and speak to professionals in the field to get a well-rounded understanding of the opportunities available. I will provide you with few links where you can read further about different roles and average salary ranges. Once you have determined the entry level role that aligns with your interests and goals, it will be essential to develop strong skills in that direction. To be said, regardless of the specific role, acquiring a fundamental knowledge will be crucial for every role. We will explore them together in our next section of videos. Welcome to this video on fundamental network knowledge for cybersecurity. Together we will cover key concepts and topics that will help you establish a solid foundation in networking, which is vital for a successful career in cybersecurity. Firstly, it's important to note that value-don't-necessary-need certifications pursuing CompTIA Network Plus or Cisco CCNA can provide you with a structured curriculum to follow. These certifications can go a little bit too deep, in my opinion, for you to be successful in cybersecurity. Therefore, in this video we will focus on the essential basics. As you can see, I have the CompTIA Network Plus certification exam objectives on my screen. Let's begin reviewing them to determine which skills and objectives are most suitable for cybersecurity. Right of the bat, explain devices, applications, protocols and service at their appropriate OSI layer will help you grasp how the data flows through the network. This should be the very first thing you should learn. Next, you should explore important protocols such as ICMP, UDP, TCP and IP. ICMP handles network troubleshooting and error reporting. UDP and TCP manage data transmissions between applications. And IP provides addressing and routing capabilities. Understanding these protocols and their functionalities is essential in analyzing network traffic and identifying potential security risks. Additionally, familiarize yourself with ports and their associated services. Some important ports to know include SSH, DNS, Telnet, SNMP and SMB. Knowing these ports and their respective services will aid you in identifying network services and potential vulnerabilities. To gain a deeper understanding of networking, learn about routing and switching. Export concepts like VLANs, how packets move through networks, route tables, MAC addresses and access controllers for network security. You should know the difference between private and public IPs. Private IPs are used within local networks, while public IPs are assigned to devices directly connected to the Internet. Understanding the purpose and distinction between these IP types is essential in network design and security. Next, learn about subnets, default gateways and DHCP for IP address allocation. These concepts are fundamental in managing and configuring IP addresses within networks. Also familiarize yourself with the different network devices such as firewalls, routers, switches and access points. Understanding their functionalities and how they contribute to network security will help you design and secure robust network architectures. Additionally, explore proxy servers, VPNs, SSL TLS, remote file and management access protocols. Learn authentication protocols as well, such as LDAP and Kerberos. These concepts are essential for cybersecurity. Be aware of common networking attacks on different network layers such as DDoS, DNS and ARP poisoning. Many in the middle attacks and spoofing. Understanding these attack vectors will assist you in identifying and mitigating potential threats. Lastly, become familiar with basic networking tools and commands. Practice running commands like IP config, netstat, route and ping to gather network information to analyze network behavior. Just remember while this is a high-level overview of fundamental network knowledge for cybersecurity, it will provide you with a solid starting point. To deepen your understanding and expand your knowledge, I will provide you with additional resources and references that you can explore. In the next section of our video series, we will dive into foundational knowledge for operating systems. I'll see you there. Welcome to the Computing Basics for Cybersecurity video. Now that you have acquired some fundamental network knowledge, it's time to focus on other crucial aspects for a successful career in cybersecurity. In this section, we will explore hardware, operating systems, virtualization and application development, highlighting key concepts and their significance in the cybersecurity domain. In cybersecurity, understanding hardware components and their security amplifications is essential. Familiarize yourself with terms like RAM, SSD, hard disk, TPU, GPU, storage devices and their role in computer systems. Also, study security-related aspects such as unified, extensible firmware interface, boot options, trusted platform module, USB permissions and secure boot. Knowing how hardware interacts with software and security mechanisms enhances your understanding of system vulnerabilities and mitigations. Moving on to operating systems. A strong grasp of different operating systems and their functionalities is highly valuable in cybersecurity. Linux in particular plays a significant role in the field. Take the time to familiarize yourself with Linux, understand where passwords are stored and gain proficiency in navigating directories. Try to run different commands in Linux, but don't overlook Windows either, even if it's your primary operating system. Learn about Windows services, their role and how attackers can exploit them. Understanding operating systems enables you to identify security weaknesses and apply appropriate safeguards. Next, I want to talk about virtualization. Virtualization technologies are prevalent in today's computing landscape. Develop an understanding of virtualization concepts, benefits and security challenges. Be aware of containerization technologies such as Docker and Kubernetes at high level. Virtualization allows for isolated environments, but it also introduces new attack vectors. You don't have to go in depth with this, just spend hour or two learning about this. The same also applies for application development. DevSecOps is emerging approach to application development. Get to know concepts like GitHub, version control and the importance of secure coding practices. This knowledge will enable you to assess application security risk and collaborate effectively with development teams. In conclusion, computing basics are integral to a strong foundation in cybersecurity. By expanding your knowledge of hardware, operating systems, virtualization and application development, you gain a broader understanding of the cybersecurity landscape. Remember, it's not necessary to dive deep into these concepts. But having a working knowledge of what they entail and their significance in security will greatly benefit you on your cybersecurity journey. Welcome to the basic security knowledge for cybersecurity section. In order to be successful in the field of cybersecurity and increase your chances of securing your first job, it is highly recommended to acquire a strong foundational knowledge of basic security principles. While certification is not a prerequisite, if you decide to pursue one, Comtea Security Plus is a reputable option that covers essential security concepts. If you take your time to learn the objectives covered in the exam, you will gain valuable insights and a comprehensive understanding of core security principles. These concepts form the bedrock of cybersecurity and are essential for building a successful career in this field. Firstly, begin by establishing a solid understanding of security fundamentals, such as confidentiality, integrity, availability, authentication and non-repudiation. Next, dive into the world of threats, attacks and vulnerabilities. Familiarize yourself with common threats encountered in the cybersecurity landscape, various attack techniques used by malicious actors and the vulnerabilities that can be exploited. Risk management is another crucial aspect to grasp. Learn about risk assessment methodologies, risk analysis techniques and strategies for risk mitigation and response. Developing strong risk management skills will enable you to identify and address potential security risks effectively. Next, we have cryptography, which plays a vital role in securing data. Gain knowledge about encryption algorithms, symmetric and asymmetric encryption, digital signatures and certificate authorities. After that, identity and access management is also a critical area in cybersecurity. Explore user authentication methods, access controls and authorization mechanisms. Mastering strong password practices, multi-factor authentication and user account management will contribute to maintaining a secure environment. Security operations and incident response procedures are key components of effective cybersecurity management. Learn about security monitoring, log analysis, incident handling and disaster recovery processes. Lastly, focus on compliance and operational security. Understand compliance frameworks and regulation relevant to cybersecurity, such as GDPR and HIPAA. Explore security controls, secure configuration management and system hardening practices. Regular security audits and assessments are vital for ensuring compliance and maintaining a secure operational environment. In conclusion, I strongly encourage you to dedicate significant time and effort to mastering the fundamental security knowledge outlined in this section. Two years ago, as security analyst, I decided to pursue the CompTIA security plus certification, even though I was already working in the field. Upon successfully passing the exam, I experienced significant benefits and professional growth as I was promoted to Tier 2 analyst. This certification might be very impactful for your career as well. This certification might be very impactful on your journey as well. I will provide you with valuable resources and guidance to expand your cybersecurity knowledge and skills. Remember, certifications can be valuable tools, but they are just one part of the equation. That's why we will focus on projects to showcase your experience, knowledge and skills. Next though, we will talk about the fundamentals of cloud computing. I'll see you there. Welcome to the next segment of our cybersecurity journey, where we will talk about the fundamentals of cloud computing. Having foundational knowledge about cloud computing is crucial for cybersecurity professionals. Cloud computing is experiencing widespread adoption across industries with many organizations migrating their infrastructure and data to the cloud. By understanding cloud computing concepts and security practices as cybersecurity professionals, you can effectively secure cloud environments and address the unique challenges associated with cloud security. First and foremost, it's important to familiarize yourself with different cloud service models. This includes infrastructure as service, platform as service and software as service. Understanding the characteristics, benefits and security considerations associated with each model will provide you with a solid foundation for cloud security. Once you have a grasp of cloud service models, it's recommended that you choose a specific cloud provider to focus on. The three major providers in the industry are Amazon Web Services, Microsoft Azure and Google Cloud Platform. Each provider offers a wide range of services and features that are crucial to understand from a security perspective. Consider selecting one of these providers and obtaining basic knowledge about their offerings. While certifications are not mandatory at this stage, they can provide a structured learning path and recognize credential. For example, if you choose Microsoft Azure, you might explore the AZ900 certification, which covers foundational knowledge of Azure cloud services. AWS has AWS Certified Cloud Practitioner and GCP has Cloud Digital Leader. If you decide not to pursue the certification, get to know the content and security consideration. Additionally, it's important to familiarize yourself with common cloud security attacks. Research and understand the techniques used in attacks such as data breaches, account hijacking, denial of service attacks and misconfigurations. Remember, your goal is not to become an expert in a specific cloud platform, but to acquire a solid understanding of cloud fundamentals, security principles and common attack vectors. This knowledge will serve you as a strong foundation as you progress in your cybersecurity career. To enhance your learning experience, I will provide you with additional resources and study materials that focus on cloud security and common attack techniques. These resources will offer valuable insights, practical examples and hands-on experiences to deepen your understanding of cloud security concepts and how to defend against potential threats. In our next session, we will explore the role of programming in the cybersecurity field. Welcome back, fellow cybersecurity enthusiasts. In this video, we will talk about programming languages in cybersecurity. And I have not very popular opinion about cybersecurity and programming. Praise yourself because I'm about to make a bold statement. Are you ready? Here it goes. You don't need to learn a programming language to be successful in cybersecurity. Wait, don't leave just yet. Let me explain. You might think that I have abandoned all logic and reason. And to be honest, knowing a programming language can indeed be beneficial, especially if you are pursuing a career as an ethical hacker. In that case, it might be one of the key concepts you will want to focus on. However, for the rest of the cybersecurity career opportunities, I would say it's not worth spending all your time learning how to write code. Let me tell you why. For us and for most, understanding code has advantages. But with the rise of artificial intelligence, you can now simply ask AI to explain any malicious code that an attacker has deployed. As you encounter such instances in the real world, you will gradually learn and start to grasp programming basics without needing extensive prior knowledge. So while learning the code isn't necessary for everyone, comprehending code is still a valuable skill to have. To be said, if you enjoy coding and you want to pick up programming language for cybersecurity, I have you covered. We will talk about the best options when it comes to cybersecurity. The first on our list is Python. Python is widely regarded as powerful and versatile language. Its simplicity, readability and extensive library support make it ideal for tasks like automation, scripting and even ethical hacking. So if you decide to export that path, Python will likely become your best friend. Next up is shell scripting. You might be wondering why shell scripting? Well, shell scripting allows you to interact with the operating system directly. It enables you to automate tasks, write custom tools and execute commands efficiently. When it comes to tasks like system administration, log analysis or incident response, shell scripting can become a valuable asset in your cybersecurity arsenal. Another important language to consider is SQL. SQL is the language used to communicate with databases. SQL injection is a very popular attack technique where the attacker typically exploits poorly sanitized user input to inject malicious SQL code into the application's queries. Understanding SQL would be beneficial to you as security analysts. Lastly, let's talk about GoLang. GoLang or Go has gained popularity in recent years due to its performance, simplicity and strong concurrency support. It's particularly useful for building robust and secure network applications which can come in handy for tasks like network security and developing secure communication protocols. Go, with its compiled nature, also provides added assurance against vulnerabilities. Now, here's an important caveat. If you aspire to be a cloud security engineer, you will have to dive into the realm of infrastructure as code. This is where tools like Terraform, CloudFormation, Biceps and other popular ones come into play. Infrastructure as code allows you to manage and provision cloud resources in a programmatic and automated way. Understanding these tools and concepts will be crucial to ensure the security and compliance of cloud environments. So, to summarize, if you don't want to learn programming, you don't have to. However, I want to emphasize that while programming might not be a requirement for every cybersecurity role, understanding code and programming basics can still be highly beneficial. It allows you to communicate effectively with developers, comprehend and analyze code and identify potential vulnerabilities. It also provides a foundation for automation, scripting and custom tool development. In conclusion, the choice is yours. I will provide you with additional resources as usual for you to explore. And that's everything. We have covered all the foundational knowledge for cybersecurity. Now, it's time to gain some cybersecurity experience. I hope you are ready. Welcome back. By now, you should have acquired some fundamental skills and knowledge in the field. Now, it's time to put that knowledge into practice and gain valuable experience. In this video, we will talk about some effective ways. The first option is to explore online platforms that provide hands-on practice opportunities. These platforms offer a wide range of cybersecurity challenges and labs for you to tackle. They simulate real-world scenarios and allow you to apply your skills in a controlled environment. Not only will you gain practical experience, but you will also get a chance to interact with the cybersecurity community. Throughout the fundamental course, you might have noticed material linking towards TryHackMe. I personally love this platform for learning. TryHackMe offers a wide range of interactive labs and virtual environments that allow you to practice different cybersecurity techniques. It covers topics like web exploitation, penetration testing and more. The platform is user-friendly and provides a great learning experience. Another very good alternative is Hack the Box. It's known for its realistic and immersive scenarios. Over the wire, it's another excellent platform that offers a variety of work games, focus on teaching and improving your skills in areas like cryptography, network security and system exploitation. If you are looking for a more structured approach, the Science Challenger program is worth exploring. It offers a series of practical challenges developed by industry experts. The challenges cover different domains in cybersecurity and are designed to test your knowledge and problem-solving abilities. I want to mention that there are many more platforms, so try to find the one that resonates with you the most. Also, don't just spend time there and rush through the rooms. Take notes and share your experience with others. Before we wrap up, I want to mention another way of gaining experience in cybersecurity, which is BugBounty programs. When it comes to BugBounty platforms, two of the most well-known names in the industry are HackerOne and BugRoute. These platforms connect ethical hackers with organizations that are willing to reward them for responsible disclosure of security vulnerabilities. However, I want to emphasize that BugBounty programs are particularly relevant if you aspire to be an ethical hacker. They require a deep understanding of cybersecurity principles and techniques, as well as commitment to responsible disclosure. If you are not specifically interested in pursuing the ethical hacker path, you may choose to allocate your time and resources to other avenues we have discussed. To be said, although online platforms and BugBounties are valuable resources to get hands-on experience and learn new skills, it doesn't have the level of benefit as your own project. With your own project, you can document the process and share with others how they can achieve what you did. It can be part of your resume and that's why we will focus on your unique projects. We will explore them together in our next video. Welcome to another video where we are going to discuss the importance of your own cybersecurity projects and how they can significantly benefit your resume and career prospects. When you work on your own projects, you not only gain practical experience, but also demonstrate your ability to independently tackle real-world cybersecurity challenges. This showcases your initiative, problem-solving skills and creativity to potential employers. One of the key benefits of your own project is the ability to showcase your technical expertise and highlight specific skills you possess. By documenting the process and outcomes of your projects, you create a compelling portfolio that sets you apart from other candidates in the cybersecurity field. Speaking of portfolios, this course will guide you through the development of five unique cybersecurity projects that will elevate your skills to the next level. Let me introduce you to the exciting projects we will be working on. First project will be about vulnerability scanner deployment, where you will learn how to deploy and configure a vulnerability scanner to identify and assess potential security flaws in systems. After that, we will explore implementation of secure password manager, allowing users to store and manage their passwords in a cloud-based environment. Following with projects in the cloud, we will create a virtual honeypot, a deceptive system designed to attract and gather information about potential attackers. In the next project, we will dive into the setup and utilization of Microsoft Sentinel, a powerful security information and event management tool. Lastly, we will explore the integration of a CM system with an artificial intelligence chatbot to enhance threat detection and response capabilities. These projects are carefully selected to provide you with a diverse range of hands-on experience covering different aspects of cybersecurity. We will take a step-by-step approach, guiding you through each project, explaining the concepts and ensuring you gain a deep understanding of the underlying principles. I hope you are excited. In the next section, we will jump right into our first project and embark on a journey that will set you apart in the cybersecurity industry, bringing you closer to your dream job. Before we start, we will need Windows 10 image. I would highly suggest you to use official Microsoft website. They have the option to create Windows 10 installation media and during the process, you can choose one of the options to be an image in ISO format. So let's do that. Let's download the Windows 10 installation media to get our Windows 10 image. If I click here on download now, the media creation tool will be downloaded for me. After that, I can just open it. The process of setting up Windows 10 image is pretty straightforward. It's just few steps. In here, I will just accept the license terms that I'm given, select create installation media, USB drive, DVD or ISO file for another PC and click on next. I will change the recommendation settings to have it in English and click on next. At the end, select the ISO file, select your directory and click on save. Now you will have to wait a bit. The tool will download the Microsoft official image and for me, it was like 10 minutes. It will depend on your internet connection. So be patient, go get a coffee and after that, we will go through the process of installing this image on VirtualBox. At the moment, we have already successfully installed Windows on VirtualBox. Now, before we begin scanning it with Nessus, we need to make it a bit more vulnerable. This might sound counter-intuitive, but it's an important step in the process. In this video, we will walk through the necessary steps to prepare your VM for scanning. This includes turning off security updates, uninstalling any existing updates and turning off defiable. These steps are crucial to ensure that Nessus can accurately identify any vulnerabilities or weaknesses in your system. So we can address them and improve your VM security later. So let's dive in and make your VM ready for scanning. We will start by navigating to Windows button in the corner and look for the settings. In here, just scroll down and click on update and security. Here we have the option to pause the updates for 7 days. Let's click on that. We have also the ability to extend this if we want to pause them for more than 7 days. To do so, you would have to go into advance options, scroll down and in here you have the ability to pick any of the dates. So I will extend this much further just to be sure that the updates won't be installed during the demonstration. Next, let's check if we can uninstall any updates. Click on view update history. Uninstall updates. New window will pop out. Just click on all of them one by one to see if you can uninstall them. After that, we will also turn off Windows Defender firewall. This step is required otherwise Nessus wouldn't be able to reach the destination. Again, click on windows but now look for firewall. You have the option to select Windows Defender firewall and in here go to advance settings. New window will pop out when you can select Windows Defender firewall properties somewhere in the middle of the screen. In here we will change firewall state to off for every profile. Let's move to private profile now and public profile. Click on apply and OK. The last step we have to ensure that virtual machine is on the same network as the Nessus machine that will perform the scan. Click on devices and in the network section you can select network settings. You will be moved to network adapter option and you have to select attach to host only adapter. This is the only option that was working for me. So make sure before you start scanning that you have this selected. If you want to confirm that we are on the same network you can try simple ping test. You will have to open command prompt application. I would advise run it as administrator just to be sure. In here write IP config. This will present you with configuration of your network adapter such as subnet mask IP address and default gateway. And just simply open another command prompt line on your windows and try to ping the IP address. If you can reach it everything is working correctly. Otherwise check again the firewall if you turn everything off and if you have the network adapter correctly set up. Otherwise if your ping was successful you are good to go. Your VM is correctly set up and you can proceed to download Nessus, configure it and initialize your first scan. Now that our windows machine is set up we are ready to download and install Nessus a powerful tool that will help us identify any vulnerabilities in our system. But before we do that we need to provide some basic information. Just fill out your first name, last name and business email. Don't worry with the business email you can use temporary mail for this. Nessus will send you an activation code via email which we will use during the installation process. Once you have filled out your details click on get started and you will be redirected to a new page where you can download Nessus. Click on the download button and you will be taken to another page where you can choose the version of Nessus you want to download and more importantly the platform. If you are running windows on your PC you can immediately click on download. Once you have done that confirm the license agreement and the Nessus installation file will be downloaded shortly. Now that we have Nessus installation file it's time to get it up and running. Don't worry the process is straightforward and I will guide you through it. First locate the Nessus installation file you have just downloaded and opened the executable. You will be prompted to confirm with OK and then go through the installation wizard process. It's nothing complicated, most of the time you would just need to click on next. Here you will have to accept the license agreement terms and click on next again. The default destination folder should be fine for me so just click you guessed it it's next again and then confirm the installation. Shortly after the initial installation a new page in your private browser will open on localhost for port 8834 where you will finish the installation process. The first step is to connect via SSL. You may get a warning about potential security risk. Just select advanced, accept the risk and continue. Now we won't be changing any settings or register offline. So let's select continue. You will be presented with many different package options for Nessus but we have already registered for Nessus Essentials. Select that option and click on continue. You will have the option to skip the registration process. Since we already have the activation code in our email, actually let's open that email from the Nessus. You will find the activation code approximately in the middle of the message. Copy your activation code and go back to installation process. Click on skip and paste the activation code. Confirm with continue and we are almost done. Next you will need to create your credentials for Nessus. And finally finish the installation process by submitting your credentials. This will take a while so take a break and come back here later. Once the installation is complete, we will configure Nessus and initialize our first scan. Perfect, we have everything set up. Now let's dive into Nessus and start identifying vulnerabilities on our target network. With a simple click of a button, we can launch our first scan. To watch Nessus works its magic, just click on the windows text and you will be redirected to a new window. You will see that these status changes to running. On the right side of the screen and you will be provided with the nice visualizations of the vulnerabilities detected. The vulnerabilities are ordered into 5 different levels based on their importance. Critical, High, Medium, Low and Info. This way you can quickly identify the most important vulnerabilities that require immediate attention. Unfortunately, we are only seeing information type vulnerabilities at the moment. If you want to dig deeper, simply click on the blue bar under Vulnerabilities to access more detailed information. The vulnerabilities are grouped into different sections based on the technology and relevance making it easy to navigate through the findings. For example, let's say you see multiple SMB issues. By selecting SMB multiple issues, you can see each finding individually. And if you want to take it one step further, you can drill down into specific findings. Let's take a closer look at one of them. Windows, NetBIOS, SM, Remote Host Information Disclosure. That sounds interesting, so let's see what it is about. This finding informs us that the Remote Host is listening on UDP port 137 or TCP port 445. If you didn't know, cybercriminals often exploit vulnerabilities on port 445 to spread one acry and other malicious software. By using Nessus to identify and address these types of vulnerabilities, you can take proactive steps to safeguard your network and prevent potential security breaches. Okay, now that we have launched the scan, let's take a step back and wait for the Nessus to finish scanning. Once the scan is complete, we can dive deeper into the findings. I have paused the video and the scan is finished now. You will be presented with a similar page what you see now. You will immediately notice that we have one medium-severative vulnerability for SMB signing not required. Let's take a closer look at this finding. Click on the name to view more information. The description will provide you with a brief overview of this vulnerability. Which in this case is an unauthenticated remote attacker exploiting it to conduct men in the middle attacks against the SMB server. Nessus also provides you with a solution and URLs where you can find more information about the vulnerability. If you click on any URLs, a new window will open where you can read further. For instance, this article gives you an overview of server message block signing. Let's go back and look at another one. And here is another official Windows documentation page. Okay, but at least this time it's about SMB security signatures. So, as you can see, these findings can help you to remediate the vulnerability if you have found one. And that's basically it. That's how Nessus works. You give it a target, the IP address or the whole subnet for the network and provide you with all the vulnerabilities and possible remediation steps. One last thing I would like to mention is that any point in time you can go back to the history tab and select your performance scan to view its results. Although we have found just one medium vulnerability, I'm sure we can improve our results. That's why in the next video, we will modify the settings to enable a credential scan and see how the results differ. Welcome back! In our previous video, we set up Nessus and Windows to be able to perform credential scans. And now it's time for the exciting part. Running the scan to see if we can find more serious vulnerabilities. So, let's get started. Just like before, click on the launch button and select the save scan to see Nessus progress in real time. In the history section, you can see that the second scan just started. Let's be patient as this scan might take some time to complete. Once it's finished, we will look at the findings together. As soon as the scan is complete, you will see that Nessus has identified some critical, high and medium vulnerabilities. This time, it found 40 vulnerabilities. Let's take a closer look at the high severity vulnerabilities related to Microsoft.NET framework. Nessus has detected missing security updates. And if you drill them further, you will find that there are two vulnerabilities for denial of service and remote code execution. Nessus shows you their CVE numbers and a huge amount of links. If you want to learn more about a particular CVE, just copy and paste the CVE number into your browser. You will find numerous articles that describe the vulnerabilities in more detail. This is a great way to get more information if you need it. Take some time to go through the vulnerabilities, especially if you disabled Windows updates for several weeks. You will likely find a lot of vulnerabilities here. This should give you an idea of the power of the vulnerability scanner. Imagine being able to automate scans for hundreds or thousands of devices. It's insanely powerful too. And it's something you might come in touch in your cybersecurity career. We are not done yet though. In our next video, we will install some outdated software to get even more interesting results with Nessus. So stay tuned for that. Once you have found all the vulnerabilities and the issues presented to you, it's time to remediate them. For me, it's more of the boring stuff that you need to do in cybersecurity. But since we caused them in the first place, it won't take us long to fix it. First, we need to ensure that our system is receiving the latest security patches. To do this, we can search for settings, like Windows update and click on resume updates. Of course, I got an error. Okay, interesting. I think I forgot to swap the network adapter and I'm not able to connect to internet. Let me check it and fix this fast. All right. Next, we need to turn on the updates for Google Chrome. To do this, we can go to the system configuration and locate the Google update service. Once we find it, we can turn it on and apply the changes. It's also important to remove any potential threats from our system. In this case, we need to delete the Minecraft server file from the downloaded folder and empty the recycling bin. And that should be it. I will just confirm that the system updates are available now. Okay, going to click on retry. Well, that should be it. I had to pause the system updates and resume them again. Now it should be fine. They are downloading. So after the patches gets downloaded, I will reboot the system and all the vulnerabilities should be patched. Remember that it's important to regularly check for vulnerabilities and apply the necessary updates and patches to keep our system secure. In our previous video, I said it was our final scan. Actually, I will run one more just to show you that the vulnerabilities are fixed. Well, congratulations. We have come to an end of our journey with Nessus. I'm proud to say that you have successfully completed the task of detecting and remediating vulnerabilities using Nessus. After taking remediation measures, I ran a final scan with Nessus and as you can see, no vulnerabilities were found. This is exactly what we were hoping for. And it means that our system is now secure and protected against potential cyber attacks. Throughout our sessions, you have learned how to use Nessus to scan and identify vulnerabilities in a system, how to interpret scan results and how to remediate any issues that were found. This is a valuable skill to have and it will be useful to you in your future endeavors in the field of cybersecurity. However, remember that cybersecurity is an ever-changing landscape with new attack vectors and vulnerabilities being discovered every day. I strongly encourage you to keep learning and exploring new threats. Learning about the latest threats and vulnerabilities will not only help you protect your organization, but it will also make you a more attractive candidate during the hiring process. Because employers want to see that you are passionate about the industry of cybersecurity, that you are willing to learn new things and that you are up to date on the latest threats and threats. In the next video, we will be exploring how you can leverage the knowledge and experience gained from this project to strengthen your CV and stand out in your job market. Welcome back! I hope you are ready for another awesome project posted in the cloud environment. This time, you will have the opportunity to deploy Teapot on Azure cloud, which is an advanced honeypot solution that simulates 23 different vulnerable systems. With this project, you will gain a valuable knowledge with the Linux configuration and network settings in the cloud. Furthermore, this project will help you to develop expertise in threat detection through the active monitoring and analysis of honeypot data. Throughout this journey, we will delve into the fascinating world of cybersecurity, where we will witness firsthand how attackers exploit different vulnerabilities and attempt to compromise systems. By the end of this project, you can proudly include this on your resume and showcase your passion in cybersecurity field. I'm really thrilled to work on this project together. Let's dive right into the action and elevate your cybersecurity skills to new heights. Welcome to the Teapot deployment tutorial on Microsoft Azure cloud. Before we get started, let's talk about the prerequisites. To follow along with this tutorial, you will need free Azure account. If you don't have one yet, don't worry. It's very easy to create it. Just follow the steps on this side. You will also need a remote connection program, like Putti, to access your virtual machine. I will provide you with a link where you can download Putti. And with that out of the way, let's dive into the exciting world of honeypots. While we will be focusing on Azure deployment in this tutorial, you could also try deploying Teapot on other cloud providers. As long as you have a VM with the necessary prerequisites, you are good to go. Alright, so let's create our VM. To do so, you will have to navigate to portal.azure.com and in here, you have to select virtual machines. I have it right here. To be set, you can also try to search for it and confirm. You will be redirected to a new page where you have the option to create your virtual machine. Select that and click on Azure Virtual Machine. That's something new that I didn't see before. It already tells me that I can reduce cost if I change the location. I will keep the selected region for now and we will talk about the region later. First though, we have to create a resource group. The easiest way is to create a new one right here and name it something that will be recognizable to you. My name will be Honeypot. I'm not very creative person so my virtual machine name will be also Honeypot. For the region, pick something that is close to you but also keep in mind that your region choice will impact the cost of your VM. For this, I will go with East US and scroll down a bit and select the image option right here. You have the option to change the operating system. The Honeypot requires to be run on Debian. So select that and the architecture leave it as it is. Although the arm is not supported for this image, but that's fine. Another thing, we can also run it with the Azure Spot Discount. This is really good if you want to reduce the overall cost of your VM. To be set, Azure can at any point stop your VM, so be aware of that. As I don't want to be interrupted during the installation process, I will leave it as it is. Next, we need to select the size of our VM. Click on see all sizes. The official documentation says that 8GB should be sufficient but with my experience, it runs really slow and it's not very usable. So let's go with 16 and I will select the D4S version 3 and click on select right here. To authenticate with your visual machine, you can use either a password or SSH public key. We will go with SSH public key and fill in the username and key pair name. I will name it Honey. In the inbound port section, make sure that SSH is selected as we will use it later to connect to our virtual machine. Now we move on to disk. Let's click on next. As we will need to create at least 128GB disks. To do so, you will have to select create and attach a new disk. Click on the change size option and select 128. Confirm with OK and OK again. Now we can move to the networking section. Let's click on next again. You will see that a new virtual network, subnet and public IP address will be created. We don't need to change anything here, so let's go to the management. In the management section, you have very important functionality, which is to enable auto shutdown. It's right here. This will automatically daily stop your VM to save some costs. As I want to leave our virtual machine up for a while, I will leave it as it is. But if you have used all your free Azure credit, it's worth considering to turn it on, to avoid any unexpected charges. It's also important to decide how long you want to keep your VM. As you will be still charged for a stop VM because you have a public IP address associated with it. So when you are done working on this project and you don't have enough free credits, make sure to delete all the resources to avoid any extra charges. Now let's move on to the review and create. The validation path, everything is set up and we are ready to create it. So just confirm one last time. And the final step we need to do is to download the private key. Make sure you know where you saved it because we will use it in our next video, where we will connect to our VM and configure our honeypot. Welcome to another incredible cybersecurity project that will provide you with valuable hands-on experience. In our upcoming videos, we will embark on a journey to deploy a security information and event management solution in Azure cloud. Enabling effective monitoring and analysis of security events. You will have the opportunity to implement advanced techniques and configurations to enhance the CM solutions threat detection capabilities. One of the key benefits of this project is the practical experience it provides in implementing remediation actions to mitigate and resolve identified cybersecurity incidents. This will showcase your problem-solving skills and ability to respond effectively to security breaches, further enhancing your cybersecurity capabilities. This practical knowledge on your resume will set you apart in the cybersecurity landscape, adding significant value to your resume and open doors to different opportunities in the cybersecurity field. Get ready to take your cybersecurity journey to the next level and unlock a world of possibilities for your future. To speed up the process of deployment of Microsoft Sentinel, we will use official Microsoft solution called Sentinel All-in-One. Version 2 was released in April 2023 and it helps to speed up initial configuration tasks. To be said, if you are interested in how to configure Microsoft Sentinel from scratch, manually, I have another course on Udemy, which covers everything related to that. Before we can start, you will need a free Azure subscription. I will provide you with a link where you can register for an account if you don't have one yet. Speaking of links, I will also add this official GitHub repository for Sentinel All-in-One deployment. If you scroll a bit down below, it gives you a description of what does it all do. The deployment option offers a different set of features, including setting workspace retention, daily cap and commitment tiers if desired. It also enables user and entity behavior analytics with relevant identity to detect and respond to advanced threats. It's basically AI, built in Microsoft Sentinel. In addition, the deployment option enables health diagnostics for analytics rules, data connectors, and automation rules to ensure the proper functioning of the Azure Sentinel service. But it's really awesome that it will install some Content Hub solution. Content Hub solutions are preconfigured packages of analytics rules, dashboards, automation tasks, and many more artifacts related to Microsoft Sentinel. It will also enable data connectors from a list of sources such as Azure Active Directory, Microsoft 365 Defender, and Thread Inderigent platforms, allowing users to start ingesting data from different sources immediately. Furthermore, the deployment option enables analytics rules that use any of the selected data connectors with the ability to filter by severity. All the way down below, you have the option to deploy this to Azure, and under that are listed supported connectors. As you can see, for some of them, you will need a license, and some of them are built. Don't worry about it at all, this project will be completely free and you don't need to spend any money. The first time you deploy Microsoft Sentinel, you get 10 gigabit of free data ingestion per day. For the first month, this will be a plenty of time to go through all the necessary tasks. After that, we will delete Microsoft Sentinel, and once you will see the simplicity of deploying Sentinel from this solution, you can spin up fresh Microsoft Sentinel at any time. To begin deploying Microsoft Sentinel, we will need to click on the Deploy to Azure button. This will redirect us to the Azure portal, where we can deploy Microsoft Sentinel from a predefined template. One crucial step during this deployment process is selecting the location. This is particularly important if we are building Microsoft Sentinel for a production environment. Defending on the industry standards and regulations that apply, we may be required to keep user data in a specific state. Additionally, the location we choose will also impact the cost for every gigabit of data ingested. For this demonstration, though, we won't be concerned about cost. So, we can select a location that's the closest to us. For example, I'll be selecting North Europe. Next, we have to choose the resource group and workspace name. When choosing the resource group and workspace name, it's important to choose a name that reflects what the solution is about. In this case, we will call it a security monitoring. Now, let's see the daily ingestion limit in gigabits. This will help us to control our spending. And since we have 10 gigabit of free data daily, we will put 10 in this field. For the data retention, Microsoft will keep our data for free for the first 90 days. After that, we will need to pay for every gigabit of data. So, we won't be changing that. After that, we can move on to settings. All the way up here, you can select settings. In here, we have the option to tour on artificial intelligence and enable Sentinel Held diagnostics. For now, let's just enable Sentinel Held diagnostics. And we will enable user and entity behavior later together. Next, let's explore the Content Hub. The Content Hub has three different categories for solutions. By clicking on the drop-down menu, you can see short information about each solution and select the option if you want them. For this demonstration, we will install everything. By selecting all for each of these three categories. Once you are done with that, we can move to data connectors. By clicking on the drop-down menu again, you can choose which data sources we want to ingest into Microsoft Sentinel. For this demonstration, we will mostly work with Azure Active Directory, which has data about sign-ins. However, we can still select more data sources, even if we don't have the license for them. In that case, the deployment process will fail for the specific connector. But that's okay. We will keep it simple and select all the data connectors. Additionally, we can select which logs we want to ingest with the Azure AD connector. So let's select everything there as well. Next up are analytics rules. We don't want to enable hundreds of scheduled alerts from the Content Hub manually. So please make sure to check this box. Once you do, a new drop-down option will show. Let's click on that and select low and information severity as well. Microsoft Sentinel categorized threads into four different categories. And we want them all. And that should be it. Let's review our settings and create Microsoft Sentinel. Validation will pass and we can create our Sentinel workspace. After you confirm to create your Sentinel instance, it will take 10 to 15 minutes to deploy. And during this process, you may encounter some failures, because you won't have the license for some connectors. Don't worry about that. Everything else will work just fine. After the deployment is finished, we will go through our newly deployed Microsoft Sentinel together and explore all the available artifacts. Welcome back. Microsoft Sentinel is now deployed. But we have encountered an error related to data connectors that require a license. Don't worry, everything else should be set up correctly. Let's get over to the resource group where we deployed Microsoft Sentinel. To do this, search for resource groups and select your name. For me, it's like monitoring. As you can see here, we have over 300 records in our resource group, including different types of services, such as container instances, storage accounts, API connections, deployment scripts, and importantly, log analytics workspace. This is an important component, and it's where all the data is stored. However, most of the solution will be just templates. The reason for this is simple. If you want to deploy a package from the Content Hub in Microsoft Sentinel that includes, for example, 50 analytics rules, it will create a separate template for each. So let's pick one to see what it's inside. On the right side, you have display name and description. This particular one is for thread intelligence, analytics rule template, 35. So that's not very telling, and you would have to go from here and click on deploy. This is why I mentioned earlier that you don't want to do this manually. If you have hundreds of templates and we do have hundreds of templates, right? So that's basically how the solution looks on the background, just a bunch of records with different icons. In Microsoft Sentinel, though, we will see a totally different view, but before we get there, I want to show you one more thing. Microsoft Sentinel is built on top of the log analytics workspace, where all the data is stored. As I said previously, so it's not only that we want to monitor the Microsoft Sentinel and what we do inside of it, but we also want to monitor the log analytics workspace. This is useful when you want to be aware of situations where your queries don't perform as they should, or maybe if they take too long and end up in error. So for that, let's find log analytics workspace. We will need to go back to the resource group and find the log analytics workspace solution. I have it right here on my screen, and I'll just simply click on it. Once you get redirected, you can scroll down a bit, and in the monitoring section, you will see the option for diagnostic settings. So it's like that. Here, we will add a new diagnostic setting. Give it a descriptive name, such as Sentinel. Select all logs and all metrics. And lastly, we will specify the destination, which will be the log analytics workspace. Click on your workspace with Sentinel and confirm by selecting Save. Now we are all set up, and we can move on to Microsoft Sentinel itself. The cloud sim solution that we have deployed in just a couple of minutes. I'm really excited to show you what everything is inside Microsoft Sentinel. But we will do that in our next video. I'll see you there. Without waiting any longer, let's move to Microsoft Sentinel. The easiest way is to search for it and select your deployment. You will land in the overview section. This dashboard will give you some basic information about Microsoft Sentinel. You can navigate inside Microsoft Sentinel using the menu on the left, which is divided into four sections. General, thread management, content management, and configuration. Now let's focus on some of the most interesting tabs inside Microsoft Sentinel. First, let's take a look at logs. Here, you can search for your data using Custow Query Language, or Shorty KQL. The data is structured into different tables. You can see all the available tables by clicking on the triangle icon. Note that all the tables might not be present at the moment, because you didn't receive all the data yet. One of the tables we will be using are Signing Logs, which is currently missing. However, we can still check different tables, such as Azure Activity. This table tracks actions inside your portal and provides information about who performed the action and other properties that may be important for investigation. We can also check AAD, Non-Interactive User Sign-ins, which provide information about authentication requirements, client usage and location details. The location details will be particularly useful to us. Moving on, let's explore the Data Connectors section. You should see that you have from 9 to 10 connectors connected. You can filter them by status to see all the data sources connected to Microsoft Sentinel. By clicking on any of them, you can get more information about the type of the data being collected, the number of logs received and the tables that are populated. Just under Data Connectors, you will find the Analytics tab, where the main magic is happening. Do you remember the hundreds of templates inside your resource group? Well, most of them were for analytics rules that were automatically deployed and enabled for you. There are staggering 339 detection rules already built and provided by Microsoft, which will certainly help you to get started with monitoring threats. We can look at some of the examples that we have here. If I go around, some detection for network port sweep from external network, suspicious application consent similar to Office 365 Attack Toolkit, excessive logging attempts related to Microsoft Defender for IoT, probable AD Fine Recone Tool usage, new Cloud Shell user, so there are a lot of them. Before we leave the Analytics tab though, let's take a look at the Anomaly section. These anomaly templates were developed to be robust by using thousands of data sources and millions of events. Microsoft allows you to change the thresholds for them in case they generate a lot of false positives. You will notice that they work with the user and entity behavior analytics, which is currently not working. Therefore, our very first task in Microsoft Sentinel will be to fix this issue. Let's talk first about the user and entity behavior analytics. This is an amazing feature that uses AI to detect and alert you to any unusual behavior happening within your system. To turn this feature on, we just need to navigate to the settings section. And from here, again, you will need to click on settings. Immediately, you should see user and entity behavior analytics button. We will select that and from there, we need to click on Azure Active Directory to apply it to our existing data sources. And just like that, you have just enabled the power of AI in Microsoft Sentinel. But that's not all. Since we are already here, we might as well configure Sentinel to use automation playbooks. To do this, we need to give Microsoft Sentinel permissions. It's also very simple. We will just move one page back and the arrow next to the playbook permission will reveal option to configure permissions. In here, just select the resource group where your Microsoft Sentinel is deployed and apply the changes. Now, we are all set up and ready to create some amazing artifacts within Microsoft Sentinel. In the next video, we will be diving into the exciting world of Watchlist. You will learn how to create your own Watchlist and how to leverage their powerful capabilities to enhance your security operations. Welcome back to the next video where you will learn how to take quick and effective actions to secure your Azure environment from potential threat. The very first thing we need to do is to disable the compromise account. This is a crucial step to prevent further damage. To do this, we will move to Azure Active Directory. It's easy. Just search for it at the top bar and click on it. Once you are in, select users on the left side. Find the account name Ozai and in here, down below, you have the account status which is currently set to enabled. To change this, we have the option to edit. Simply click on the box to uncheck enable status and we will save our changes. The account will be disabled now. Another area of concern is the virtual machine hosted in Azure environment. To remediate this, we will delete the VM from Azure. To do this, search for virtual machines. Select the VM and delete the resource. To further secure our environment we will turn on diagnostic settings for log analytics and Microsoft Sentinel. In this straightforward process search for log analytics workspace select your instance and in diagnostic settings add the diagnostic settings. Enable all logs fill out the name and set the destination as our log analytics workspace for Sentinel. Don't forget to save the changes and move on to Microsoft Sentinel. From the Sentinel dashboard add on two settings and enable auditing and held monitoring. We can confirm that it was created correctly. And everything looks good. So now that we have remediated all the issues we can close all the other windows and move back to our incident investigation window. One more thing I want to mention. Throughout your investigation it's essential to add comments to your incident. All evidence and findings should be collected and present in your incident. This way other analysts looking at the incident will know the progress. It can also be a valuable information for your investigation in the future. For now let's move back to the incident page and close all the incidents we have assigned to ourselves. Select all the incidents and click on actions. Change the status to closed and new drop down menu will pop out where you can select from 5 classification reasons. In this case the most appropriate is true positive. Suspicious activity. Lastly we will write a comment summarizing what happened, what we have found and what was done. I leave it up to you what you are going to put in here. Once you are finished select apply and all the incidents will be closed shortly. Well congratulations you have successfully identified and remediated a threat inside your cloud environment. By now I hope you can see the value of Microsoft Sentinel. We still have plenty of incidents to explore but that's for the next video. As you can see there are still plenty of incidents in here and if you leave Microsoft Sentinel to run for a few days or we'll show up. Let's look at one particular incident which pop out during our investigation. Anonymous single factor sign in. You can read a description first to have an idea what is this incident about. This one detects successful sign in using single factor authentication where the device location and ASN are abnormal. Okay maybe you are asking yourself what is ASN we can quickly search in Google and find our answer and here you go it's related to a large network. Why am I showing you this well cybersecurity is changing fast you will encounter many technical terms and acronyms in the field so it's important to stay informed and keep learning. Going back to our incident description it further tells us that the single factor authentication pose an opportunity to access compromised accounts investigate this for abnormal occurrences. We are also provided with a reference link for more information. The same way as before we can click on events to see the evidence. You look at the query it's much more complex right here it's checking for result type to be equal 0 and this is the correct way we should have checked for result type 0 in our KQL query. Instead we have filtered failed logins but they can have many error codes. You can fail because you put incorrect password, because password expired or maybe your account is locked out all providing different result codes. Our analytics rule would generate a lot of false positives due to incorrect alert logic. This brings me to an important advice in cybersecurity don't try to reinvent the wheel when it comes to cybersecurity it's tempting to think that you need to come up with a completely original approach to protect your organization from threats. However, the reality is that many of the challenges you will face in cybersecurity have already been solved by someone else. There is no need to reinvent the wheel you can save time and resources by leveraging existing solutions that have already proven effective. One of the most efficient ways to find a solution to a cybersecurity problem is to look online. Chances are that someone already encountered the same issue and shared their solution. Also artificial intelligence is becoming an increasingly valuable tool for cybersecurity. I strongly advise you to use it to your advantage. Together we will explore integration with Chess GPT in Microsoft Sentinel. But that's for our next project. For now I want to encourage you to take some time. Look at the other incidents here. Maybe make some adjustment to the analytics rule. Just play with the tool. Explore other functionalities of Microsoft Sentinel. Chances are that you will work with CM solution in one way or another in your cybersecurity journey. And this concludes our project. And as before we will talk more about what you can put on your resume to take advantage of the experience you have just gained. Now that you know how to create a resume it's time to think about where you want to work. Considering your preferred work environment and future career goals can help guide your decision-making process. First ask yourself if you have a dream company in mind. Is there a specific organization or industry that excites you? Researching companies that align with your values offer exciting projects or are leaders in the cybersecurity field can help you identify potential employers that resonate with your career goals. I'm very passionate about gaming and eventually I would love to work for some big gaming company like Riot Games. To be said I'm not ready to move to another country which brings me to my next point consider whether you want to work in your current city or country. Are you open to relocation for the right opportunity? Or do you prefer to stay where you are? Understanding your geographic preferences can help you narrow down your job search and focus on opportunities that match your desired location. Additionally think about your long term aspirations. Do you envision yourself working remotely or having the flexibility to work from anywhere in the world? Remote work is becoming increasingly prevalent in the cybersecurity field. And many organizations offer opportunities for remote or hybrid work arrangements. If flexibility and remote work align with your goals keep this in mind as you explore job opportunities. Personally I work mostly remotely but it might not be the right thing for you. Lastly it's important to note that there are highly trusted companies in the cybersecurity space that are recognized globally for their expertise and commitment to security. The experience working for them can significantly boost your credentials and open doors to different career paths. Once you establish a stroke foundation at such a reputable company you will have the flexibility and freedom to pursue opportunities anywhere in the cybersecurity landscape. Once you know your target companies research open cybersecurity positions to look at the job requirements what candidate are they looking for? Perhaps they need someone with specific programming experience it would be a good idea to further develop your skills in that direction. Remember the choice of where to work is personal and should align with your individual goals and preferences. Take your time to reflect on these considerations and explore different opportunities that align with you. Now that you have polished your LinkedIn profile crafted an impressive resume and identified your target companies it's time to take your networking game to the next level. In this video we will explore the art of connecting with cybersecurity professionals and how it can bring you closer to your dream job. Start by searching for people who currently work at your target companies. It's very simple just search for the company on LinkedIn from here select people you can further filter this by location if you want we will just search for people in security field. Very important is to look for people that you can connect with. You can tell by this button Now let's open few profiles. Take the time to review their profiles learn about their experiences and fight the common ground. Look for shared interests professional affiliation or even projects they have worked on. This is a great example Miriam is going to release a book related to PowerShell Automation. You could create a note that you are learning automation with PowerShell and mention that you are looking forward to her book. Of course, don't lie. Personally it's something close to me as my daily responsibilities include automation of Sentinel with PowerShell. You could also mention something specific from their profiles or express your interest in their work. This personal touch shows you that you have done your homework and are genuinely interested in connecting with them. I will connect with Miriam to write a personal note that I am excited for her book and send it. Once your connection request is accepted don't be shy to engage in conversation but be respectful of their time and expertise. Another way of making connections is to simply check their posts and like them. I will put love to this post. Go back to Klaus profile and connect with him. That way it's not completely random. He will have an authentication that you liked his post and now you want to connect. The last option is to simply connect with people. It's not the best way because you are not building meaningful connections. However, you are still growing your network. That way you will increase your chances of getting noticed by a recruiter from that company. So go ahead start building your meaningful connections to increase your chances of finding the dream job in cybersecurity. Now that you have polished your LinkedIn profile crafted an impressive resume and identified your target companies it's time to take your networking game to the next level. In this video we will explore the art of connecting with cybersecurity professionals and how it can bring you closer to your dream job. Start by searching for people who currently work at your target companies. It's very simple. Just search for the company on LinkedIn From here select people You can further filter this by location if you want. We will just search for people in security field. Very important is to look for people that you can connect with. You can tell by this button. Now let's open few profiles. Take the time to review their profiles learn about their experiences and find the common ground. Look for shared interests professional affiliation or even projects they have worked on. This is a great example. Miriam is going to release a book related to PowerShell Automation. You could create a note that you are learning automation with PowerShell and mention that you are looking forward to her book. Of course, don't lie. Personally, it's something close to me. As my daily responsibilities include automation of Sentinel with PowerShell. You could also mention something specific from their profiles or express your interest in their work. This personal touch shows you that you have done your homework and you are genuinely interested in connecting with them. I will connect with Miriam to write a personal note that I am excited for her book and send it. Once your connection request is accepted, don't be shy to engage in conversation but be respectful of their time and expertise. Another way of making connections is to simply check their posts and like them. I will put love to this post. Go back to Klaus profile and connect with him. That way, it's not completely random. He will have an authentication that you liked his post and now you want to connect. The last option is to simply connect with people. It's not the best way because you are not building meaningful connections. However, you are still growing your network. That way, you will increase your chances of getting noticed by a recruiter from that company. So, go ahead start building your meaningful connections to increase your chances of finding the dream job security. Welcome back to another session. Now that you have polished your resume and expanded your professional network it's time to take the next step in your journey towards landing your dream cybersecurity job. In this video we will explore some strategies for effective job hunting and discuss how you can leverage your network and job portals to find exciting opportunities. In our last video we were connecting with different people in the cybersecurity industry. The goal is to start conversation with them. It's one powerful aspect of networking is that it can lead to a job opportunities through referrals engage in conversations seek advice and express your career interests. You never know when a connection might come across a relevant job opening or recommend you to their organization. Remember your network can turn into valuable job opportunities. Many companies have recommendation programs in place encouraging their employees to refer suitable candidates for a job openings. When you build strong connections with professionals in the field they might be able to refer you to their organization or inform you about open positions. Keep an eye out for such opportunities and leverage your network to gain access to exclusive job openings. This is the preferable way and gives you the biggest chance. While job portals and online applications are important they often attract a large pool of applicants making it more challenging to stand out. However job portals can still be valuable resource in your job hunting process. These online platforms gather job listing from different companies and industries providing a centralized location to explore available opportunities. You can use portals such as IndyEat, DingTent, Blastdoor or Nakri for India. To be said there are countless options. I will provide you with some links in the resource section especially if you are looking for a remote job. Just remember by combining job portals and networking effectively you will increase your chances of finding your dream cybersecurity job. Welcome to our last video. We are at the finish line on your journey to help you land your dream cybersecurity job. Before we wrap this up I have a couple of final recommendations that will enhance your chances of success. By now you understand the importance of acquiring knowledge and skills in cybersecurity. However it's equally crucial to immerse yourself in the cybersecurity community. Building connections and actively participating in the community will provide you with valuable insights opportunities and a strong network to rely on. We have already discussed the power of LinkedIn in our previous videos. It's excellent platform for showcasing your professional profile and connecting with industry experts. But your engagement should go beyond just LinkedIn. Try to engage with others in the cybersecurity community through different channels. You can join cybersecurity related subreddits, discord channels or different groups on social media. Listen to cybersecurity podcast hosted by industry leaders. Where you gain valuable insights learn best practices and stay updated on the latest trends. I personally enjoy listening to cyberfire daily podcast to stay informed about the latest news in the cybersecurity field. Another fantastic podcast that I highly recommend is Darknet Diaries. Also stay informed about industry news and developments by following reputable cybersecurity blogs and publications. Watch educational videos on platforms like YouTube and Udemy where experts share their knowledge and experiences. There are endless possibilities when it comes to engaging with the cybersecurity community. To further support you in this journey I will provide you with additional resources for you to explore. Try to find something that you enjoy and resonate with you and this is my final recommendation for you. If you have reached this point I want to extend my heartfelt congratulations to you. You have taken a significant step towards building a successful career in cybersecurity. I have no doubt that with your dedication, passion and the knowledge you have gained you will excel in this field. Once again congratulations on your progress so far and best of luck on your journey towards landing your dream cybersecurity job.