What Is VAPT? | VAPT Tutorial 2026 | Vulnerability Assessment And Penetration Testing | Simplilearn

Yeah, I see some responses that are coming in. So, please do uh everyone drop your introductions as and when you join us. Let me see. I'm just going to read them out in in a second or two. Okay, great. We are also live on um LinkedIn and YouTube and we have more participants joining us this um session from all over the world. Once again a very very warm welcome to everyone. It is amazing to have such a lively bunch of audiences here. Um we have a lot of people. Roshan, hi Roshan from Kolkata. Hi Pit from Kolkata. Padmma Karan from Chennai. Akash from UP. Um, Vinay from Bangalore, Faizen from Maharashtra, Mohammad from Bangalore, Jishnu from Bangalore again. Hi there, someone from United States. Thank you for joining us. Um, okay. Rohit from Mumbai, Vijay from Pune, Sumit from Canada, hi Sev from Chhattiskar, Villas, amazing, amazing. I'm sorry I'm not able to read um every single introduction um because we have a very packed session and we want to get into it um as soon as possible. So I'll just quickly start with an introduction to um myself. I'm Ana. I would be hosting the session on behalf of Simply Learn. Uh today what we have for you is a very um you know different from a typical uh cyber security webinar. It is a live workshop. You're going to watch a VAPT engagement unfold in front of you and at several points you'll be working through it yourselves in a live lab environment. So keep your laptops open, stay engaged and let's make the most of the next uh 3 hours together. Uh here's what we have lined up. We'll start with the foundations. um you know understanding a bit of theory why VAP matters um what it is all about how it impacts organizations both from a business and technical lens and how AI is changing the game right now um then we get into the methodology the five phases of a professional engagement and what um authorization really means um after that we will go live to the practical segment of the workshop um there are uh there are like you know multiple lab environments coming your way you'll be working through each one alongside a fantastic expert we have here today and we'll close um the workshop with an exclusive look at the triple ITB's AI powered advanced executive program in cyber security um and um you know uh what um uh the program can um provide you and help you um in terms of improving your career is what we are going to look at at the end. Um on that note, I am going to share um um Google form in the chat box right now before we go any further. Just just give me a moment. Okay. Um I would request everyone to pay attention to this and take a moment to fill um this Google form. This basically, you know, we we're just asking for your name and email ID. Only if you fill this in, you will be able to get live lab access for the practical segment of the workshop from our team. If you want to follow along and have the best workshop experience, please ensure to submit this form and you will be receiving the live uh live lab access on your email. Okay, great. Um, okay. So, quick set of ground rules before we, you know, take this further. If you have any questions about the concepts we're teaching, anything about the industry, about the job market, your career path, please put them in the Q&A box and not in the chat box, we will be monitoring the Q&A box throughout and we'll address any questions that you have in the dedicated Q&A segment in the end. Um, and while uh the core practical segment of the workshop is going on, if you have any issues or any doubt in following along um you can put them in the chat box. We also have um you know people here um who can help you with any issues um you're facing uh with the lab itself. So we will try to answer um uh and address your concerns as uh soon as possible. Uh but please keep the questions only relevant to what we are discussing and um this is important for your attendance certificate. You will need to enter your full name in the poll that goes out at the end of the session. uh we will remind you but please do keep in mind only if you fill this um uh um poll you will be getting an atin certificate from us. Okay. Uh great. Uh a quick word on simply learn before we begin. Uh we've been in this business for over a decade and our mission has stayed consistent throughout um you know all this time. Uh we transform careers through digital skills. Um and um you know we have a very practical um market relevant job ready um you know approach that we bring into all uh the programs that we offer. More than 15 million learners across 150 countries have learned with us. We work with over 50 global partners. You'll see some of them on the next slide including some of the world's top uh universities and technology companies. Um the program we will be previewing um today is one of our most advanced offerings built in partnership with triple IT Bangalore. Uh but we'll get to that in a more detailed way a bit later in this workshop. Um right so about our partners I I don't think I can talk about Simply Learn and the learning experience we provide uh without talking about a fantastic array of partners. Uh we're incredibly proud of the ecosystem we've built from globally renowned institutions to tech giants like Google, Microsoft, IBM and AWS. These partnerships mean that you as a learner get curriculum that's not just current but you know co-created with the people who are actually building the future of tech and AI and the numbers speak for themselves. Our learners have consistently rated more than 4.8 on five. uh we have a 80% graduation rate which is like you know above uh the industry average and a lot of our learners have reported an average 50% salary icon completion of the program and um you know these are not just like marketing figures these are outcome from people who have gone through um structured credentialed upskilling in high demand fields exactly like you know what we are covering today. So with that we'll um you know get into an exciting part of the session. Uh we'll meet the expert who's going to make the next three hours very very valuable to us all. Um Dr. Harish Shami is not um you know I don't think he's someone who teaches cyber security from a textbook. Um because he's handled uh so many corporate cases, financial investigations and cyber crime incidents across industries. He holds a PhD in computer science from Australia and an MSE from India and he currently leads global cyber corps as CEO and CTO a firm that does the kind of work that we're going to simulate tonight. Um he's also a visiting faculty at triple IT Bangalore which makes um you know this this workshop even more special because um you're essentially getting a preview of what a students experience in the program. Uh professor Harish it's it's a pleasure to have you with ush here today and the floor is all yours. Uh would you like to add on to that introduction and say hi to our participants? Hey hi um hi Ana. Hi everyone. Uh it's been a pleasure to uh be part of this workshop. So I'm going to drive you uh with my team for the next uh 3 hours uh schedule uh using the labs and trying to understand uh what your requirements are and make you understand what uh the ethical hacking as a concept is all about. So feel free to ask your questions. I'll be I'll be looking into the chat uh uh pretty regularly and uh I would wanted to give you an experience which uh is going to help you and motivate you in terms of uh understanding cyber security to a different level. Thank you Ana. Yes, thank you so much professor. Um before I hand it over to you um I just want to remind anyone who has joined uh new once again to fill the form um Google form that we have shared um in the chat box only if you fill this form you will be able to get access to the live uh lab that we are going to provide you uh to get the best workshop experience. Okay. So over to you professor. Thank you once again. All right. So we've seen a lot of people participating from different parts of the world. So here in India it's about u uh 7:00 p.m. 7:10 p.m. I think quite a number of countries it's uh afternoon quite a number of places it's it's the morning. So good morning, good afternoon, good evening. So whichever time frame are you all from and we would like to start with uh some specifics which I wanted to give you from a theoretical aspects and then we will get going with the lab and in the meantime Ana will be sharing the uh lab credentials to log in. Don't get distracted. Uh we will also help you on how to log to the labs and give you uh the instructions one after the other. It's going to be pretty simple and uh it also helps you log in and quite a number of people are logging in from various different parts of the world since the lab environment is currently hosted out of uh uh Indian market. Uh in case if you end up facing a bit of a latency or something, please let us know. We'll see. We'll probably be a better position to talk to the cloud provider and uh uh speed up the process simultaneously as much as possible because uh we cannot have one single lab being hosted from various other parts of the world. So uh we want you to please uh uh support us in terms of the working structure and uh you can take it forward from there on wherever and however technical questions you have. So with over uh 15 years I've been practicing uh learning uh cyber security. In fact it's been a great learning journey uh so far and going forward because this domain is being changing every day. As you can read from the slide, every breach starts with a vulnerability and someone could have found it first. So we sometimes call it zero day which is never been identified. Uh which uh in other way it is all about uh vulnerability. So zero day could give you into vulnerability. So the more uh we are trying to identify the vulnerabilities the better uh the support mechanism the protection mechanism is going to be. I'm sorry I can only talk in English. Uh so uh please pardon me for any other language difference and I'll try to take it up as slow as possible so everybody uh will be in a better position to follow it up. And if you think that I've been I'm speaking a little fast, uh please let me know. Uh since uh most more often we handle classes uh uh in the classroom and very uh on on average we do about 5 hours of classrooms every week. So in in a in a month time we do about 20 25 hours of classroom training. We only have about 2 to three hours of online class. So classroom training the pace is very different than the online training. So please feel free to uh work out on uh your questions including uh if you're not able to understand a particular concept we'll be more than uh happy to explain uh the concept and give you the understanding of how and what kind of scenario. So I would also wanted to start with a question in line with it. Uh how many of you I've seen quite a number of you have mentioned that I've done VAP I've done this I've heard of it. So I would like to hear from from you people how many of you think that you're going to learn something new today. Just you can just say as as simple as that and you'll be visiting the labs in the next few minutes obviously. Fantastic. Thank you. Thanks. Appreciate that. Right. So the more we going to get to learn something new on the other side uh it is all what we call the standard practices right. So whenever we are clear about the standard practices and we understand the concept and then get to understand the method and finally perform all of these things in tools. But currently what we are going to do is we'll start with a bit of theoretical aspect. Okay. and then we will jump from the theory to the labs and we will come back to the presentation again to sum up quite a number of things. So how the lab is is being structured is something which I would wanted to probably start giving you the inputs. I think I've got a question. Let me read the question. Somebody posted it. I think quite a number of people said yes. Thank you for the response. Okay. Uh oh. Okay. There's an introduction. All right. Fantastic. I think yeah the the lab is obviously going to be uh for a period of about 2 hours and 15 minutes time. So you'll get the first 10 15 minutes time to get yourself comfortable with the labs and then the rest of it couple of hours of time you'll be able to practice it right there. Then you can move the slide and you can move the slide to the next one. Yeah. Yeah. So the cost of getting this wrong is all about the numbers that you have right. So one side it is how much of money is going to be lost one side how much people are going to literally save. So we are in that site today. You can see from the slide it says $4.44 million is the average global cost of a data breach in 2025. And just to let you know that it was 4.88 from 2024 but it cost reduced but it's expected to literally grow forward. As we all know the the scenarios of war that's happening right that just concluded. So there are a lot of ambiguity that gets created and quite a number of times this gets converted into a cyber attack and not every time it is only the uh country which countries whichever is participating in the war being affected. Many countries are being affected because of the digital infrastructure because at many many times we share IP addresses. We may have an API that is going from one place to another. We may have a command line that reaches one server after another. So there are quite a number of times where somebody who is completely irrelevant to all these chaos can get affected by this and they may encounter a cyber attack. So we don't want such things to happen at any point of time. So how do you literally look into it and then block it? Yes, we will start identifying the vulnerability from there. And $10.22 22 million is average breach cost in the United States alone in the year 2025. It was seriously pretty high. I remember saying that about $6 million in about couple of years ago. But today you can see that at about 10 million and it's just going to increase drastically and 241 days is the average time to identify and contain a breach in 2025. I think that's the lowest in in not just 9 years. It says 9 years but I'll say this is much much more than that. And this is what IBM as an organization has calculated a report. So it's all one information which is being correlated to make sure that the importance of identifying vulnerability pretty much comes into existence and then you can move forward. Next slide. So we will also try and work out the concept called as hacking right the foundation of VA and PD the vulnerability assessment and penetration testing. So I would want to ask a question in the same line. Do you know that attack and hack are two different words? How many of you believe that? Attack and hack are two different words. Yeah, it's it's more of ideally a common sense perspective. I mean we are not going to talk about AI today uh because that's a different topic. we will have to talk about AI and security differently or rather any of the uh currently uh know operative AIS because we stick to the curriculum today which is vulnerability assessment and penetration testing right once you get into the program then there is a whole lot of module that talks about AI AI and cyber security and the tools that are supposed to be used so you'll have to understand that we are confined by timing now we are already about 18 minutes up and we have uh we are now dealing with the curriculum right now. So we will get here. So attack and hack right. In fact I'll also put you one question and then give you an answer. How many of you know that hack and crack are two different things? One is hack and one is crack right. So quite a number of people saying yes appreciate that. So let's let's look at it from this perspective. So when you say attack you can use either hack or crack. All right, attack is the common term when the technique that you'll be using is either cracking or hacking. So simple mechanism with hacking is identifying using the vulnerabilities and entering into the system without breaking the mechanism the regular mechanism. So we have authentication and authorization. So when you say authentication is the first step where we enter the credentials. Then we have the authorization. Once the credentials the right credentials are entered the system will authorize and allow the user to enter into the system. But what if a wrong credential is going to be entered obviously the system is not going to authorize it. It's going to say hey sorry the input that you have entered is right. So I'm not going to allow you. a username or password or whatever command line is being provided it says it's wrong. Now if we know how to bypass that username and password or if we know how to steal that username and password by a mechanism called as fishing and we have stolen the data and using the legitimate username and password and entering into the system is all called as hacking. On the other side we have cracking which is breaking the system and getting in. One simple example I could give you applications like win rare applications like uh or encryption technique like uh wired equal in privacy WP. So they are broken. They have things and they are all broken. you have either the source code being available online or the encryption mechanism is being broken or the encryption mechanism is being is not being strong enough to withheld things. So when you are whenever things are to be initiated in the world of ethical hacking the first thing that comes to our mind is always hacking because over 95%age of time the success rate is being achieved by performing hacking. only about less than 5 percentage of times where we have cracking executed and only when you get to know that the mechanism or the concept that is being used has a vulnerability and that vulnerability can be utilized. So in both ways vulnerability is the only thing that is persistent. So I'll give you the synonym for that. We have vulnerability, we have weakness, we have loophole. All of these things are almost one and one one and the same. But in the world of cyber security we generally don't call weakness or loophole. We'll just say it as vulnerable. It's vulnerability. So simple understanding. So you need to know the difference. So and how muchever you want to be a professional remember criminals are always been there and they are doing this very effectively. So the foundation of core VAP is performing hacking with the consent of the owner and being a professional. So that's why it is called as ethical hacking as simple in line with it. Okay. Lock picking, hacking, breaking, lock cracking kind of you can say that. Yes. In that way. Yes. More specifically, right? So where if I have a imagine your your door, your house door. Okay. And you're able to use a duplicate key from the locksmith and entering into the door then that is called as hacking. But if you are breaking the door and entering into that particular house, then that is called as cracking. Once you once it's broken then it is available for anybody to view automatically. But hacking is not like that. You you can even remove the trace entering in you can do manipulation you can do all the negative stuff with respect to hacking but it does require technical skills in order to get moving forward. So that's that's why we wanted to start with those terminology because it is more connected with encryption and eventually gets you the understanding of VA and PT. So, VA PT two distinguished activities. Okay. In general, in theoretically, vulnerability assessment is the first step and penetration testing is the second step. There are a lot of people who might have heard about this concept called as bug bounty. Right? where people get to try different probabilities and unveil the vulnerability that is there in order to uh publicly disclosure or dis or or sensible disclosure to the respective organization and win a bounty. That performance is more specifically connected to the term penetration testing. But VA the vulnerability assessment is the first step that is always being identified performed to unveil the weakness in the system. Being in ethical hacking unveiling the vulnerability is step one and performing the penetration testing is to make sure that what is currently available after somebody enters in. So I as a professional but I will be wearing a hat to penetrate into the system and identify what kind of data that is exposed to the real world. So this is what we typically try to achieve in performing VA and PT and is absolutely structured security engagement. We take adequate uh licensing. We talk to the concerned authority and take confirmation and perform this process of VA and PT and we combine both right to make sure that it is a combination of work to be completed with a designated report. It will incorporate a lot of technical information relevance to business severity and if it is not going to be patched what will be the uh exposure level what will be the penalty what will be the outcome of that particular process. So recommendations not just to be mentioned in the documentation, it is also to be followed straight away and this way your VA and PT as a process is robust and otherwise it is also called as the cyber security audit. Just to connect uh some of the colloquial terms to business terms okay so hack and crack still not clear. Okay, I'll give you a bit more example on that. See hacking again is not breaking the system. It's identifying a loophole and entering into a system is hacking. But cracking is if you find a way to break in where you're not able to identify your loophole but you can s seriously break the entire system and get things out. As example as I given you Wired equivalent privacy is an encryption mechanism that algorithm of uh the encryption mechanism is already available in the public domain as simple as that. So if you see anybody using uh WP instead of uh WPA2/3 the WPA stands for Wi-Fi protected access if somebody is using WP so you get to see by scanning the process right and you can you don't need to know the password the algorithm of WP is available and you have to just run the algorithm it will allow you to enter into the system without the password that's exactly what we are trying to see as cracking because the system is is broken But hacking you don't need to find the system to be broken. It's and in a much simpler manner to to make everyone into the same place. All right. Few questions. How should I extend my firewall level security? I think that's again a topic which is outside the boundary and where you will have to again get into the program where network security is part of the program. You'll get to understand about devices, device configuration, hardening. So all of these things comes in but VAP as a topic can be handled as a silo mode and you will also get to learn quite a number of things but again remember within this 3 hours if you think that you want to become an expert in VAP I'm sorry you won't what we are doing is is less than a glimpse of what a VAP is all about right something which we conducted what in a span of about 15 days time of schedule to become a master we are trying to cover it in a span of about 2 and a half to three hours time right so there is a big time difference in understanding the concept and becoming a professional. So if you have that as a mindset, I mean I am really sorry but you will be able to get there over a period of time if you get into the program because the program has been structured in such a way to give you an understanding and give you a level of clarity which you can go and practice for your own organization or even for your own environment. Right? So few questions. Okay. How to remember these terms and the synonyms of them. I think once you once you start working it out uh it becomes more easier is what I would definitely recommend because quite a number of times I don't even remember all the commands. Okay. Uh though we keep practicing it. Some of the commands we may not be using it for a longer period of time. So I don't know I know the command but I may not know about what is the subcomand towards that. So that's exactly where you have reference today. You can always go to the reference. you can identify their friends and you have the help of AI also today you can use AI so positive AI can always be supportive when it comes to it that's why we've incorporated AI in cyber security into this program to make sure that everybody is uh up to the mark today okay quite a number of questions I think I'll have to take up little slow uh depending upon it is easy to crack I mean perform cracking and hacking is based on a technical knowledge that you're going to acquire Okay. Which is the uh best tool? I mean I'm not here to contemplate on the tool though we going to be showing some of the tools. We are not going to say this tool is better, this tool is not better. I mean we will stick to the academic angle and the practicing angle uh when it comes to learning mechanism. Probably it's a different debate that we may have to take it up in terms of which tool is better in terms of research understanding. Okay. Okay. So I'm not going to answer with respect to that. Uh same environment with different tools gives the Yeah. Yeah, I mean different tools provides you different understanding. That's why we never suggest to use only one tool. Even in today's uh practice, we are going to use multiple tools obviously to make sure that we are all on the same page. Okay. Uh yeah, IRS is definitely a good tool that you can use for handshaking especially with respect to your Wi-Fi hacking. Okay. But again after learning this tool if you want to go and try something in any of the websites I'm very sorry we cannot take up any responsibility for that part. Okay. So there is a very strong disclaimer to all the professionals whoever is here. This is only for learning purpose and we are not educating you to hack into something without the consent of the owner. So please uh responsively act upon. All right. So or okay sir do you mind sharing that example of the door? Okay. So, uh I mean imagine that you've lost your your house key, okay? Or your it could be your vehicle key, your car, your your bike or anything for that matter. And you're calling a locksmith and asking the locksmith to create a duplicate key, right? And that process of creating the duplicate key and using the key to enter into the house or unlocking the vehicle that is called as hacking. But you don't know how to really create a duplicate key. Then you are literally taking a hammer and breaking that door and entering into the house or breaking that lock completely which means you cannot use that lock again. And you'll also be somebody is coming out and they can see that this door is being broken. So breaking is cracking. All right. Entering using alternative method which is not legal is hacking. All right. Uh we are giving you quite a number of examples. So uh just hold it for for now. Okay. And then we can move to the next slide. We'll give you what what are the tools that we will have to ideally get going. So don't don't don't worry about that part. Okay. U we not going to going deep as I said as it's a it's a just a glimpse of what this entire program is going to give you as one topic. So this program itself is pretty long if you actually join there. So I think your questions are much more advanced which I sincerely appreciate it. But at the same time it is important that we stick to the agenda right now. Okay. So the five phases of VA and PT right the first one obviously is any for any work that we start planning is going to be the first one and identify what is your target. So that's called as scoping. As long as you're clear with your target you will be able to perform your operations much effectively. So spend effective time on planning and identify what your scope is. Once you're clear with your scope which is your target, then you can start performing the reconnaissance. We call them the step called information gathering in plain English. With reconnaissance, you will try to identify the IP addresses, the domain names. There quite a number of things. Here we will be doing the penetration testing at various uh levels. So we split it into two. One is network infrastructure and operating system. The other one is on application. Course there are quite a number of applications that are there. We are going to concentrate on web application today. So once that is good then we get into scanning and enumeration where we'll be performing scanning and enumeration today and we move forward with the uh most sophisticated step called as exploitation. Once your exploitation is successful then you're inside the system and then your final step is reporting. We will share you a simple uh structure. We'll add one or two vulnerabilities into the into the template so you will know how to really add the template. You can take the steps and you can create something of your own. You can also download plenty of templates from the internet. But whatever that we are sharing is what we call them the industry norms. See for simple example generally what I what I call in all my classes. You know every uh recordings every concept is today spoken in the open world. You know YouTube kind of things or any other open channel today. If you just keep scrolling into Instagram or any other social media, every concept is being spoken. But whoever is speaking the concept number one matters a lot, right? Number two, whether the person has got the academic background to speak about the concept, whether the person just has an academic background or the person also has practitioning experience. More specifically, the sequence on what to learn first and what to learn second. That's exactly where the problem starts. Somebody starts with the tools and they really get lost over a period of time because they don't know what the tool is doing. Right? So we don't want such things to occur at any point of time. So we will confine oursel to make sure that we follow the steps one after the other and we achieve absolute success by means of in this workshop and also going forward in the field of cyber security and you can move forward. Next slide. Uh will this program help to get the fundamentals strong? Absolutely yes. No doubt at all. Absolutely. Yes. Whenever we give VAPD scanning to any firm, they are not doing reconnaissance by themselves. We are providing the inventory sheet. I mean uh inventory sheet is one thing which may be which is required. I will when I come to the methodology, I'll explain you why an inventory sheet is required followed by which in information gathering reconnaissance must also be performed. Right? There are two aspects to it. I'll come to that about few slides left and then I'll get there specifically. Okay? and I'll have to finish my uh theoretical stuff in the next 10 minutes so that we can start the practicals straight away. All right. Okay. Uh okay. So the case uh for structured testing see we have got quite a number of testing mechanisms. One is what we call them structured testing. Then we have unstructured testing. So more specifically VAP is all about structured testing. Okay. finding exploitable weaknesses before attackers do and identifying it, intimating it to the respective team so that they could be in a better position to confirm it and rectify it. Right? So it could be on anywhere. It could be your firewall, your demilitary zone, your honeypot, your sandboxing, your secondary firewall, your L3 switch, L2 switch. It could be a laptop, desktop server, anywhere possible. Right? So we just wanted to make sure that a vulnerability identified and it must be at any point of time intimated well in advance and rectification must also complete before somebody else is going to exploit the scenario. So we also definitely require compliance standards like payment gateway industry standard which is PCI payment card industry data security standard ISO 27,01 which is predominantly for information security management system and then we have SOP 2 which is of uh data that is getting stored in the cloud and especially if you're dealing with anything related to United States then 2 is a mandate today especially PII for that matter so PCs is there in many countries Today if your uh bank is offering a credit or a debit card using any any one of these cards it could be MX it could be JPY Visa Master and Discover. So if you're using any one of these five cards then your bank is PCIDSS certified. That's how the regulatory is also making a big time difference when it comes to structured process of identifying vulnerability by performing vulnerability assessment and penetration testing. Next slide. Sir, does the CH13 provide the skills to do CTF big bounties? I'm sorry, I'm not right person to answer that question. Uh that's maybe more of outside the specifics at the moment. Okay. So impact on the organization which is ideally on the business side what the leadership is ideally looking at most more specifically it's on direct financial loss, reputational damage or operational downtime. I'm I'm sure that no organization is looking forward to something like this at any point of time. Every organization is looking at growth positively, right? So they don't want their customer to lose their trust or they don't want to lose their money at penalties and fines and they don't want the business to be down at any point of time and we are all talking about digitalization and everybody is living in the world of digital environment and cloud security is playing a very very important role in safeguarding the cloud environment and today we are running on on prim cloud hybrid all these mechanisms and it is important business should never worry about these things that's why we are all to be trained and be aware of exactly How to secure our environment wherever it is. Next slide please. Next slide please. Yeah. So impact of the organization is more of uh structured and then we have the shift that is moved. No you can move to the next slide. I've already spoken. So the shift is ideally moved forward in the line. Right. And we have about 40%age of penetration testing activities that large enterprises are currently using AI assisted. And in fact it is going to be more the shift is already taking place. Today AI is more powerful in the world of security operations especially in the world of detection mechanism but it is also expanding towards the penetration testing mechanism where a lot of things are self-learned exposures that are coming in and lot of training is also incorporated with the large language models to make sure that penetration testing is going to be much more faster to identify vulnerability. I think somebody mentioned that uh in terms of uh the process of fabul 5 right fabul 5 me mythos kind of things so what mythos pretty much did in the first 60 days over 10,000 plus zero days were identified right that's exactly the question it's it's an AI system which has got security incorporated into it and running the system it was able to identify over 10,000 zero days and which was never nobody believed in a systems systems can have so many zero is right. So that way the mechanism is going to be more effective for sure. Next slide please. So we also need to understand about how this is going to make an impact with AI right today we are talking about war digital war between AI assisted human right or human assisted AI versus AI assisted human or human assisted AI. But unfortunately the war going forward is going to be humanass assisted AI is coming up pretty effectively. But the war is going to be AI assisted AI versus AI assisted AI. One is on the defensive mechanism and one is on the protection mechanism. Right? So we are having defense we are having protection all together work and then we have another se segment which is called as AI assisted AI which is where the offensive security that is coming in. So you have to concentrate on defensive mechanism, you have to concentrate on protection mechanism on one side and then you have on the other side which is the offensive security. So both sides it's going to be AI. So AI accelerates the process of recon attack surface mapping which we call it as what the near world real world experience and real world need. Continuous scanning improving the CI/CD integration and pipeline and obviously drafting the report and rage. In fact, the sock that we are all running, we are not having a L1 at all. All the L1 jobs are already being performed by the AI tool itself, the SIM, the security information and event management and enhanced enhancements with security orchestration, automation and response. So, humans still drive but how much are we driving is we are not driving alone. We are helping the AI to drive better. So this is exactly where AI assisted AI versus AI assisted AI is going to be the future. Both defense and protection slides are same. That's what I'm trying to tell you. If some attack is taking place, if you have the right protection, you have a better better defense. So you need to have protection enabled well in advance, not at the time of your attack. So you are you don't have enough defense. You may protect it but do you have the enough defense to withhand with for a longer period of time? That's exactly what it means today. Yeah. I mean that's what the future is. How can we trust AI assistant? It'll take all information. That is unfortunately what the future is. That's exactly why we have uh standards that are coming in. In fact European Union was the first to launch European Union AI standard. ISO 42 421 is another thing which can be followed and uh respective countries have carried out with their uh regulatory and coming up with their own law. For example, India is coming up with the digital personal data protection act which is called as DPDPA. 13th of May 2027 the government of India is going to start leaving fines. So they've given enough time and if you're not compliant by then if any PIA that is going to be out in the market then people are going to be suffering for sure right especially the organization which will end up paying a huge amount of penalty or may end up finding filing back bankruptcy. So the respective countries do have something like that exist in the market. So we just have to be more cautious in line with it. Do you mean AI doing the role of sock L1? Yes, you're right. Yeah, it is for sure. Next slide please. Right. So we will probably get going with these things. Okay. We have authorization, authentication kind of things. So without authentication, performing the AI as I said with authentication, it's all on the one side, one side of the game. So we are going to perform ethical hacking. ethical the word brings in with VA and PT activity to be performed with the consent of the owner with the approval of the owner or approval of the authority for performing the VAP towards either a network or in a particular device or in an application. So this is what it says and more specifically we're talking about blackbox and white box testing. I think one of you asked this question right? So in network infrastructure we generally perform a blackbox testing where basic inventory information is being carried away and followed by that where we use more intelligence to identify relevant data. That's what we call them on blackbox initially to start with on in white box we will have pretty much every information straight away that's that's what we were trying to achieve straight away right if AI is doing sock what's the hope for beginners in sock no there is there are quite a number of um opportunity that are still there with sock right all right only L1 is being taken away but there are still a lot of confirmity that has to be done because we are not still relying on AI forever please understand okay there are still people who require understanding of terminologies. They need to really put themselves into the shoes of whether the AI is performing right. I need to keep training the AI. So instead of just sitting and monitoring the screens and identifying those alerts and processing those alerts, you will start to train the AI to think intelligently where your knowledge is also going to be enhanced superb. Right? Not every two to tool is using full AI but the tool that we are using is is pretty complicent in terms of using AI but not everything is but I'm pretty sure in the next one year the L1 job in sock is is expected to be completely removed. So it's just an understanding going forward. We never expected that people are going to be so fast with adoption of AI but just happened between 2022 and 2026 within a span of four years. Right? That's how it is. AI cannot be manipulated is something which I will never agree. So yes any human can be manipulated. Why not AI? That's exactly why we need people to identify whether it is being manipulated or it is doing its right job. So you need better skills to evaluate AI going forward sitting in the sock. Right. So more in line with it. So now what I'll do is I'll jump from here right and start providing the access to the uh labs. Okay. And we will start uh sharing the screens to make sure that give you a gan for about 5 minutes time like what you need to typically do in the first 5 minutes time right where you need to go what you need to do go and then we will start directly jumping into the concept of VA and PT. All right, we've since been the steps are being given, the methodology is being spoken, right? And of course, we're looking for more questions for sure. We would just wanted to make sure you all get to practice it. So, I've got over 200 attendees uh sitting here, right? And you know, plenty of other attendees are also available present available otherwise. We just wanted to make sure that the information that we are going to provide, you will be able to understand it pretty well. Though it's it's just quite a number of tools. You may have to start taking notes simultaneously. Uh we want you to practice and also start taking notes. That's the best way to really move forward in life. Okay. Can't AI be okay? I think those questions are being answered. If you need to switch your career now, which domain would you recommend? I mean that's something which is a pretty uh big question in line because uh it is depending upon uh your ability. I know some of them like sock, some of them likes network security. Some of them are interested in application security. Some of them are really good with uh instrings and other things gets into digital forensic investigation. Some are good with risk compliance aspect. Some are amazing with governance. So you cannot really say this is the domain that I'll have to get in. But every domain has got opportunity and there are plenty of jobs that are also still pleasant present available. So you can you probably what you need to do is get an idea of every domain and then start concentrating on one thing. That's exactly why we wanted to uh design a curriculum like advanc cyber security to make sure that everybody is understanding the ambit of cyber security. Uh what are green and red hat hackers? I'll come to that. I'll come to that part when I when I start doing this. We will come to that the hat of hackers specifically. Okay. No, you don't need anything. You just don't need anything. the login that is being provided to you guys. You will have to log in right away. Okay. So let me u have the screen shared with you so that we will start with logging in and then we will take up step after step. I guess two people have raised your hands. I'm not sure whether you were able to ask your questions. Right. So after logging in to the system uh you will all get to this particular page. Uh and if if you have if you're facing any problem you can type in the chat uh we will immediately be assisted with uh one of our team member. Can you all just log in with the credentials that you've received? Uh you you are supposed to log in using the URL that's there the cyberbay.com. Can you read it there? Yeah, it won't be in the email. We are well aware of that. Purposefully mentioned that. Now, please see the screen. The screen says https colon double slash uh it says can't see your screen. Uh okay actually we're sharing the screen. Okay let me anyway type uh that in the chat box. uh you would have received the credentials. Ana, can you confirm the mode of credential? All the people who have filled the form uh that we shared have received the credentials on their emails. the email id that they gave in the form. If they check that then everyone would have received credentials. So you don't need to enter www. It's just directly you can get into cyber bay. I've typed the URL once again. Okay. Just sorry. Yes, I got pay. Do call. Yeah. Right. I can see uh one of you mentioned that you're in There's everyone who had filled the form would have received it on their email. Please don't uh fill it multiple times. Okay, I could see a few of you saying you're in um just type the URL without uh https Peace. I'll share the link one more time. All right. So I think people whoever uh is not able to sign in I think hold it all right you will all receive your login. So let me run you through the first few steps. Okay. So everybody just listen here. So you will be able to log in simultaneously in the process. Okay. So once you log in you will get uh a dashboard exactly like this. All right. So your dashboard is pretty simple. You don't need to do anything with respect to this dashboard at all at any point of time. So what you need to do is just go to the option called as catalog right it's also on the left side and once you get to the catalog you'll have to just go and type get into the repository I think few people have joined late. Maybe the form uh yeah so you've got about three topics in uh in in the in the catalog. So one is application security, the second one is network security and the third one is open source intelligence. Right? So we will be starting with uh uh network open source intelligence right away. Okay. Okay. So, we can get in there. You can see about five incidents there. We call them incidents. Okay. So, get into the first one. All right. And you'll be able to read the story board there followed by a task and the solution. You can you can start you can just scroll down to the bottom. The steps are straight away being given. However, we are exactly going to follow the same steps whatever that is being given there. So, there are two ways to work this out. Understanding the use case is the most important thing for towards solving any problems in the world of it. Right? So the use case is more to the real world scenario. So in this case this incident is all about discovering exposed files using reconG. So we're not giving a specific target but we're just making sure that we understand the mechanism one after the other and perform use quite a number of tools to target and utilize the knowledge whatever that is being provided here. So I want all of you to read this storyboard but wait not right now just hold it. Okay. So how where will you where will you practice this right? So what you need to do is next step you go to the option called as bay on the left side or you can go back and get there and once you get into the bay you have this option called VA and PT workshop. All right so you have I mean Adita has about eight this lab has about 8 hours of time you will have about 2 hours plus time. So you just have to start the instance. All right so you start you click the start right away. The moment you start it takes exactly 50 seconds to load your lab. All right. Once the 50 seconds, you can now again come back. While it is loading, you can go back to that catalog and start reading the catalog. And once this 50 seconds is done, then you just have to go and click go to VM. So just wait for another 27 seconds and click there. So https the cyberpay.com is the login you can see on the screen that is being shared right once it just gets logged in right you have to click go to VM The moment you click there, you will go to the next. It will just open in the next tab and you'll be given Kali Linux as an operating system straight away. And you will also be able to see the remaining timer that is being running on the left hand side. Yes, once your VM is there, just click VM. Go to VM. Once you get that page, just click go to VM straight away. See, uh I'll tell you what, if you are using uh an outdated Google Chrome, okay, or if you're using an outdated, uh browser, the loading time will be seriously pretty high, right? So, it's very important that you set this up in such a way that it's updated before you log in. All right. So you can see that we also using Google Chrome. We are also connecting to the cyber bay exactly the way how we all connecting into. Okay. Now this this is only a 2our uh access lab. Right now we are at about 7:56 and we will conclude this by about 9:45 9:50. So we've only given the lab access only for this workshop for you to practice whatever that we are sharing. All right. No, the VM in your system. If you have all the tools that we are going to show, then it's fine. The the biggest issue is installing those tools and we don't want you people to waste time on that. All right. So, as long as you keep typing there on the chat box, our team is looking into it in case if you're not able to log in and if there is any issue that can also be checked out. See, if you want to use your own Kali Linux, that's fine. But I'm not sure whether you have the tools that we are going to share it with you. All right. And better option again is also to use the uh in case if you have too much of cookies and other stuff because we use a lot of uh components in the video environment. So one big suggestion is if you can use the uh incognitive mode, it'll be much different, much better, much faster. And if you're running on uh 10 20 different tabs in your Google Chrome, it may also slow down your video environment. So check your lab uh check your RAM for for confirmity. Uh you might have blocked the popup. So you may have to check if it is not opening. see the right hand side corner on your screen right on on the on the address bar. Click the right corn right side corner and hello pop up. So you'll have to allow the popup popups and redirects straight away. All right. So we can close the settings right now. And what you can see here again you have Kali Linux and whatever that you are going to practice is exactly going to be here. Yeah, I've got confirmation saying that I'm able to log in. Yeah, we will give you just wait for the rest of the people to log in in next 1 minute and then we'll start the practice right immediately. Okay, just to make sure that you're we don't want you to lag with your internet connection. So, we've turned off the camera, right? Because uh I don't know how many of you are having very good internet connection. All right? So if you're using your mobile hotspot then you may encounter issues. Uh in case if you're not just been able to log in just refresh close your browser open it in uh incognto it will work either google chrome or in firefox both the browsers are pretty well that you can take it up. Yeah because we only have 2 hours of workshop right now as I said right. So it's originally 2 hours of workshop. So we planned it 15 10 15 minutes extra to make sure it's working. Uh make sure that you enable pop-up As long as you're able to enable the pop-up option it will work. I see Microsoft Edge it works but I'm not sure about the latest uh uh support. So you can try it in Microsoft Edge. Oh I mean you won't be able to practice it in your smartphone. I'm really sorry. You won't be able to see it but uh you won't be able to practice it. You can only view it. You need either a laptop or a desktop because there are a lot of components that are currently present there. So you may have to put probably an extra effort in terms of getting things rolled up. Yeah, we've not shared the screen. Now we'll share the screen again. No, you don't need to install any tool. Every tool is pretty much installed there. Right? So we'll start with the first exercise. It's exactly 8:01 in in in India and we have about 2 hours time to make sure that we all get the practice right and and get a feeler of what this uh practical exposure of VAPT is all about. The first thing that we'll be starting is as as we mentioned as open-source intelligence right. So now we want you to please go to the catalog repository and open the open-source intelligence and start start reading the first incident. No, you don't get any more time sir because it's 2 hours and 2 hours starts only now and by the time when we conclude it the two hours will get over and for that you know you'll have to ideally come into the program because it's a workshop providing access to everyone to give a feeler of how the program is going to go forward when you join Okay, another disclaimer which I wanted to give you all. If you are using your organization work workshop, I mean laptop, then I think your organization might have blocked VDI network. So you may have to use your personal laptop or a laptop where you have access that can be enabled straight away. So you may have to check whether it is your personal laptop or your organization laptop and if that is your organization laptop you may have some of these things uh then it is little difficult because we've had this problem faced quite a number of times with previous sessions whenever we handled because uh the organization might not enable a VDI to run or certain other scripts to run but there's no big scripts it's just a plain vanilla virtual desktop interface All right. Now, what we'll do is just just cool down, calm down, people, okay? If you're not able to access it, okay, first what I'm trying to tell you is please read the story board. Just read the story board. All right? And you have a task. Just read the storyboard and the task. Don't do anything. we'll be doing and we'll be showing exactly how to do it and why it is really important. So performing reconnaissance in a network. So I'll give you exactly 30 seconds time to read the storyboard. I hope you got the use case right. The storyboard says expo expo exposing files which are confidential in an organization system. Right? So how do we do that? So this is being an internal ethical hacker right we've been given access we are inside the system which means we are performing white box testing and the process goes on use a very simple recon tool called as reconG and perform the activity so now I will pass the com to uh my team Aditya so Aditya is will be able to explain you and you can also I'll be sitting we are all sitting in the same promises So we can see each other at the same time and respond to questions. Uh see practicing later. Yes, it is possible but you can practice it only until uh end of today because the lab cannot be extended after 12 p.m. So Indian standard time 12:00 a.m. sorry 12:00 a.m. Indian standard time. So after the class you wanted to have access to the lab, you can still do that. You want to note down all of these things, it's still fine. We have absolutely no issues with that. But 12:00 a.m. is the deadline. Automatically the lab will shut down after 12:00 a.m. Alita, your take over. Hello everyone. Hope I'm loud and clear to everyone. Okay, perfect. So I'll be quickly walking you through the steps on how to perform recon. That's the second step that we looked at, right? Uh the five phases of EAPD. First step would be with respect to your planning and scoping. So we won't be much considering that because we would be strongly working on the hands-on part of it. So let's look at the technical uh details. So scoping and planning that would be uh already provided either by your organization or by the client per se. So we'll directly jumping into reconnaissance where we will be trying to get uh much more uh information that is available on the public domain. So we'll be taking it forward on the Linux machine. So hope everyone has got an access to the Linux uh VM. So this is going to be your uh Kali Linux uh virtual machine spun up in India region and I believe we have multiple servers as well where uh the load balancing comes into picture. So let us firstly take up a terminal and hope the font size is also pretty good in terms of visibility. So let us take the first command. uh we'll be taking up ip space a to just to understand what subnet this particular VM is configured. So we'll just run IP space a to understand the IP address. So what we see on the screen is the result that got populated uh from the IP space a command and even on the top side of the VM you could see the IP address being generated in place. So we can either refer this or maybe if you want uh to understand the in-depth uh networking configuration we can just uh type in this ip space a command to understand this much better. So you can practice it simultaneously just by typing ip- a. So you get your first result inside right. You'll also get the similar results inside your computer too. But sometimes what happens is you may not the resolute IP address may not resolute in your computer and especially if you are not connected properly then obviously that could also result in not getting the result as you desire. So now uh let us take it further. So now we have some machine that is running right. So let us try to understand why we are using this uh operating system in in say so this is going to be your Kali Linux machine which is used by your uh red teaming people. So they use this in terms of your PT process but we will be performing VA in place and then we'll be jumping into the PT process. So for us to get to understand the operating system let us take up new name space - a as the command. So that will get me an understanding of what is the kernel version that is running and you would be able to uh understand this what would be the architecture that we are following in place for this operating system. A terminal could be fetched on the top taskbar that is there. You can see the ninth logo that is in black. So you can just click on that and you will have something like this. So to clear this uh banner in place, you can just type in C L E A R. Clear is the command you could execute to uh clear the screen. And you can just plus uh you can just uh press the combination of control shift plus to increase the font size for much more better uh readability in terms of the result getting populated on the terminal path. So the first two activity would be with respect to identifying the IP address of the machine and the kernel version and from there we will take it forward with the access to the internet. So let us now just try to ping 8.8.8.8 that is going to be your uh Google's DNS. So we'll generally do this as a first initial phase which would be again like a kind of a checklist that we would follow to ensure that all the prerequisites are checked and we can then take it forward with respect to the recon process. So now uh let us uh spin up the tool called reconngence process. This is again like pre-built by the community. So we'll be uh taking it up and just typing it out on the terminal. So all of you can also like maybe follow the screenshot that is there. So we also have the commands with respect to what needs to be performed. So I'll be exactly performing the same commands uh and we'll be giving you explanations on each and every command that is there on the screenshot so that everyone is on the same page with me So let's take it up. Uh now with respect to the recon ng recon space or sorry recon ng as the command in place. So once you hit enter uh you would be populated with the few of the settings uh that would be in place. So from here uh we would be taking up the next command uh that would be with respect to installing all the modules that is available from the marketplace. So the command would be just typing in marketplace install space all. So that would be the uh flag or the command that I would execute. and you might get some type of an error in place where we are not setting up any API related uh third party tools. So we'll just be going with whatever is available on the marketplace and then we'll be taking it forward. So from here let us uh set up the DB. Okay. I believe whoever wants to look at the commands you can go into the catalog. So we also have the guide for each and every incident. So I'm currently working on the open source intelligence and within which you have this module called reconnaissance and footprinting and I've taken the first incident. So incidents are basically like the use cases that we have built on top of the real world scenario that has happened in place. So you can just get into discovering exposed files using reconng. So in that the first command would be with respect to recon and the second command would be with respect to installing all the uh modules that is available with respect to this particular tool. So we'll be particularly doing that and I believe everyone has also taken up. So where where do you exactly run these commands that would be on the Kali Linux terminal that you have spawned? So on the machine so let us say as soon as you boot the L you you would be into this particular screen in place. So from here you see the ninth option that is available or otherwise what you could also take up would be click on this particular Kali logo that is there on the top left side and you have the terminal emulator. So we'll be working on this particular terminal for the labs and the commands in place. So this is the place where uh you would be practicing all the commands in place. So now uh I will just take it forward with respect to the marketplace and uh modules that I got installed. Now the next step would be with respect to me creating uh a database of the particular uh domain or I would be entering the target that I would be uh particularly looking at. So I'll be uh getting into this and taking up the next third step that is there available on the catalog. So I'll be taking up DB insert and take up domains. So here we looking at a particular domain and we'll be trying to get all the information particular to that domain. So we will be mostly going ahead with tesla.com because they have a responsible vulnerability disclosure as their method. So we'll just be trying to target that and yes everything whatever you see would be in terms of your real time results that would be coming in place. So once I have done this in your case it might say that one row is affected or it might say zero rows affected which means like the tesla.com is already in place and in in in alignment with the target we are looking at. So this would be with respect to the third step. Fourth step would be let me do show domains. So this will be where I am looking at the database that I edited previously. Right? So with respect to the third step and the fourth step, I'm able to get the particular results in place. So from here uh let me take up a module called interesting files. So which is again going to be predefined by the reconng team and they have like few set of dictionary in place that we would be running down and we would be trying to get what exact output we would be understanding on that particular domain. So let us take up modules space load interesting files. So let me take that up and uh once you're done or once you're in this particular step let me run the particular thing. So the output that you see is with respect to what are the directories that exist with respect to the domain that I have and you have a few set of application code that is showing up 400 which means those might not be available on the public domain but wherever you get to see 200 that would be your scope of work. So we'll be arriving at the scope in this particular case using this recon entry tool. So let me just do Ctrl C to stop the output and I'll just run you through wherever we have 200 code. So we have 200 code for robots.txt. So my target would be accounts.tesla.com tesla.com with the port 80 and robots.txt is getting me 200 code. So this is the expected output that uh we are trying to look at and we are arriving at the particular scope. So this is uh based on the uh reconnaissance uh process that we are particularly looking at. So we can uh I believe follow along with the screenshot in place. So the first command will be with respect to opening up the terminal and uh we would be running recon and in that we'll be firstly installing the all the modules from the marketplace. From there I would be entering the target to the uh database. So using the db space insert space domains command. And then from there I would be taking up tesla.com because they have a responsible vulnerability disclosure as one of the medium. So we'll be only targeting uh the particular domain in And from there we would load the module called interesting files. And then we would be running the particular uh output. Right? By the way, I think I could see a lot of people texting. It's uh it's fast and where is the terminal and kind of things. Uh I think I wanted to also mention one uh very important uh message here. See a VA and PT uh is a topic uh which uh requires a lot of basic uh operating system understanding. Okay, that's the first thing and uh as a as a topic which is the need of the R and which is also a kind of uh demo derived uh stuff right so we just want to make sure that what you will eventually get to learn in the program in probably after you cross 30 40% of the level of the program is what is actually being given here. Okay. So where we start is more of theoretical conceptualizations and then uh with few basics and we get into the offensive security part which is the ethical hacking. So currently we are straight away uh getting into the topic of VAP and if you think it's it's you're not able to follow I think we completely respect that. Okay. We don't expect you people to uh get to this level within a span of 30 40 minutes time after I give a deadline or I give a basic conceptualization and ask you to do that. So understand it try even one or two things right and if you think you're not able to follow these incidents are going to be persistent for you for the next couple of hours to after the program is done. So you can still spend your time and the lab will be available until until after the program is done for next two more hours if you utilize the if you don't utilize the lab time right you stop the lab there's an option called stopping the lab and you can start exactly from there so you don't even need uh the the recordings you can just go through the incidents and practice it simultaneously so this is something which will make you understand the importance of using this these tools and the importance and the depth of this particular program as it is. So we are trying to align a lot of things within a span of a very very short time right about 200 hours of technical theoretical practical uh practice learning is going to be brought down into about 2 hours of glimpse. So I would please request all of you to uh align and understand the importance of this uh topic. Okay. Sure. Thank you. Okay, I believe uh we have got the derived output And then uh the scope or the domain that you could use would be with respect to uh the target you're looking at. So uh I I go with the example as tesla.com. So since they have responsible vulnerability disclosure program so I'm able to scan and just and I'm not particularly attacking that particular domain. So I'm just trying to gather more information about the particular domain. So this uh again uh not part of your offensive security but it's just that you're gathering the information and deriving at the scope. So this is uh totally going to be covered in your BA process. So you're just trying to derive at the scope of it. So this would be with respect to understanding what domain name exist and what we have captured. So now let us take up scanning and enumeration as the process. So we'll just get into the catalog again and get back to your network security. So within this you have around eight incidents that is mapped to this particular workshop. So we will just click on the first one and try to understand uh the tool that we have in place. So we have a tool called N map that is your network mapper in place. So we'll just try to understand what is the exact output we are getting and we'll be able to look into the particular results that is throwing throwing us through. So the similar use case would be or the ground rule would be we would be running down on the storyboard that is the scenario that we have defined and then we have the task in place. So we have the task that would say what we need to do in terms of completing this particular incident in place. So this would be the u first set of data we need to look at. So let us uh get into the Linux machine and I shall just take up a fresh terminal in place and just zoom in a bit so that the font is available font is visible to everyone. let me take the first command that is with respect to your IP space a that we did in the previous set of activity or otherwise you could also take up if config that is your next command. So you can just try to take up the target and from here let us look at uh the first command would be with respect to man space n map. So just type in this man space n map on the terminal and this should give you the manual for this particular tool. So manual would be with respect to what flags or what what commands you can use to get derive at the output. So we'll just give this option in place and from here uh you can just read through the description of the tool which says uh network uh mapper is going to be an open source for network exploration and for security auditing but we won't be completely relying on this open source tool. So we'll be also running commercial tool in this particular session. we'll be running Nesses per se but the tool can vary based on the industry and based on the requirement that is coming up in place. So we can just scroll down in terms of your example that is given here. So the example says you have to use N map space- capital A capital T4. So capitalization is kind of important in terms of your Linux based operation. So just be sure that you're typing the exact thing that is either given on the screenshot or that is given as the command on the catalog. So you can just follow along and you then put up the target that is shown up here. So I believe everyone is able to follow the manual page. So from here let us say you have gone through the complete manual in place. You can just type in quit or just uh do Q on your keyboard to get out of of the shell. And from here let me do nm map-b. And here you can see the version that I'm particularly operating on. So this is the version 7.99 is the current version. And here you can see the time zone that is also configured in place. I hope you're all able to able to follow uh the simple instructions right because you need to know which version are you working uh in the report you may have to enter the information that you have scanned using multiple tools and one of them was NM map and the version was this so that information is going to uh confirm that the originality of the scanning process Okay. So we'll just take up the first scan in place. So we'll just take up ping scan. So we'll be taking up the target that is given on the screenshot. That's going to be the local host. So we'll take up n map space-en lowerase s n and then the target. So we'll just take up end map fn SN and then put up the target in place and we should be able to see that the post is live and up. So in this screen what you could see is with respect to the data like when the scan was initiated and you can also look at how long did it take for the scan to get completed and in the last part you can see that the host is coming at coming as up. So which means the target is live and we'll be proceeding with the other set of scans from here. See this is uh since it's a very short workshop that we are doing so we don't want to give about 15 20 IPs because uh scanning will take a much longer time. A simple example which I could probably give you is u scan your home network. Okay. Uh if you're within your network and I'm sure that you can scan your home network with your own computer. It could be Windows well you can use uh Z map as an application. If it is Linux you could use N map as an application. If you're going to use N map MAPAP in Windows then you may have to use the command line interface. So there's just a bit of u uh differential versions for different operating systems but results are pretty much the same. So you can rely on the results straight away. All right. Right. So I think we've just been talking for the last about 90 minutes time. So we'll just take a very short while break about u 8 minutes time. We'll just come back at about 8:40 Indian time. So it's about 8 minutes from now. All right. In the meantime if you want to ask questions we are going to anyway be sitting here to respond to your questions. So please free to feel free to type your questions so it becomes literally easy. Whoever is struggling to not being able to follow or any questions, we'll be we'll be more than happy to take it up. And again, I repeat, it's just a glimpse. So, be back in about 8 minutes time, please. All right. Few questions. Okay. Linux, will it work smoothly with 200? Yeah. Yeah, definitely. 256 GB SSD and 8 gig RAM. Linux will definitely work pretty smooth. How to do the personal network scan? So, okay. So what you typically need to do is uh you have to use your uh laptop or desktop and connect that with your uh with your router and follow the command that is being given there. Exactly the same command nothing difference just end mapap and then space- t4 and then you just have to type your IP address. So the moment you're going to do that you'll be able to scan your entire home network straight away. So you will know what kind of vulnerabilities are persistent in the devices that are connected in your home. So it's personal safety is also very important right okay I'm about to begin my career in cyber security I'm not sure what to do which resource to follow any suggestions see there I think again this is a pretty large question to really answer uh because starting a your curriculum starting a career in the world of cyber security is uh something where you'll have to take up first understand all the concepts of cyber security imagine yourself being in school right so you we get to learn quite a number of topics like we get to learn math we get to learn science then language okay we also get to learn geography history kind of things and then when when we start to go to the top level grades we'll get to understand which is more likely for us and more interesting for us we will pick up that particular subject so you will first have to understand all the topics of cyber security the concept s and then you can probably get to choose it there. So this program is designed in such a way it has got a lot of components which you will get to which will give you an understanding and you can straight away move forward and choose the topic that you wanted to do a specialization in it. I mean um that's that's a thought process you can give because uh CCNA is again a networking program and uh it is more of Cisco related stuff right so it'll still give you packet tracing and other common networking concepts but in the world of cyber security it's not mandatory as such right if you want to typically get into application security you don't need to know anything on CCNA or anything on networking as a concept right once you get in you can still get to learn there but if you want to get into digital foreign 6 you may need everything to be to be known from the basics up to a level because you will have to perform a lot of foreign at different levels. So completely depending upon uh what you want to choose would be a good start. Again, if you have any issues with respect to the commands that you have typed, you can go into the catalog and click that incident. The instructions are given with screenshots in case if the language is not very clear or if you're not able to perform it immediately or uh it's taking time for you to process it. So immediately you will be better you'll be able to respond or you'll be able to follow there with the instructions that are given to you. I'm also answering to uh the queries with respect to the Q&A. I think it's better you guys can type in the chat. It's it's more easier to rather respond right immediately. I mean quite a few people asked that should we just follow uh follow along. I think yeah you can you can also follow along. It's not like you cannot do that. You can still follow along and we will still be able to uh perform steps. That's why we've given this this break because another uh 20 minutes we'll be covering couple of things and we move forward into the the application security again it's just couple of exercises 2 3 one which will give you understanding I mean yeah we've we've given few few hosts there so you'll still be able to identify that okay a terminal is on your screen topbar a black color box will be restarting in about a I mean again uh I say I started my career with networks. Okay. Uh in fact more of my my area of research is on network. Uh but cyber security is still independent. Uh you still don't need to learn networks at all. You can still practice uh risk and compliance. So it's a it's a question that is you can still continue to contemplate on on for a longer period of time. I mean with respect to sock improvement factor security operations centers improvement factor uh you have to probably start working out on investigating the incidents to the next level. See AI is going to take over but not today right so it's taking over. So you you be ready with the process, you understand the concepts. I think it's going to be much more easier for you to move forward step after step. Uh foreign 6 it's depending upon the country that you work out with. Okay. It has got plenty of certifications with respect to c I mean country wise. So I cannot comment on the part specific certifications at this juncture. Oh yeah, if you want to get to learn networking, you want to get in network security. Yes, fantastic. Uh practical learning of sock uh in general, you will have to set up something or you'll have to take up uh a course like this which will cover the concepts, the methods and of course the advanced tools with AI incorporated. So you may have to set up something in your network but setting up is easier but you still need data you still…

Transcript truncated. Watch the full video for the complete content.