Google-Cybersecurity-Certificate

This Repository describes about the journey of getting the google cybersecurity professional certificate.

This course contains 8 different courses which combinely makes the certificate.

First Course :

Foundations of Cybersecurity This was the begining where almost the overview of every course was given. Learned about the SIEM Tools, Frameworks , Some popular attacks like the LoveLetter, which shaped the infosec community, NIST frameworks, CIA triad, and other base info sec knowledge.

Second Course :

Play It Safe: Manage Security Risks This course dive deep into Frameworks like NIST and controls , CIA triad, OWASP principles etc.

In first two modules some key learnings were:

• How frameworks helps in lowering the risk in crucial time
• learned how framework provides guidance to act and investigate the issue and prevent the further damage,recover data loss or any harm during the breach or other compromised times.
• CISSP's eight principles which are followed by organisations in order to comply security of domains.
• identify, protect using tools, policies and procedures, detect using improvised techniques, respond using security processes, recover the system.
• Learned about the security audits how these audits helps organizations in keeping up there business needs and goals.
• Performed a security audit for a fictional company Botium Toys, learned about how to review security scope and goals, reviewed and finalize the availability and usage of important security compliances.
• learned why logs and there understanding is important in the InfoSec industry.
• learned about SIEM tools such as Splunk , Google chronicle and how they are important as the monitoring tools for an organization.
• learned why logs and there understanding is important in the InfoSec industry.
• learned about SIEM tools such as Splunk , Google chronicle and how they are important as the monitoring tools for an organization.
• learned about playbooks and their importance as a guide during a security incident, which guides how to respond to an incident and post incident activities.

Key Learning: in order to keep up the business availability an organization should imply the frameworks as the baseline

Course 3:

Module 1: Network architecture

• learning the basic architecture of networks. learned about how physical network devices like workstations, servers, routers, and switches connect to each other to create a network. learned about cloud networks and how cloud computing has grown in recent years.

• Learned about the components of Cloud service providers:

SaaS: software as service, where we can use software without hosting it.

Paas: Platform as a service, where developers can use services to design and develop custom applications for their organization.

Iaas: Infrastructure as a service, where virtual components of a system like containers , virtual pcs can be host. These include virtual containers and storage that are configured remotely through the CSP’s API or web console.

• Learned about the basic structure of a Data Packet, which includes data header: The sender’s IP address, the destination's MAC address, and the protocol to use, body and the footer which contains a string of data indicating that the data transmission is complete.

• learned about the Transmission Control Protocol/Internet Protocol (TCP/IP) model and its detailed structure and layers. TCP/IP consists of four layers : Network layer, Internet, Transport layer and Application Layer.

• Learned about difference between TCP and UDP, how TCP is an essential and reliable way of communication as it forms connection before transmitting packets unlike the UDP.

• Learned about the OSI model , whose seven layers help the connection between two devices and the transmission of packets. learned how each model is necessary in order to achieve safe connection and data sharing.

Module 2: Network operations

• learned about network protocols like tcp, icmp, smtp, sftp, https, udp, dns, snmp and how they organize communication over a network.
• learned about different wireless protocols such as wep, wpa, wpa2, wpa3
• learned about firewalls and proxy servers.
• Learned how firewalls can be configured as hardware, software and cloud based which uses FaaS in order to get protection for the organization’s network .
• Learned how stateless and statefull firewalls are differ from each other.
• Learned about the vpns and security zones., learned about the uncontrolled zone, the controlled zone, the demilitarized zone, and the restricted zone.
• learned about network segmentation, a security technique that divides networks into sections. A private network can be segmented to protect portions of the network from the internet, which is an unsecured global network.

Module 3: Secure against network intrusions

• learned how packet sniffing and IP spoofing are used in network attacks. Because these attacks intercept data packets as they travel across the network, they are called interception attacks.
• learned about how to read and understand log files of popular packet sniffing tools like tcpdump and wireshark.
• learned about how dos attack works and how as a security analyst we can resume and prevent the services after an attack occurred.

Module 4: Security hardening

• learned about attack surface and security hardening.
• Learned why pen testing is essential for security hardening.
• Learned about patch updates and their importance for the security of software as fixing the vulnerability.
• Learned about the secured password complexity, bruteforce attacks such as normal bruteforce attacks and dictionary attacks.
• Learned how we can assess the vulnerabilities and which software are useful such as vms and sandbox environments.
• Learned preventive measures used to improve the overall security such as hashing-salting, MFA and 2FA, CAPTCHA and reCAPTCHA and password policies.
• Learned about port filtering where not in use ports are blocked in order to get rid off port vulnerabilities.

Course 4:

Tools of the Trade: Linux and SQL:

• learnt about the different operating systems and how a operating system works.
• Learnt about the resource allocation through operating system.
• learned about the difference between the command line interface (CLI) and graphical user interface(GUI).
• Learned about the architecture and different distributions of Linux.
• Learned about the digital forensic tools available in Kali Linux distro for security professionals.
• Learnt about the importance of shell and its role as the interpreter.
• Learnt and tried writing commands in a bash shell through navigating in FHS or file hierarchy system such as , cat, ls, cd, pwd etc, on a practical lab setup on qwiklabs.com
• Learned about filtering commands such as grep and piping phenomenon.
• learned how to manage access and authorize user’s access to files and data.
• Learned about the users groups and their permissions such as -r,-w,x.
• took an activity where managed file access and directory access to user , group and other users, as given structure.
• Took another activity in which i managed users in the system,.
• Learned about the Linux help commands such as man, whatis, apropos to learn about the Linux commands.
• Learnt about the sql queries and their usage for the database information retrieval and log filtering.
• Learnt about joins in sql.

Course 5:

• Learned about the assets, asset management, asset classification and other necessary procedures for the safety of the assets.
• Learned about the NIST framework , its components like core and tiers.
• Went through an activity which shows how assets and ensuring their protection is classified.
• Went through another activity which demonstrated the risk register of a demo bank. In which i learned how to classify risks, severity, and priority of certain vulnerabilities and threats.
• Learned about the security controls used to maintain the data privacy and security.
• Data controls such as Technical, operational and managerial controls helps organization to implement data security and privacy.
• Learned about the principle of least privilege which ensures the employees has limited and sufficient access over data according to their role.
• Learned about the data lifecycle which ensures maintain data in all forms till it leaves the organization's custody.
• Learned about the fundamentals of cryptography where we get know how we share data securely.
• Learned about the public key infrastructure, which is used by the organizations to establish trust and data transfer between the devices.
• Learned about the two types of encryption i.e., symmetric and asymmetric.
• Went through a lab which gave the practical experience of following :
  • list hidden files,
  • decrypt a Caesar cipher, and
  • decrypt an encrypted file.
• Learned about the non-repudiation and importance of hashing with hash functions and their evolutions.
• Went through an activity which helped me gain practical experience creating hash values for different files and comparing them. Although file contents appear same but the file were different.
• Learned about the AAA framework which holds responsibility for the Access and authentication of users.
• Learned how Single-sign-on(SSO) and Multi-factor authentication (MFA) is used in order to improve and strengthen the sign-in experience of the user.
• Learned about how the mechanisms of authorization works, which is essential key for the user sign-in. The two mostly used authorizations are basic auth in HTTP and 0AUTH an open source authorization framework by google.
• Learned why auditing user activities specially sign-in logs are important as it helps in securing organizations and users safe.
• Learned how IAM and its different models such as Mandatory Access Control (MAC), Discretionary Access Control (DAC) and Role based Access Control (RAC) helps in maintaining the secure and better access to suitable resources.
• Went through an activity of log analysis and providing the information and advices after an event occurred.
• Learned about the vulnerability management process as how the vulnerabilities are addressed in a system and how a system is made defensive against the threats.
• Learned how defense in depth helps in keeping the organization safe with the help of multiple layers of security.
• Went through the Common Vulnerabilities and Exposures and how a vulnerability is measured. CVEs and CVSS concepts were helpful in understanding.
• Went through the OWASP TOP 10 , which lists the most common vulnerabilities targeted by attackers.
• Learned the concept of Open source intelligence or OSINT which helps organizations to stay safe before any threat occurs.
• Learned about the vulnerability assessments which are a necessary practice in order to find and asses the flaws in the system and network.
• Learned how vulnerabilities are scanned using different tools and practices such as simulation of real world attacks.
• Learned why updates are necessary part in order to protect systems as they patch most of the vulnerabilities.
• Learned how penetration testing is beneficial for the organization as it helps finding new vulnerabilities and exposures.
• Went through an activity which gave a practical experience how vulnerabilities assessments are conducted.
• Learned about the mindset of attackers which can harm the system or the organization by protecting all the entry Points.
• Learned how security hardening takes place and why it is necessary in order to reduce the attack surface.
• Learned about the typed of threat actors and attack vectors.
• Learned how we can defend organizations against bruteforce attacks.
• Went through an threat reporting activity which thoroughly gives knowledge how specific events can be dangerous.
• Learned about the social engineering and its severe effects on the organization's security.
• Learned about several tactics used such as phishing, vishing, spear fishing etc.
• Went through an activity which showed how can a email be identified as phishing or not.
• Learned about malwares and their different types, their effects to systems and attacks used previously.
• Learned about the term crypto-jacking which is a scan which malicious actors performs in order to mine crypto coins or tokens.
• Learned about the web based exploits such as XSS, SQLI and other different injection attacks. Also we went through several preventions that can stop these types of attacks from occurring.
• Learned the concept of threat modelling, as aspect of securing applications at very beginning stage and for SDLC.
• Learned about different types of threat modelling frameworks such as PASTA, STRIDE, Trike and VAST.
• Went through an activity in which we conducted a PASTA modelling of an sneakers company which uses web-application as their business.

Course 6:

This course focuses on the aspects of incident response and its cycle.

• Learned about the incident response lifecycle and its major stages required in order to respond after an event.

• Went through an activity in which we applied NIST framework and made an entry in incident handler's journal.

• Learned about the different incident response teams which

• Learn about the process and importance of documentation. Learned why documentations plays a vital role such as play books, policies and reports in incidence response.

• Learn about the different type of detection and prevention systems such as IPS and IDS and EDR, and their capabilities.

• Learned about the process of detection and log analysis. How the data reaches the SIEM tools and a notification is created.

• Learned about the processes of alert generation from SIEM tools. The process contains Collecting data, aggregating data, normalizing data and analyzing data.

• Learned about the importance and ways of network flows in a network. Learned how can we manage and secure the networks and monitor for threats.

• Learned about the packets and packet capture, interpreting network communications with packet capture. Examining the fields of packet headers and other data.

• Went through an activity which gave practical experience using Wireshark to open saved packet capture files, view high-level packet data, and use filters to inspect detailed packet data.

• Learned about the usage of network capture tool TCPDUMP and its functionality.

• Learned about the detection and analysis phase of the incident respond lifecycle. Different methods used to analyze the incident and indicators of compromise.

• Went through an activity which gave a broad over view how to use the IOCs as the tools for analysis using the Virus Total tool.

• Learned about the benefits of documentation in the field of InfoSec, learned how chain of custody forms are used in order to maintain the integrity of evidences in custody.

• Learned about the importance of playbooks, which acts as the guide in responding to incidents.

• Went through an activity which demonstrates how playbooks are used in case of incident response.

• Learned about the role pf triage in incident response why triaging is the important process in order to respond to critical incidents.

• Learned about the containment, eradication and recovery phase of the incident response plan. Also learned about the business continuity plan which helps business remains operational during any disruptions.

• Learned about the post incident activity and final report phase.

• Went through an activity which shows how a final report looks.

• Learned about the importance of log in the security procedure and how the logs helps in softening the process of events.

• Learned the best practices for collection and log management in order to be productive and logs to make sense.

• Learned about the variation of logs , file formats used to log data such as XML, CSV and SYSLOG format like CEF.

• Learned monitoring with detection tools. Learned about the methodologies, techniques and tools used to detect malicious activities.

• Learned about the components of a signature and how a signature is formed.

• Learned how to examine signatures with suricata , examine logs generated by suricata and overview of suricata and services it provides.

• Went through an activity in which i used Suricata in order to detect intrusions on a sample data of a network. Learned how to set custom rules, how to use custom rules, how to use suricata to log intrusions and how to read log data.

• Learned how to examine log data using siem tools. Learned about the functionality of the SIEM tools , their log sources and log ingestion.

• Learned how to Query for events with SPLUNK, google CHRONICLE and their raw and metadata search functionality.

• In this activity, we used Splunk Cloud to perform a search and investigation. Using Splunk Cloud, we were able to:

  Upload sample log data 

  Search through indexed data

  Evaluate search results

  Identify different data sources 

  Locate failed SSH login(s) for the root account.

In this activity, we used Chronicle to investigate a suspicious domain used in a phishing email. Using Chronicle's domain search, we were able to:

• Access threat intelligence reports on the domain

• Identify the assets that accessed the domain

• Evaluate the HTTP events associated with the domain

• Identify which assets submitted login information to the domain

• Identify additional domains 

After investigation, we determined that the suspicious domain has been involved in phishing campaigns. We also determined that multiple assets might have been impacted by the phishing campaign as logs showed that login information was submitted to the suspicious domain via POST requests. Finally, we identified two additional domains related to the suspicious domain by examining the resolved IP address. Tools Used : Suricata, Splunk and Google Chronicle.