Cyber Academy 2017/2018

Cyber Academy 2017/2018

24 April 2017 — 23 April 2018

Special Focus



Price 150 Eur (+VAT) per month. Candidates can also pay the total price of the academy: 1,800.00 Eur (+VAT)
Application deadline 23 April 2017 (Sunday)
(Past application deadline)

Course Details


☆  Abstract

Attackers are becoming more clever and their attacks more complex. To keep up with the latest attack methods,
you need a strong desire to learn, the support of others, and the opportunity to practice and build experience.
Cyber Academy takes a unique approach to Education and offers foundational training to build core skills to provide knowledge at the time of need.
We provide attendees with in-depth knowledge of the most prominent and powerful attack vectors and furnishes an
environment to perform these attacks in numerous hands-on scenarios.
These courses cover many aspects of cybersecurity. First, students will be introduced to the basics of operating system, and we will dive deep further in
Pentesting Network Components, Data Exfiltration, Attacking via the DMZ, AV Evasion, Privilege Escalation, Bypassing WLAN Authentication, Malware Analysis and Reverse Engineering,
Security misconfigurations, System Programming and more.

☆  Requirements

Be open minded
Understand cyber security as a career
Open to different operating systems and programming languages
Enthusiastic about cyber security
Basic knowledge about computer system
With great knowledge comes great responsibility “give back to society”

☆  Modules :

☆  1. LINUX OPERATING SYSTEM

Linux Philosophy and Concepts
Linux Structure and Installation
Graphical Interface
System Configuration from the Graphical Interface
Command Line Operations
Finding Linux Documentations
File Operations
User Environment
Text Editors
Local Security Principles
Systems Current
Network Operations
Manipulating Text
Bash Shell Scripting
Advanced Bash Scripting
Processes

☆  2. WINDOWS OPERATING SYSTEM

Basics of PowerShell
Scripting
Advanced Scripting Concepts
Modules
Jobs
PowerShell with .NET
Using Windows API with PowerShell
PowerShell with WMI
Working with COM objects
Interacting with Registry
Recon and Scanning
Exploitation

☆  3. PENTESTING WITH METASPLOIT

Metasploit Basics and Framework Organization
Server and Client Side Exploitation
Meterpreter Extensions and Scripting
Database Integration and Automated Exploitation
Post Exploitation Kung-Fu
Firewall bypass
Token stealing and impersonation
Backdoor an Executable
Exploit research with Metasploit
Scenario Based Hacking using Metasploit

☆  4. NETWORK PENTESTING

Information Gathering – OSINT, DNS, SNMP etc.
Pentesting Network Components – Router, Switch, Firewall, IDS/IPS
Pentesting Windows Environments – domain controllers,
Pentesting Linux Environments
Pentesting Mobile Application Backends
Attacking via the DMZ – Web, Email etc.
Post Exploitation on Windows, Linux and Mobile Oss
Data Exfiltration – tools and techniques
Privilege Escalation on Windows and Linux
Keeping Access – Backdoors and Rootkits
Web Application vulnerability to Shell
Scenario based Pentesting
Social Engineering Attacks – JAVA Applets, HID devices
AV Evasion Techniques
Firewall and IDS Evasion

☆  5. WI-FI SECURITY AND PENTESTING

Bypassing WLAN Authentication
Cracking WLAN Encryption –
Encryption based flaws (WEP,TKIP,CCMP)
Attacking the WLAN Infrastructure
Protected Setup
Advanced Enterprise Attacks
Attacking the Wireless Client
Networks and Viral SSIDs, WiFishing
Breaking into the Client
Enterprise Wi-Fi Worms, Backdoors and Botnets

☆  6. PYTHON FOR PENTESTERS

Python Scripting Language Essentials
System Programming and Security
Network Security Programming
Attacking Web Applications
Exploitation Techniques
Malware Analysis and Reverse Engineering
Attack Task Automation
Further Study and Roadmap

☆  7. WEB APPLICATION PENTESTING

HTTP/HTTPS protocol basics
Cross Site Scripting
SQL Injection
Security misconfigurations
Application framework
Insecure direct object reference
Cross-site Request Forgery
GET and POST based
JSON based in RESTful Service
Insecure cryptographic storage
File upload vulnerabilities
Web Shells
Client side injection
Clickjacking

☆  8. MOBILE SECURITY AND EXPLOITATION, ANDROID & iOS

Android Security Architecture
Android Permissions
Android Application Internals
Android Application Components
Introduction to Android Debug Bridge
Reversing Android Applications
Analyzing Android Malwares
Introduction to iOS Security
Creating an Application Pentest Platform
Advanced Application Runtime Analysis
Exploiting iOS Applications
iOS Forensics and Data Recovery
iOS Malware and Backdoors
Further Study and Roadmap

☆  9. LINUX AND WINDOWS FORENSICS

Collecting volatile data, network interfaces.
Network connections, open ports, running processes,
File system date time, current user logins, user accounts
Command line analysis tools
Program headers
Reversing Linux Malware

☆  10. REAL WORLD PENTESTING

The Pentest Process
Passive Recon
Quick Hits
External Scanning – the old way
External Scanning – headache detection
Network Vulnerability Scanning
Web App Vulnerability Scanning
Threat Modelling and Reporting
BUFFER OVERFLOW
Smashing the Stack
Writing Exit Shellcode
Executing Shellcode
Disassembling Execve
Shellcode for Execve
Exploiting a Program

☆  11. BUFFER OVERFLOW

Smashing the Stack
Writing Exit Shellcode
Executing Shellcode
Disassembling Execve
Shellcode for Execve
Exploiting a Program

☆  12. VIRTUAL PENETRATION TESTING LAB

Virtual Labs
Various Operating Systems
Vector Attacks
Virtual Pentesting

☆  Schedule

Monday, Wednesday, Friday from 18:00 – 21:00

☆  After course completion

Every selected candidate, who attend minimum 80% of training classes, will be awarded with a certificate of course completion by Innovation Centre Kosovo, which will give them an advantage on applying for jobs and validating their skills with a prestigious certificate. There will be an evaluation process, which will take students through an exam. This will give feedback also on the direction of the successful or unsuccessful course completion.




Cyber Academy 2017/2018

Drinor Selmanaj

Instructor

Drinor Selmanaj is a lecturer, entrepreneur and information security specialist from Kosovo.
He has spent his years consulting, auditing, and hardening IT-infrastructures in companies and organizations across the region.
As a lecturer, he has established a Penetration Testing programme at ICK which seeks to hone the skills of young technology enthusiasts looking into entering the field of cybersecurity.
His entrepreneurial spirit led him to found a software development company called “Hello World!” centered around creating secure and highly functional digital products for local companies and businesses.
He is the CTO and co-founder of “Sentry L.L.C” - one of the first companies in Kosovo to regionally offer products and an extensive list of services in information security.
As a citizen of Kosovo and a member of various hacker communities, Drinor is able to see both the needs of legitimate businesses as well as the needs of a darker digital underground.




BOLD

© ICK — Innovation Centre Kosovo