Cyber Academy

Cyber Academy

11 April 2016 — 12 May 2016

Special Focus

Cyber Academy is the most sophisticated training course available that will help you to enter in cyber security world, featuring an advanced hands-on computer lab environment challenging you to bring out your best penetration testing skills. The case studies include public vulnerabilities as well as vulnerabilities discovered by our team, all of which cover a wide range of applications and exploitation techniques.

Cybersecurity is the body of technologies, processes and practices designed to protect networks, computers, programs and data from attack, damage or unauthorized access. One of the most problematic elements of cybersecurity is the quickly and constantly evolving nature of security risks. To deal with the current environment, advisory organizations are promoting a more proactive and adaptive approach. The National Institute of Standards and Technology (NIST), for example, recently issued updated guidelines in its risk assessment framework that recommended a shift toward continuous monitoring and real-time assessments. Our course instructors are real world practitioners and understand that teaching how to audit security under “ideal” conditions is of little value. We place great emphasis on creating scenarios which are as close to real world circumstances as possible. This allows our students to use what they learn at Cyber Academy immediately into real world pentesting assignments! We challenge our students to think out-of-the-box as most real world environments are unique and generally cannot have pre-determined tailor made solutions.
This course it’s idea for students of computer science and engineering, cyber security enthusiast and white hat hackers.



Price 150 Eur (+VAT) per month. Candidates can also pay the total price of the academy: 1,800.00 Eur (+VAT)
Application deadline 08 April 2016
(This course has ended)

Course Details


☆  Type

Special Focus

☆  Requirements

Be open minded
Understand cyber security as a career
Open to different operating systems and programming languages
Enthusiastic about cyber security
Basic knowledge about computer system
With great knowledge comes great responsibility “give back to society”

☆  Modules

LINUX OPERATING SYSTEM
Linux Philosophy and Concepts
Linux Structure and Installation
Graphical Interface
System Configuration from the Graphical Interface
Command Line Operations
Finding Linux Documentations
File Operations
User Environment
Text Editors
Local Security Principles
Systems Current
Network Operations
Manipulating Text
Bash Shell Scripting
Advanced Bash Scripting
Processes
WINDOWS OPERATING SYSTEM
Basics of PowerShell
Scripting
Advanced Scripting Concepts
Modules
Jobs
PowerShell with .NET
Using Windows API with PowerShell
PowerShell with WMI
Working with COM objects
Interacting with Registry
Recon and Scanning
Exploitation
PENTESTING WITH METASPLOIT
Metasploit Basics and Framework Organization
Server and Client Side Exploitation
Meterpreter Extensions and Scripting
Database Integration and Automated Exploitation
Post Exploitation Kung-Fu
Firewall bypass
Token stealing and impersonation
Backdoor an Executable
Exploit research with Metasploit
Scenario Based Hacking using Metasploit
NETWORK PENTESTING
Information Gathering – OSINT, DNS, SNMP etc.
Pentesting Network Components – Router, Switch, Firewall, IDS/IPS
Pentesting Windows Environments – domain controllers,
Pentesting Linux Environments
Pentesting Mobile Application Backends
Attacking via the DMZ – Web, Email etc.
Post Exploitation on Windows, Linux and Mobile Oss
Data Exfiltration – tools and techniques
Privilege Escalation on Windows and Linux
Keeping Access – Backdoors and Rootkits
Web Application vulnerability to Shell
Scenario based Pentesting
Social Engineering Attacks – JAVA Applets, HID devices
AV Evasion Techniques
Firewall and IDS Evasion
WI-FI SECURITY AND PENTESTING
Bypassing WLAN Authentication
Cracking WLAN Encryption –
Encryption based flaws (WEP,TKIP,CCMP)
Attacking the WLAN Infrastructure
Protected Setup
Advanced Enterprise Attacks
Attacking the Wireless Client
Networks and Viral SSIDs, WiFishing
Breaking into the Client
Enterprise Wi-Fi Worms, Backdoors and Botnets
PYTHON FOR PENTESTERS
Python Scripting Language Essentials
System Programming and Security
Network Security Programming
Attacking Web Applications
Exploitation Techniques
Malware Analysis and Reverse Engineering
Attack Task Automation
Further Study and Roadmap
WEB APPLICATION PENTESTING
HTTP/HTTPS protocol basics
Cross Site Scripting
SQL Injection
Security misconfigurations
Application framework
Insecure direct object reference
Cross-site Request Forgery
GET and POST based
JSON based in RESTful Service
Insecure cryptographic storage
File upload vulnerabilities
Web Shells
Client side injection
Clickjacking
MOBILE SECURITY AND EXPLOITATION, ANDROID & iOS
Android Security Architecture
Android Permissions
Android Application Internals
Android Application Components
Introduction to Android Debug Bridge
Reversing Android Applications
Analyzing Android Malwares
Introduction to iOS Security
Creating an Application Pentest Platform
Advanced Application Runtime Analysis
Exploiting iOS Applications
iOS Forensics and Data Recovery
iOS Malware and Backdoors
Further Study and Roadmap
LINUX AND WINDOWS FORENSICS
Collecting volatile data, network interfaces.
Network connections, open ports, running processes,
File system date time, current user logins, user accounts
Command line analysis tools
Program headers
Reversing Linux Malware
REAL WORLD PENTESTING
The Pentest Process
Passive Recon
Quick Hits
External Scanning – the old way
External Scanning – headache detection
Network Vulnerability Scanning
Web App Vulnerability Scanning
Threat Modelling and Reporting
BUFFER OVERFLOW
Smashing the Stack
Writing Exit Shellcode
Executing Shellcode
Disassembling Execve
Shellcode for Execve
Exploiting a Program
VIRTUAL PENETRATION TESTING LAB
Virtual Labs
Various Operating Systems
Vector Attacks
Virtual Pentesting

☆  Schedule

Monday, Wednesday, Friday from 18:00 – 21:00




Cyber Academy

Drinor Selmanaj

Instructor

Drinor Selmanaj is a lecturer, entrepreneur and information security specialist from Kosovo.
He has spent his years consulting, auditing, and hardening IT-infrastructures in companies and organizations across the region.
As a lecturer, he has established a Penetration Testing programme at ICK which seeks to hone the skills of young technology enthusiasts looking into entering the field of cybersecurity.
His entrepreneurial spirit led him to found a software development company called “Hello World!” centered around creating secure and highly functional digital products for local companies and businesses.
He is the CTO and co-founder of “Sentry L.L.C” - one of the first companies in Kosovo to regionally offer products and an extensive list of services in information security.
As a citizen of Kosovo and a member of various hacker communities, Drinor is able to see both the needs of legitimate businesses as well as the needs of a darker digital underground.






BOLD

© ICK — Innovation Centre Kosovo