Cyber Academy 2017/2018

Price

Application Deadline

• April 23, 2017
• The course starts on April 23, 2017

Schedule

• Monday, Wednesday, Friday from 18:00 – 21:00 • 9 hours per week* 3 times per week*
Abstract

Attackers are becoming more clever and their attacks more complex. To keep up with the latest attack methods,

you need a strong desire to learn, the support of others, and the opportunity to practice and build experience.

Cyber Academy takes a unique approach to Education and offers foundational training to build core skills to provide knowledge at the time of need.

We provide attendees with in-depth knowledge of the most prominent and powerful attack vectors and furnishes an

environment to perform these attacks in numerous hands-on scenarios.

These courses cover many aspects of cybersecurity. First, students will be introduced to the basics of operating system, and we will dive deep further in

Pentesting Network Components, Data Exfiltration, Attacking via the DMZ, AV Evasion, Privilege Escalation, Bypassing WLAN Authentication, Malware Analysis and Reverse Engineering,

Security misconfigurations, System Programming and more.

Requirements

Be open minded

Understand cyber security as a career

Open to different operating systems and programming languages

Enthusiastic about cyber security

Basic knowledge about computer system

With great knowledge comes great responsibility “give back to society”

1. LINUX OPERATING SYSTEM

Linux Philosophy and Concepts

Linux Structure and Installation

Graphical Interface

System Configuration from the Graphical Interface

Command Line Operations

Finding Linux Documentations

File Operations

User Environment

Text Editors

Local Security Principles

Systems Current

Network Operations

Manipulating Text

Bash Shell Scripting

Advanced Bash Scripting

Processes

2. WINDOWS OPERATING SYSTEM

Basics of PowerShell

Scripting

Advanced Scripting Concepts

Modules

Jobs

PowerShell with .NET

Using Windows API with PowerShell

PowerShell with WMI

Working with COM objects

Interacting with Registry

Recon and Scanning

Exploitation

3. PENTESTING WITH METASPLOIT

Metasploit Basics and Framework Organization

Server and Client Side Exploitation

Meterpreter Extensions and Scripting

Database Integration and Automated Exploitation

Post Exploitation Kung-Fu

Firewall bypass

Token stealing and impersonation

Backdoor an Executable

Exploit research with Metasploit

Scenario Based Hacking using Metasplo

4. NETWORK PENTESTING

Information Gathering – OSINT, DNS, SNMP etc.

Pentesting Network Components – Router, Switch, Firewall, IDS/IPS

Pentesting Windows Environments – domain controllers,

Pentesting Linux Environments

Pentesting Mobile Application Backends

Attacking via the DMZ – Web, Email etc.

Post Exploitation on Windows, Linux and Mobile Oss

Data Exfiltration – tools and techniques

Privilege Escalation on Windows and Linux

Keeping Access – Backdoors and Rootkits

Web Application vulnerability to Shell

Scenario based Pentesting

Social Engineering Attacks – JAVA Applets, HID devices

AV Evasion Techniques

Firewall and IDS Evasion

5. WI-FI SECURITY AND PENTESTING

Bypassing WLAN Authentication

Cracking WLAN Encryption –

Encryption based flaws (WEP,TKIP,CCMP)

Attacking the WLAN Infrastructure

Protected Setup

Advanced Enterprise Attacks

Attacking the Wireless Client

Networks and Viral SSIDs, WiFishing

Breaking into the Client

Enterprise Wi-Fi Worms, Backdoors and Botnets

6. PYTHON FOR PENTESTERS

Python Scripting Language Essentials

System Programming and Security

Network Security Programming

Attacking Web Applications

Exploitation Techniques

Malware Analysis and Reverse Engineering

Attack Task Automation

Further Study and Roadmap

7. WEB APPLICATION PENTESTING

HTTP/HTTPS protocol basics

Cross Site Scripting

SQL Injection

Security misconfigurations

Application framework

Insecure direct object reference

Cross-site Request Forgery

GET and POST based

JSON based in RESTful Service

Insecure cryptographic storage

File upload vulnerabilities

Web Shells

Client side injection

Clickjacking

8. MOBILE SECURITY AND EXPLOITATION, ANDROID & iOS

Android Security Architecture

Android Permissions

Android Application Internals

Android Application Components

Introduction to Android Debug Bridge

Reversing Android Applications

Analyzing Android Malwares

Introduction to iOS Security

Creating an Application Pentest Platform

Advanced Application Runtime Analysis

Exploiting iOS Applications

iOS Forensics and Data Recovery

iOS Malware and Backdoors

Further Study and Roadmap

9. LINUX AND WINDOWS FORENSICS

Collecting volatile data, network interfaces.

Network connections, open ports, running processes,

File system date time, current user logins, user accounts

Command line analysis tools

Program headers

Reversing Linux Malware

10. REAL WORLD PENTESTING

The Pentest Process

Passive Recon

Quick Hits

External Scanning – the old way

External Scanning – headache detection

Network Vulnerability Scanning

Web App Vulnerability Scanning

Threat Modelling and Reporting

BUFFER OVERFLOW

Smashing the Stack

Writing Exit Shellcode

Executing Shellcode

Disassembling Execve

Shellcode for Execve

Exploiting a Program

11. BUFFER OVERFLOW

Smashing the Stack

Writing Exit Shellcode

Executing Shellcode

Disassembling Execve

Shellcode for Execve

Exploiting a Program

12. VIRTUAL PENETRATION TESTING LAB

Virtual Labs

Various Operating Systems

Vector Attacks

Virtual Pentesting

After course completion

Every selected candidate, who attend minimum 80% of training classes, will be awarded with a certificate of course completion by Innovation Centre Kosovo, which will give them an advantage on applying for jobs and validating their skills with a prestigious certificate. There will be an evaluation process, which will take students through an exam. This will give feedback also on the direction of the successful or unsuccessful course completion.

Instructor
Drinor Selmanaj | Instructor

Drinor Selmanaj has experience in cyber security. He has been working with FLOSSK for 2 years now he is one of many contributors in Kosovo in many open source projects, he has been doing workshops around Kosovo in data security, also being a FLOSSKie he has been maintaining the network of the SFK (Software Freedom Kosova) the annual conference about open source in Kosovo. His expertise are networks and computer security. While on workdays he is the CEO of HelloWorld, a company which is focused on application development. His passion about computer security and networks never stops. He will be showing some awesome stuff at advanced cyber security training.

Facebook
Twitter
LinkedIn