services

Active Directory is the heart of organizations and therefore an important target for an attacker. In this advanced training, we will go through the entire journey, options and techniques for compromising an Active Directory environment. This is with the goal of understanding the activities from the perspective of the Red Teamer inspecting the security of such an environment as well as from the perspective of the defender who is responsible for hardening the environment. In addition to techniques directly related to Active Directory exploitation, we will also partially focus on the necessary defense evasion.

This training will provide participants with the knowledge needed to safely use and secure the PowerShell platform. It focuses on practices for safely handling sensitive data in scripts, what script structures are insecure, and whether the entire PowerShell can be exploited by an attacker. The training requires advanced knowledge of PowerShell.

In this course we will focus on understanding the job of an analyst in the Microsoft Sentinel environment. We will also explain how to analyze logs from the local and cloud environments using the Microsoft Sentinel tool. The course participants will learn how to use the KUSTO Query Language in their jobs and how to efficiently use cloud tools for faster analysis.

In this course we will focus on a simulation of cyber attacks that the participant will investigate. Each such attack within the APT scenario will be discussed in detail and analyzed by an analyst, who will actively create rules for detection and hunting in the Microsoft Sentinel tool. This is a hands-on course, meaning that the majority of the content revolves around practical experience from the investigation, during which the participants will learn about the advantages of Microsoft Sentinel as well as the limits of this tool.

This training provides students with the fundamental knowledge and skills to use PowerShell. We will cover multiple topics like cmdlets, functions, components and objects manipulations, script prerequisites, standard and structures. The course content is built on my more than 15 years of working with PowerShell and students will spend more than 80% of course time working in PowerShell engine. During the training you will built some basic scripts you can immediately use in your daily work.

This training provides students with the advanced knowledge and expert skills to use PowerShell. The training requires existing solid knowledge as you will learn advanced topics like Proxy Functions, .NET, PowerShell workflows etc. The content is built on my more than 15 years of working with PowerShell and students will spend more than 80% of course time working in PowerShell engine. Everyone who already use PowerShell for any purpose can benefit from the content.

The aim of the course is to understand how techniques for bypassing Windows OS security mechanisms work. During the course we will study an example of real bypassing of systems based on newer Windows systems using modern security mechanisms such as AppLocker, EDR systems, Powershell protection and many more that you can find in the operating system.

This course will help the participants understand how Red Teaming operations work. We will explain how Red Teaming is prepared and how the whole exercise is planned. You will learn who Red Teaming is intended for and how the company should prepare for this exercise. We will also focus on correctly setting the relevant goals and contractual obligations when Red teaming is carried out by external subjects. We will explain what a Red Teamer should know and which members should be in the Red Team. Last but not least, we will discuss the pros and cons of internal and external Red Teams.

This course is intended as an introduction into cyber security. We will focus on all aspects of information and cyber security and the participants will learn about the threats they can encounter in digital, physical and human environments. This course also focuses on the problems of incorrectly configured processes or inconsistent management of the company culture. A whole range of cyber attacks will be demonstrated within the course. The course can also be taken as a preparation for different types of certification tests required for CS managers and architects.

In this course the participants will learn how to secure digital and physical evidence when performing a forensic investigation. Securing of evidence will be done in a legal way and should show the participants how not to disturb the evidence while gathering it. One section of the course is dedicated to practical examples related to the securing of evidence and will explain the topic of a forensic team composition, as well as gathering of evidence on secured devices. The participants will also learn which HW and SW tools are necessary for proper securing of evidence.

The goal of the course is to provide a comprehensive overview of the trends in cyber threats that have appeared since 2019 and to discuss some of the significant attacks in the recent years. The training will consider the Tactics, Techniques, and Procedures (TTPs) of hackers and the weaknesses of companies so that the company can adapt and transpose these situations into its current environment in order to assess whether this is a realistic threat in the client’s company. The course is intended not only for technically oriented individuals.

The goal of the course is to provide a comprehensive overview and expand the knowledge of the participants on risk control and management using the qualitative and quantitative method. The course participant will learn about modern concepts of risk management and will understand how easy it is to use causal scenarios. In the course you will need to use mathematical formulas for calculations and then project the final values namely into cyber risks. Before the course the lecturer needs to be familiarized with the internal risk management method and internal procedures of the company related to the risk management.

The goal of the course is to provide a comprehensive overview of risk management and expand the knowledge of the participants in the field using the quantitative method. Course participants will learn about modern concepts of risk management and will understand how easy it is to use causal scenarios. During the course, the participants will learn about the FAIR module and modelling using Monte Carlo simulation. In the course you will need to use mathematical formulas for calculations and then project the final values namely into cyber risks.

The goal of the course is to do a practice “Incident Response Plan” according to the MITRE ATT&CK framework that will focus on detection of and reaction to an cyber incident in the context of the company. The course, which will take place in the form of an interview, will mention different methods and scenarios of cyber attacks and the participant should be able to handle these attacks. During the course, the mediator and scenarist on the side of the supplier will thoroughly explain and describe the incident to the response team that does not need to consist of only technically-minded people. Before the course, it is recommended to describe and explain the implemented “Incident Response Plan” process to the mediator and playwright who will customize the course based on this information.

The goal of the course is to complete a training “Incident Response Plan” according to the MITRE ATT&CK framework that will focus on detection of and reaction to an cyber incident in the context of the company. The course, which will take place in the form of an interview, will mention different methods and scenarios of cyber attacks and the participant should be able to handle these attacks. During the course, the mediator and playwright on the side of the supplier will thoroughly explain and describe the incident to the response team, which should consist of technically skilled participants. Before the course, it is recommended to describe and explain the implemented “Incident Response Plan” process to the mediator and playwright who will customize the course based on this information.

The goal of the course is to introduce the participants to possible vectors in the IT/OT environment using attack simulations in the course supplier’s lab. The course participants together with the lecturer will simulate attacks on the given environment. The simulation will also include attacks on ModBus and IEC104 protocols and on common TCP protocols used in IT and OT. Simulated attacks will be carried out against Active Directory and Windows operating systems within the context of the MITRE ATT&CK framework. Attack simulations should, to the greatest extent possible, simulate and demonstrate APT-type attacks or so-called multi-stage attacks with the aim of disrupting the confidentiality, availability or integrity of the system, or reducing the resilience of systems.

The goal of the course is to introduce the participants to an APT attack, whereas the entire exercise is conducted by a lecturer who explains attack techniques and defense options against a given type of attack on a simulated cyber attack. In order to understand protection, it is necessary to know and understand the functionalities of operating systems and the available defense options. The simulated cyber attack targets an infrastructure with standard security operated in the supplier’s lab. The participants do not actively participate in the repair of the system and the attack simulation.

As part of the course, participants will learn the techniques used by government and military intelligence, intelligence services, CIA and FBI agents to search for information using open sources. In this course we will explain what OSINT is and how it works, we will talk about other areas such as HUMINT, SOCINT, GEOINT and others. We will learn to use tools and get information automatically, work with photo metadata and geolocations and track people using online cameras.  The entire course is accompanied by a series of hands-on labs so that the participants can master the given techniques and begin to understand the functioning of intelligence services, focusing on the physical, digital and human aspects. At the end, the participants will get a homework assignment to create a complete digital profile of the organization, with a deadline in 7 days. In this way, the participants will understand the weaknesses of the organization which could be used by a potential attacker when planning an attack on its infrastructure. The output of this screening is then discussed with the lecturer, and each course participant has 1 hour to explain the most important points of the entire report. The participants are awarded their certificate after they defend their outputs. This methodology is used not only by the armed forces of various countries, but also by researchers who try to identify the weak points of companies. The OSINT methodology is further used in the screening of employees who may work with sensitive information after joining, in order to verify their confidentiality and integrity.

KUSTO Query Language is one of the most wide-spread query languages in Microsoft’s cloud services. The course participants will learn the techniques and methods of searching in logs, identifying weak spots in search queries, and understanding the individual terms used for searching. They can then immediately use these techniques within Microsoft services, not just in an Azure Sentinel or Azure Monitor environment.

The goal of the course is to familiarize participants with tools by MITER in order to use the most possible information for the analysis of cyber attacks and to build detection and prevention measures. As part of the course, participants will learn about the techniques contained in the MITER ATT&CK Kill Chain for IT, OT and Cloud areas. They will also try using the Atomic Red Team and will be introduced to MITRE D3FEND. Last but not least, we will model a threat using the MITRE ATT&CK Navigator. Finally, we will discuss the advantages of the MITRE Engage tool and working with a CVE database.

The goal of the course is to introduce the participants to the topic of security of industrial networks and industrial environments. In this course the participants will learn about the architectonic models and standards used in industrial networks.

Training is focused on understanding the OWASP methodology with a focus on testing within web applications. In this course, the participants will go through all the test scenarios on a specially created  PHP web application and understand how a weak spot in the application is created and how an attacker can use it. You will learn how to correctly test a web application and what to focus on during testing.

The goal of the course is to show the top 20 attack vectors used against technological systems and to explain the main causes of the problems to the participants. Practical demonstrations are carried out in the technological lab and most attacks are simulated directly during the course. The participants will understand how such cyber attacks are created and what threats they should prepare for.

The goal of the course is to introduce the participants to the options of security testing in a company environment. The participants will learn about the testing options and what testing can bring. We will also focus on the issue of timing the testing and a secure development cycle that the company should implement. During testing you will discover the differences between vulnerability scanning, penetration tests and red team. The participants will get a clear idea about how to implement this testing in their company.

The goal of the course is to discuss and understand the entire web application security testing standard according to OWASP. In this course the participants will understand what to focus on during testing, but mainly what to do to ensure that vulnerabilities do not arise in the system. The participants will also see many problem areas of web applications that will be abused by the lecturer.

In this course, we will introduce internet browsers and discuss how secure they are. We will refute or confirm various possibilities of escalation of access from the website to the victim's computer and explain how browsers and their components work, not only while testing the user's experience.