services

Active Directory is the heart of organizations and therefore an important target for an attacker. In this advanced training, we will go through the entire journey, options and techniques for compromising an Active Directory environment. This is with the goal of understanding the activities from the perspective of the Red Teamer inspecting the security of such an environment as well as from the perspective of the defender who is responsible for hardening the environment. In addition to techniques directly related to Active Directory exploitation, we will also partially focus on the necessary defense evasion.

As part of the training, we will focus on understanding the analyst's work in the Microsoft Sentinel environment. During the training, we will explain how it is possible to analyze logs from local and cloud environments using the Microsoft Sentinel tool. Training participants will understand how to use the KUSTO Query Language and learn how to effectively use cloud resources for faster analysis.

The training is only available in the Czech language.

As part of the training, we will focus on simulations of cyber attacks, which the training participants will examine. Every attack carried out in an APT scenario will be thoroughly discussed and subsequently analyzed by an analyst who will actively create detection and hunting rules in Microsoft Sentinel. This is hands-on training, so most of the content is based on hands-on experience from investigations, and trainees learn not only the benefits of Microsoft Sentinel, but also its limitations.

Trénink je dostupný jen v českém jazyce.

The goal of the training is to understand what techniques aimed at bypassing Windows OS security mechanisms look like. During the training, we will focus on demonstrating a real bypass of systems built on new Windows systems using modern security mechanisms such as AppLocker, EDR systems, Powershell protection and much more that you can encounter in the operating system.

The training is available in both Czech and English.

This training will enable participants to understand how Red Teaming operations work. As part of the training, we will explain to you how Red Teaming is prepared and how the entire exercise is planned. You will also learn who Red Teaming is intended for and how the company should prepare for such an exercise. We will also not forget the correct determination of relevant goals and the setting of contractual obligations, if the Red Team is implemented by external entities. We will explain what a Red Teamer should be able to do and what members such a Red Team should consist of. Last but not least, we will talk about the advantages and disadvantages of internal and external Red Team.

The training is available in Czech and English.

This training is designed as an introduction to cyber security. During the training, we will focus on all aspects of information and cyber security, and participants will thus understand what threats can occur both in the digital and in the physical, human environment. In the course of the training, the problems of poorly set processes and/or inconsistent management of the company culture are not neglected. A variety of cyber attacks are demonstrated during the training. The training can serve as preparation for various types of certification exams that are required of KB managers and KB architects.

The training is available in both Czech and English.

As part of the training, participants will learn how to secure digital and physical evidence of the conduct of a forensic investigation. The securing of evidence will be done in a legally permissible manner and should provide guidance to the participants on how not to tamper with the evidence during its creation. The trainer will focus on practical demonstrations related to securing and will explain the composition of the forensic team. Also, during the training, we will focus on securing evidence on a device that is secured, and participants will understand what HW and SW resources are necessary to properly secure evidence.

The training is available in both Czech and English.

The goal of the training is to provide a comprehensive picture of cyber threat trends that have emerged from 2019 to the present and to repeat some significant attacks from previous years. During the training, it is necessary to take into account the procedures (TTP's) of hackers and the weaknesses of companies, so that the company can adapt to the given situation and can transpose the situation into the existing environment and evaluate whether such a threat is also real in the environment of the customer's company. The training will be delivered not only to technology-oriented people.

The training is available in both Czech and English.

The goal of the training is to provide a comprehensive view and expand the knowledge of the training participants in the field of risk management and management using a qualitative and quantitative method. Trainees will be introduced to modern risk management concepts and understand how easily causal scenarios can be used in risks. During the training, it will be necessary to calculate using mathematical formulas and to project the resulting values especially into cyber risks. Prior to the implementation of the training, it will be necessary for the trainer to familiarize himself with the internal risk management methodology and with the company's internal procedures, which are relevant to risk management.

The training is available in both Czech and English.

The aim of the training is to provide a comprehensive view of risk management and to expand the knowledge of training participants in the field of risk management and management using the quantitative method. Trainees will be introduced to modern risk management concepts and understand how easily causal scenarios can be used in risks. During the training, participants will be introduced to the FAIR model and Monte Carlo simulation modeling. During the training, it will be necessary to calculate using mathematical formulas and to project the resulting values especially into cyber risks.

The training is available in both Czech and English.

This practical course offers participants a unique opportunity to experience a real-life cyberattack simulation in a secure lab environment. The lab consists of Windows servers and workstations that are part of an Active Directory domain, an OT environment simulating industrial control systems, and Linux servers. Participants will be guided step-by-step through the stages of a cyberattack – from reconnaissance and privilege escalation to data exfiltration – with a focus on the techniques used by Red Teams in practice. The course combines theoretical foundations with hands-on exercises, making it ideal for professionals seeking to deepen their knowledge of cybersecurity and acquire practical skills in attack simulation.

Course Modules:

1. Introduction to Cyber Attacks and Red Teaming

   • Overview of cyber threats and attack techniques.
   • Red Team structure and its role in security operations.
   • Goals and ethics of simulated attacks.

2. Reconnaissance – Exploring the Target Infrastructure

   • Passive and active reconnaissance methods (network scanning, OSINT).
   • Identifying vulnerabilities in the network and domain infrastructure.
   • Gaining access and mapping critical elements of the OT environment.

3. Initial Access – Gaining Entry

   • Exploiting weak passwords and service vulnerabilities.
   • Phishing and social engineering as attack vectors.
   • Active Directory attacks (ASREPRoasting, Kerberoasting).

4. Privilege Escalation

   • Escalation techniques in Windows environments (token stealing, UAC bypass).
   • Privilege escalation specifics in Linux systems.
   • Exploiting vulnerabilities in OT environments.

5. Lateral Movement

   • Techniques for spreading access within the domain environment.
   • Using RDP, SMB, WMI, PSExec, and other tools.
   • Pivoting techniques between Windows and Linux systems.

6. Persistence – Maintaining Access

   • Techniques for hidden and long-term access (scheduled tasks, registry persistence).
   • Backdoors and rootkits in both Windows and Linux environments.
   • Maintaining control over compromised OT systems.

7. Command and Control (C2)

   • Setting up and managing a C2 infrastructure.
   • Protocols and techniques for communication with compromised systems (DNS, HTTPS, covert channels).
   • Detection and defense against C2 activities.

8. Data Exfiltration

   • Methods for exfiltrating data from the environment (FTP, HTTP/S, cloud services).
   • Concealing exfiltration from security tools.
   • Specifics of exfiltrating sensitive data from OT systems.

9. Forensic Analysis and Incident Response

   • Identifying indicators of compromise (IOCs).
   • Log and network activity analysis.
   • Responding to cyberattacks and measures to minimize damage.

10. Final Attack – Comprehensive Cyberattack Simulation

    • Teamwork on a simulated attack on the target infrastructure.
    • Applying techniques from individual modules in a single scenario.
    • Final discussion and evaluation of the attack from both attacker and defender perspectives.

This course is ideal for both technical specialists and security managers who wish to better understand the workings of cyberattacks and improve the security of their IT and OT environments.

The training is available in both Czech and English.

As part of the course, participants will learn the techniques used by government and military intelligence, intelligence services, CIA and FBI agents to search for information using open sources. During the training we will explain what OSINT is and how it works. We will talk about other areas such as HUMINT, SOCINT, GEOINT and others. We will learn to use tools and get information automatically and we will work with photo metadata, work with geolocations or also track people using internet cameras.

All training is accompanied by a series of hands-on labs so that participants master the techniques and begin to understand how intelligence services work, focusing on the physical, digital and human aspects. Finally, as a homework assignment, the participants create a complete digital profile of the organization, which they have 7 days to create. In this way, the participants will understand the weaknesses of the organization, which could be used by a potential attacker when planning an attack on its infrastructure. The result of this screening is then discussed with the trainer and each course participant has 1 hour to explain the entire report. After the defense, the participant is awarded certification.

This methodology is used not only by the power units of states, but also by researchers who try to identify the weak points of companies. The OSINT methodology is further used in the screening of employees who may work with sensitive information after joining, in order to verify their confidentiality and integrity.

The training is available in both Czech and English.

Kusto Query Language is one of the most widely used search languages in Microsoft cloud services. The participants of the training will master the techniques and methods of searching in logs, identifying the weak points of search queries and understand the individual terms used for searching. They can then immediately use these techniques within Microsoft services, and not only in the Azure Sentinel or Azure Monitor environment.

The training is only available in the Czech language.

The aim of the training is to introduce the training participants to the issue of security of industrial networks and industrial environments. During the training, participants are introduced to the architectural models and standards found in industrial networks.

The training is available in both Czech and English.

The goal of the training is to understand the OWASP methodology with a focus on testing within web applications. During the training, participants will go through all the test scenarios for specially creating a PHP web application and understand how a weak spot in the application is created and how an attacker can exploit it. During the training, you will understand how to properly test a web application and what to focus on during testing.

The training is available in both Czech and English.

The aim of the training is to show the top 20 vectors of attacks on technological systems and to explain to the trainees where the main causes of problems are located. Demonstrations are demonstrated in the technology lab during training, and most attacks are simulated directly during training. The participants of the training will understand how such cyber-attacks arise and what threats it is necessary to prepare for.

The training is only available in the Czech language.

The goal of the training is to introduce participants to the possibilities of security testing in a corporate environment. Participants will learn what testing options are and what testing will bring them. We will also focus on the issue of testing timing and the safe development cycle that the company should have in place. During testing, you will find out what the differences are between vulnerability scanning, penetration testing and red team. The participants of the training will take away a clear idea of how to implement testing in their company.

The training is available in both Czech and English.

As part of the training, we will introduce you to what internet browsers are and how safe they are. We will refute or confirm the possibilities of escalation of access from the website to the victim's computer and explain to you how browsers and their components work not only in testing the user experience.

The training is available in both Czech and English.

This comprehensive PowerShell training provides students with everything from basic to advanced knowledge and skills needed for the effective and secure use of this environment. Participants will learn the basics such as cmdlets, functions, object manipulation, and scripting structures, before moving on to advanced topics including functions and modules. The final part of the course focuses on the security aspects of PowerShell, including protecting sensitive data in scripts and securing the platform against misuse. The training is based on the instructor's more than 15 years of experience with this tool.

As part of the training, we will introduce you to the BurpSuite tool, which is the most used tool not only for penetration testing of web applications. During the training, we will also show you other tools that you can use for penetration testing of web applications, APIs and mobile applications. During the training, you will learn how to start and operate the tools and understand the impact of testing operations that these tools can cause. The entire training is implemented as an interactive handson training.

The training is available in both Czech and English.