Hacker Academy Training Catalogue
•
0 likes•53 views
This document provides a course catalogue for Hacker Academy Ltd. It outlines basic, intermediate, and advanced level courses on various information security topics. The basic level courses cover information security awareness for end users and managers. Intermediate courses include ISO 27001 implementation, cyber incident response, and security of Microsoft, Linux, and TCP/IP networks. Advanced courses focus on database, web application, and security information management systems. The document provides details on the objectives, prerequisites, syllabus, duration and benefits of each course.
More Related Content
What's hot
What's hot (20)
Similar to Hacker Academy Training Catalogue
Similar to Hacker Academy Training Catalogue (20)
Recently uploaded
Recently uploaded (20)
Hacker Academy Training Catalogue
- 2. 2 TABLE OF CONTENTS Basic Level Courses ..................................................................................................................................... 3 1. Information Security Awareness for End Users ............................................................................ 3 2. Information Security Awareness for Managers ............................................................................ 4 3. Social Engineering: Attack and Defence Methods ....................................................................... 5 Intermediate Level Courses ........................................................................................................................ 6 1. ISO 27001 Information Security Management System Implementation ..................................... 6 2. Cyber Incident Response Team Setup and Management ............................................................ 7 3. Microsoft Systems Security ........................................................................................................... 8 4. Linux Security ................................................................................................................................ 9 5. TCP/IP Network Security ............................................................................................................. 10 6. Active Network Device Security .................................................................................................. 11 7. System Security Audit ................................................................................................................. 12 Advanced Level Courses ........................................................................................................................... 13 1. Oracle Database Security ............................................................................................................ 13 2. MS SQL Server Database Security ............................................................................................... 14 3. Web Applications Security .......................................................................................................... 15 4. Security Information and Event Management Systems ............................................................. 16 5. Penetration Testing and Ethical Hacking .................................................................................... 17 Master Level Courses ............................................................................................................................... 18 1. Computer Forensics Basics ......................................................................................................... 18 2. Network Forensics ....................................................................................................................... 19 3. Secure Software Development ................................................................................................... 20
- 3. 3 BASIC LEVEL COURSES 1. INFORMATION SECURITY AWARENESS FOR END USERS Who Should Attend? Users of information systems. Prerequisites None. Course Syllabus • Role of user in information security • Contribution of user to corporate Information Security Management System (ISMS) • Access to computers • Password security • E-mail security • Security while accessing the Internet • Virus protection • Setup, use and disposal of storage media • File access and sharing • Information backup • Social engineering • User responsibilities in computer incidents Duration 3 hours Benefits Attendees will become familiar with the basics of information security and will enhance their awareness about the importance of corporate information security as well. They will learn their duties and responsibilities as a contributor to a corporate ISMS.
- 4. 4 2. INFORMATION SECURITY AWARENESS FOR MANAGERS Who Should Attend? Managers, staff who wants to know much about information security. Prerequisites Basic information systems’ knowledge. Course Syllabus • Basic concepts of information security • Security policy • Organizational security • Human resource security • Risk assessment and risk mitigation • Business continuity • Information security incident management • Operating system security • Network security • Web security • Digital certificates and certificate distribution systems • Password management • Antivirus systems Duration 2 days Benefits Attendees will obtain information about the basic concepts of information security and overall functioning of ISMS. Introduction will be made based on the technical aspects of information systems security.
- 5. 5 3. SOCIAL ENGINEERING: ATTACK AND DEFENCE METHODS Who Should Attend? All information system users, especially the system administrators. Prerequisites None. Course Syllabus • “Social engineering” concept • Attack techniques • Examples of social engineering attacks • Social engineering tests • Prevention methods • Several social engineering applications Duration 2 days Benefits Attendees will become familiar with the social engineering attacks, which are quite common and may lead to loss of confidential information or even the reputation of an institution. Attendees will acquire the capacity of offering social engineering trainings as well.
- 6. 6 INTERMEDIATE LEVEL COURSES 1. ISO 27001 INFORMATION SECURITY MANAGEMENT SYSTEM IMPLEMENTATION Who Should Attend? IT Security Centre Personnel, Auditors, Cyber Security Experts, IT Personnel to be audited under ISO 27001. Prerequisites Familiarity with quality management systems is helpful but is not a requisite. Course Syllabus • What is an ISMS and why is it needed? • “Plan-Do-Check-Act” process in ISO 27001 • Risk assessment and treatment in information systems • ISO 27001 control categories - Information security policies - Organization of information security - Human resources security - Asset management - Access control - Cryptography - Physical and environmental security - Operational security - Communications security - System acquisition, development and maintenance - Supplier relationships - Information security incident management - Information security aspects of business continuity management - Compliance • ISO 27001 conformance audit - Audit planning - Audit checklists - Non-conformances and reporting • Several applications Duration 3 days Benefits Attendees will be able to establish ISMS in their institutions. Attendees will also be acquainted with audit concepts.
- 7. 7 2. CYBER INCIDENT RESPONSE TEAM SETUP AND MANAGEMENT Who Should Attend? CERT (Computer Emergency Response Team), IT Security Centre Personnel, Cyber Security Experts. Prerequisites Experiences both in business processes and information systems. Course Syllabus • Introduction (History, computer incident examples, CERT and security organization examples) • CERT basics • Computer incident management process (incident management service definition and functions) • Operational components of CERT (software, hardware, policy and procedures) • CERT project plan Duration 2 days Benefits Objective of the training is to elevate the level of course attendees to a position where they can establish CERTs in their institutions.
- 8. 8 3. MICROSOFT SYSTEMS SECURITY Who Should Attend? Windows Network Administrators, MS AD Administrators, IIS/Exchange Administrators, IT Security Centre Personnel. Prerequisites Basic knowledge of Microsoft systems. Course Syllabus • Microsoft Web Services Security • Microsoft “PowerShell” • Active Directory and Network Services Security (Group policy, DNS, DHCP) • Patch management in Microsoft systems Duration 4 days Benefits Attendees will acquire advance level information within the scope of Microsoft systems security. They will have the capability to apply Microsoft systems security best practices in their institutions.
- 9. 9 4. LINUX SECURITY Who Should Attend? Linux System Administrators, IT Security Centre Personnel. Prerequisites Linux administration knowledge. Course Syllabus • Secure setup • Configuration of startup services • Secure configuration of kernel • File system access control • User access control • Management of system logs • Security audit tools • Security hardening tools • Security script programming Duration 3 days Benefits Attendees will be able to realize the security hardening of Linux based operating systems. They will acquire ability to use free software security tools on their systems. They will also acquire capability of using or developing tools that will help them discover security breaches in their systems.
- 10. 10 5. TCP/IP NETWORK SECURITY Who Should Attend? IT Security Centre Personnel, Auditors, Cyber Security Experts, Site or System Managers, Network Administrators. Prerequisites Basic knowledge of networks. Course Syllabus • Protocols of the TCP/IP protocol stack • Operation principles of different layers of the TCP/IP stack and threats targeting these layers • Security vulnerabilities of TCP/IP protocols and mitigation techniques • Techniques, protocols and devices that are used to assure network security • Packet capturing software such as Wireshark, analysis of packets and protocols • Concepts such as SSL, IPSec, VPN and digital certificates • Network components such as Firewall, IDS/IPS and Proxy Duration 2 days Benefits Applied work about the security of TCP/IP networks will bring a wealth of information and capabilities to the attendees. The attendees are expected to apply good security practices in their institutions’ network.
- 11. 11 6. ACTIVE NETWORK DEVICE SECURITY Who Should Attend? System and network administrators, IT Security Centre Personnel, Auditors, Cyber Security Experts. Prerequisites Basic knowledge of networks. Course Syllabus • Within the scope of (hardening of) active devices, network design and assuring the security of networks, the following topics will be studied theoretically with hands-on exercises. • Steps toward hardening of active devices that are commonly used today in the internal networks and they are also used to connect networks to the outside world, such as - Backbone switch, - Router, - Firewall, - Content filter • Security controls applicable to active devices, such as - Physical security, - Equipment security, - Identity authentication, - Authorization and monitoring, - Patch management, - Access control lists, - Remote management control, etc. Duration 2 days Benefits The attendees are expected to learn security controls applicable to active network devices through the theoretical and the applied parts of the course. The attendees are also expected to apply these security controls in their institutions.
- 12. 12 7. SYSTEM SECURITY AUDIT Who Should Attend? Information technology auditors, information security experts eager to enhance their system security audit abilities, system and network administrators. Prerequisites Basic network and operating system (Windows and Unix) information, familiarity with peripheral protection systems. Course Syllabus • Vulnerability and threat definitions • Open source security vulnerability scanners and how to use them • Discovering the topology of a network • Peripheral protection systems audit • Windows audit • Audit of Unix/Linux systems Duration 4 days Benefits Attendees will learn how to use security vulnerability scanners. Attendees will also learn how to conduct security audit of operating systems, peripheral protection systems and web applications.
- 13. 13 ADVANCED LEVEL COURSES 1. ORACLE DATABASE SECURITY Who Should Attend? Database administrators, database security auditors. Prerequisites Database management basics. Course Syllabus • Database basics • Identity control • Access control lists • Database security audits • Network security • Database backup • Audit of access tools • Advanced security measures Duration 3 days Benefits At the end of the course, participants will be able to conduct security audit of databases and managers will be able to implement secure management of databases.
- 14. 14 2. MS SQL SERVER DATABASE SECURITY Who Should Attend? Database administrators, database security auditors. Prerequisites Database management basics. Course Syllabus • SQL Server, general topics • Operating system configuration • Network configuration • SQL Server setup and maintenance • SQL Server configuration • Access control and authorization • Audit and log management • Backup and disaster recovery procedures • Replication • Software application development • “Surface Area Configuration” tool • SQL Server test and monitoring tools Duration 3 days Benefits At the end of the course, attendees will learn SQL Server database security mechanisms and factors affecting security. They will gain ability to conduct security audit of an SQL Server database. Database managers, in the meantime, will learn how to manage their database securely.
- 15. 15 3. WEB APPLICATIONS SECURITY Who Should Attend? Web Application Developers, Web Site Admins, IT Security Centre Personnel, Auditors, Cyber Security Experts. Prerequisites Basic knowledge of web technologies. Course Syllabus • Information gathering • Configuration management flaws • Input / output manipulation - Cross Site Scripting (XSS) - Injection flaws: SQL Injection, OS command injection etc. • User authentication flaws • Authorization flaws • Session management flaws - Session fixation - Session hijacking - Cross Site Request Forgery (CSRF) • Application logic • Log management • Failure management • Secure application management Duration 2 days Benefits The attendees will learn important security components of HTTP based applications, most common mistakes, how to avoid making these mistakes and how to assure sustainable application security.
- 16. 16 4. SECURITY INFORMATION AND EVENT MANAGEMENT SYSTEMS Who Should Attend? IT Security Centre Personnel, Auditors, Cyber Security Experts, Network Administrators. Prerequisites Familiarity with information system components. Course Syllabus • Centralized log management systems • Requirement for event correlation systems • Advantages of event correlation systems • Event correlation steps • OSSIM attack correlation systems • OSSIM overview • Basic components of OSSIM • Tools utilized by OSSIM • OSSIM setup • OSSIM component configuration • Policies • Data fusion from separate components • Attack correlation • System maintenance and update Duration 4 days Benefits Attendees will obtain information about centralized attack correlation systems. They will learn how to gather logs being accumulated on separate security components centrally, how to monitor attacks conducted from an internal or an external network and take necessary steps against an attack.
- 17. 17 5. PENETRATION TESTING AND ETHICAL HACKING Who Should Attend? IT Security Centre Personnel, Auditors, Cyber Security Experts, Site or System Managers. Prerequisites None. Basic knowledge of networks is a plus. Course Syllabus • Introduction (What is “Penetration test”? Crucial points before, during and after penetration tests and penetration test methodologies) • Discovery (Discovery categories. Applied nmap exercise; port scanning, service and operating system discovery, etc.) • Vulnerability discovery (Vulnerability concept. Nessus exercise; policy designation, scanning and vulnerability analysis) • Exploit (Exploit and payload concepts. Metasploit exercise; msfconsole, meterpreter, post-exploit and auxiliary modules, etc.) • Network penetration tests and layer 2 attacks (Network sniffing, MAC table flooding, ARP poisoning, VLAN hopping, DHCP IP pool exhaustion attacks) • External network tests and information gathering (Active and passive information gathering, “Google hacking”, etc.) • Social engineering (Using e-mail and telephone. Customized payload and malware generation – macro, pdf and exe. “Relay” vulnerability. “Post- exploitation”) • Web application tests (Input-output detection, XSS and SQL-i attacks) Duration 5 days Benefits Attendees will be able to participate and contribute to penetration tests.
- 18. 18 MASTER LEVEL COURSES 1. COMPUTER FORENSICS BASICS Who Should Attend? IT Security Centre Personnel, Auditors, CERT members. Prerequisites Basic knowledge of Linux and Windows operating systems. Course Syllabus • Computer incident response • Preliminary stages of computer analysis • Information about NTFS, FAT32, ext2, ext3 file systems (how files are opened, saved and deleted in these systems) • Non-volatility of data in different components of a computer (RAM, “Stack” area, hard disks etc.) Data storage and retrieval from these components • Conducting computer analysis on a Linux system and presentation of related tools • In the applied part of the course, setting up the analysis environment and conducting, with tools, the analysis of a suspected file • Conducting computer analysis on a Windows system and presentation of related tools Duration 3 days Benefits Attendees will be able to conduct computer analysis on their own.
- 19. 19 2. NETWORK FORENSICS Who Should Attend? I T Security Centre Personnel, Auditors, CERT members, Network and System Administrators. Prerequisites Basic knowledge of TCP/IP, networks, Linux and Windows operating system. Course Syllabus The following topics will be covered in order to conduct incident analysis without referring to storage components such as hard disks and RAM. Another objective is to detect incidents and malicious network traffic exploiting incorrect configuration of network components. • Foundations of traffic analysis • Network packet capturing technologies: Hardware, software and tools • Basic network protocols and components • Network security component log analysis: Logs of firewalls, intrusion detection and prevention systems, etc. • Analysis of network protocols (HTTP, SMTP, DNS etc.) • Deep packet inspection • Detection of malicious network traffic: “Man in the middle attack”, “DNS cache poisoning” etc. attacks • Detection of network traffic tunnelling techniques: DNS, ICMP, SSH tunnelling etc. • Analysis of encrypted network traffic: “SSL traffic listening” technique • Reconstruction of network traffic to obtain original data • Network flow analysis Duration 4 days Benefits Attendees will be able to conduct network traffic analysis and to collect evidence without accessing storage components. They will also be able to detect malicious network traffic and security incidents deriving from components.
- 20. 20 3. SECURE SOFTWARE DEVELOPMENT Who Should Attend? Software developers/engineers, software project managers, software quality control staff. Prerequisites Intermediate experience with programming. Course Syllabus • Security problems of software • Security problems of technology components where software is running • Basic elements of secure software development process • How to integrate a secure software development lifecycle to a software development process • Source code samples, demonstrating most common vulnerabilities and how to prevent them • Technology that maybe applied to assure secure operation of components such as application server and database where software is running, since software depends on these systems. Duration 3 days Benefits Attendees will learn basic secure coding principles, secure software design and development, threat modelling and principles of security tests.