Hacking Fundamentals Workshop

Take a look into the hackers mindset and learn the moves


Overview
  • 16 academic hours (2 working days, which includes 4 hours of practical work)
  • June 07-08, 2021
  • KPMG Estonia Training facility (Narva mnt 5, Tallinn)
  • Up to 15 participants
  • System administrators, information security specialists and -managers, any other cybersecurity focused IT personnel
  • The course and the materials are composed in English
  • 499 EUR + VAT

Description

The course is extremely practical and follows a scenario based design. It’s ideal for cyber security professionals that want to understand the step-by-step approach to exploiting IT systems. Case studies, motivation and mindset, attack vectors, counter measures, best practices, tools and methods will be discussed.


The course is split into 2 days. First day combines lectures with practical exercises on each topic to provide good insights into how hackers attack companies and access critical resources and data. Second day provides the students with an opportunity to tie it all together and put it into practice by attacking a test environment that simulates an actual company.


Materials will be provided. Upon finishing the course, a signed certificate of completion by KPMG will be granted to participants.


Participants are required to use their own (VPN enabled) laptop during the course. If you do not have a suitable computer for the course, please get in touch with us.


Prerequisites: Understanding of English technical language.


The training is held at KPMG Baltics OÜ Training facility in the Foorum center in Tallinn (Narva mnt 5).

Instructions (room, floor, parking etc) provided after registration.

In case of coronavirus related restrictions, an online/hybrid course or alternative dates will be provided.


What will you learn
  • Overview of hacking concepts, technologies, types and phases
  • Hands-on demonstration of the Cyber Kill Chain® process
  • Footprinting and reconnaissance concepts
  • Scanning and enumeration techniques and countermeasures
  • Overview of web application hacking methodology, tools and techniques used
  • Exploitation and post-exploitation concepts, techniques and countermeasures
  • Familiarity with the penetration testing process, types of pentests, red teaming
  • Knowledge resources to develop and practice hacking skills
  • Practice learned skills during a CTF (Capture The Flag) event

Schedule
Day 1
  • Introduction: Hacker mindset lecture and setting up access to the lab environment.
  • Reconnaissance: Banner grabbing, fingerprinting, service mapping, port- & vulnerability scanning.
  • Weaponization: Finding vulnerabilities, suitable exploits and staging your attacks.
  • Delivery: Sending the weaponized bundle to the victim.
  • Exploit: Executing code on the victim’s system.
  • Installation: Installing malware on the target asset.
  • Command and Control: Creating a channel where the attacker can control a system remotely.
  • Actions: Carrying out actions to find sensitive data and exfiltrate it.

Day 2
  • A practice game (CTF – capture the flag format) on KPMG Estonia’s CTF platform to solidify learned skills and knowledge from day one. Performing attacks on test environment to gain access to sensitive data and critical resources in order to compromise the target company.

* Snacks, lunch and refreshments will be provided.


Instructors

fancybox
Jagjit Singh

Jagjit joined KPMG in 2021. He has strong knowledge of cybersecurity risks, threats, best practices & prevention measures.

fancybox
Rajith Jayasekara

Rajith joined KPMG in 2020. Before KPMG he worked as an Information Security Engineer at TechCERT. Rajith is a certified Secure Software Development Lifecycle Professional (CSSLP), OCI certified associate.


OSINT Essentials

Find out what everyone can see publicly about your organization.


Overview
  • 8 academic hours (4 classroom hours + 4 hours of practical work)
  • September 22, 2021
  • KPMG Estonia Training facility (Narva mnt 5, Tallinn)
  • Up to 15 participants
  • System administrators, information security specialists and -managers, any other cybersecurity focused IT personnel
  • The course and the materials are composed in English
  • 349 EUR + VAT

Description

Open-source Intelligence Essentials is a one-day deep dive course into the world of OSINT. The course if focused on showcasing how publicly available information can be used by hackers to plan and orchestrate an attack.


Lectures are combined with practical examples and followed by a hands-on experience through a scenario based course design. Each topic provides valuable insight into how hackers gather publicly available information and prepare themselves for the next step in the kill chain. In addition, students are provided with the opportunity to tie it all together and put it in practice by using KPMG-s specialized test environment that simulates different use-cases.


Case studies, motivation and mindset, attack vectors, counter measures, best practices, tools and methods will be discussed.


Materials will be provided. Upon finishing the course, a signed certificate of completion by KPMG will be granted to participants.


Participants are required to use their own (VPN enabled) laptop during the course. If you do not have a suitable computer for the course, please get in touch with us.


Prerequisites: Understanding of English technical language.


The training is held at KPMG Baltics OÜ Training facility in the Foorum center in Tallinn (Narva mnt 5).

Instructions (room, floor, parking etc) provided after registration.

In case of coronavirus related restrictions, an online/hybrid course or alternative dates will be provided.


What will you learn
  • Overview of OSINT within the Cyber Kill Chain® framework
  • Hacker's mindset and motivation
  • Using OSINT frameworks and tools
  • Valuable OSINT data resources​
  • Hands-on footprinting and reconnaissance techniques/countermeasures​​
  • Hands-on scanning and enumeration techniques/countermeasures​
  • Analyzing collected data​

Schedule
  • Introduction: Hacker mindset lecture and setting up access to the lab environment.
  • Methodologies: Introduction to well-known methodologies and attack vectors.
  • Reconnaissance: Introduction to reconnaissance toolsets and frameworks.
  • Use cases: An overview of practical use cases – actionable examples binding theory with practice.
  • A practice game (CTF – capture the flag format) on KPMG Estonia’s CTF platform to solidify learned skills and knowledge.

* Snacks, lunch and refreshments will be provided.


Instructors

fancybox
Igmar Ilves

Igmar joined KPMG in 2019. Igmar has experience in the following industries: public sector, military sector, IT infrastructure, railways.

fancybox
Rajith Jayasekara

Rajith joined KPMG in 2020. Before KPMG he worked as an Information Security Engineer at TechCERT. Rajith is a certified Secure Software Development Lifecycle Professional (CSSLP), OCI certified associate.

fancybox
Alberto Zorilla

Alberto joined KPMG in October 2018. Since, he has been working on both Cyber Security Assessments and Industrial Cyber Security.


Phishing Awareness Training for Organizations

Learn how to not get hooked by Hackers


Overview
  • 8 academic hours (1 working day)
  • August 25th, 2021
  • KPMG Estonia Training facility (Narva mnt 5, Tallinn)
  • Up to 15 participants
  • Organizations (and their leadership at all levels), anybody with an email account and desire to defend themselves and their organization
  • The course and the materials are composed in English
  • 349 EUR + VAT

Description

Phishing attacks exploit the weakest link in the chain – the individual employee. No matter how well thought-out your cyber security policies are, there is no perfect way to ensure compliance. To be able to thrive in a modern digitally transformed organization, KPMG provides the know-how about what to expect in terms of phishing attacks and how to build counter measures and a resilient organization.


Case studies, motivation and mindset, attack vectors, counter measures, best practices, tools and methods will be discussed.


Materials will be provided. Upon finishing the course, a signed certificate of completion by KPMG will be granted to participants.


Participants are required to use their own (VPN enabled) laptop during the course. If you do not have a suitable computer for the course, please get in touch with us.


Prerequisites: Understanding of English technical language.


The training is held at KPMG Baltics OÜ Training facility in the Foorum center in Tallinn (Narva mnt 5).

Instructions (room, floor, parking etc) provided after registration.

In case of coronavirus related restrictions, an online/hybrid course or alternative dates will be provided.


What will you learn
  • Psychological principles of conducting phishing​
  • Various concepts of phishing attempts​
  • Pointers of discovering a phishing attempt​
  • Anti-phishing tools and techniques​​

Schedule
Topics covered:
  • What is Phishing?
  • What are different methods for phishing?
  • How to spot a phishing email?
  • How to know if you're the target of a Spear-Phish?
  • How an attacker sets up a phishing campaign?
  • How an attacker sets up a phishing campaign?
  • How to train your employees?

Course Methodology
  • Live course work and hands on training.
  • Sample campaign.
  • Final test (80% required to receive a certificate of completion)

* Snacks, lunch and refreshments will be provided.


Instructors

fancybox
Aleksandra Isabel Pillmann

Aleksandra Isabel joined KPMG in 2020. In addition to cyber security assessments, she provides professional IT support and knowledge.

fancybox
Jaan Vahtre

Jaan joined KPMG in 2018. Before joining KPMG Jaan worked as a head of cyber security, network solutions specialist and services project manager.

fancybox
Brady Maxwell

Brady joined KPMG in 2019. Brady has over 20 years of experience in IT and cyber security.


Secure Coding for Developers by Hackers

Hackers view of your coding skills


Overview
  • 8 academic hours (4 classroom hours + 4 hours of practical work)
  • October 18th, 2021
  • KPMG Estonia Training facility (Narva mnt 5, Tallinn)
  • Up to 15 participants
  • Developers who'd like to get better at securing their software and learn hacking techniques to understand the attacker's perspective
  • The course and the materials are composed in English
  • 399 EUR + VAT

Description

Secure Coding for Developers by Hackers is a one-day deep dive course into the world of Secure Coding using the OWASP Dojo, a CTF-Like event that will give developers great insight into how hackers break their code. The course is focused on security coding best practices to increase awareness of development pitfalls that turn into security holes.


Materials will be provided. Upon finishing the course, a signed certificate of completion by KPMG will be granted to participants.


Participants are required to use their own (VPN enabled) laptop during the course. If you do not have a suitable computer for the course, please get in touch with us.


Prerequisites: Understanding of English technical language.


The training is held at KPMG Baltics OÜ Training facility in the Foorum center in Tallinn (Narva mnt 5).

Instructions (room, floor, parking etc) provided after registration.

In case of coronavirus related restrictions, an online/hybrid course or alternative dates will be provided.


What will you learn
  • Secure coding practices to mitigate common vulnerabilities​
  • Security mindset within the software development life cycle (SDLC)​​
  • Secure coding practices checklist and more resources to adopt for your current SDLC​​

Schedule
  • Introduction: Hacker mindset, threats to developers
  • Lecture: Secure Coding Practices
  • Dojo: Setup, Accounts, Urls
  • Practice:Security Code Review Master Module
  • Practice: Secure Coding Dojo Black Belt Module

* Snacks, lunch and refreshments will be provided.


Instructors

fancybox
Rajith Jayasekara

Rajith joined KPMG in 2020. Before KPMG he worked as an Information Security Engineer at TechCERT. Rajith is a certified Secure Software Development Lifecycle Professional (CSSLP), OCI certified associate.

fancybox
Jagjit Singh

Jagjit joined KPMG in 2021. He has strong knowledge of cybersecurity risks, threats, best practices & prevention measures.

fancybox
Alberto Zorilla

Alberto joined KPMG in October 2018. Since, he has been working on both Cyber Security Assessments and Industrial Cyber Security.


Web Application Security Masterclass

Learn how to spot weaknesses in Web Applications


Overview
  • 32 academic hours (4 working days)
  • November 29 - December 02, 2021
  • KPMG Estonia Training facility (Narva mnt 5, Tallinn)
  • Up to 15 participants
  • Developers who'd like to get better at securing their software and learn hacking techniques to understand the attacker's perspective
  • The course and the materials are composed in English
  • 1299 EUR + VAT

Description

Web Application Security Masterclass by KPMG provides an insight into the mind of a pen-tester. Learn how to break your system so you can make it more secure. KPMG cyber security experts will showcase lessons learned from private and public sector organizations


The course focuses on client side and server side attacks, combining both theory and practical hands on exercises. Participants will learn how to discover common WebApp vulnerabilities (e.g. XSS, SQi, DoS, DDoS, memory corruption, buffer overflow, CSRF, data breach), how to exploit them and how to defend against them.


Case studies, motivation and mindset, attack vectors, counter measures, best practices, tools and methods will be discussed. Materials will be provided.


Materials will be provided. Upon finishing the course, a signed certificate of completion by KPMG will be granted to participants.


Participants are required to use their own (VPN enabled) laptop during the course. If you do not have a suitable computer for the course, please get in touch with us.


Prerequisites: Understanding of English technical language.


The training is held at KPMG Baltics OÜ Training facility in the Foorum center in Tallinn (Narva mnt 5).

Instructions (room, floor, parking etc) provided after registration.

In case of coronavirus related restrictions, an online/hybrid course or alternative dates will be provided.


What will you learn
  • How the web works and the challenges involved with web applications​
  • Advanced insight into tools, techniques and methodologies used during web app testing
  • How to discover and exploit vulnerabilities in modern web frameworks and technologies
  • Analysation of results from automated web testing tools to validate findings, eliminate false positives and assess business impact
  • Information gathering from knowledge sources to practice and grow your web app hacking skills

Schedule

Day 1
Client-side attacks day 1
  • Information gathering and configuration review
  • HTTP vs HTTPS and communication manipulation
  • Client side injection attacks: XXS, HTML injection and JavaScript injection

Day 2
Client-side attacks day 2
  • Client-side manipulation attacks: URL and cookie manipulation.
  • Session handling attacks: session hijacking, session fixation, CSRF.
  • Addons, plugins, extensions and 3rd party content.
  • Combining attacks.

Day 3
Server-side attacks day 1
  • Authentication and authorization attack.
  • Business logic manipulation.
  • Google hacking.
  • Underlaying infrastructure configuration review.

Day 3
Server-side attacks day 2
  • Injection attacks: Command injection, XXE, SQL injection.
  • File handling, inclusion and upload attacks.

* Snacks, lunch and refreshments will be provided.


Instructors

fancybox
Igmar Ilves

Igmar joined KPMG in 2019. Igmar has experience in the following industries: public sector, military sector, IT infrastructure, railways.

fancybox
Jagjit Singh

Jagjit joined KPMG in 2021. He has strong knowledge of cybersecurity risks, threats, best practices & prevention measures.

fancybox
Rajith Jayasekara

Rajith joined KPMG in 2020. Before KPMG he worked as an Information Security Engineer at TechCERT. Rajith is a certified Secure Software Development Lifecycle Professional (CSSLP), OCI certified associate.


Basic course in Python programming

Acquire the technologies of 21st century.


Overview
  • 24 academic hours (3 working days) + 8 hours of independent study (1 working day)
  • June 02-04, 2021
  • KPMG Estonia Training facility (Narva mnt 5, Tallinn)
  • Up to 5 participants
  • Attendants who want to acquire Python programming skills
  • The course and the materials are composed in Estonian
  • 990 EUR + VAT

Description

The basic course in Python programming was created by the Python Institute and is conducted on the OpenEDG Academy training platform. The introductory course is suitable for people without previous knowledge of Python programming language. The course is organized by KPMG Baltics OÜ, a training partner of the OpenEGD Academy.


Upon finishing the course, a signed certificate of completion by KPMG will be granted to participants.


In addition, it is possible to take the PCEP (Certified Entry-Level Python Programmer) certification exam. The certification exam is taken under the conditions and procedures set by the Python Institute (PCEP Certification (Entry-Level) | Python Institute). Passing the certification exam is not required to participate in the course and is not included in the price.


Participants are required to use their own (VPN enabled) laptop with rights to acquire Python during the course. If you do not have a suitable computer for the course, please get in touch with us.


Prerequisites: Understanding of English technical language to use given materials, no programming skills required .


The training is held at KPMG Baltics OÜ Training facility in the Foorum center in Tallinn (Narva mnt 5).

Instructions (room, floor, parking etc) provided after registration.

In case of coronavirus related restrictions, an online/hybrid course or alternative dates will be provided.


What will you learn
  • Creation, development and improvement of simple computer programs written in Python​
  • Simpler data mining, analytics, automation, administration and ETL (data cleansing) tasks​​
  • Important techniques of programming
  • Preparation for PCEP exam and obtaining the corresponding certificate

Schedule

Day 1
  • Module 1: Introduction to programming
  • Module 2: Data types and variables, inputs-outputs, basic operations
  • Module 3: Boolean characters, conditional exceptions, loops, lists, enumeration methods and processing, logical and bitwise operations

Day 2
  • Module 3: Boolean characters, conditional exceptions, loops, lists, enumeration methods and processing, logical and bitwise operations
  • Module 4: Functions, prefixes, dictionaries and data processing

  • Additional module: Python installation, Jupyter Notebook installation, library imports, text operations

Day 3
  • Module 4: Functions, prefixes, dictionaries and data processing
  • Module 5: Challenge task solving, study project and data mining project

Extracurricular learning/independent study
  • Practicing by self-study, repetition of what has been learned, solving exercises with video support

* Snacks, lunch and refreshments will be provided.


Instructors

fancybox
Raul Nugis

PCAP Certified Programmer (Python Institute), OpenEGD Academy Instructor. Read more about the lecturer: Raul Nugis


Have any questions?

Contact us

Contact us



Mihkel Kukk

Head of Cyber Security Services

E: mihkelkukk@kpmg.com



KPMG Baltics OÜ
Narva mnt 5, Tallinn 10117, Estonia
Tel: +372 626 8700

Email
cyber@kpmg.ee