Hacking Fundamentals Workshop

Take a look into the hackers mindset and learn the moves


Overview
  • 2 Days
  • Registration for this course has ended. New dates will be announced soon. Register your interest below or get in touch regarding customized in-house training.
  • KPMG Estonia Training facility (Narva mnt 5, Tallinn)
  • Up to 15 participants
  • System administrators, information security specialists and -managers, any other cybersecurity focused IT personnel.
  • 499 EUR + VAT, register before 22.10 to recieve an early bird price of 459 + VAT

Description

The course is extremely practical and follows a scenario based design. It’s ideal for cyber security professionals that want to understand the step-by-step approach to exploiting IT systems. Case studies, motivation and mindset, attack vectors, counter measures, best practices, tools and methods will be discussed.


The course is split into 2 days. First day combines lectures with practical exercises on each topic to provide good insights into how hackers attack companies and access critical resources and data. Second day provides the students with an opportunity to tie it all together and put it into practice by attacking a test environment that simulates an actual company.


Materials will be provided. Upon finishing the course, a signed certificate of completion by KPMG will be granted to participants.

Participants are required to use their own (VPN enabled) laptop during the course.


Instructions (room, floor, parking etc) provided after registration.

In case of coronavirus related restrictions, an online/hybrid course or alternative dates will be provided.


Schedule
Day 1
  • Introduction: Hacker mindset lecture and setting up access to the lab environment.
  • Reconnaissance: Banner grabbing, fingerprinting, service mapping, port- & vulnerability scanning.
  • Weaponization: Finding vulnerabilities, suitable exploits and staging your attacks.
  • Delivery: Sending the weaponized bundle to the victim.
  • Exploit: Executing code on the victim’s system.
  • Installation: Installing malware on the target asset.
  • Command and Control: Creating a channel where the attacker can control a system remotely.
  • Actions: Carrying out actions to find sensitive data and exfiltrate it.

Day 2
  • A practice game (CTF – capture the flag format) on KPMG Estonia’s CTF platform to solidify learned skills and knowledge from day one. Performing attacks on test environment to gain access to sensitive data and critical resources in order to compromise the target company.

* Snacks, lunch and refreshments will be provided.


Instructors
fancybox
Brady Maxwell

Brady joined KPMG in 2019. Brady has over 20 years of experience in IT and cyber security.

fancybox
Alberto Zorilla

Alberto joined KPMG on October 2018. Since, he has been working on both Cyber Security Assessments and Industrial Cyber Security.

fancybox
Jaan Vahtre

Jaan joined KPMG in 2018. Before joining KPMG Jaan worked as a head of cyber security, network solutions specialist and services project manager.

Registration for this course has ended. New dates will be announced soon. Register your interest below or get in touch regarding customized in-house training.

OSINT Essentials

Find out what everyone can see publicly about your organization.


Overview
  • 1 Day
  • Registration for this course has ended. New dates will be announced soon. Register your interest below or get in touch regarding customized in-house training.
  • KPMG Estonia Training facility (Narva mnt 5, Tallinn)
  • Up to 15 participants
  • System administrators, information security specialists and -managers, any other cybersecurity focused IT personnel.
  • 350 EUR + VAT, register before 22.10 to recieve an early bird price of 299 + VAT

Description

Open-source Intelligence Essentials is a one-day deep dive course into the world of OSINT. The course if focused on showcasing how publicly available information can be used by hackers to plan and orchestrate an attack.


Lectures are combined with practical examples and followed by a hands-on experience through a scenario based course design. Each topic provides valuable insight into how hackers gather publicly available information and prepare themselves for the next step in the kill chain. In addition, students are provided with the opportunity to tie it all together and put it in practice by using KPMG-s specialized test environment that simulates different use-cases.


Case studies, motivation and mindset, attack vectors, counter measures, best practices, tools and methods will be discussed. Materials will be provided.


Upon finishing the course, a signed certificate of completion by KPMG will be granted to participants. Participants are required to use their own (VPN enabled) laptop during the course.


Instructions (room, floor, parking etc) provided after registration.

In case of coronavirus related restrictions, an online/hybrid course or alternative dates will be provided.


Schedule
Day 1
  • Introduction: Hacker mindset lecture and setting up access to the lab environment.
  • Methodologies: Introduction to well-known methodologies and attack vectors.
  • Reconnaissance: Introduction to reconnaissance toolsets and frameworks.
  • Use cases: An overview of practical use cases – actionable examples binding theory with practice.
  • A practice game (CTF – capture the flag format) on KPMG Estonia’s CTF platform to solidify learned skills and knowledge.

* Snacks, lunch and refreshments will be provided.


Instructors
fancybox
Jaan Vahtre

Jaan joined KPMG in 2018. Before joining KPMG Jaan worked as a head of cyber security, network solutions specialist and services project manager.

fancybox
Alberto Zorilla

Alberto joined KPMG on October 2018. Since, he has been working on both Cyber Security Assessments and Industrial Cyber Security.

fancybox
Brady Maxwell

Brady joined KPMG in 2019. Brady has over 20 years of experience in IT and cyber security.

Registration for this course has ended. New dates will be announced soon. Register your interest below or get in touch regarding customized in-house training.

Phishing Awareness Training for Organizations

Learn how to not get hooked by Hackers


Overview
  • 1 Day
  • Registration for this course has ended. New dates will be announced soon. Register your interest below or get in touch regarding customized in-house training.
  • KPMG Estonia Training facility (Narva mnt 5, Tallinn)
  • Up to 15 participants
  • Organizations (and their leadership at all levels), anybody with an email account and desire to defend themselves and their organization
  • 349 EUR + VAT, register before 22.10 to recieve an early bird price of 299 + VAT

Description

Phishing attacks exploit the weakest link in the chain – the individual employee. No matter how well thought-out your cyber security policies are, there is no perfect way to ensure compliance. To be able to thrive in a modern digitally transformed organization, KPMG provides the know-how about what to expect in terms of phishing attacks and how to build counter measures and a resilient organization.


Case studies, motivation and mindset, attack vectors, counter measures, best practices, tools and methods will be discussed. Materials will be provided.


Upon finishing the course, a signed certificate of completion by KPMG will be granted to participants. Participants are required to use their own (VPN enabled) laptop during the course.


Instructions (room, floor, parking etc) provided after registration.

In case of coronavirus related restrictions, an online/hybrid course or alternative dates will be provided.


Schedule
Topics covered:
  • What is Phishing?
  • What are different methods for phishing?
  • How to spot a phishing email?
  • How to know if you're the target of a Spear-Phish?
  • How an attacker sets up a phishing campaign?
  • How an attacker sets up a phishing campaign?
  • How to train your employees?

Course Methodology
  • Live course work and hands on training.
  • Sample campaign.
  • Final test (80% required to receive a certificate of completion)

* Snacks, lunch and refreshments will be provided.


Instructors
fancybox
Alberto Zorilla

Alberto joined KPMG on October 2018. Since, he has been working on both Cyber Security Assessments and Industrial Cyber Security.

fancybox
Jaan Vahtre

Jaan joined KPMG in 2018. Before joining KPMG Jaan worked as a head of cyber security, network solutions specialist and services project manager.

fancybox
Brady Maxwell

Brady joined KPMG in 2019. Brady has over 20 years of experience in IT and cyber security.

Registration for this course has ended. New dates will be announced soon. Register your interest below or get in touch regarding customized in-house training.

Security Coding for Developers by Hackers

Hackers view of your coding skills


Overview
  • 1 Day
  • Registration for this course has ended. New dates will be announced soon. Register your interest below or get in touch regarding customized in-house training.
  • KPMG Estonia Training facility (Narva mnt 5, Tallinn)
  • Up to 15 participants
  • Developers who'd like to get better at securing their software and learn hacking techniques to understand the attacker's perspective
  • 399 EUR + VAT, register before 22.10 to recieve an early bird price of 349 + VAT

Description

Secure Coding for Developers by Hackers is a one-day deep dive course into the world of Secure Coding using the OWASP Dojo, a CTF-Like event that will give developers great insight into how hackers break their code. The course is focused on security coding best practices to increase awareness of development pitfalls that turn into security holes.


Materials will be provided. Upon finishing the course, a signed certificate of completion by KPMG will be granted to participants. Participants are required to use their own (VPN enabled) laptop during the course.


Instructions (room, floor, parking etc) provided after registration.

In case of coronavirus related restrictions, an online/hybrid course or alternative dates will be provided.


Schedule
Day 1
  • Introduction: Hacker mindset, threats to developers
  • Lecture: Secure Coding Practices
  • Dojo: Setup, Accounts, Urls
  • Practice:Security Code Review Master Module
  • Practice: Secure Coding Dojo Black Belt Module

* Snacks, lunch and refreshments will be provided.


Instructors
fancybox
Rajith Jayasekara

Rajith joined KPMG in 2020. Before KPMG he worked as an Information Security Engineer at TechCERT. Rajith is a certified Secure Software Development Lifecycle Professional (CSSLP), OCI certified associate.

fancybox
Alberto Zorilla

Alberto joined KPMG on October 2018. Since, he has been working on both Cyber Security Assessments and Industrial Cyber Security.

fancybox
Jaan Vahtre

Jaan joined KPMG in 2018. Before joining KPMG Jaan worked as a head of cyber security, network solutions specialist and services project manager.

Registration for this course has ended. New dates will be announced soon. Register your interest below or get in touch regarding customized in-house training.

Web Application Security Masterclass

Learn how to spot weaknesses in Web Applications


Overview
  • 4 Days
  • Registration for this course has ended. New dates will be announced soon. Register your interest below or get in touch regarding customized in-house training.
  • KPMG Estonia Training facility (Narva mnt 5, Tallinn)
  • Up to 15 participants
  • Developers who'd like to get better at securing their software and learn hacking techniques to understand the attacker's perspective
  • 1299 EUR + VAT, register before 22.10 to recieve an early bird price of 999 + VAT

Description

Web Application Security Masterclass by KPMG provides an insight into the mind of a pen-tester. Learn how to break your system so you can make it more secure. KPMG cyber security experts will showcase lessons learned from private and public sector organizations


The course focuses on client side and server side attacks, combining both theory and practical hands on exercises. Participants will learn how to discover common WebApp vulnerabilities (e.g. XSS, SQL, CSRF, data breach, SSTI), how to exploit them and how to defend against them.


Case studies, motivation and mindset, attack vectors, counter measures, best practices, tools and methods will be discussed. Materials will be provided.


Materials will be provided. Upon finishing the course, a signed certificate of completion by KPMG will be granted to participants. Participants are required to use their own (VPN enabled) laptop during the course.


Instructions (room, floor, parking etc) provided after registration.

In case of coronavirus related restrictions, an online/hybrid course or alternative dates will be provided.


Schedule

Day 1
Client-side attacks day 1
  • Information gathering and configuration review
  • HTTP vs HTTPS and communication manipulation
  • Client side injection attacks: XSS, HTML injection and JavaScript injection

Day 2
Client-side attacks day 2
  • Client-side manipulation attacks: URL and cookie manipulation.
  • Session handling attacks: session hijacking, session fixation, CSRF.
  • Addons, plugins, extensions and 3rd party content.
  • Combining attacks.

Day 3
Server-side attacks day 1
  • Authentication and authorization attack.
  • Business logic manipulation.
  • Google hacking.
  • Underlying infrastructure configuration review.
  • Server Side Template Injection

Day 4
Server-side attacks day 2
  • Injection attacks: Command injection, XXE, SQL injection.
  • File handling, inclusion and upload attacks.


* Snacks, lunch and refreshments will be provided.


Instructors
fancybox
Alberto Zorilla

Alberto joined KPMG on October 2018. Since, he has been working on both Cyber Security Assessments and Industrial Cyber Security.

fancybox
Jaan Vahtre

Jaan joined KPMG in 2018. Before joining KPMG Jaan worked as a head of cyber security, network solutions specialist and services project manager.

fancybox
Brady Maxwell

Brady joined KPMG in 2019. Brady has over 20 years of experience in IT and cyber security.

Registration for this course has ended. New dates will be announced soon. Register your interest below or get in touch regarding customized in-house training.

Tekkis lisaküsimusi ?

Võtke Ühendust

Võtke meiega ühendust



Mihkel Kukk

Head of Cyber Security Services

E: mihkelkukk@kpmg.com



KPMG Baltics OÜ
Narva mnt 5, Tallinn 10117, Estonia
Tel: +372 626 8700

E-mail
cyber@kpmg.ee