Hacking Fundamentals Workshop

Take a look into the hackers mindset and learn the moves

Overview

• 2 Days
• Registration for this course has ended. New dates will be announced soon. Register your interest below or get in touch regarding customized in-house training.
• KPMG Estonia Training facility (Narva mnt 5, Tallinn)
• Up to 15 participants
• System administrators, information security specialists and -managers, any other cybersecurity focused IT personnel.
• 499 EUR + VAT, register before 22.10 to recieve an early bird price of 459 + VAT

Description

The course is extremely practical and follows a scenario based design. It’s ideal for cyber security professionals that want to understand the step-by-step approach to exploiting IT systems. Case studies, motivation and mindset, attack vectors, counter measures, best practices, tools and methods will be discussed.

The course is split into 2 days. First day combines lectures with practical exercises on each topic to provide good insights into how hackers attack companies and access critical resources and data. Second day provides the students with an opportunity to tie it all together and put it into practice by attacking a test environment that simulates an actual company.

Materials will be provided. Upon finishing the course, a signed certificate of completion by KPMG will be granted to participants.

Participants are required to use their own (VPN enabled) laptop during the course.

Instructions (room, floor, parking etc) provided after registration.

In case of coronavirus related restrictions, an online/hybrid course or alternative dates will be provided.

Schedule

Day 1

• Introduction: Hacker mindset lecture and setting up access to the lab environment.
• Reconnaissance: Banner grabbing, fingerprinting, service mapping, port- & vulnerability scanning.
• Weaponization: Finding vulnerabilities, suitable exploits and staging your attacks.
• Delivery: Sending the weaponized bundle to the victim.
• Exploit: Executing code on the victim’s system.
• Installation: Installing malware on the target asset.
• Command and Control: Creating a channel where the attacker can control a system remotely.
• Actions: Carrying out actions to find sensitive data and exfiltrate it.

Day 2

• A practice game (CTF – capture the flag format) on KPMG Estonia’s CTF platform to solidify learned skills and knowledge from day one. Performing attacks on test environment to gain access to sensitive data and critical resources in order to compromise the target company.

* Snacks, lunch and refreshments will be provided.

Instructors

Brady Maxwell

Brady joined KPMG in 2019. Brady has over 20 years of experience in IT and cyber security.

Alberto Zorilla

Alberto joined KPMG on October 2018. Since, he has been working on both Cyber Security Assessments and Industrial Cyber Security.

Jaan Vahtre

Jaan joined KPMG in 2018. Before joining KPMG Jaan worked as a head of cyber security, network solutions specialist and services project manager.

OSINT Essentials

Find out what everyone can see publicly about your organization.

Overview

• 1 Day
• Registration for this course has ended. New dates will be announced soon. Register your interest below or get in touch regarding customized in-house training.
• KPMG Estonia Training facility (Narva mnt 5, Tallinn)
• Up to 15 participants
• System administrators, information security specialists and -managers, any other cybersecurity focused IT personnel.
• 350 EUR + VAT, register before 22.10 to recieve an early bird price of 299 + VAT

Description

Open-source Intelligence Essentials is a one-day deep dive course into the world of OSINT. The course if focused on showcasing how publicly available information can be used by hackers to plan and orchestrate an attack.

Lectures are combined with practical examples and followed by a hands-on experience through a scenario based course design. Each topic provides valuable insight into how hackers gather publicly available information and prepare themselves for the next step in the kill chain. In addition, students are provided with the opportunity to tie it all together and put it in practice by using KPMG-s specialized test environment that simulates different use-cases.

Case studies, motivation and mindset, attack vectors, counter measures, best practices, tools and methods will be discussed. Materials will be provided.

Upon finishing the course, a signed certificate of completion by KPMG will be granted to participants. Participants are required to use their own (VPN enabled) laptop during the course.

Instructions (room, floor, parking etc) provided after registration.

In case of coronavirus related restrictions, an online/hybrid course or alternative dates will be provided.

Schedule

Day 1

• Introduction: Hacker mindset lecture and setting up access to the lab environment.
• Methodologies: Introduction to well-known methodologies and attack vectors.
• Reconnaissance: Introduction to reconnaissance toolsets and frameworks.
• Use cases: An overview of practical use cases – actionable examples binding theory with practice.
• A practice game (CTF – capture the flag format) on KPMG Estonia’s CTF platform to solidify learned skills and knowledge.

* Snacks, lunch and refreshments will be provided.

Instructors

Jaan Vahtre

Jaan joined KPMG in 2018. Before joining KPMG Jaan worked as a head of cyber security, network solutions specialist and services project manager.

Alberto Zorilla

Alberto joined KPMG on October 2018. Since, he has been working on both Cyber Security Assessments and Industrial Cyber Security.

Brady Maxwell

Brady joined KPMG in 2019. Brady has over 20 years of experience in IT and cyber security.

Phishing Awareness Training for Organizations

Learn how to not get hooked by Hackers

Overview

• 1 Day
• Registration for this course has ended. New dates will be announced soon. Register your interest below or get in touch regarding customized in-house training.
• KPMG Estonia Training facility (Narva mnt 5, Tallinn)
• Up to 15 participants
• Organizations (and their leadership at all levels), anybody with an email account and desire to defend themselves and their organization
• 349 EUR + VAT, register before 22.10 to recieve an early bird price of 299 + VAT

Description

Phishing attacks exploit the weakest link in the chain – the individual employee. No matter how well thought-out your cyber security policies are, there is no perfect way to ensure compliance. To be able to thrive in a modern digitally transformed organization, KPMG provides the know-how about what to expect in terms of phishing attacks and how to build counter measures and a resilient organization.

Case studies, motivation and mindset, attack vectors, counter measures, best practices, tools and methods will be discussed. Materials will be provided.

Upon finishing the course, a signed certificate of completion by KPMG will be granted to participants. Participants are required to use their own (VPN enabled) laptop during the course.

Instructions (room, floor, parking etc) provided after registration.

In case of coronavirus related restrictions, an online/hybrid course or alternative dates will be provided.

Schedule

Topics covered:

• What is Phishing?
• What are different methods for phishing?
• How to spot a phishing email?
• How to know if you're the target of a Spear-Phish?
• How an attacker sets up a phishing campaign?
• How an attacker sets up a phishing campaign?
• How to train your employees?

Course Methodology

• Live course work and hands on training.
• Sample campaign.
• Final test (80% required to receive a certificate of completion)

* Snacks, lunch and refreshments will be provided.

Instructors

Alberto Zorilla

Alberto joined KPMG on October 2018. Since, he has been working on both Cyber Security Assessments and Industrial Cyber Security.

Jaan Vahtre

Jaan joined KPMG in 2018. Before joining KPMG Jaan worked as a head of cyber security, network solutions specialist and services project manager.

Brady Maxwell

Brady joined KPMG in 2019. Brady has over 20 years of experience in IT and cyber security.

Security Coding for Developers by Hackers

Hackers view of your coding skills

Overview

• 1 Day
• Registration for this course has ended. New dates will be announced soon. Register your interest below or get in touch regarding customized in-house training.
• KPMG Estonia Training facility (Narva mnt 5, Tallinn)
• Up to 15 participants
• Developers who'd like to get better at securing their software and learn hacking techniques to understand the attacker's perspective
• 399 EUR + VAT, register before 22.10 to recieve an early bird price of 349 + VAT

Description

Secure Coding for Developers by Hackers is a one-day deep dive course into the world of Secure Coding using the OWASP Dojo, a CTF-Like event that will give developers great insight into how hackers break their code. The course is focused on security coding best practices to increase awareness of development pitfalls that turn into security holes.

Materials will be provided. Upon finishing the course, a signed certificate of completion by KPMG will be granted to participants. Participants are required to use their own (VPN enabled) laptop during the course.

Instructions (room, floor, parking etc) provided after registration.

In case of coronavirus related restrictions, an online/hybrid course or alternative dates will be provided.

Schedule

Day 1

• Introduction: Hacker mindset, threats to developers
• Lecture: Secure Coding Practices
• Dojo: Setup, Accounts, Urls
• Practice:Security Code Review Master Module
• Practice: Secure Coding Dojo Black Belt Module

* Snacks, lunch and refreshments will be provided.

Instructors

Rajith Jayasekara

Rajith joined KPMG in 2020. Before KPMG he worked as an Information Security Engineer at TechCERT. Rajith is a certified Secure Software Development Lifecycle Professional (CSSLP), OCI certified associate.

Alberto Zorilla

Alberto joined KPMG on October 2018. Since, he has been working on both Cyber Security Assessments and Industrial Cyber Security.

Jaan Vahtre

Jaan joined KPMG in 2018. Before joining KPMG Jaan worked as a head of cyber security, network solutions specialist and services project manager.