Hacking Fundamentals Workshop

Take a look into the hackers mindset and learn the moves

Overview

• 2 Days
• 30.11-01.12.2020
• KPMG Estonia Training facility (Narva mnt 5, Tallinn)
• Up to 15 participants
• System administrators, information security specialists and -managers, any other cybersecurity focused IT personnel.
• 499 EUR + VAT, register before 22.10 to recieve an early bird price of 459 + VAT

Description

The course is extremely practical and follows a scenario based design. It’s ideal for cyber security professionals that want to understand the step-by-step approach to exploiting IT systems. Case studies, motivation and mindset, attack vectors, counter measures, best practices, tools and methods will be discussed.

The course is split into 2 days. First day combines lectures with practical exercises on each topic to provide good insights into how hackers attack companies and access critical resources and data. Second day provides the students with an opportunity to tie it all together and put it into practice by attacking a test environment that simulates an actual company.

Materials will be provided. Upon finishing the course, a signed certificate of completion by KPMG will be granted to participants.

Participants are required to use their own (VPN enabled) laptop during the course.

Instructions (room, floor, parking etc) provided after registration.

In case of coronavirus related restrictions, an online/hybrid course or alternative dates will be provided.

Schedule

Day 1

• Introduction: Hacker mindset lecture and setting up access to the lab environment.
• Reconnaissance: Banner grabbing, fingerprinting, service mapping, port- & vulnerability scanning.
• Weaponization: Finding vulnerabilities, suitable exploits and staging your attacks.
• Delivery: Sending the weaponized bundle to the victim.
• Exploit: Executing code on the victim’s system.
• Installation: Installing malware on the target asset.
• Command and Control: Creating a channel where the attacker can control a system remotely.
• Actions: Carrying out actions to find sensitive data and exfiltrate it.

Day 2

• A practice game (CTF – capture the flag format) on KPMG Estonia’s CTF platform to solidify learned skills and knowledge from day one. Performing attacks on test environment to gain access to sensitive data and critical resources in order to compromise the target company.

* Snacks, lunch and refreshments will be provided.

Instructors

OSINT Essentials

Find out what everyone can see publicly about your organization.

Overview

• 1 Day
• 16.11.2020
• KPMG Estonia Training facility (Narva mnt 5, Tallinn)
• Up to 15 participants
• System administrators, information security specialists and -managers, any other cybersecurity focused IT personnel.
• 350 EUR + VAT, register before 22.10 to recieve an early bird price of 299 + VAT

Description

Open-source Intelligence Essentials is a one-day deep dive course into the world of OSINT. The course if focused on showcasing how publicly available information can be used by hackers to plan and orchestrate an attack.

Lectures are combined with practical examples and followed by a hands-on experience through a scenario based course design. Each topic provides valuable insight into how hackers gather publicly available information and prepare themselves for the next step in the kill chain. In addition, students are provided with the opportunity to tie it all together and put it in practice by using KPMG-s specialized test environment that simulates different use-cases.

Case studies, motivation and mindset, attack vectors, counter measures, best practices, tools and methods will be discussed. Materials will be provided.

Upon finishing the course, a signed certificate of completion by KPMG will be granted to participants. Participants are required to use their own (VPN enabled) laptop during the course.

Instructions (room, floor, parking etc) provided after registration.

In case of coronavirus related restrictions, an online/hybrid course or alternative dates will be provided.

Schedule

Day 1

• Introduction: Hacker mindset lecture and setting up access to the lab environment.
• Methodologies: Introduction to well-known methodologies and attack vectors.
• Reconnaissance: Introduction to reconnaissance toolsets and frameworks.
• Use cases: An overview of practical use cases – actionable examples binding theory with practice.
• A practice game (CTF – capture the flag format) on KPMG Estonia’s CTF platform to solidify learned skills and knowledge.

* Snacks, lunch and refreshments will be provided.

Instructors

Phishing Awareness Training for Organizations

Learn how to not get hooked by Hackers

Overview

• 1 Day
• 18.11.2020
• KPMG Estonia Training facility (Narva mnt 5, Tallinn)
• Up to 15 participants
• Organizations (and their leadership at all levels), anybody with an email account and desire to defend themselves and their organization
• 349 EUR + VAT, register before 22.10 to recieve an early bird price of 299 + VAT

Description

Phishing attacks exploit the weakest link in the chain – the individual employee. No matter how well thought-out your cyber security policies are, there is no perfect way to ensure compliance. To be able to thrive in a modern digitally transformed organization, KPMG provides the know-how about what to expect in terms of phishing attacks and how to build counter measures and a resilient organization.

Case studies, motivation and mindset, attack vectors, counter measures, best practices, tools and methods will be discussed. Materials will be provided.

Upon finishing the course, a signed certificate of completion by KPMG will be granted to participants. Participants are required to use their own (VPN enabled) laptop during the course.

Instructions (room, floor, parking etc) provided after registration.

In case of coronavirus related restrictions, an online/hybrid course or alternative dates will be provided.

Schedule

Topics covered:

• What is Phishing?
• What are different methods for phishing?
• How to spot a phishing email?
• How to know if you're the target of a Spear-Phish?
• How an attacker sets up a phishing campaign?
• How an attacker sets up a phishing campaign?
• How to train your employees?

Course Methodology

• Live course work and hands on training.
• Sample campaign.
• Final test (80% required to receive a certificate of completion)

* Snacks, lunch and refreshments will be provided.

Instructors

Web Application Security Masterclass

Learn how to spot weaknesses in Web Applications

Overview

• 4 Days
• 24.11-27.11.2020
• KPMG Estonia Training facility (Narva mnt 5, Tallinn)
• Up to 15 participants
• Developers who'd like to get better at securing their software and learn hacking techniques to understand the attacker's perspective
• 1299 EUR + VAT, register before 22.10 to recieve an early bird price of 999 + VAT

Description

Web Application Security Masterclass by KPMG provides an insight into the mind of a pen-tester. Learn how to break your system so you can make it more secure. KPMG cyber security experts will showcase lessons learned from private and public sector organizations

The course focuses on client side and server side attacks, combining both theory and practical hands on exercises. Participants will learn how to discover common WebApp vulnerabilities (e.g. XSS, SQL, CSRF, data breach, SSTI), how to exploit them and how to defend against them.

Case studies, motivation and mindset, attack vectors, counter measures, best practices, tools and methods will be discussed. Materials will be provided.

Materials will be provided. Upon finishing the course, a signed certificate of completion by KPMG will be granted to participants. Participants are required to use their own (VPN enabled) laptop during the course.

Instructions (room, floor, parking etc) provided after registration.

In case of coronavirus related restrictions, an online/hybrid course or alternative dates will be provided.

Schedule

Day 1

Client-side attacks day 1

• Information gathering and configuration review
• HTTP vs HTTPS and communication manipulation
• Client side injection attacks: XSS, HTML injection and JavaScript injection

Day 2

Client-side attacks day 2

• Client-side manipulation attacks: URL and cookie manipulation.
• Session handling attacks: session hijacking, session fixation, CSRF.
• Addons, plugins, extensions and 3rd party content.
• Combining attacks.

Day 3

Server-side attacks day 1

• Authentication and authorization attack.
• Business logic manipulation.
• Google hacking.
• Underlying infrastructure configuration review.
• Server Side Template Injection

Day 4

Server-side attacks day 2

• Injection attacks: Command injection, XXE, SQL injection.
• File handling, inclusion and upload attacks.

* Snacks, lunch and refreshments will be provided.

Instructors