BİLİSHİM

FUNDAMENTAL CYBER SECURITY

TRAINING
 In today’s world, cyber security is in every single layer of our lives, from private life to public
service. Yet not many people and organizations have thorough insight about the real picture of this
enigmatic world both from offensive and defensive perspective. Some of the reasons for this are:

a. Cyber security is a brand new field even for IT people,

b. There are so many unrelated and dispursed faces of cyber security from strategic level to deep
technical level. It requires a solid dedication of learning because there are so many information
to learn every single day.
c. Understanding hacker mind is a challenge on itself,
d. Usually people become expert only on a single field of Cyber Security,
e. Giving lectures and training requires a distinct ability of communication and planning on itself.

All these reasons above make it pretty hard for organizations and institutions about the way they
should understand Cyber Security, they should approach cyber threats, what they should learn and how
they should get prepared.

As a retired Lieutenant Colonel from Cyber Defense Command of Turkish Military Forces, Yilmaz
Degirmenci possesses both public service experience, strategic & tactical level procedures and
technical and sectoral experience. This unique path enabled him seeing very distinct aspects of Cyber
Security. Thus in his trainings, he can show both offensive and defensive approaches at the same time.
 The “Fundamental Cyber Security Training” is prepared with such a mind set. My purpose is to
provide a deep understanding of attack vs defense techniques within a 10 days training session.

Are you ready for an advanture into the Rabbit Hole?

 Applied Penetration and Web Application Testing

1. Duration 5 days (compact version)

2. Code YD-APWT-1

3. Target IT specialists, Network specialists, IT & cyber security

Audience specialists
✔ 4. Prerequisites Basic knowledge of Linux commands

5. Purpose Introducing penetration testing techniques with

hands on practices in a systematic way

6. Content ➢ Footprinting (Information Collection)

➢ Ping, nslookup, whois, net view, Shodan vs.
➢ Scanning
➢ Nmap, hping3, nikto, dirbuster, DNS Zone
Transfer vs.
➢ Enumeration
➢ Nbtstat, netuse, smbclient, netdiscover, null
session, PSTools vs.
➢ Hacking and Gaining Access
➢ Metasploit, Burpsuite, sqlmap, Exploit-db
➢ Privilege Escalation
➢ Linuxprivchecker, service and
misconfiguration issues
➢ Deepening Access
➢ Arp Poisoning, Pivoting, Pass-the-Hash,
Domain Admin Attacks
➢ Web Vulnerabilities and Attacking Them
➢ Client Side Attacks
➢ DDoS Attacks and Mitigations
➢ Antivirus Bypassing Techniques
➢ Phineas Fisher Techniques
➢ Reporting

➢ Web Application Technologies and Security

Components
➢ Database Systems
 ➢ Web Application Vulnerabilities
➢ Understanding Programming Mistakes Causing
Web Vulnerabilities
➢ Authentication
➢ Injection Attacks
➢ XSS Attacks
➢ NoSQL Injection Attacks
➢ Javascript Based Vulnerabilities
➢ File Upload Attacks
➢ CSRF
➢ SSRF
➢ IDOR
➢ Backdoor Creating
➢ Web Vulnerability Scanning Tools
➢ Web Application Firewalls
➢ Bypassing WAF/IPS/

7. Demo & ➢ Detecting FTP vulnerability and compromising it

Scenarios with Metasploit
➢ Wordlist & Bruteforce attacks on SSH and Telnet
➢ Attacking old version Apache Web Application
Server and exploiting it
➢ Manually connecting to target with smbclient and
compromising it again manually
➢ Connecting to MySql Database remotely and
navigating inside
➢ Compromising Tomcat Application Server by first
retrieving login credentials and then exploiting a
file upload vulnerability
➢ Compromising a Wordpress website by using
WPScan
➢ Exploiting Elastic Search REST API
➢ Escalating privilege on Linux and Windows
systems such as exploiting vulnerbilities in udev,
cronjobs, file structure mechanisms.
➢ Creating DDoS attack by using hping3,
implementing amplification attacks.
➢ Preparing an macro enabled Excel file which can
bypass AVs and open reverse shell.
 ➢ Reading and understanding an exploit published
on Exploit-db
➢ Using proxychains and pivoting to overcome
limitations of internal firewalls.
➢ Armitage
➢ Cobalt Strike

➢ Infiltrating into a database by compromising a

website using SQL injection
➢ Reading cookie information by XSS vulnerability
➢ Logging in into a website by using cookies and
bypassing authentication
➢ Code injection vulnerabilities
➢ Remote File Inclusion
➢ Local File Inclusion
➢ File Upload Vulnerability
➢ LDAP Injection
➢ Web Services
➢ Logical Flaws
➢ Http Injection
➢ XML Injection
➢ Mini CTF

8. Requirements ➢ Kali Linux, Metasploitable2, Metasploitable3, Damn

Vulnerable Web Application, Mutillidae
 CERT/SOC Training
1. Duration 5 days

2. Code YD-SOC-1

3. Target Managers, Leaders, IT specialists, Network specialists,

Audience IT & cyber security specialists

✔ 4. Prerequisites No prerequisites

5. Purpose Gaining Insight about SOC and CERT Design

6. Content ➢ CERTs
➢ National Cyber Security Strategy and Action Plan
➢ CERT Processes
➢ SOC Purpose and Actions
➢ SIEM
➢ Defense Tools and Solutions
➢ Modern Defense Mechanisms
➢ Offensive Based Detection
➢ Network Security Monitoring
➢ Honeypots
➢ Continious Security Monitoring
➢ Situational Awareness
➢ Application Monitoring
➢ Configuration Change Monitoring
➢ Log Management and Monitoring
➢ Endpoint Security
➢ Admin Accounts Monitoring and Management
➢ Threat Hunting
➢ Cyber Intelligence
➢ Authentication
➢ Post-Authentication
➢ Reputation Based Detection
➢ Anomaly Detection and Analysis
➢ Packet Analysis
➢ Signature Based Detection
➢ Session Analysis
➢ Sensor Platforms
 ➢ Risk Management and Plan

7. Demo & ➢ Scanning target machine with nmap and watching

Scenarios the alerts on Sguil logs
➢ Attacking target machine with Metasploit and
monitoring alerts on Sguil
➢ Defining local rules on Sguil and monitoring them
by generating packets with Scapy
➢ Generating traffic with TcpReplay and monitoring
its alerts on Sguil
➢ Passing a pcap file through snort, generating and
analyzing alerts, then extracting malicioius exe files
with bro, and then analyzing it with Wireshark and
downloading that file again from there. Finally
opening that file with Radare to see its dissambly
version.
➢ Sending ssh, ftp and web traffic to T-pot honeypot
and following its affects on Kibana.
➢ Analyzing Windows Event Logs.
➢ Traffic analysis with p0f.
➢ ModSecurity
➢ AlienVault Configuration
➢ SysInternals Tools; Process Explorer, Process
Monitor, psexec, AutoRuns etc.
➢ p0f for passive OS fingerprinting
➢ Powershell Scripting for SOC purposes, collecting
data with Kansa PS scripts.
➢ Post Attack Analysis with Mendiant Redline and
iRec. Analyzing a SIEM alert info with artifacts
collected by Redline and figuring out all the
sequence of events such as URL history, download,
opened files and malicious commands etc.
➢ Secure Active Directory Management Architecture
➢ Legal Issues
➢ Understanding network topology in terms of
detective and preventive capabilities in addition to
their respective roles during an attack.
➢ Executing visibility analysis on topology in order to
find out blind regions of traffic or artifacts.
 ➢ Defining threats, quantifying related risks,
determining corresponding data sources and
deploying the sensors respectively.
➢ Tracing out all the logs and artifacts during a
lateral movement of an attacker.
➢ Creating of a threat hunting team and proactive
attack scenarios.
➢ Understanding cyber threat kill chain to catch
APTs.

8. Requirements ➢ Kali Linux, Metasploitable2, Metasploitable3, T-pot,

Security Onion