Trainings

All information system users, especially system administrators.

• The concept of “social engineering”
• Attack techniques
• Examples of social engineering attacks
• Social engineering tests
• Prevention methods
• Various social engineering applications

2 Days

Participants may experience loss of common and confidential information and social engineering, which can even lead to an institution’s reputation they will be familiar with their attacks. Participants, social engineering They will also have the capacity to provide training.

SOME (Cyber ​​Incident Response Team), Information Security Staff, Cyber Security Professionals.

• Introduction (History, computer event examples, SOME and security
• organization examples)
• Basic information about SOME
• Computer incident management process, event management service definition and functions
• Operational components of SOME (software, hardware, policy and
• procedures)
• SOME project plan

2 Days

The aim of the training is to determine the level of trainees in their institutions Emergency Response Team. to a position where they can install.

IT Security Center Staff, Auditors, Cyber ​​Security Specialists, web Site or System Administrators.

• Introduction (What is penetration test? Before, during and after the event? highlights that take place. Penetration testing methodologies)

• Discovery (Discovery categories. Applied nmap exercise; port scanning,service and operating system discovery etc.)

• Vulnerability exploration (Vulnerability concept. Nessus exercise;policy assignment, scanning and vulnerability analysis)

• Exploit (Exploit and payload concepts. Metasploit exercise;msfconsole, meterpreter, post-exploit and auxiliary modules, etc.) Network penetration tests and layer 2 attacks (Network sniffing, MAC tableflooding, ARP poisoning, VLAN hopping, DHCP IP pool consumption attacks)External network tests and information gathering (Active and passive information collection,”Google hacking” etc.)

• Social engineering (Using e-mail and phone. Customized. payload and malware generation – macro, pdf and exe. “Relay” security bug. “Post-exploitation”) Web application tests (Input-output detection, XSS and SQL-i attacks)

5 Days

Participants will be able to participate and contribute to penetration tests.

IT Security Center Staff, Auditors, SOME members.

Basic information about Linux and Windows operating systems.

• Computer incident response

• Preliminary stages of computer analysis Information about NTFS, FAT32, ext2, ext3 file systems (this how files are opened, saved and deleted on systems)

• Different components of a computer (RAM, “Heap” space, fixed disks, etc.) The data is not temporary.undo

• Performing computer analysis on a Linux system and presentation of tools

• Creating an analysis environment in the applied part of the course and Analyzing a suspicious file with tools

• Performing computer analysis on a Windows system and presentation of tools

3 Days

Participants will be able to do computer analysis on their own.

IT Security Center Staff, Auditors, Cyber ​​Security Specialists, IT People whose staff will be audited under ISO 27001.

• What is ISMS and why is it needed?

• “Plan-Apply-Check-Take Action” process in ISO 27001

Risk assessment and treatment in information systems

ISO 27001 control categories

– Information security policies

– Organization of information security

– Human resources security

– Asset Management

– Access control

– Cryptography

– Physical and environmental security

-Operational security

– Communication security

-System acquisition, development and maintenance

-Supplier relations

– Information security incident management

– Information security aspects of business continuity management

– Conformity

• ISO 27001 compliance audit

– Audit planning

– Audit checklists

– Nonconformities and reporting

Few applications

3 Days

Participants will be able to establish ISMS in their institutions. Participants also will learn about the concepts of control.

Information systems users.

No.

• User’s role in information security
• User’s contribution to the corporate Information Security Management System (ISMS)
• Access to computers
• Password security
• Email security
• Security while accessing the Internet
• Virus protection
• Installation, use and disposal of storage media
• File access and sharing
• Information backup
• Social engineering
• User responsibilities in computer events

3 Hours

Participants will learn about the basics of information security and their awareness of the importance of corporate information security they will take it to the next level. The task that contributes to an institution and they will learn their responsibilities.

Security Center Staff, Auditors, SOME members, Network and System Managers.

• Basics of traffic analysis
• Network packet capture technologies: Hardware, software and tools
• Basic network protocols and components security component log analysis: Firewalls
• logs, intrusion detection and prevention systems, etc.
• Analysis of network protocols (HTTP, SMTP, DNS etc.)
• Deep packet inspection
• Detection of malicious network traffic: “Man in the middle attack”, “DNS cache poisoning ”etc. Attacks
• Detection of network traffic tunneling techniques: DNS, ICMP, SSH tunneling, etc.
• Analysis of encrypted network traffic: “listening for SSL traffic” technique
• Network traffic reconstruction to obtain original data
• Network flow analysis

4 Days

Network traffic analysis without participants accessing storage components will be able to realize and collect evidence. Also, from the ingredients detecting malicious network traffic and security incidents caused by they will be able to.

Managers and staff who want to learn a lot about information security.

Basic information systems knowledge.

• Basic concepts of information security
• Security Policy
• Corporate security
• Human resources security
• Risk assessment and risk reduction
• Business continuity
• Information security incident management
• Operating system security
• Network security
• Web security
• Digital certificates and certificate distribution systems
• Password management
• Antivirus systems

2 Days

Participants learn about the basic concepts of information security. basic technical concepts of receivables and general operation of the ISMS Entry will be made by taking.

Database administrators, database security auditors.

• SQL Server, general topics
• Operating system configuration
• Network configuration
• SQL Server installation and maintenance
• SQL Server configuration
• Access control and authorization
• • Audit and log management
• Backup and disaster recovery procedures
• • Replication
• • Software application development
• “Surface Area Configuration” tool
• SQL Server testing and monitoring tools

3 Days

At the end of the course, participants will learn SQL Server database security They will learn the mechanisms and factors that affect security. A SQL Ability to perform a security audit of the server database they will win. By the way, database administrators can also They will learn how to manage safely.

Information technology auditors, system security auditing capabilities information security professionals, system and network administrators who want to improve.

• Vulnerability and threat definitions
• Open source vulnerability scanners and how to use them
• • Exploring the topology of a network
• Environmental protection systems audit

Windows control

• Auditing of Unix / Linux systems

4 Days

Participants learn how to use vulnerability scanners they will learn. Participants also include operating systems, environmental protection How to audit systems and web applications? They will also learn what to do.

• Database basics
• Identity check
• Access control lists
• Database security audits
• Network security
• Database backup
• Control of access tools
• Advanced security measures

3 Days

At the end of the course, participants will have to do a security audit of databases. secure management of databases and administrators They will be able to apply.

•  Microsoft Web Services Security
•  Microsoft “PowerShell”
• Active Directory and Network Services Security (Group policy, DNS, DHCP)
• Patch management in Microsoft systems

3 Days

Participants, advanced knowledge within the scope of Microsoft system security they will get. Microsoft system security applications in their organizations They will have the ability to use it in the best way possible.

• Safe installation
• Configuring startup services
• Safe configuration of the kernel
• File system access control
• User access control
• Management of system logs
• Security audit tools
• Security strengthening tools
• Security script programming

2 Days

Participants can ensure the security of Linux-based operating systems. will be able to realize consolidation. Open ource in their systems will gain the ability to use security software tools. Also, to help them discover security breaches in  heir systems they will also gain the ability to use or develop tools.

• • Active devices (hardening), network design and network security

  Within the scope of providing, the following subjects are theoretically applied

  • It will be studied with exercises. Widely used today in internal networks and also networks

  empowering active devices used to connect the outside world towards

  Spine key,

  – Router,

  – The firewall,

  – Content filter

  • Safety controls applicable to active devices, for example

  – Physical security,

  – Equipment safety,

  – Authentication,

  – Authorization and monitoring,

  – Patch management,

  – Access control lists,

  – Remote management control etc.

2 Days

Participants are active through the theoretical and practical parts of the course. learn the security controls that can be applied to network devices expected. Participants also have these security checks in their institutions. applications are expected.

• TCP / IP protocol stack protocols
• Working principles of different layers of the TCP / IP stack and
• threats targeting layers
• Vulnerabilities and mitigation techniques of TCP / IP protocols
• Techniques, protocols and devices used to secure network
• Packet capture software, packet analysis and protocols such as Wireshark
• Concepts such as SSL, IPSec, VPN and digital certificates
• Network components such as Firewall, IDS / IPS and Proxy

2 Day

Applied studies on security of TCP / IP networks, It will provide the participants with rich knowledge and skills. Security practices in the network of their institutions are the best they are expected to be implemented in the same way.

Web Application Developers, Website Administrators, IT Security Center Staff, Auditors, Cyber ​​Security Specialists.

• Collecting information
• Configuration management flaws
• Entry / exit manipulation

– Cross Site Scripting (XSS)

– Injection flaws: SQL Injection, OS command injection etc.

• User authentication flaws
• Authorization flaws
• Session management flaws

– Session fixing

– Playing session

– Cross-Site Request Forgery (CSRF)

• Application logic
• Log management
• Fault management
• Secure application management

2 Day

Participants, important security components of HTTP-based applications, common mistakes, how to avoid them and keep them They will learn how to ensure application security.

• TCP / IP protocol stack protocols
• Working principles of different layers of the TCP / IP stack and
• threats targeting layers
• Vulnerabilities and mitigation techniques of TCP / IP protocols
• Techniques, protocols and devices used to secure network
• Packet capture software, packet analysis and protocols such as Wireshark
• Concepts such as SSL, IPSec, VPN and digital certificates
• Network components such as Firewall, IDS / IPS and Proxy

3 Day

Participants learn basic secure coding principles, secure software design and policies for development, threat modeling and security testing they will learn.