Trainings

Social Engineering

Education can be used to abuse mistakes or weaknesses in human behavior. Used to take over a system using the Social engineering concept and defense methods against attacks is to learn.

Who should attend?

All information system users, especially system administrators.

Who should attend?

All information system users, especially system administrators.

Course Curriculum

  • The concept of “social engineering”
  • Attack techniques
  • Examples of social engineering attacks
  • Social engineering tests
  • Prevention methods
  • Various social engineering applications

Time

2 Days

Benefits

Participants may experience loss of common and confidential information and social engineering, which can even lead to an institution’s reputation they will be familiar with their attacks. Participants, social engineering They will also have the capacity to provide training.

Cyber Incident Response

In this training, related to crimes committed in today’s information World Attack Detection and Record Management training, Central Security Monitoring and Incident Management Training is provided.

Who should attend?

SOME (Cyber ​​Incident Response Team), Information Security Staff, Cyber Security Professionals.

Prerequisites

Must have experience in both business processes and information systems.

Course Curriculum

  • Introduction (History, computer event examples, SOME and security
  • organization examples)
  • Basic information about SOME
  • Computer incident management process, event management service definition and functions
  • Operational components of SOME (software, hardware, policy and
  • procedures)
  • SOME project plan

Time

2 Days

Benefits

The aim of the training is to determine the level of trainees in their institutions Emergency Response Team. to a position where they can install.

SIEM Training

Offering more advanced options than log analysis, SIEM’s most important with the help of established policies and rules. By making meaningful connections between events that appear to be independent It is the correlation technique that helps detect possible attacks.

Who should attend?

IT Security Staff, Auditors, Cyber ​​Security Specialists, Network Managers.

Prerequisites

Familiarity with information system components.

Course Curriculum

  • Central daily management systems
  • Requirement for event correlation systems
  • Advantages of event correlation systems
  • Event correlation steps
  • OSSIM attack correlation systems
  • OSSIM overview
  • Basic components of OSSIM
  • Tools used by OSSIM
  • OSSIM setup
  • OSSIM component configuration
  • Policies
  • Data fusion from separate components
  • Attack correlation
  • System maintenance and update

Time

4 Days

Benefits

Participants learn about central attack correlation systems they will receive. Centralize logs collected in separate security components. from an internal or external network how to monitor attacks carried out and They will learn to take the necessary steps against.

Penetration Test Training

Ethical hacker or white hat hacker; methods of cyber criminals knowing, by simulating malicious attacks to information systems They are people who try to prevent possible damages.

Who should attend?

IT Security Center Staff, Auditors, Cyber ​​Security Specialists, web Site or System Administrators.

Prerequisites

Network security and basic knowledge of linux is a plus.

Course Curriculum

• Introduction (What is penetration test? Before, during and after the event? highlights that take place. Penetration testing methodologies)

• Discovery (Discovery categories. Applied nmap exercise; port scanning,service and operating system discovery etc.)

• Vulnerability exploration (Vulnerability concept. Nessus exercise;policy assignment, scanning and vulnerability analysis)

• Exploit (Exploit and payload concepts. Metasploit exercise;msfconsole, meterpreter, post-exploit and auxiliary modules, etc.) Network penetration tests and layer 2 attacks (Network sniffing, MAC tableflooding, ARP poisoning, VLAN hopping, DHCP IP pool consumption attacks)External network tests and information gathering (Active and passive information collection,”Google hacking” etc.)

• Social engineering (Using e-mail and phone. Customized. payload and malware generation – macro, pdf and exe. “Relay” security bug. “Post-exploitation”) Web application tests (Input-output detection, XSS and SQL-i attacks)

Time

5 Days

Benefits

Participants will be able to participate and contribute to penetration tests.

Computer Forensics Basics

Systems that can be considered as the most important component of the information world and GSM working logic of their networks, internet of crime centers, GSM infrastructures using what methods, how they committed a crime, how This is the basis for collecting evidence about the crimes they deleted and committed. is one of the goals of the course.

Who should attend?

IT Security Center Staff, Auditors, SOME members.

Prerequisites

Basic information about Linux and Windows operating systems.

Course Curriculum

• Computer incident response

• Preliminary stages of computer analysis Information about NTFS, FAT32, ext2, ext3 file systems (this how files are opened, saved and deleted on systems)

• Different components of a computer (RAM, “Heap” space, fixed disks, etc.) The data is not temporary.undo

• Performing computer analysis on a Linux system and presentation of tools

• Creating an analysis environment in the applied part of the course and Analyzing a suspicious file with tools

• Performing computer analysis on a Windows system and presentation of tools

Time

3 Days

Benefits

Participants will be able to do computer analysis on their own.

ISO 27001

Information security breaches and the increasing value of information resources, leads to an increase in companies’ information protection needs. Information security management system, to work to ensure information security It is a controlled approach towards. System personnel, processes and information includes security systems.

Who should attend?

IT Security Center Staff, Auditors, Cyber ​​Security Specialists, IT People whose staff will be audited under ISO 27001.

Prerequisites

Familiarity with quality management systems is helpful, but a requirement is not.

Course Curriculum

• What is ISMS and why is it needed?

• “Plan-Apply-Check-Take Action” process in ISO 27001

Risk assessment and treatment in information systems

ISO 27001 control categories

– Information security policies

– Organization of information security

– Human resources security

– Asset Management

– Access control

– Cryptography

– Physical and environmental security

-Operational security

– Communication security

-System acquisition, development and maintenance

-Supplier relations

– Information security incident management

– Information security aspects of business continuity management

– Conformity

• ISO 27001 compliance audit

– Audit planning

– Audit checklists

– Nonconformities and reporting

Few applications

Time

3 Days

Benefits

Participants will be able to establish ISMS in their institutions. Participants also will learn about the concepts of control.

Information Security Awareness Training

Unconscious and problematic use of technology, information security reasons such as the diversification of threats to ensure information security makes it difficult. Therefore, at national and international level Ensuring personal and corporate information security and information increasing awareness about safety is coming.

Who should attend?

Information systems users.

Prerequisites

No.

Course Curriculum

  • User’s role in information security
  • User’s contribution to the corporate Information Security Management System (ISMS)
  • Access to computers
  • Password security
  • Email security
  • Security while accessing the Internet
  • Virus protection
  • Installation, use and disposal of storage media
  • File access and sharing
  • Information backup
  • Social engineering
  • User responsibilities in computer events

Time

3 Hours

Benefits

Participants will learn about the basics of information security and their awareness of the importance of corporate information security they will take it to the next level. The task that contributes to an institution and they will learn their responsibilities.

Network Forensic Analysis Training

Gathering evidence over the network about crimes committed with this training of active network devices and mobile devices the ways in which evidence can be collected over the network. It is aimed to teach.

Who should attend?

Security Center Staff, Auditors, SOME members, Network and System Managers.

Prerequisites

Basic knowledge of TCP / IP, networks, Linux and Windows operating systems.

Course Curriculum

  • Basics of traffic analysis
  • Network packet capture technologies: Hardware, software and tools
  • Basic network protocols and components security component log analysis: Firewalls
  • logs, intrusion detection and prevention systems, etc.
  • Analysis of network protocols (HTTP, SMTP, DNS etc.)
  • Deep packet inspection
  • Detection of malicious network traffic: “Man in the middle attack”, “DNS cache poisoning ”etc. Attacks
  • Detection of network traffic tunneling techniques: DNS, ICMP, SSH tunneling, etc.
  • Analysis of encrypted network traffic: “listening for SSL traffic” technique
  • Network traffic reconstruction to obtain original data
  • Network flow analysis

Time

4 Days

Benefits

Network traffic analysis without participants accessing storage components will be able to realize and collect evidence. Also, from the ingredients detecting malicious network traffic and security incidents caused by they will be able to.

Information Security Training for Managers

Social Engineering that can be organized against corporate executives with training or many scenarios in information security training for other attacks By giving an example, it is aimed to increase the awareness of Information Security.

Who should attend?

Managers and staff who want to learn a lot about information security.

Prerequisites

Basic information systems knowledge.

Course Curriculum

  • Basic concepts of information security
  • Security Policy
  • Corporate security
  • Human resources security
  • Risk assessment and risk reduction
  • Business continuity
  • Information security incident management
  • Operating system security
  • Network security
  • Web security
  • Digital certificates and certificate distribution systems
  • Password management
  • Antivirus systems

Time

2 Days

Benefits

Participants learn about the basic concepts of information security. basic technical concepts of receivables and general operation of the ISMS Entry will be made by taking.

System Security Training

Authentication and basic SQL Server database security concepts how to manage access to objects through authorization configuration and how to maintain you will learn.

Who should attend?

Database administrators, database security auditors.

Prerequisites

Database management fundamentals.

Course Curriculum

  • SQL Server, general topics
  • Operating system configuration
  • Network configuration
  • SQL Server installation and maintenance
  • SQL Server configuration
  • Access control and authorization
  • • Audit and log management
  • Backup and disaster recovery procedures
  • • Replication
  • • Software application development
  • “Surface Area Configuration” tool
  • SQL Server testing and monitoring tools

Time

3 Days

Benefits

At the end of the course, participants will learn SQL Server database security They will learn the mechanisms and factors that affect security. A SQL Ability to perform a security audit of the server database they will win. By the way, database administrators can also They will learn how to manage safely.

SQL Server Training

Principles to be taken as basis in the management of systems, determined information security procedures, audit methods, compliance processes and Necessary to meet corporate information security needs sharing of information, what needs to be done for an effective audit It is aimed to transfer the processes.

Who should attend?

Information technology auditors, system security auditing capabilities information security professionals, system and network administrators who want to improve.

Prerequisites

Basic network and operating system (Windows and Unix) information, environmental protection familiarity with systems.

Course Curriculum

  • Vulnerability and threat definitions
  • Open source vulnerability scanners and how to use them
  • • Exploring the topology of a network
  • Environmental protection systems audit

Windows control

• Auditing of Unix / Linux systems

Time

4 Days

Benefits

Participants learn how to use vulnerability scanners they will learn. Participants also include operating systems, environmental protection How to audit systems and web applications? They will also learn what to do.

Oracle Training

Oracle, one of the largest manufacturers of database management software is someone. In this course, you will learn how to use Oracle database security efficiently. how to manage your Oracle network environment and you will learn how to perform database maintenance.

Who should attend?

Database administrators, database security auditors.

Prerequisites

Database management fundamentals

Course Curriculum

  • Database basics
  • Identity check
  • Access control lists
  • Database security audits
  • Network security
  • Database backup
  • Control of access tools
  • Advanced security measures

Time

3 Days

Benefits

At the end of the course, participants will have to do a security audit of databases. secure management of databases and administrators They will be able to apply.

Microsoft System Security Training

Security of Windows, the most used operating system in the world configuration, systems tools necessary to protect data, and training that teaches techniques. Microsoft Operating System to install, use and make necessary security configurations is the main purpose of the course.

Who should attend?

Windows Network Administrators, MS AD Administrators, IIS / Exchange Managers, IT Security Center Personnel.

Prerequisites

Basic information about Microsoft systems.

Course Curriculum

  •  Microsoft Web Services Security
  •  Microsoft “PowerShell”
  • Active Directory and Network Services Security (Group policy, DNS, DHCP)
  • Patch management in Microsoft systems

Time

3 Days

Benefits

Participants, advanced knowledge within the scope of Microsoft system security they will get. Microsoft system security applications in their organizations They will have the ability to use it in the best way possible.

Linux Security Training

Practical aspects of safe configuration of inux and operating system work environment, data protection and attack standard mechanisms, tools and training that teaches techniques.

Who should attend?

Linux System Administrators, IT Security Center Staff.

Prerequisites

Linux management knowledge.

Course Curriculum

  • Safe installation
  • Configuring startup services
  • Safe configuration of the kernel
  • File system access control
  • User access control
  • Management of system logs
  • Security audit tools
  • Security strengthening tools
  • Security script programming

Time

2 Days

Benefits

Participants can ensure the security of Linux-based operating systems. will be able to realize consolidation. Open ource in their systems will gain the ability to use security software tools. Also, to help them discover security breaches in  heir systems they will also gain the ability to use or develop tools.

Active Network Device Security Training

Active Network Device Security courses will teach you about network technologies and general security problems of protocols, their specific operation in depth of its application in systems or network equipment It focuses on explaining by examining In this case, wireless networks and IP Certain areas such as telephones are treated separately.

Who should attend?

System and network administrators, IT Security Personnel, Auditors, Cyber Security Professionals.

Prerequisites

Basic knowledge of networks.

Course Curriculum

    • Active devices (hardening), network design and network security

    Within the scope of providing, the following subjects are theoretically applied

    • It will be studied with exercises. Widely used today in internal networks and also networks

    empowering active devices used to connect the outside world towards

    Spine key,

    – Router,

    – The firewall,

    – Content filter

    • Safety controls applicable to active devices, for example

    – Physical security,

    – Equipment safety,

    – Authentication,

    – Authorization and monitoring,

    – Patch management,

    – Access control lists,

    – Remote management control etc.

Time

2 Days

Benefits

Participants are active through the theoretical and practical parts of the course. learn the security controls that can be applied to network devices expected. Participants also have these security checks in their institutions. applications are expected.

TCP / IP Network Security Training

Focusing on the practical work of network security issues, organizations  A comprehensive guide for professionals responsible for the security of computer networks educational program.

Who should attend?

IT Security Center Staff, Auditors, Cyber ​​Security Specialists, web site or System Administrators, Network Administrators.

Prerequisites

Basic knowledge of networks.

Course Curriculum

  • TCP / IP protocol stack protocols
  • Working principles of different layers of the TCP / IP stack and
  • threats targeting layers
  • Vulnerabilities and mitigation techniques of TCP / IP protocols
  • Techniques, protocols and devices used to secure network
  • Packet capture software, packet analysis and protocols such as Wireshark
  • Concepts such as SSL, IPSec, VPN and digital certificates
  • Network components such as Firewall, IDS / IPS and Proxy

Time

2 Day

Benefits

Applied studies on security of TCP / IP networks, It will provide the participants with rich knowledge and skills. Security practices in the network of their institutions are the best they are expected to be implemented in the same way.

Web Applications Security Training

The aim of the course is to inform web application developers of vulnerabilities  to identify, assess the risks to the project and to teach to eradicate in various ways.

Who should attend?

Web Application Developers, Website Administrators, IT Security Center Staff, Auditors, Cyber ​​Security Specialists.

Prerequisites

Basic information about web technologies

Course Curriculum

  • Collecting information
  • Configuration management flaws
  • Entry / exit manipulation

– Cross Site Scripting (XSS)

– Injection flaws: SQL Injection, OS command injection etc.

  • User authentication flaws
  • Authorization flaws
  • Session management flaws

– Session fixing

– Playing session

– Cross-Site Request Forgery (CSRF)

  • Application logic
  • Log management
  • Fault management
  • Secure application management

Time

2 Day

Benefits

Participants, important security components of HTTP-based applications, common mistakes, how to avoid them and keep them They will learn how to ensure application security.

Secure Software Development Training

In the modern world, in the software development process, a developer implementing protocols and using vulnerable frameworks Lots of security associated with the features of programming languages can accept the deficit.

Who should attend?

Software developers / engineers, software project managers, software quality control staff.

Prerequisites

Intermediate experience in programming.

Course Curriculum

  • TCP / IP protocol stack protocols
  • Working principles of different layers of the TCP / IP stack and
  • threats targeting layers
  • Vulnerabilities and mitigation techniques of TCP / IP protocols
  • Techniques, protocols and devices used to secure network
  • Packet capture software, packet analysis and protocols such as Wireshark
  • Concepts such as SSL, IPSec, VPN and digital certificates
  • Network components such as Firewall, IDS / IPS and Proxy

Time

3 Day

Benefits

Participants learn basic secure coding principles, secure software design and policies for development, threat modeling and security testing they will learn.