Cyber Warfare Academy Long-Term Internship Programme

By keeping our country’s leading cyber security researchers on our team, we continue to offer organisations bespoke solutions in the field of cyber security. Our engineers continue to provide cyber security consultancy to the most important public and private companies in our country. In order to provide a solution to the shortage of trained human resources, we train many students each year through our “kitchen” programme and bring them into the sector.

Acting with the mission of training qualified specialists, we are opening applications for our Cyber Warfare Academy Internship programme, prepared for students who wish to pursue a career in cyber security.

As Privia Security, in addition to the consultancy, training and R&D activities we offer in the field of cyber security, we present the Cyber Warfare Academy long-term internship programme aimed at the cyber security, software and design ecosystem to our valued university students.  

Our PriviaHub Cyber Range product, developed by our team with our own equity, provides training, simulation and exercise environments to the cyber defence forces of the world’s most important armies. In the Cyber Warfare Academy, which we present as our kitchen programme, our students’ training takes place on systems that host corporate infrastructure topologies and allows them to gain practical skills in simulation environments close to reality.

In this context, we are excited to announce that applications have opened for the Privia Security Cyber Warfare Academy that we have launched.

Privia Security “Cyber Warfare Academy”

As Privia Security, thanks to the kitchen programme we regularly open every year, we go beyond classical internship approaches by offering applied training and providing our students with real hacking experience in simulation environments.

The main aim of this programme is to train qualified specialists and bring them into the sector.

Our internship programme consists of 3 different stages.

• The first stage is a 3-month basic internship
• The second stage is 6-12 months of in-depth training
• The third stage is a part-time work opportunity until education life is completed

First stage; during the three-month basic internship training period of our internship programme, our students will receive training on the following subjects. At the same time, all participants will continue to receive mentorship under the guidance of an assigned specialist instructor. It is planned that our participants will adapt to our technical team in a very short time during the internship with the help of their assigned mentor instructor. The trainings we offer in this section are listed as follows.

1. Network and communication technologies
2. Operating systems and client-server architectures
3. High and low-level programming languages
4. Relational databases
5. Algorithms
6. Modern cryptology
7. Mobile operating systems
8. Web application languages
9. Malware (development and analysis)
10. Cyber defence strategies
11. Cloud and container technologies
12. SCADA/ICT/IoT technologies

Second stage; candidates who successfully complete our three-month internship programme will be included in our 6-12 month deep dive training programme. Within the framework of this training programme, an assessment is made regarding the areas in which participants should specialise, evaluating the guidance of mentor instructors and the notes of other specialist instructors regarding the participants throughout the three-month internship programme.

Training is conducted by applying training programmes that will enable participants to deepen and specialise in the areas of expertise they enjoy most. Thus, through deep dive trainings, participants are enabled to specialise in the areas of interest to them.

Participants who qualify for this programme will be provided with a scholarship in the amount determined by management.

Third stage; Participants who successfully complete both programmes will be able to work part-time at our company until they complete their education life. Our participants, who will work part-time in the role of assistant engineer, are intended to start full-time employment after completing university.

University students who wish to join the Privia Security family and have determined their profession as one of the following areas can apply to our programme. If you too are interested in one of the following specialisation areas, you can apply to the Privia Security Cyber Warfare Academy programme.

Cyber Security Intern Application (Offensive-Defensive-Forensic)

Pre-Requirements for Application

1. Applications will only be accepted via Office 365 Forms.
2. Candidates will be selected from the 1st, 2nd and 3rd years of universities regardless of department.
3. Applicants are expected to perform penetration testing on 2 machines provided on PriviaHub and report the vulnerabilities they find in penetration testing format.
4. Applicants are expected to write a maximum 2-page article on a given topic.
5. Candidates must not have any issues in GBT, Archive and Intelligence queries.
6. Candidates at the final stage will be subject to a face-to-face interview.

Cyber Security Intern Training Programme

WEEK 1:

• Training the friends accepted into the internship programme on how the PriviaHub system works and how they will work with this system
• Giving interns their internship projects

WEEK 2:

General penetration testing concepts

• Types of penetration testing
• White-box, Black-box, gray-box penetration test types
• Penetration testing steps and methodologies
• Commercial and free software used in penetration testing
• Writing a penetration testing report

WEEK 3:

Reconnaissance and Information Gathering Activities in Penetration Tests

• Types of Information Gathering
• Active Information Gathering
• Passive Information Gathering
• Information Gathering via Internet-facing Services
• Information gathering using search engines
• Google, Shodan etc.
• Maltego
• Finding email information belonging to a company
• Finding subdomain names belonging to a company
• Identifying company employees using LinkedIn
• Google Hacking methods and ready-made tools
• Gathering information from Internet-facing web pages and email lists

WEEK 4:

Basic Network

• OSI reference model
• Protocols and Layers
• ARP
• DNS
• HTTP
• IP
• TCP-UDP
• Packet Analysis, Sniffing
• Sniffing Concept
• Protocols vulnerable to sniffing
• Types of Sniffing
• Tools used for packet analysis and sniffing
• Wireshark

WEEK 5:

Host/Network/Port Discovery and Scanning Tools

• Host discovery and port scanning
• Host/Port openness concepts
• In which case a host/port appears open, in which case closed
• Why is Host/Port Scanning Important?
• Types of scanning
• Port scanning over TCP
• SYN Scan, FIN Scan, XMAS, ACK, NULL scan types
• UDP Port scanning and its issues
• IP and ICMP Scanning
• Operating System Identification and version detection
• Commonly used port scanning tools

WEEK 6:

What is Nmap, Its Use

• What is Nmap, how it is used
• Basic port scanning with Nmap
• Advanced port scanning methods with Nmap
• Port scanning against systems using Syncookie
• Unicornscan, Scanrand, Xprobe
• Port Scanning Against Firewall, IDS/IPS Protected Systems
• Bypassing Firewall/IPS Using Decoy Systems
• Port Scanning Over Anonymous Networks
• Bypassing IDS/IPS With Fake IP Addresses
• Bypassing IDS/Firewall Using Fragmented Packets
• Vulnerability Scanning Using NSE (Nmap Script Engine)
• Nmap Outputs and HTML Reporting
• Other known port scanning tools

WEEK 7:

Windows 101

• What is Active Directory
• What is the domain structure
• What is Kerberos
• TGT, TGS tickets
• Active Directory Domain/Enterprise/Schema Admins

Linux 101

WEEK 8:

Introduction to Cryptography

• Definition and Distinction of Cryptography and Cryptology
• Encoding and Boolean
• Ciphers and Encryption
• Classical Ciphers
• Symmetric Ciphers
• Block Ciphers
• Block Cipher Modes
• Stream Ciphers
• Hash Functions
• Asymmetric Ciphers
• Key Exchange
• Digital Signatures

WEEK 9:

Interception and Session Hijacking in TCP/IP Networks

• Various session hijacking methods
• ARP Spoofing
• IP Spoofing
• DNS Spoofing
• MAC Flooding
• Connection redirection with rogue DHCP Servers
• Session hijacking with ICMP redirect packets
• Session Hijacking Tools
• Ettercap, Dsniff, Cain & Abel
• Session Hijacking Examples
• Hijacking the Telnet session
• Hijacking the HTTP session

WEEK 10:

The concept of password and passphrase

• Dictionary Attacks
• Brute Force Attacks
• Creating Crunch Wordlist
• Creating Rainbow Tables
• Using a Graphics Card in Password Cracking Attacks
• Cracking Windows LM/NTLM Passwords
• Finding HASH Results from Search Engines
• Cracking the Cisco Enable Password
• Password Cracking Using Cain & Abel
• Password Cracking Using John the Ripper
• Password Attacks Against Windows Services
• Password Attacks Against the SMB Service
• Password Attacks Against the MS RDP Service
• Password Attacks Against Popular Services
• Password Attacks Against the MSSQL Service

WEEK 11:

Metasploit Framework

• Metasploit Architecture
• Metasploit Filesystem and Libraries
• Auxiliary Modules
• Payload Modules
• Exploit Modules
• Encoder Modules
• Post Module
• MSFconsole
• Introduction MSFConsole Commands
• MSF Database
• Port Scanning
• Enumeration
• SMB Enumeration
• MSSQL Enumeration
• FTP Enumeration
• SNMP Enumeration
• SSH Enumeration
• Vulnerability Scanning
• Payloads
• Exploitation
• PSEXEC
• MS17-010
• Zerologon
• Exploit with Custom EXE File
• MSSQL CLR Payloads
• Meterpreter 1
• Introduction to Meterpreter
• Meterpreter Architecture
• Basic Meterpreter Commands
• Privilege Escalation
• Local Exploit Suggester
• UAC Bypass
• MS16-075
• Meterpreter 2
• Privilege Escalation with Meterpreter
• Incognito
• Token Impersonation
• Packet Sniffing
• Extracting Password Hashes
• Extracting Cleartext Passwords
• Searching for Critical Information
• Enabling Remote Desktop
• Pivoting
• Port Forwarding
• Interacting with the Registry
• Meterpreter Backdoor and Persistency Modules
• Clearing Windows Event Logs
• Buffer Overflow
• Hacking Scenerio With Metasploit
• MSFvenom
• Using Custom Payload Generators
• Using Encoders

WEEK 12:

Mobile Application Security

• Android
• Android Ecosystem
• APK Structure
• Reverse Engineering Android APK
• Java Virtual Machine Code (Smali)
• Common Security Measures and Bypass Techniquies
• Frida & Objection Method Hooking
• Application Local Storage Investigaion
• Pentesting Web API

WEEK 13:

Powershell for Pentesters

• Introduction to Powershell
• Powershell Cmdlet
• Powershell Module
• Powershell Scripting
• Information Gathering and Recon
• Powershell Remoting
• Powershell Execution Policy
• Netcat with Powershell
• Exploitation
• Post Exploitation
• Privilege Escalation
• Credential Dumping
• Info Gathering and Recon
• Pivoting
• Backdooring

Software Intern (Backend) Application

Software backend intern candidates who apply will first be asked to complete the given project.

The project aims to measure the intern candidates’ git usage knowledge, basic programming knowledge and basic web technologies usage knowledge. The technical interview process will begin for candidates who submit the project. Candidates who pass the technical interview will be accepted into the internship.

Pre-Requirements in Applications

1. Applications will be received via Google Forms
2. Candidates will be selected from the 1st, 2nd and 3rd years of universities.
3. Applicants will complete the project sent to them and share it via Github.
4. Applicants will be expected to write a maximum 2-page blog post on a given topic.
5. Candidates must not have any issues in GBT, Archive and Intelligence queries.
6. Candidates at the final stage will be subject to a face-to-face interview.

Software Intern (Backend) Training Programme

WEEK 1:

• Ruby Installation
• Rails Installation
• Postgresql Installation
• Using Version Management Tools (rbenv, rvm)
• Class, Object
• Ruby Variables
  • Global Variables
  • Instance Variables
  • Class Variables
  • Local Variables
• Conditional Statements (if,else..)
• Loops

WEEK 2:

• Methods / Methods With Parameters
• attr_reader, attr_writer and another attr methods
• Blocks, Procs and Lambdas
• Arrays and Hashes
• Ruby File I/O

WEEK 3:

• Ruby String Methods
• Ruby Integer Methods
• Ruby Array Methods
• Ruby Time Methods / strftime using

WEEK 4:

• Recognising the file directory structure in a Rails project
• Learning how to create a Rails project by grasping the Rails MVC architecture in line with the instructions in the Rails Get Started area
• CRUD Operations
• CRUD Operations API
• Scaffold Structure
• Action Controller
• Action Controller Callbacks
• Rails Routes

WEEK 5:

• Devise Gem Usage / Authentication Operations
• I18n Gem Usage
• Active Record Migrations
• Active Record Callbacks
• Active Record Associations

WEEK 6:

• Active Storage
• Active Job
• Action Mailer
• Rails Test

Software Intern Application (Frontend – React)

Software frontend intern candidates who apply will first be asked to complete the given project. The project aims to measure the intern candidates’ git usage knowledge, basic programming knowledge and basic HTML, CSS, Javascript knowledge.

The technical interview process will begin for candidates who submit the project. Candidates who pass the technical interview will be accepted into the internship.

Pre-Requirements in Applications

1. Applications will be received via Google Forms
2. Candidates will be selected from the 1st, 2nd and 3rd years of universities.
3. Applicants will complete the project sent to them and share it via Github.
4. Applicants will be expected to write a maximum 2-page blog post on a given topic.
5. Candidates must not have any issues in GBT, Archive and Intelligence queries.
6. Candidates at the final stage will be subject to a face-to-face interview.

Software Intern (Frontend – React) Training Programme

WEEK 1:

• What are HTTP methods and APIs?
• HTML Accessibility
• CSS (media queries, display, position, grid, flex, keyframes)
• DOM Manipulation / Js events

WEEK 2:

• Async Javascript (callbacks, promise, async/await)
• Array methods (filter, map, reduce…)
• API requests (fetch api / axios)
• CORS (backend/frontend common topic)

WEEK 3:

• Hooks
• Components

WEEK 4:

• React Router
• Error Boundary

WEEK 5:

• Redux
• Context API

PriviaHub Content Development Intern (Offensive)

Pre-Requirements in Applications

1. Applications will be received via Google Forms
2. Candidates will be selected from the 1st, 2nd and 3rd years of universities.
3. Applicants are expected to perform analysis on 2 machines provided on PriviaHub and report the results they find.
4. Applicants will be expected to write a maximum 2-page blog post on a given topic.
5. Candidates must not have any issues in GBT, Archive and Intelligence queries.
6. Candidates at the final stage will be subject to a face-to-face interview.

Privia Hub Content Development (Offensive) Training Programme

WEEK 1:

• Providing training to our new team friends who join the internship programme on how the PriviaHub system works and how they will work with this system
• Initial topics on Protocols & Technologies will be given and simulation preparation on these topics (Throughout all weeks, care will be taken regarding the sub-areas in which our new team friends who participate in the internship wish to improve themselves in the content they will prepare.)

WEEK 2:

• Topics on Information Gathering will be given and simulation preparation on these topics

WEEK 3-4-5:

• After the Information Gathering phase, simulation preparation related to Passive & Active Reconnaissance operations and Enumeration

WEEK 6-7:

• Topics on Vulnerability Assessment and vulnerability detection tools will be given and simulation preparation on these topics

WEEK 8-10:

• Topics on Exploitation methods and exploitation of the most encountered security vulnerabilities will be given and simulation preparation on these topics

WEEK 11-12:

• Simulation preparation on Post-Exploitation operations and the application of tools used for these operations

WEEK 13-14-15:

• Preparation of documents suitable for the class module on the subject to be specified by our intern team friends who prepared simulations in previous weeks

WEEK 16-17-18:

• Preparation of an offensive scenario regarding the organisation structure (e.g.: Banking, Hospital,…) to be mentioned to our intern team friends

PriviaHub Content Development (Defensive) Intern

Pre-Requirements in Applications

1. Applications will be received via Google Forms
2. Candidates will be selected from the 1st, 2nd and 3rd years of universities.
3. Applicants are expected to perform penetration testing on 2 machines provided on PriviaHub and report the vulnerabilities they find in penetration testing format.
4. Applicants will be expected to write a maximum 2-page blog post on a given topic.
5. Candidates must not have any issues in GBT, Archive and Intelligence queries.
6. Candidates at the final stage will be subject to a face-to-face interview.

PriviaHub Content Development (Defensive) Training Programme

WEEK 1:

• Providing training to our new team friends who join the internship programme on how the PriviaHub system works and how they will work with this system
•  Simulation preparation on Hacker Terminology, Cyber Kill Chain, Sniffing operation, Sniffing Tools and PCAP Analysis topics (Throughout all weeks, care will be taken regarding the sub-areas in which our new team friends who participate in the internship wish to improve themselves in the content they will prepare.)

WEEK 2:

• Simulation preparation on Web traffic analysis, SSL traffic analysis and analysing web attacks

WEEK 3:

• Simulation preparation on Wireless Attacks and Wireless Attack Analysis, Incident Response topics

WEEK 4:

• Simulation preparation on Logs and Events in Windows and Linux Systems

WEEK 5:

• Simulation preparation on Sysmon

WEEK 6-7:

• Simulation preparation on SIEM Architecture, Distribution and Correlation. In addition to these topics, simulation preparation on IDS, IPS, WAF, EDR and Honeypot topics

WEEK 8-9:

• Simulation preparation on Windows and Linux Incident Response topics

WEEK 10:

• Simulation preparation on SOC Operations with Wazuh

WEEK 11-12:

• Simulation preparation on Malware and Malware Analysis

WEEK 13-14-15:

• Preparation of documents suitable for the class module on the subject to be specified by our intern team friends who prepared simulations in previous weeks

WEEK 16-17-18:

• Preparation of a defensive scenario regarding the organisation structure (e.g.: Banking, Hospital,…) to be mentioned to our intern team friends

Design Intern (UI-UX-Graphic Design) Application

Design intern candidates who apply will first be asked to submit their portfolios (pdf or links to their Behance, Dribbble pages). The technical interview process will begin for candidates whose portfolios are found successful. Candidates who pass the technical interview will be accepted into the internship.

Pre-Requirements in Applications

1. Applications will be received via Google Forms
2. Candidates will be selected from the 2nd, 3rd and 4th years of universities.
3. Applicants will be expected to write a maximum 2-page blog post on a given topic.
4. Candidates must not have any issues in GBT, Archive and Intelligence queries.
5. Candidates at the final stage will be subject to a face-to-face interview.

Design Intern Training Programme

WEEK 1:

• Basic Design Principles
• Gestalt Principles
• What is User Experience & User Interface Design?

WEEK 2:

• Exercise No 1: Design Thinking
• “User Research, Problem Identification, User Persona Creation, Brainstorming”

WEEK 3-4:

• Exercise No 2: Design Process
• “Sitemap, User Flow, Information Architecture, Storyboard, Usage Scenario, Wireframe, Prototyping”

WEEK 5:

• Productising the work

Applications for our internship programmes will first be received online. All cyber security candidates who apply will be subject to an online exam on PriviaHub on 4-11 April. Interview dates will be notified specifically to those who apply and pass the assessment. The training programme is completely free of charge and only open to university students.

Application: Microsoft 365 Forms
Applications: 4 March – 1 April
Exam / Assessment: 4 – 11 April

In the exam, which will be conducted online and in test format, there is a success criterion of 70% and above. All candidates who achieve this success will qualify for the practical exam and interview. We wish all of our university student applicants every success.