As Privia Security, in addition to the consultancy, training and R&D work we offer in the field of cyber security, we are offering the Cyber War Academy long-term internship programme aimed at the cyber security, software and design ecosystem to our valued university students.
At the Cyber War Academy, which we offer as an in-house programme, the training of our students takes place on systems hosting corporate infrastructure topologies and enables them to gain practical experience in near-realistic simulation environments. Our PriviaHub Cyber Range product, which we have developed with our team and our own capital, provides training, simulation and exercise environments to the cyber defence forces of the world’s most important armies.
Prerequisites for Application
- Applications will only be accepted via Office 365 Forms.
- Candidates will be selected from the 1st, 2nd, 3rd or 4th years of universities regardless of department.
- After the first exam, applicants are expected to perform a penetration test on 2 machines provided on PriviaHub and report the vulnerabilities they find in penetration test format.
- Applicants are required to write an article of a maximum of 2 pages on a given topic.
- Candidates must not have any issues with GBT, Archive and Intelligence checks.
- A face-to-face interview will be conducted with final-stage candidates.
Cyber Security Intern Training
WEEK 1: It will start with training given to the friends accepted into the internship programme on how the PriviaHub system works and how they will work with it. It will then continue with the assignment of internship projects to the interns.
WEEK 2: General penetration testing concepts
- Types of penetration testing
- White-box, Black-box, gray-box penetration test types
- Penetration testing steps and methodologies
- Commercial and free software used in penetration tests
- Writing a penetration test report
WEEK 3: Reconnaissance and Information Gathering in Penetration Tests
- Types of Information Gathering
- Active Information Gathering
- Passive Information Gathering
- Information Gathering through Internet-facing services
- Information gathering using search engines
- Google, Shodan etc.
- Maltego
- Finding email information belonging to a company
- Finding subdomain names belonging to a company
- Identifying company employees using LinkedIN
- Google Hacking methods and ready-made tools
- Information gathering from Internet-facing web pages and email lists
WEEK 4: Basic Network
- OSI reference model
- Protocols and Layers
- ARP
- DNS
- HTTP
- IP
- TCP-UDP
- Packet Analysis, Sniffing
- Sniffing Concept
- Protocols open to sniffing
- Types of Sniffing
- Tools used for packet analysis and sniffing
- Wireshark
WEEK 5: Host/Network/Port Discovery And Scanning Tools
- Host discovery and port scanning
- Host/Port open/close concepts
- Under what circumstances a host/port appears open, under what circumstances closed
- Why is Host/Port Scanning Important?
- Scanning types
- Port scanning via TCP
- SYN Scan, FIN Scan, XMAS, ACK, NULL scan types
- UDP Port scanning and its issues
- IP and ICMP Scanning
- Operating System Detection and version detection
- Commonly used port scanning tools
WEEK 6: What is Nmap, How to Use It
- What is Nmap, how to use it
- Basic port scanning with Nmap
- Advanced port scanning methods with Nmap
- Port scanning of systems using SYN cookies
- Unicornscan, Scanrand, Xprobe
- Port Scanning of Firewall, IDS/IPS Protected Systems
- Deceiving Firewall/IPS Using Decoy Systems
- Port Scanning over Anonymous Networks
- Deceiving IDS/IPS with Fake IP Addresses
- Bypassing IDS/Firewall using Fragmented Packets
- Vulnerability Scanning Using NSE (Nmap Script Engine)
- Nmap Outputs and HTML Reporting
- Other known port scanning tools
WEEK 7: Windows 101 and Linux 101
- What is Active Directory
- What is the domain structure
- What is Kerberos
- TGT, TGS tickets
- Active Directory Domain/Enterprise/Schema Admins
WEEK 8: Introduction to Cryptography
- Definition and Distinction of Cryptography and Cryptology
- Encoding and Boolean
- Ciphers and Encryption
- Classical Ciphers
- Symmetric Ciphers
- Block Ciphers
- Block Cipher Modes
- Stream Ciphers
- Hash Functions
- Asymmetric Ciphers
- Key Exchange
- Digital Signatures
WEEK 9: Man-in-the-middle and session hijacking on TCP/IP Networks
- Various session hijacking methods
- ARP Spoofing
- IP Spoofing
- DNS Spoofing
- MAC Flooding
- Connection redirection with Fake DHCP Servers
- Session hijacking with ICMP redirect packets
- Session Hijacking Tools
- Ettercap, Dsniff, Cain & Abel
- Session Hijacking Examples
- Hijacking a Telnet session
- Hijacking an HTTP session
WEEK 10: Password and cipher concept
- Dictionary Attacks
- Brute Force Attacks
- Crunch Wordlist Generation
- Rainbow Table Generation
- Use of Graphics Cards in Password Cracking Attacks
- Cracking Windows LM/NTLM Passwords
- Finding HASH Results from Search Engines
- Cracking Cisco Enable Password
- Password Cracking Using Cain & Abel Tool
- Password Cracking Using John the Ripper Tool
- Password Attacks on Windows Services
- Password Attacks on SMB Service
- Password Attacks on MS RDP Service
- Password Attacks on Popular Services
- Password Attacks on MSSQL Service
WEEK 11: Metasploit Framework
- Metasploit Architecture
- Metasploit Filesystem and Libraries
- Auxiliary Modules
- Payload Modules
- Exploit Modules
- Encoder Modules
- Post Module
- MSFconsole
- Introduction MSFConsole Commands
- MSF Database
- Port Scanning
- Enumeration
- SMB Enumeration
- MSSQL Enumeration
- FTP Enumeration
- SNMP Enumeration
- SSH Enumeration
- Vulnerability Scanning
- Payloads
- Exploitation
- PSEXEC
- MS17-010
- Zerologon
- Exploit with Custom EXE File
- MSSQL CLR Payloads
- Meterpreter 1
- Introduction to Meterpreter
- Meterpreter Architecture
- Basic Meterpreter Commands
- Privilege Escalation
- Local Exploit Suggester
- UAC Bypass
- MS16-075
- Meterpreter 2
- Privilege Escalation with Meterpreter
- Incognito
- Token Impersonation
- Packet Sniffing
- Extracting Password Hashes
- Extracting Cleartext Passwords
- Searching for Critical Information
- Enabling Remote Desktop
- Pivoting
- Port Forwarding
- Interacting with the Registry
- Meterpreter Backdoor and Persistency Modules
- Clearing Windows Event Logs
- Buffer Overflow
- Hacking Scenerio With Metasploit
- MSFvenom
- Using Custom Payload Generators
- Using Encoders
WEEK 12: Mobile Application Security
- Android
- Android Ecosystem
- APK Structure
- Reverse Engineering Android APK
- Java Virtual Machine Code (Smali)
- Common Security Measures and Bypass Techniquies
- Frida & Objection Method Hooking
- Application Local Storage Investigaion
- Pentesting Web API
WEEK 13: Powershell for Pentesters
- Introduction to Powershell
- Powershell Cmdlet
- Powershell Module
- Powershell Scripting
- Information Gathering and Recon
- Powershell Remoting
- Powershell Execution Policy
- Netcat with Powershell
- Exploitation
- Post Exploitation
- Privilege Escalation
- Credential Dumping
- Info Gathering and Recon
- Pivoting
- Backdooring
Cyber War Academy Internship Application
Share the blog post
Copied
