TRAININGS

Secure Software Development Training includes the coding techniques and methods that should be used to prevent vulnerabilities that can occur within web applications. The training customizes and details secure software development strategies within separate categories. Secure software development training is provided in 2 days as two separate trainings specific to JEE and .NET technologies. The topics covered during the training are taught hands-on in a laboratory environment, and the trainees are shown how to take necessary precautions in code fragments with vulnerabilities by developing secure codes.

Web Application Security Training is an application-based training in which web applications are examined from an attacker's point of view. It includes solutions and suggestions for web technologies, the structure of the HTTP protocol, root causes of application vulnerabilities, exploitation methods, effects, bypassing WAF/IPS or application-based measures, common configuration errors, and vulnerabilities. The topics covered during the training are systematically demonstrated by using the methodologies and tools utilized by a penetration tester in a laboratory environment, vulnerabilities are exploited, and their effects are revealed. Solutions are suggested for the vulnerabilities after each application. This training is organized as a 3-day classroom training.

Penetration Test Training is the training that shows how to identify and exploit security vulnerabilities in IT systems from an attacker's point of view and explains attack methods. In the training, issues related to network, system, and application security are discussed, while participants utilize attack techniques on systems in the laboratory environment. Along with the explanation of the methodologies and tools used in penetration tests, participants will be able to interpret penetration test reports and create solutions to vulnerabilities. This training is organized as a 5-day classroom training.

Mobile Application Security Training is an application-based training in which mobile applications are examined from an attacker's point of view. It covers the root causes of mobile application vulnerabilities, exploitation methods, effects, bypassing of WAF / IPS or application-based measures, and solutions to vulnerabilities from the attacker’s and developer’s perspectives. During the training, the topics covered in Android and IOS mobile applications are systematically demonstrated using the methodologies and tools used by a penetration tester in the laboratory environment, and the vulnerabilities are exploited, and their effects are revealed. Solutions are suggested for the vulnerabilities after each application. This training is organized as a 3-day classroom training.

Hardware Hacking Training is an application-based training in which hardware, firmware (embedded system software), and communication protocols are examined from an attacker’s point of view. It includes the identification of vulnerabilities of these components, investigating their root causes, and developing solutions. All applications are developed with participants using a specially created laboratory kit for each participant. Attack methods on hardware interfaces (I2C, SPI, JTAG, SWD, etc.), firmware hijacking and vulnerability research, ARM architecture and exploit development, attacks on BLE protocol are systematically explained using hardware with vulnerabilities, and vulnerabilities are exploited, and their effects are revealed. Solutions are suggested for the vulnerabilities after each application. This training is organized as a 4-day classroom training.

Windows Forensic and Incident Response Training aims to make investigations and respond to security breaches and incidents that may occur on Microsoft Windows-based systems. The topics covered during the training are taught by performing incident analyses in the laboratory environment, and solutions are developed based on the results of the analyses. The aim is to approach the incidents from the attacker’s point of view and to reveal the approach of the security analyst together with an in-depth analysis of the incident. This training is organized as a 5-day classroom training.

DDoS Attacks and Analysis Training is a product-independent training aimed at understanding frequently seen Dos/DDoS attacks and creating solutions against these attacks. The training is based on performing DDoS attacks without being dependent on any commercial product, detecting the attack characteristics with various analysis methods, and combating DDoS attacks with the help of appropriate instruments. During the training, DDoS attacks and their impacts will be revealed by performing practices in the laboratory environment. This training is organized as a 2-day classroom training.

Corporate CIRT (Cyber Incident Response Team) Trainings are a set of trainings aimed at CIRT personnel to understand the root causes of attacks, perform analyses, and create solutions against these attacks. It is a 26-day training, covering all subjects specified in the Corporate CIRT Set up and Management Guide published in July 2014. While offensive and defensive issues are handled in the training, participants can practice hands-on training using the systems in the laboratory environment.

In this training, information is provided about the equipment, processes, and architectures used in ICS infrastructures, cyber security threats against these infrastructures, and basic security measures that are important in eliminating threats. This is a 1-day training, including desk practices.

This training provides general information on cyber security technologies used in industrial facilities. Practical examples are provided on the application, selection, and deployment of these technologies. This is a 2-day training, including hands-on practice with open source and commercial solutions.

During this training, advanced topics related to industrial cyber security are covered. Attack and defense methods are explained, special training is designed for the relevant target sector. This is a 4-day hands-on training.

In this practical training, which is carried out with reference to the "ATT&CK® for ICS" framework specially developed for ICS/SCADA infrastructures, the attack techniques are explained for 3 days.

Secure deployment and commissioning of critical devices such as PLC/RTU used in ICS/SCADA infrastructures are crucial. Within the scope of this training, many different topics from the logic level to the configuration level are discussed from a cyber security perspective. This is a 1-day practical training.

Active Directory Security Training is an application-based training that examines Active Directory and domain environments from an attacker's point of view. It includes the root causes of Active Directory vulnerabilities, exploitation methods, impacts, configuration, patching of vulnerabilities, etc. as well as solutions. During the training, each participant can implement attack scenarios and see their effects through the specially prepared Active Directory environment. Within the scope of the training, attack methods for many Active Directory and Domain components, such as LM, NTLM, NTLMv2, Pass the hash, LLMNR - NetBIOS poisoning, Group Policy, sharing security, Kerberos authentication, etc. are explained practically. After examining the root causes of these vulnerabilities, the solutions are shared with the participants. This training is organized as a 2-day classroom training.

It should be ensured that necessary precautions are taken regarding POS security in line with PCI DSS 9.9 requirement and that the importance of credit card security of companies and organizations is emphasized in accordance with requirement 12.6. PCI DSS Awareness Training aims to provide organizations with security awareness activities that are expected to be carried out in line with the 9.9 and 12.6 requirements. This training can be provided either in a classroom setting or remotely.

PCI DSS Technical Training is a training for IT employees in which the technical controls of PCI DSS are explained in depth. Within the scope of the training program, provided by Cyberwise's experienced experts, it is aimed to ensure that the participants understand and interpret PCI DSS requirements and apply security controls. This training can be provided either in a classroom setting or remotely.

With this training, the aim is to provide basic information security awareness for employees and measure and maintain its effectiveness. In addition to awareness-building seminars for all employees of the organization, it also includes remote training opportunities. At the same time, it is aimed to increase the level of awareness with other complementary activities such as visual designs, infographics, videos, and the use of slogans. This training can be provided either in a classroom setting or remotely.

This training explains the ISO 27001 standard with practical examples and aims to enable the participants to reach the competency to set up an Information Security Management System in their organizations. This training can be provided either in a classroom setting or remotely.

This training is aimed at training internal auditors to audit compliance with ISO 27001 standard and includes topics such as internal basic audit methodology, nonconformity types, and reporting methods. This training can be provided either in a classroom setting or remotely.

Course covers everything you need to start-up, configure and manage daily operations of Check Point Security Gateway and Management Software Blades systems on the GAiA operating system.

Audience
Technical professionals who support, install deploy or administer Check Point products. It is prepared for technical experts who perform and manage daily CheckPoint firewall operations.

Prerequisites
Working knowledge of Windows, UNIX, networking technology, the Internet and TCP/IP.

Objectives and Exercises “Hands-on lab”
• Check Point Firewall Architecture
• Check Point Installation Models and Installation Steps
• CPUSE Usage
• Gaia Operating System Review
• Safe and Accurate Firewall Management
• Important functions and applications on the SmartConsole
• Basic information about blade definitions in the Access Control Layer
• Basic information about blade definitions in the Threat Prevention Layer
• Ideal policy definitions within the Network and Threat Prevention Layer
• Cluster Firewall Activation and ClusterXL Basics
• NAT Working Structure and practices
• Licensing model • Log Structure and Log Analysis
• VPN Blade Basic Concepts
• Identity Awareness Blade Description and Troubleshooting stages
• Backup and Maintenance
• Important instruction sets and Basic Troubleshooting stages
• SecureXL Basics
• Basic SmartEvent Usage

Course teaches how to configure, deploy and advanced troubleshoot Check Point Security Systems on the GAiA operating system.
Hands-on lab exercises teach how to debug firewall processes, optimize firewall performance and core elements.

Audience
Technical professionals who perform advanced deployment configurations of Check Point products.
It is prepared for technical experts who perform and manage daily CheckPoint firewall operations.

Prerequisites
Cyberwise Check Point Firewall Admin Course or CCSA certification
Windows Server, UNIX and networking skills and TCP/IP experience

Objectives and Exercises “Hands-on lab”
• Secondary Security Management Server Architecture
• Advanced SmartCenter Features
• Things to know about Management Data Plane
• Check Point Firewall API Usage and practices
• Advanced ClusterXL Features and Troubleshooting stages
• Examination and practice of ClusterXL upgrade methods
• Application Control and URL Filtering Blade Review
• How to use SecureXL and Advanced Troubleshooting steps
• CoreXL usage and Advanced Troubleshooting stages
• Site-to-Site VPN Configuration and Troubleshooting Steps
• Key points in Mobile Access Management
• Definitions to know about Kernel Debug kits
• Collecting Security Gateway Troubleshooting data using Advanced Command Sets
• Required steps for performance optimization
• Gaia 3.10 " User Space Firewall (USFW)" Things to know
• Advanced SmartEvent usage and reporting

Course teaches how to configure, deploy and advanced troubleshoot Check Point Security Threat Emulation,Threat Extraction,AntiBot,AntiVirus and IPS blades.
Data from malicious attacks are shared between the Threat Prevention Software Blades and help to keep your network safe.
Hands-on lab exercises teach how to configure Threat Prevention Software Blades.

Audience
Technical professionals who perform advanced deployment configurations of Check Point products.
It is prepared for technical experts who perform and manage daily CheckPoint firewall operations.

Prerequisites
Cyberwise Check Point Firewall Expert & Troubleshooting Course or CCSE certification Windows Server, UNIX and networking skills and TCP/IP experience

Objectives and Exercises “Hands-on lab”
• Threat Prevention Blade activations
• Examination of installation architecture and blade working structures
• IPS Protections Configuration and Troubleshooting stages
• Threat Emulation Blade Configuration and Troubleshooting stages
• Threat Extraction Blade Configuration and Troubleshooting stages
• Threatcloud working structure
• Anti-bot,Anti-Virus Blade Configuration and Troubleshooting stages
• HTTPS Inspection Blade Configuration and Troubleshooting stages
• Threat Prevention Blade Optimizasyon&Tuning
• Threat Prevention Analysis with SmartLog and SmartEvent usage

Course covers everything you need to start-up, configure and manage daily operations of Palo Alto Firewall and Panorama Management system on the PANOS operating system.

Audience
Technical professionals who support, install deploy or administer Palo Alto products. It is prepared for technical experts who perform and manage daily Palo Alto firewall operations.

Prerequisites
Working knowledge of Windows, UNIX, networking technology, the Internet and TCP/IP.

Objectives and Exercises “Hands-on lab”
• Palo Alto Firewall Architecture
• Management,Service,Interface,Route Settings
• Software and Dynamic Update concepts and practices
• Firewall Network Integration and Network Definitions
• Admin Definitions and optimum security level
• Secure policy management with Policy and Profile Definitions
• Zone Definitions, Importance and Practice of Access Scenarios
• NAT Concept, Definitions and Practices
• VPN Definitions and Scenarios
• APP-ID Definitions and practices
• Firewall Maintenance and Periodic Operations
• Log analysis processes
• Cluster Installation, Configuration and failover scenarios
• Examination and Practice of Important and Operational Instruction Sets
• Troubleshooting: examination of management and data plane log files
• Vulnerability Protection Concept and Practical Scenarios
• Zone Security Definitions and Practical Scenarios
• Flood Protection
• Reconnaissance Protection
• Packet-Based Attacks Protection
• Protocol Protection

LOCATIONS

Amsterdam

Cyberwise B.V. Strawinskylaan 411 1077XX Amsterdam The Netherlands

Show on Map
+31 (0)70-2045180
Dubai

CYBERWISE FZ-LLC
214 Dubai Internet City, Building 9, Office No. 323 DUBAI - United Arab Emirates P.O. Box 23147

Show on Map
+971 4 558 97 27
İstanbul

Nida Kule Plaza, Kozyatağı Mah. Değirmen Sok. No:18 Kat:19 34742 Kozyatağı, Kadıköy, İstanbul

Show on Map
+90 216 688 81 82