Silesian University of Technology invites its students to trainings organized by the Department of Cybersecurity and the Expert Cybersecurity Training Centre of the Ministry of National Defence. The training is free of charge and is organized as part of the Akademia_CYBER.MIL project. The project is addressed to students with Polish citizenship.

Courses will be available according to the following schedule:
1. Course “Security Academy” – from 4 to 22 November 2024
2. Windows Security course – December 2-20, 2024
3. Linux Security Course – January 6-23, 2025
4. The “OSSTMM Security Expert” course – from 3 to 21 February 2025.

Each of the courses will be completed with a knowledge test, which can be taken up twice. To pass the test, you must give 70% correct answers. After obtaining a positive result from the knowledge test, after each of the courses you will be able to generate a certificate of its completion.

Students interested in participating in the training should fill in the form below by 20 October this year: https://forms.office.com/e/qcUWnVwpar

If you have any questions, please contact the project coordinator – Dr Hab. Eng. Paweł Kasprowski.

Training issues in individual courses:

1. Safety Academy (20 x 45 min)

Introduction to OSSTMM and hacking
• Malware hacking
o hacking techniques in the study of malware attacks.
o how malware gets into the network, how it moves, how it works.
o using network tools
• Attack analysis (introduction to OSSTMM)
o strategies and tactics used to implement it.
o manoeuvring around the battlefield through the use of network and hacking tools.
o how to manage ongoing attacks, how to prepare for upcoming attacks, even though we do not know and do not expect a specific type of attack.
• Fundamentals of computer forensics
o how threats bypass operational controls, attack surfaces, and gain confidence in achieving access to assets.
o Tools and techniques in the study of specific systems and devices.

OSSTMM and Hacking
• the basics of Hacking in OSSTMM model
o OSSTMM in hacking as a faster and more direct method of conducting research.
o Presentation of OSSTMM method in practical basics of network and system hacking. o General method of hacking
• Network technologies in OSSTMM model:
o Discussion of the most popular attack vectors
o the diversity of attacks
o adopting the right defensive posture in the given communication channels.
• Password hacking
o OSSTMM authentication.
o OSSTMM encryption.

2. Windows Security (20 x 45 min)
o Authentication and authorization § Authentication and authorization process
§ Biometric authentication § Virtual smart cards in authentication process
o System security management
§ BitLocker encryption § UAC § GPO policies
§ Host file management
o Windows access control management
§ User rights,
§ UAC inheritance
§ Application rights restrictions
§ Domain policy settings
o Security and monitoring tools
§ Windows Defender § Microsoft update
SCM, SCT. ASA
§ Firewall configuration
§ Log collection management and analysis.

3. Linux Security (20 x 45 min)

o Environmental analysis:
§ Understanding the types of Linux systems.
§ Understanding the BIOS
§ Understanding the Bootloader
§ analysing the operating system
§ analysing the hard drive
§ Shells
§ types of malwares
o Hardening interactions:
§ User accounts and permissions
§ Password analysis
§ File privileges
§ Ports and services
§ Host firewalls
o Analysing emanations:
§ Networking
§ DNS / hosts
§ Login
§ Software installations
§ Time
o Analysing resources:
§ Routing § Service Manager
§ Kernel § Containers
§ Virtualization

4. OSSTMM Safety Expert (8 x 45 min)

Management and implementation of the OSSTMM model in the cybersecurity of the organization
• Definitions and vocabulary: Looking at security from an OSSTMM perspective by standardizing vocabulary
• OSSTMM security strategies
o Plan elements.
o What we want to achieve
o Reaching a goal
o What our operations are supposed to look like o What is achievable
• OSSTMM security testing – tactics and metrics
OSSTMM as a modern OODA loop in cybersecurity
Strategy versus operations
• Interaction controls
o Managing your interactions with us and your assets
o Operational control in various cyber environments
o Study any interaction
• Testing Principles
o Principles of cyberspace patrolling
o Observation, inspection, tool readiness, communication, appropriate response
o Principles and skills needed to conduct safety tests