Trainings

The best security strategy is to train and develop your team to be ready for an ever-changing security world. In order to defend an environment one must understand how attackers work, think and operate, what to look for and how to turn that knowledge into resilience. To help grow and develop experts we are offering insights and guidance about various topics and aspects of IT security in three different training formats.

Three different formats

TRAINING
All Items
Talks
Workshop
Training
workshopAdvanced Burp Suite: Create Custom Extensions

Assessing modern web applications can be a challenge. Burp Suite, the industry standard assessment tool, offers integrated extensions that facilitate the assessment process. This hands-on workshop will teach how to write a custom Burp Suite extension in Python.

Attendees
2 - 10
Duration
4h
Location
Remote or onsite
Learn more
trainingBreaking Active Directory

Explore the insights of attacking an Active Directory environment, learn common attack paths and dive into the position of an attacker exploiting and laterally moving in a realistic environment. Throughout a 3-day course the participants will be guided from exploring a typical environment to take full control of the network with persistent access.

Attendees
5 - 12
Duration
3 days
Location
Onsite
Learn more
workshopCI/CD and Supply Chain Security

Besides their many advantages, heavy reliance on external (open source) dependencies as well as continuous integration and deployment (CI/CD) in modern software development have introduced many new threats to the software supply chain. As a result, the number and impact of supply chain attacks have increased dramatically in recent years. The workshop reviews potential attack vectors and provides practical measures to protect modern applications.

Attendees
5 - 20
Duration
4h
Location
Remote or onsite
Learn more
workshopContainer and Kubernetes Security

Containers and Kubernetes have become cornerstones of modern software development. The workshop dives into common attack vectors and practical mitigations to secure containerized applications in Kubernetes clusters.

Attendees
5 - 20
Duration
4h
Location
Remote or onsite
Learn more
talkCryptography for Software Engineers

Cryptography for Software Engineers is for IT professionals whose needs for dealing with cryptography exceeds using https for their webserver. The talk will focus mainly on symmetric cryptography and highlight common pitfalls along a practical example project.

Attendees
1 - 20
Duration
2h
Location
Remote or onsite
Learn more
workshopDNS Introduction + Security Issues and Solutions (DNSSEC)

The workshop begins with an introduction to the Domain Name System (DNS) which is used in the Internet to map domain names onto IP addresses and other data. Participants will learn about the basic concepts and the limitations of DNS, in particular with respect to integrity guarantees. We will then explore how these issues can be addressed using DNS Security Extensions (DNSSEC), and show with practical examples how to properly configure a modern DNSSEC deployment.

Attendees
2 - 12
Duration
4.5h
Location
Remote or onsite
Learn more
talkIT security in a nutshell! - How does it work and why you should care

How does IT security actually work? What are the economics of it? How are cyber attacks executed and by whom? And what is the big deal of a small phishing email anyways? An awareness talk to better embrace IT security and understand that all of us are responsible for it.

Attendees
10 - 100
Duration
2h
Location
Remote or onsite
Learn more
trainingInfrastructure Security 101

Attendees
1 - 10
Duration
2 days
Location
Remote or onsite
Learn more
workshopSecure Coding

A programming language agnostic workshop on best practices to develop secure web applications and APIs. Some common attacks are shown and it is possible to get your hands dirty by following along on your own machine.

Attendees
5 - 20
Duration
4h
Location
Remote or onsite
Learn more
talkSocial Engineering and Awareness

This awareness talk is meant to bring attention to social engineering attacks, such as e-mail and phone based phishing, which continue to be high risk threats against companies of all sizes.

Attendees
5 - 50
Duration
1h
Location
Remote or onsite
Learn more
workshopWeb Application Security 101

This workshop is an introduction into attacking Web applications. The attendees will be placed into the position of an attacker and guided through an attack chain in order to break into a targeted web application. The goal of this Workshop is to make first experiences from an attacker's perspective, understand the security implications of bad design decisions and develop ideas on how to subvert security and access controls.

Attendees
3 - 10
Duration
4h
Location
Remote or onsite
Learn more

Contact for Trainings

TALK TO OUR EXPERTS
Bastian Kanbach
Senior Security Consultant
Bastian is part of our Offensive Security Team delivering tailored security assessments and Red Team exercises that fit the requirements of our clients. He specializes in network and infrastructure security.
bastian.kanbach@securesystems.de