top of page
04 STM Academy Mural previev.jpg

TRAINING FOR LOCAL GOVERNMENT

Our training offer is addressed not only to IT specialists but also to management staff and every employee of the organization who, due to their professional duties, has contact with the ICT infrastructure or part of it. After completing each training, participants receive certificates confirming the acquisition of competencies in their subject area. 

​

​

Are you interested in the offer?

Please write to us!

[email protected]

They say that the best defense is attack, which is also the assumption of cybersecurity experts.

To maintain a high level of safety in the work environment, it is necessary to know the threats we may encounter in everyday life.

Sometimes, all it takes to cause serious breaches is one small click made by an employee who is unprepared for the threats common in the everyday world.

Training participants will be able to become familiar with the tools and methods used by criminals, learn the basics of the Linux operating system, and find out where an attacker will look for an entry point into an office infrastructure based on Microsoft Windows.

After learning all of the material, participants will not only be able to increase their overall level of security. Still, they will also gain the knowledge required to "put out the fire" started by attackers. They will learn techniques that will allow them to effectively train staff to minimize the risks resulting from the omnipresent human factor. All this under the supervision of world experts in the field of cybersecurity.

Cybersecurity training is an investment that protects the data, finances and image of your local government.

01

Resident Data Protection

Sensitive citizen data is a target for hacker attacks. Training helps identify and protect against threats.

02

Ransomware Attack Prevention

Ransomware attacks can paralyze the functioning of offices. Knowledge of

cybersecurity allows you to effectively counteract such incidents.

03

Safe Remote Work

Remote work has become the norm. Training teaches how to safely use the network and online resources, minimizing risk data leaks.

04

Compliance with Regulations

Data protection is regulated by law (e.g. GDPR). Training helps you meet legal requirements and avoid penalties.

05

Building Public Trust

Adequate security measures show the residents that their the data is in good hands, what builds trust in offices and institutions.

PRACTICAL CYBERSECURITY

1. BASIC SKILLS

 

- Most important command line commands

- Bash basics

- Client-Server model

- Most important network protocols

- Data transfer techniques

- Reverse remote shells

- Bind remote shells

- Interactive shells

​

2. WINDOWS SECURITY

​

- File permissions

- User rights

- LOLBAS documentation

- User Account Control mechanism

- "Unquoted Service Path" vulnerability class

- Network services with insecure default configuration

- Privilege escalation using Potato family exploits

- Privilege escalation using Google Project Zero tools

​

 

3. INTRODUCTION TO PENTESTING

 

- Network scanning

- HTTP protocol and proxy servers

- Remote code execution

- Automatic privilege escalation

- "Network pivoting"

- Detection Backdoors

- Vulnerability Reporting

​

 

4. WEB APPLICATION SECURITY

 

- Enumeration​

- Password security​

- Command injection

​- Client-side security

​- File upload security

​- SQL Injection​

- Template Injection

​- XML external entity injection

​- Cross-site scripting

​- Cross-Site Request Forgery

​- Local file inclusion

​- Remote file inclusion

​

 

5. ESCALATION OF POWERS

 

- Incorrectly Set File Permissions

- Incorrectly Configured Sudo

- Incorrectly Configured Cron Tasks

- Incorrectly Configured Local Services

- Privileged Containers

- Outdated Operating Systems

 

 

6. LOCAL EXPLOITATION

 

- Attributes SUID and "capabilities"

- Recovering "hardcoded" data

- Buffer overflows (without assembly)

- Dangerous environment variables

- Side-channel attacks

- Signal manipulation

- Using symlinks

- File descriptor inheritance

 

​

Report to us!

Thank you for reporting!

I consent to the processing of personal data provided in the form in accordance with the Personal Data Protection Act for the purpose of:

I have been informed that providing the telephone number is voluntary, but necessary to respond to the contact request and that I have the right to access, change, delete, and stop processing the data. The administrator of personal data is STM Academy Sp. zoo. with its registered office at ul. Å»wirki i Wigury 16a, 02-092 Warsaw. You can find the Information Clause on page

bottom of page