ACTIVITIES FOR UNIVERSITY STUDENTS,
HIGH SCHOOLS AND TECHNICIANS
START YOUR CAREER IN THE CYBERSECURITY INDUSTRY!
Our goal is to provide you with knowledge and experience so that after graduating from STM Academy you can start your first job in the cybersecurity industry.
​
Over 24 lessons, we will guide you step by step through a hands-on cybersecurity course. You can see the details of the program below.
Our course runs stationary on weekends in Warsaw at Campus Business Garden at ul. Żwirki i Wigury 16a.
​
Classes are held in a room equipped with the necessary equipment for each participant. There are two lecturers for each group - the main and the supporting. Groups may not exceed 20 people.
​
Classes are held on our proprietary cyber range platform -hackingdept. You will have access to it 24/7 during the training and 30 days after completing the course.
​
The condition for participating in STM Academy is a short entrance exam, so we know that you will cope with our classes.
The exam aims to verify the student's basic skills, in particular logical thinking, independent search for information, and the ability to acquire new knowledge.
Taking part in the exam is free and there is no time limit.
​
After completing the course, there will be a final exam, after which you will receive a certificate of completion of the cybersecurity course at STM Academy.
​
If one of our business partners or our company STM Cyber employs you, we will refund the cost of the training.
​
The total cost of the training is PLN 3,000. (price only for students).
The second edition of the course begins January 2024.
LESSON PLAN
13-14.01.2024
1. Introduction
Penetration testing theory. Examples from the life of a pentester. Defining the purpose of the classes.
2. Setting up the environment, exercises
Usual tools from a hacker's point of view (Wget is missing on Windows? So what if replace.exe is there!).
20-21.01.2024
3. First Blood / First Pentest
The first set of machines to be hacked. Taking full control over two servers.
4. How to approach the subject professionally?
Take control of servers in a sophisticated way. Error reporting. Explaining the HTTP protocol.
27-28.01.2024
5. Security of web applications part. 1 Most popular attack methods
Practical examples of the most popular attacks. Among others: locating resources, cracking weak passwords, injecting commands, uploading web shells, manipulating client-side data, and deobfuscation of obfuscated code.
6. Security of web applications part. 2 Most popular attack methods continued
Practical examples of the most popular attacks. Among others: SQL injection, Template Injection, XSS, not updated WordPress.
2-3.03.2024
7. Security of web applications part. 3 Authentication and Authorization
Authentication and authorization mechanisms. Session management. Cookie security. Unauthorized access to resources.
8. Security of web applications part. 4 Databases
SQL, NoSQL databases, and directory services. Database attack methods.
9-10.03.2024
9. Security of web applications part. 5 Client-side security
Overview Same-Origin Policy, Cross-Origin Resource Sharing, Content Security Policy, security headers. Examples of Cross-Site Scripting, Cross-Site Request Forgery attacks.
10. Network pivoting part. 1
Practical examples of using socks proxies and proxy chains to access internal networks.
16-17.03.2024
11. Network pivoting part. 2
Practical examples of using SSH tunnels, routing, iptables, and NAT to gain access to internal networks.
12. Linux - local privilege escalation part. 1
Discussing the security of Linux systems and their weakest points. Practical examples using tools for automatic detection of incorrect system configuration.
23-24.03.2024
13. Linux - local privilege escalation part. 2
A detailed description of process permissions (real vs. effective vs. saved IDs). Practical examples using an application with the Set-UID or Set-GID attribute set.
14. Linux - local privilege escalation part. 3
Practical examples of attacking old kernel versions and exploiting known vulnerabilities.
6-7.04.2024
15. Windows - local privilege escalation part. 1
Windows security overview. Automatic vulnerability detection tools. Potatoes family exploits.
16. Windows - local privilege escalation part. 2
Advanced examples of vulnerability detection and exploitation.
13-14.04.2024
17. Computer architecture
Overview of computer architecture in terms of security. RAM, virtual memory, executables, processes, stack, heap. Basics of the assembly language.
18. Binary exploitation - 16 bit
Examples of exploitation of 16-bit applications. Buffer overflow, return address overwrite, code reuse, shellcode.
20-21.04.2024
19. Binary exploitation - 32-bit part. 1
Examples of exploitation of 32-bit applications. Buffer overflow, return address override, code reuse, shellcode, ret2libc.
20. Binary exploitation - 32-bit part. 2
Discussion of protections against exploitation and ways to bypass them: ASLR, PIE, NX/DEP, Stack Canary.
27-28.04.2024
21. Binary exploitation - 64 bit
Examples of exploitation of 64-bit applications. Practical use of the return-oriented programming technique.
22. Summary
Summary of the acquired knowledge. Additional Supplementary Examples.
11-12.05.2024
23. Final Boss - test part. 1 - Linux
Individual solving of final tasks to test the acquired skills. Finally, a common solution and discussion.
24. Final Boss - test part. 2 - Windows
Individual solving of final tasks to test the acquired skills. Finally, a common solution and discussion.
