top of page
dron cyberbezpieczenstwa stm-academy



Our goal is to provide you with knowledge and experience so that after graduating from STM Academy you can start your first job in the cybersecurity industry.

Over 24 lessons, we will guide you step by step through a hands-on cybersecurity course. You can see the details of the program below.


Our course runs stationary on weekends in Warsaw at Campus Business Garden at ul. Żwirki i Wigury 16a.

Classes are held in a room equipped with the necessary equipment for each participant. There are two lecturers for each group - the main and the supporting. Groups may not exceed 20 people.

Classes are held on our proprietary cyber range platform -hackingdept. You will have access to it 24/7 during the training and 30 days after completing the course.

The condition for participating in STM Academy is a short entrance exam, so we know that you will cope with our classes. 

The exam aims to verify the student's basic skills, in particular logical thinking, independent search for information, and the ability to acquire new knowledge.

Taking part in the exam is free and there is no time limit.

After completing the course, there will be a final exam, after which you will receive a certificate of completion of the cybersecurity course at STM Academy.

If one of our business partners or our company STM Cyber employs you, we will refund the cost of the training.

The total cost of the training is PLN 3,000. (price only for students).

The second edition of the course begins January 2024.


grafika dron Stm-academy


1. Introduction

Penetration testing theory. Examples from the life of a pentester. Defining the purpose of the classes.

2. Setting up the environment, exercises

Usual tools from a hacker's point of view (Wget is missing on Windows? So what if replace.exe is there!).


3. First Blood / First Pentest

The first set of machines to be hacked. Taking full control over two servers.

4. How to approach the subject professionally?

Take control of servers in a sophisticated way. Error reporting. Explaining the HTTP protocol.


5. Security of web applications part. 1 Most popular attack methods

Practical examples of the most popular attacks. Among others: locating resources, cracking weak passwords, injecting commands, uploading web shells, manipulating client-side data, and deobfuscation of obfuscated code.

6. Security of web applications part. 2 Most popular attack methods continued

Practical examples of the most popular attacks. Among others: SQL injection, Template Injection, XSS, not updated WordPress.


7. Security of web applications part. 3 Authentication and Authorization

Authentication and authorization mechanisms. Session management. Cookie security. Unauthorized access to resources.

8. Security of web applications part. 4 Databases

SQL, NoSQL databases, and directory services. Database attack methods.


9. Security of web applications part. 5 Client-side security

Overview Same-Origin Policy, Cross-Origin Resource Sharing, Content Security Policy, security headers. Examples of Cross-Site Scripting, Cross-Site Request Forgery attacks.

10. Network pivoting part. 1

Practical examples of using socks proxies and proxy chains to access internal networks.


11. Network pivoting part. 2

Practical examples of using SSH tunnels, routing, iptables, and NAT to gain access to internal networks.

12. Linux - local privilege escalation part. 1

Discussing the security of Linux systems and their weakest points. Practical examples using tools for automatic detection of incorrect system configuration.


13. Linux - local privilege escalation part. 2

A detailed description of process permissions (real vs. effective vs. saved IDs). Practical examples using an application with the Set-UID or Set-GID attribute set.

14. Linux - local privilege escalation part. 3

Practical examples of attacking old kernel versions and exploiting known vulnerabilities.


15. Windows - local privilege escalation part. 1

Windows security overview. Automatic vulnerability detection tools. Potatoes family exploits.

16. Windows - local privilege escalation part. 2

Advanced examples of vulnerability detection and exploitation.


17. Computer architecture

Overview of computer architecture in terms of security. RAM, virtual memory, executables, processes, stack, heap. Basics of the assembly language.

18. Binary exploitation - 16 bit

Examples of exploitation of 16-bit applications. Buffer overflow, return address overwrite, code reuse, shellcode.


19. Binary exploitation - 32-bit part. 1

Examples of exploitation of 32-bit applications. Buffer overflow, return address override, code reuse, shellcode, ret2libc.

20. Binary exploitation - 32-bit part. 2

Discussion of protections against exploitation and ways to bypass them: ASLR, PIE, NX/DEP, Stack Canary.


21. Binary exploitation - 64 bit

Examples of exploitation of 64-bit applications. Practical use of the return-oriented programming technique.

22. Summary

Summary of the acquired knowledge. Additional Supplementary Examples.


23. Final Boss - test part. 1 - Linux

Individual solving of final tasks to test the acquired skills. Finally, a common solution and discussion.

24. Final Boss - test part. 2 - Windows

Individual solving of final tasks to test the acquired skills. Finally, a common solution and discussion.

formularz studenci
Join us!

Thank you for reporting!

I consent to the processing of personal data provided in the form in accordance with the Personal Data Protection Act for the purpose of:

I have been informed that providing the telephone number is voluntary, but necessary to respond to the contact request and that I have the right to access, change, delete, and stop processing the data. The administrator of personal data is STM Academy Sp. zoo. with its registered office at ul. Żwirki i Wigury 16a, 02-092 Warsaw. You can find the Information Clause on page

profesor cybersecurity stm-academy
bottom of page