Site announcements

Ainda não existem tópicos de discussão neste fórum

Disciplinas disponíveis

SIEM & SOAR

Intruduction to BASH

Powershell for IT Admins

Know Metasploit

The Metasploit Framework makes discovering, exploiting, and sharing vulnerabilities quick and relatively painless.

Starting with Framework essentials you’ll progress to advanced methodologies aligned with the Penetration Test Execution Standard (PTES). 

Security Awareness for users

Security Awareness Training for daily users. 

Understand the importance of cybersecurity and how users play a critical role in keeping data secure.

In this workshop the user will understand the best practices and how to become more resilient to attacks. 

The user will gain:

  1. Awareness on the best practices that he needs to follow up to improve his security while using digital systems.
  2. Knowledge of the latest tecniques on multiple people attacks and how to respond to them. 
  3. Understand how to react in case of compromize. 

Intro to XSOAR

This comprehensive training on Palo Alto Networks Cortex XSOAR (formerly Demisto) will empower security professionals to automate, orchestrate, and accelerate security operations like never before.

XSOAR is a powerful security orchestration, automation, and response (SOAR) platform that integrates disparate security tools, streamlines workflows, and provides real-time incident response capabilities to enhance the efficiency and effectiveness of security teams.

Throughout this course, participants will dive deep into XSOAR’s core functionalities, learning how to automate repetitive tasks, build playbooks, and orchestrate cross-platform workflows to speed up incident detection and resolution.

The training will cover key features, including:

  • Incident Management: Streamlining investigation and remediation of security incidents across the entire lifecycle.
  • Automated Playbooks: Designing and deploying automated responses for common and complex security tasks, reducing response times and human error.
  • Threat Intelligence Integration: Using XSOAR to seamlessly integrate and enrich threat intelligence from multiple sources to enhance decision-making.
  • Collaboration & Communication: Using XSOAR’s collaboration features to enhance communication within security teams and with external stakeholders during incidents.
  • Reporting and Dashboards: Creating insightful reports and dashboards to monitor security performance and improve response capabilities.

This course is ideal for SOC analysts, security engineers, and anyone looking to maximize their use of Cortex XSOAR to streamline security operations.

By the end of the training, participants will have the knowledge and hands-on experience to configure and customize XSOAR to meet the specific needs of their organization’s security operations, driving efficiency and improving threat response capabilities.

Wifi Fundamentals

Wireless fundamentals. 

The objective of this training is to explain the multiple options to implement and use wireless networks. 

Choosing the correct implementation to the context where it is needed can improve greatly the security and efficiency of the wireless network. 

When this training is finished you would be able to understand:

  1. Differences between the multiple wireless systems
  2. Differences between the multiple protocols
  3. Differences in security
  4. Differences in access controls

Protecting Your Online Privacy: Practical Strategies for the Digital World

To equip participants with the knowledge and skills to understand digital privacy risks and implement practical measures to protect their online presence.

Target Audience

  • General public (non-technical)

  • Students and educators

  • Small business owners

  • Anyone concerned about online privacy

 

Course Structure

Duration: 1 to 2 days (can be adjusted for shorter formats)
Delivery Mode: Online (live or self-paced), or in-person workshop
Format: Lecture + Demonstration + Hands-on Activities + Q&A

Syllabus

Module 1: Introduction to Online Privacy

  • What is online privacy?

  • The value of your personal data

  • Real-world privacy breach examples

  • Understanding how data is collected (cookies, trackers, apps)

Activity: Use a browser extension to see how many trackers follow you on a common website.

Module 2: Threat Landscape & Risks

  • Common privacy threats: phishing, data leaks, fingerprinting

  • Who is tracking you and why?

  • Government surveillance and corporate data collection

Activity: Analyze your digital footprint using tools like Panopticlick or AmIUnique

Module 3: Core Principles of Digital Privacy

  • The "least privilege" principle

  • Data minimization

  • Consent and control over your data

Module 4: Browser and Web Privacy

  • Choosing a privacy-respecting browser

  • Hardening browser settings

  • Using privacy-focused search engines (DuckDuckGo, Startpage)

  • Blocking ads, trackers, and fingerprinting

Tools Covered:

  • uBlock Origin

  • Privacy Badger

  • HTTPS Everywhere

  • Brave / Firefox

Activity: Harden browser settings and install key extensions

Module 5: Privacy on Mobile Devices

  • App permissions and data collection

  • Android vs iOS: Privacy differences

  • Best practices for mobile privacy

Tools Covered:

  • App permission managers

  • TrackerControl (Android)

  • iOS privacy settings

Module 6: Protecting Your Identity Online

  • Strong, unique passwords and password managers

  • Two-Factor Authentication (2FA)

  • Avoiding social engineering

Tools Covered:

  • Bitwarden / KeePassXC

  • Authy / FreeOTP

  • Have I Been Pwned

Activity: Set up a password manager and enable 2FA

Module 7: Secure Communication

  • Email privacy (metadata, encryption, providers)

  • Private messaging apps

  • Voice & video call privacy

Tools Covered:

  • ProtonMail / Tutanota

  • Signal / Session / Element

  • PGP overview

Activity: Send an encrypted message with Signal or email via ProtonMail

Module 8: Private Browsing and the Deep Web

  • Incognito mode myths

  • VPNs vs Tor vs Proxy

  • How to safely use Tor

Tools Covered:

  • Mullvad / ProtonVPN

  • Tor Browser

Activity: Navigate .onion sites using Tor

Module 9: Reducing Your Digital Footprint

  • Deleting old accounts

  • Opting out of data brokers

  • Data minimization strategies

Activity: Find and remove personal data from people-search websites

Module 10: Maintaining Long-Term Privacy

  • Regular audits and hygiene

  • Staying updated on threats

  • Building privacy habits

Final Project / Workshop

  • Perform a personal privacy audit

  • Set up a "privacy-hardened" environment using learned tools

  • Create a personalized action plan

Deliverables

  • Privacy checklist (PDF)

  • Toolkit of recommended apps and browser extensions

  • Resource list (websites, forums, newsletters)

  • Certificate of completion (optional)

OSINT

  • Understand the fundamentals of OSINT.

  • Learn legal and ethical considerations.

  • Master the use of OSINT tools and frameworks.

  • Apply OSINT techniques in real-world scenarios.

Software Security Development Life Cycle

Operational Security (OPSEC): Protecting Critical Information in the Digital Age

Course Objective

To teach participants how to identify, assess, and mitigate risks associated with the unintentional leakage of sensitive information, both online and offline.

Target Audience

  • Individuals handling sensitive personal or professional information

  • Activists, journalists, researchers, and whistleblowers

  • Employees of organizations with intellectual property or confidential data

  • IT and security professionals

  • Students in cybersecurity or intelligence fields

Course Structure

Duration: 1 to 2 days
Format: Lecture + Case Studies + Exercises + Simulations
Delivery: Online or In-Person

Syllabus

Module 1: Introduction to OPSEC

  • What is OPSEC?

  • History and origin (military and intelligence roots)

  • Why OPSEC is critical in civilian, corporate, and digital environments

  • OPSEC vs InfoSec vs PERSEC

Case Study: Real-world OPSEC failure leading to a data breach or identity leak

Module 2: The OPSEC Process

  • Step 1: Identify critical information

  • Step 2: Analyze threats

  • Step 3: Analyze vulnerabilities

  • Step 4: Assess risk

  • Step 5: Apply countermeasures

Activity: Conduct a mini OPSEC process on a fictional organization or scenario

Module 3: Information Leakage Channels

  • Social media oversharing

  • Metadata and geolocation leaks

  • Email and document metadata

  • Physical security leaks (trash, conversations, habits)

Tools Demonstrated:

  • ExifTool (metadata)

  • Google Dorking basics

  • Maltego for OSINT

Activity: Extract and analyze metadata from a photo or document

Module 4: Personal OPSEC (PERSEC)

  • Digital footprint management

  • Personal threat modeling

  • Device security basics

  • Travel OPSEC and situational awareness

Checklist:

  • What you post

  • What you carry

  • What you allow to be known

Module 5: Digital OPSEC Tools & Techniques

  • Secure browsing, encrypted communications

  • Burner phones & anonymous identities

  • Virtual machines and sandboxing

  • Using Linux distros for anonymity (Tails, Qubes)

Hands-On:

  • Setup of Tails or Whonix

  • Using a VPN with Tor (safely)

Module 6: Social Engineering and Human Factors

  • Pretexting, phishing, and baiting tactics

  • How attackers gather info

  • Insider threats and unintentional leaks

Activity: Analyze a phishing campaign and identify OPSEC flaws

Module 7: Online Persona Management

  • Creating compartmentalized identities

  • Managing aliases and burner emails

  • OPSEC in forums, gaming, and social media

Activity: Build a secure online alias using proper practices

Module 8: Organizational OPSEC

  • Secure document handling

  • Work-from-home OPSEC

  • Insider threat mitigation

  • OPSEC policies and enforcement

Templates Provided:

  • OPSEC policy template

  • Employee awareness checklist

Module 9: Advanced Threats and Countermeasures

  • Surveillance and counter-surveillance basics

  • Tracking pixels and beacons

  • Supply chain OPSEC (hardware and software trust)

  • Counter-OSINT strategies

Tools Covered:

  • Email header analysis

  • Canary tokens

  • GQRX or SDR for RF monitoring (overview only)

Module 10: Final Exercise – Red vs Blue OPSEC Simulation

Participants are divided into two teams:

  • Red team attempts to gather critical information on a fictional target

  • Blue team implements OPSEC defenses and counters

Debrief: Analyze what information leaked, how it happened, and how to mitigate in future

Deliverables

  • OPSEC checklist (personal & organizational)

  • Digital footprint self-audit worksheet

  • Privacy tools & resources guide

  • Certificate of completion (optional)

Ofensive Penetration Testing Services

In this dynamic and engaging offensive security training course, participants will gain the critical skills and knowledge needed to identify, exploit, and defend against cybersecurity threats.

From vulnerability assessments to penetration testing, we will dive deep into the tools, methodologies, and best practices used by industry experts to simulate real-world cyberattacks.

Throughout this hands-on training, students will learn how to think like an attacker, utilizing ethical hacking techniques to uncover weaknesses in networks, systems, and applications.

They'll gain proficiency in reconnaissance, exploitation, post-exploitation, and reporting, while also learning how to leverage tools like Metasploit, Nmap, and more.

This course is designed for professionals eager to sharpen their offensive security skills and stay ahead of evolving cyber threats.

With real-world case studies, practical exercises, and live demonstrations, students will leave equipped with the expertise to take on the challenges of modern cybersecurity defense.

By the end of the course, participants will have a comprehensive understanding of offensive security tactics and techniques, and the ability to apply them to bolster security measures in their own organizations or personal projects.