Barikat Academy provides field and business-based training services to train and improve cyber security workforces of organizations.
1E-101Cyber Security Essentials12
This course is about fundamentals of cyber security. This is an introductory course where we define essential terms and concepts about technology and security. Internet technologies and weaknesses, information and information security, CIA Model (Confidentiality,Integrity,Availability) , AAA Model (Authentication, Access Control, Accounting), Authentication mechanisms, Strong password policies, Hacker profiles, Attack methods, Defense mechanisms and technologies

2E-102Hacker Tools and Techniques11
This course is about hacker tools and techniques. It helps to understand attackers point of view. During the course we will explain modern attack vectors and give an hands-on experiense in finding vulnerabilities and attacking systems. Main topics are: Modern information technologies and weaknesses, history of hacking, hacker types, attack methods (sniffing, interception, denial of service, modification, authentication bypass), applying methods to different IT fields. Local network attacks, internet based attacks, host based attacks, web application attacks, social engineering attacks, popular hacker tools.

3E-103Cyber Defense Technologies11
This course gives insight to tools, products and methodologies to be used in cyber defense. Main topics: Fundamental defense techniques, prevention, detection, response methods, cyber defense product categories (firewall, IDS/IPS, Application firewall, DLP, DDoS protection, Log managamanet/SIEM, etc.), Secure network topologies, designing and securing IT systems

4E-104System Security Audit11
This course provides knowledge and hands-on experiense about implementing and auditing secure configuration principles and hardening network devices, operating systems and business applications. Main topics: Essential definitions (vulnerability,exploit, hardening, audit, security checklist etc.) Hardening network devices, hardening windows and UNIX/Linux operating systems, secure configuration checklists, configuration audit tools. Auditing systems with audit tools (Nessus, Nmap NSE, CISecurity, MBSA)

5E-105Information Security Awareness for End Users11
Attendees of this course will become familiar with basics of information security and and will enhance their awareness about importance of corporate information security measures. Main topics: role of user in information security, authentication methods, password security, e-mail security, internet access security, virus and malware protection, data backup, social media security, modern attack vectors to end users and countermeasures.

6E-201Network Security23
This course delivers knowledge, insight and hands-on training needed to defend network infrastructure against attacks. Main topics: TCP/IP and network protocols, internet security protocols ( SSL/TLS, VPN, IPSec, PGP/GPG, PKI). Local area and internet based network attacks, network attacks tools, Hardening network devices (router, switch, access point etc.). Network security tools and products, Secure network topologies.

7E-202Windows Security23
Course includes theoretical knowledge and hands-on training needed to defend Microsoft Windows based systems. Main topics: MS Windows operating systems and security features, windows authentication mechanisms, file and folder permissions, patch managament, Active Directory and security features, securing windows server services (DNS, DHCP, IIS, PKI, MSSQL etc..), security configuration audit, windows operating system ans services hardening, Automating operations with Powershell.

8E-203Linux security23
Course provides knowledge and hands-on training needed to harden UNIX/Linux based operating systems and services. Main topics: Linux fundamentals,secure setup,file and folder permissions and access control, user access control, system log configuration, security hardening tools, automating security and hardening with shell scripts and Python.

9E-204Database Security22
This course provides knowldge and hands-on experience about security mechanisms and hardening of popular database managament systems like MySQL, PostgeSQL, MSSQL and Oracle. Main topics: database concepts, identity control, access control lists, database security audits, securing remote access, backup and restore, DB hardening, log managament and access control

10E-205Virtualization Security22
Course provides insight and hands-on experience about popular virtulazation and private cloud platforms. Main topics: virtualization concepts and popular platforms, virtualization system components, secure virtualization network architecture, attacks on virtual infrastructure, hardening virtulization components, log managament and monitoring, security policies and audit.

11E-206VoIP Security22
This course provides knowledge and hands-on experience about VoIP and internet based Multimedia systems security. Main topics: VoIP system components and protocols, secure voip system architecture, VoIP attacks methods and tools, Attacking signalling protocols, attacking media protocols, Auditing and hardening VoIP components, monitoring VoIP security

12E-207DDoS Attacks and Protection21
Course helps to understand the nature of DDoS attacks and provides necessary skills to defend against these attacks. Main topics: Internet infrastructure and design problems, widespread internet protocols and their weaknesses, DoS/DDoS concepts (DoS, DDoS, botnet, fastflux, SYN flood, IP spoofing etc.) DDoS attacks at each TCP/IP layer, DDoS simulation with open source tools, DDoS prevention products, Hardening operationg systems and applications against DDoS, DDoS case studies and attack analysis, Large scale DDoS attack examples.

13E-301Secure System and Network Design32
This course helps security professionals to design and implement secure network architectures. Main topics: Network based attacks, secure network design principles and standarts, network security components, secure network architecture examples, case study: desing and implement network security principles in example organization.

14E-302Network Penetration Testing and Ethical Hacking34
Course helps to obtain hacker point of view to attack IT systems and gives insight to technical and management processes of penetration tests and ethical hacking. Main topics: Essentials concepts, penetrations test project phases and administrative process, pentest technical workflow, information gathering and recon, vulnerability discovery and analysis, exploitation, post-exploitation and pivoting, social engineering attacks, pentest reporting, common pentest tools (Nmap, Nessus, Metasploit, Nexpose, SET, Hping3, Kali Linux tools)

15E-303Web Application Security34
This course helps security professionals to assess and defend web applications in corporate environment. Main topics: Common web technologies and their security properties, OWASP Top10 vulnerabilities, Information gathering, configuration managament, authentication, authorization and identity managament, session managament, input validation, error handling, cryptography, business logic testing, Web Application testing tools (Burp Suite, Netsparker, Accunetix, w3AF, Nikto, etc.)

16E-304Scripting for Security Professionals32
Course is build to help security professionals automate and speed up their operations in Linux and Windows environments. Scripting in Windows environment, Batch script and Powershell features, scripting in Linux environment, bash script and Python features. Scripting for penetration testing, automating incident response tasks, automating audit and log analysis, automating system hardening.

17E-401Building a Computer Securıty Incident Response Team41
Course gives necessary information to build Computer Emergency Response Team (CERT) in your organization. Main topics:CERT concepts,CERT history, CERT building steps, responsibilities of CERT team, operational elements of CERT.

18E-402Log Managament42
Course provides information and hands-on experience about log managament tools and mechanism. Main topics: Log managament concepts, National and international standarts and regulations (5651, PCI, SOX, ISO 27001), Log formats, log collection methods, central log collections systems,configuring log settings in network devices,Windows and Linux operating systems, databases and applications. log analysis tools and products, log analysis and attack detection. Case study: implementing central log managaent in example organization.

19E-403Attack Detection with SIEM42
Course helps security professionals understand SIEM technology and use is to detect and defend enterprise envrionment against cyber attacks. Main topics: Log managamanet, SIM/SEM/SIEM concepts, SIEM system components, SIEM ınstallation steps, Data collection, Data integration and normalization, Correlation and attack detection methods, incident handling and reporting,Case study:implementing SIEM for example organization, detecting sophisticated attacks and APTs with SIEM

20E-404Incident Response42
Course provides knowledge and hands-on experience about computer incident response tools and techniques. Main topics: IR terms and definitions, incident response workflow, communication managament, digital evidence gathering and chain of custody, coordination with other CERTs and USOM, incident response case studies,

21E-405Digital Forensics44
Course helps attendees conduct computer forensic analysis using modern tools and techniques. Main topics: incident response steps, digital evidence gathering process, extracting infromation from different computer components (RAM, Hard disk, slack space, etc.) , filesystem internals, forensic analysis tools, conducting forensic analysis on digital evidence, legal considerations and presenting evidence to courts.

22E-406Malware Analysis Tools and Techniques42
Course provides insight about malware methods of operation and analysis methods. Main topics: RAM and CPU internals,Assembly language, Windows operating systems concepts (process, thread, memory, registry, handle etc.) Malware analysis tools, malware families, analysis methods, static analysis, dynamic analysis, static and dynamic analysis prevention methods, web malware analysis, malicious office document analysis.

23E-407Exploit Development43
Course provides knowledge and hands-on experience about exploit development process. Main topics:Essential terms about exploitation (debugger, assembly, fuzzing, crash, vulnerability, exploit, payload, shellcode). Computer and Operating system internals, CPU Registers, Memory architecture, x86 architecture, Buffer overflow, heap oveerflow and spraying, SEH and SEH overflow, Format string vulnerabilities, protection mechanisms and bypass methods, DEP bypass, ASLR bypass, Microsoft EMET, Trapmine and other protection tools.

24E-408Secure Software Development42
Course attendees will learn about foundations of secure software principles, secure software methodologies, secure software design and development, threat modelling, secure software tests

25E-501ISO 2700152
Course provides knowledge about establishing corporate information security managament system (ISMS) based on ISO 27001 standard. Main topics: ISMS definition, Plan-Do-Check-Act process, Risk assessment methodologies,

26E-502ISO 27002 : Implementation52
Course provides knowledge about implementing ISO27002 controls in corporate ISMS.

27E-601Cyber Security For Managers61
Attendees will obtain information about the fundamental concepts of information security management and overall fuctioning of ISMS. Main topics: ISMS concepts, information security and business processes relationship, cyber workforce management, outsourcing cyber security, current threat landscape and effects on business processes, cyber defense mechanisms, information security organization, policy and procedures, penetration tests and security audits, digital forensics and incident response (DFIR) and building CERT team.