top of page
dron cyberbezpieczenstwa stm-academy

TRAININGS FOR UNIVERSITY STUDENTS
 

Due to the specific nature of our business and applicable regulations, we only accept applications from candidates who meet the requirements to work in the European Union.

START YOUR CAREER IN THE CYBERSECURITY INDUSTRY!

Our goal is to provide you with knowledge and experience so that after graduating from STM Academy you can start your first job in the cybersecurity industry.

​

Over 24 lessons, we will guide you step by step through a hands-on cybersecurity course. You can see the details of the program below.

 

Our course runs stationary on weekends in Warsaw at Campus Business Garden at ul. Żwirki i Wigury 16a.

​

Classes are held in a room equipped with the necessary equipment for each participant. There are two lecturers for each group - the main and the supporting. Groups may not exceed 20 people.

​

Classes are held on our proprietary cyber range platform -hackingdept. You will have access to it 24/7 during the training and 30 days after completing the course.

​

The condition for participating in STM Academy is a short entrance exam, so we know that you will cope with our classes. 

The exam aims to verify the student's basic skills, in particular logical thinking, independent search for information, and the ability to acquire new knowledge.

Taking part in the exam is free and there is no time limit.

​

After completing the course, there will be a final exam, after which you will receive a certificate of completion of the cybersecurity course at STM Academy.

​

If one of our business partners or our company STM Cyber employs you, we will refund the cost of the training.

​

The total cost of the training is PLN 3,000. (price only for students).

The third edition of the course begins in September 2025.

profesor cybersecurity stm-academy

MODULES

01

Red Teaming
Examples and stories from the work of a pentester.
Planting malicious devices.
Phishing campaigns.
Using malware in testing.

02

Fundamentals
Basics of Linux systems.
Coding.
Symmetric cryptography.
Asymmetric cryptography.
Terminals, shells, commands, file permissions.
Network protocols and file transfer.
Remote shells.
Backdoor detection.

03

Beginner's Path
Enumeration of network services.
The most popular attacks on web applications, including: SQL Injection, XSS, and CSRF.
Escalation of privileges using configuration errors.
Escalation of privileges using programs with the SetUID attribute.

04

Sample Recruitment Tasks
A set of recruitment tasks used by HackingDept in the past.
Man in the Middle.
Web application security.
Security of Linux systems.
Windows security.
Detection and exploitation of known CVE vulnerabilities.

05

Network Pivoting
Local SSH tunnels, remote SSH tunnels, socks proxy.
Starting an SSH server without administrator privileges.
Routing tables.
Iptables rules.
NAT Configuration
Port forwarding.

06

Frontend Security
Same Origin Policy.
Cross-Origin Resource Sharing.
Security and cookie attributes.
Security headers.

07

Windows Security
LOLBAS documentation.
Permissions on Windows systems.
Services and exploits from the Potato family.
Unquoted Service Path vulnerability.
Google Project Zero tools.

08

Netwars

Replay and walkthrough (48-hour Time2Hack competition).

Fifteen virtual machines to solve.
Network pivoting through four network segments.
Windows domain, Active Directory.
Gitlab, Runner, CI/CD.
Printer.

09

Computer Architecture
Assembly language, registers, memory, stack.
Operating systems, processes, and virtual memory.
Process memory layout: program code, static data, stack, heap.
Basics of using errors in 16-bit, 32-bit and 64-bit programs.

10

Malware Analysis
Static analysis.
Dynamic analysis.
Transparent HTTP proxy.
API monitoring.
Defining Indicators of Compromise.

11

Frida - Instrumentalization
Viewing parameters and values returned by selected functions.
Modification of the operation of specific program fragments.
Bypassing Certificate Pinning mechanisms.

12

WiFi Security
Discussion and execution of attacks on wireless networks.
WPA2/3 Personal.
WPA2/3 Enterprise.

13

Advanced Low-level Exploitation
Bypassing DEP/NX.
Bypassing Stack Canary.
Bypassing RELRO.
Bypassing ASLR.
Return Oriented Programming.

14

Complementary Exercises
Additional sets of tasks on all previously discussed topics, consolidating the acquired knowledge.

15

Exam
Data coding - 5 tasks.
Cryptography - 5 tasks.
Web Security - 5 tasks.
Linux systems - 5 tasks.
Windows systems - 5 tasks.
Reverse Engineering - 5 tasks.

formularz studenci
Join us!

Thank you for reporting!

I consent to the processing of personal data provided in the form in accordance with the Personal Data Protection Act for the purpose of:

I have been informed that providing the telephone number is voluntary, but necessary to respond to the contact request and that I have the right to access, change, delete, and stop processing the data. The administrator of personal data is STM Academy Sp. zoo. with its registered office at ul. Å»wirki i Wigury 16a, 02-092 Warsaw. You can find the Information Clause on page

bottom of page