BTS Internships

Tests d'intrusion

Philip FURCHE ( Promotion: BCYB21 )

Company: GovCert

46, rue du Château, L-6961 Senningen

Contact: Mike LORANG
Email: mike.lorang@govcert.etat.lu
Phone: 247 88978

Description:
• Participation aux tests d'intrusion (Exécution et documentation)
• Développement des outils internes.

Tools:
• Aider l’équipe pentest pendant toutes les phases de test d’intrusion. (Énumération, Exploitation, Post-Exploitation)
• Implémenter des outils d'automatisation et développer des nouvelles fonctionnalités pour des outils internes (Python3.x).

Period: 2023-04-03 – 2023-06-23

Tutor: Roger KRIES

No tags assigned.

Vulnerability audit and risk reduction

António Crescêncio GONCALVES TEXEIRA ( Promotion: BCYB21 )

Company: BCE

43, Bd Pierre Frieden, L-1543 Luxembourg

Contact: Xavier HERMES
Title: Security & Governance Manager
Email: xavier_hermes@bce.lu
Mobile: +352 621 694 522
Phone: 24 80 62 47

Description:
.

Tools:
.

Period: 1680480000 – 1682208000

Tutor: Serge DONDELINGER

No tags assigned.

SIEM migration, alert management and categorisation

Maxime BENOIT ( Promotion: BCYB21 )

Company: IQ-EQ

412F, Route d'Esch, L-1471 Luxembourg

Contact: Charlie CONTAL
Email: charlie.contal@iqeq.com
Phone: 466 111 1212

Description:
- Participer à la migration d'un SIEM
- Gérer certaines alertes et les catégoriser
- Entreprendre l'amélioration de certains process et outils

Tools:
- Triage d'alertes et compréhension des logs et contenus
- Compréhension des interfaces de gestion des outils de sécurité
- Gestion des filtres de spam et des protocoles DMARC
- Detection avancée des événements reliés à nos solutions E.D.R.

Period: 1680480000 – 1687478400

Tutor: Serge DONDELINGER

analysis and optimisation of the log centralisation system and verification using simulated attacks

Filipe ALVES COSTA ( Promotion: BCYB21 )

Company: Lu-CIX

202, ZAE Wolser F, L-3290 Bettembourg

Contact: Nicolas DEBEFFE
Email: nicolas.debeffe@lu-cix.lu
Phone: 28992992-80

Description:
Analyse et optimisation du système de centralisation des logs de LU-CIX et (vérification sur base de simulation d'attaques (pentests) :
• améliorer et étendre notre système SIEM (système des logs)
• réaliser des tests de pénétrations "pentests", entre autres sur l'infrastructure de Luxchat.

Tools:

Period: 1680480000 – 1687478400

Tutor: Roger KRIES

Structure and function of a SOC and event analysis

Aimeric PIERRET ( Promotion: BCYB21 )

Company: Thales Cyber Solutions

5 Rue Goell, L-5326 Contern

Contact: Vanhasith BOUNYAVET
Email: vanhnasith.bounyavet@thalesgroup.com
Phone: 621 547 242

Description:
Analyste d'alerte
Rédaction de procédures + présentations orales
Architecture réseaux
Travail en équipe : SOC analysts, ingénieurs, administrateurs

Tools:
Le stagaire sera amené à utiliser les technologies suivantes :
• SIEM
• Confluence

Period: 1680480000 – 1687478400

Tutor: Marc LUDWIG

Structure and function of a SOC and event analysis

Filipe DUARTE RODRIGUES ( Promotion: BCYB21 )

Company: Thales Cyber Solutions

5 Rue Goell, L-5326 Contern

Contact: Vanhasith BOUNYAVET
Email: vanhnasith.bounyavet@thalesgroup.com
Phone: 621 547 242

Description:
Analyste d'alerte
Rédaction de procédures + présentations orales
Architecture réseaux
Travail en équipe : SOC analysts, ingénieurs, administrateurs

Tools:
Le stagaiire sera amené à utiliser les technologies suivantes :
SIEM
Confluence

Period: 1680480000 – 1687478400

Tutor: Marc LUDWIG

General cybersecurity security audit and élaboration of a basic security governance

Noah BARTOCCI ( Promotion: BCYB21 )

Company: Sudcal SA

11, rue de Luxembourg, L-4220 Esch-sur-Alzette

Contact: Luca DORIGO
Email: luca.dorigo@sudcal.lu
Phone: +45 42588998

Description:
Sudcal is a very small company that only recently started prioritizing digitalization. So far, we had relatively few resources to dedicate to ensuring compliance with security best practices.
The student will help assess the infrastructure we have already set up, and will contribute to addressing specific gaps in the security.

Tools:
The student's time will be distributed amongst the following four tasks, depending on our progress at the time of his internship and on his own preferences as to where to focus most efforts:
• Penetration test, both for our Linux server and for the network of the Boiler (which contains the automata that run our heat network).
• General "security audit"
• enumeration of all hosts and services we have running, review of security holes/bad practices, etc.
• Setting up ’Incident response" procedures
• Assisting in the deployment of our customer-facing website where clients can visualize their consumption, ensuring that they are properly authenticated and cannot gain access to restricted information

Period: 1680480000 – 1687478400

Tutor: Roger KRIES

Deployment of an event detection and alerting software to protect against DDoS attacks

Arno DONEUX ( Promotion: BCYB21 )

Company: Saashup

13, rue de Peppange, L-3378 Livange

Contact: Bertrand HOUIN
Email: bertrand@saashup.com
Phone: 0033 781270092

Description:
For the security project we would like to have great logging of Nginx and WAF (Web Application Firewall). Nginx plus is used as the reverse proxy and includes web application firewall, this firewall should protect the applications from DDos (Distributed Denial of Service), unauthorized usage, etc.. This Filtering should be logged inside another application, so that we can create alerting rules based on the event.

Tools:
Deployment of the alerting software and rules are deployed automatically with ansible
• An alert will be send to the team when there is a DDos Attack
• Create scripts to validate the alerts, which will do simulated attacks on the proxy

Nginx plus
• ELK/Greylog/Splunk
• Prometheus/Alertmanager
• Ansible
• Bash/Python

Period: 1680480000 – 1687478400

Tutor: Christian RODESCH

PoC for utilizing azure sentinel as SIEM and XDR system

Damir SEFEROVIC ( Promotion: BCYB21 )

Company: PM-International

15 Waistrooss, L-5445 Schengen

Contact: Hartwig BAUER
Email: hartwig.bauer@pm-international.com
Phone: 661 862 277

Description:
Define final scope of and setup PoC for utilizing azure sentinel as SIEM and XDR system.
Basic goals of PoC:
can PM
■ strengthen concepts of centrally available security state related information
■ foster security improvements from event/incident detection, event/incident response
■ benefit from extended capability of DR
with azure sentinel?

Tools:
Knowledge
Understand basic concepts and capabilities of SIEM (Security information and event management) and DR (Detection and Response)
Understand benefits of extended DR (XDR)
Understand basic concepts and setup of solarwind central logging
Understand azure sentinel's technical approach, benefits, cost and setup
Define PoC scope and goals

Skills
Create a basic setup in azure sentinel for the PoC including endpoints
• Windows 10 clients
• MacOS client
• FortiGate firewalls
• DELL N-Series switches
• Input from Solarwind log collection
• Syslog entries from SecurePoint Firewalls
Setup basic resources for azure sentinel
Connect endpoints into azure sentinel
Connect solarwind output into azure sentinel
Create standardized reports from azure sentinel resources

Prepare review of PoC results by PM Engineers and IT Management.

Period: 1680480000 – 1690070400

Tutor: Maurizio SPAGNUOLO

No tags assigned.

setting up a default protection against email spoofing

Ricardo MARTINS MARQUES ( Promotion: BCYB21 )

Company: adronh

11A, Avenue de la Porte-Neuve, L-2227 Luxembourg

Contact: Marlene EL KHOURY
Email: marlene.elkhoury@adronh.com
Phone: 661 411 285

Description:
<strong>Sujet 1 : Protection contre l’usurpation des emails. (1 mois)</strong>
Mission : le but du stage est de tester activement si un domaine de messagerie est correctement protégé, et générer des messages d’alertes.
Contexte : la plupart des sociétés doivent mettre en place une protection basée sur les protocoles SPF, DKIM, DMARC, BIMI.
Une fois mise en place, on n’est jamais sûr que tout fonctionne bien avant de subir une véritable tentative d’usurpation.
Le but du stage est de mettre en place une procédure qui permet de générer des mails d’usurpation sur le domaine étudié et de vérifier que le alertes arrivent bien.

<strong>Sujet 2: Sécurisation de Exchange Online et 365 collaboratif sur un testlab (2 mois).</strong>
Sécurisation des pièces jointes sensibles partagées par email.
Signature électronique des emails et des documents.

Tools:
Les étapes du travail :

Sujet 1:

1. Recherche/collecte d’information dans le but de comprendre ces concepts.
2. Mise en place sur un domaine de test
3. Recherche d’outil de tests de configuration (pour vérifier que les protocoles sont bien mis en place)
4. Tests actifs sur un domaine existant (générer un mail d’usurpation et vérifier qu’une alerte arrive bien)

Mots clé : SPF, DKIM, DMARC, BIMI, DNS, M365

Le travail se fera dans un environnement MS365.

Period: 1680480000 – 1687478400

Tutor: Serge DONDELINGER

improvement of IT/Cyber-Security efforts, compliance assessment

Rafael FERNANDES DE OLIVEIRA ( Promotion: BCYB21 )

Company: SES

Rue Pierre Werner, L-6815 Betzdorf

Contact no longer active.

Description:
Be part of the IT-Cyber-Security efforts for the Space Operations-Software Engineering (SOE) team. Contribute to the improvement of its IT/Cyber-Security efforts and risk reductions as it relates to the software development and maintenance activities for the Ground Control System (GCS) and associated Citrix systems (used as Bastion Hosts) used to fly 50+ satellites.

Tools:
• Review, assess and develop Policies and Procedures (P&P) related to SpaceOps/SOE Cyber-Security especially to ensure compliance with external Cyber-Security Standards (e.g. IA-Pre and ISO-27001.
• Meet, discuss, share and support implementation of unified Identity and Access Management (IAM) solution for SpaceOps systems.
• Familiarity with Scripting Languages (Powershell, bash, etc) to automate integration of GCS hosts.
• Review, discuss, asses and develop technical solutions for Window Event message forwarding to SES Logging/SIEM Solution (QRadar).

Period: 1680480000 – 1687478400

Tutor: Arlindo VELENTE

No tags assigned.

Vulnerability detection and DDoS protection in a cloud infrastrcuture

Joel OLIVEIRA AMORIM ( Promotion: BCYB21 )

Company: Gcore

2-4, rue Edmond Reuter, L-5326 Contern

Contact: Vayner VSEVOLOD
Email: vsevolod.vayner@gcore.com
Mobile: 691 130 571

Description:
The objective of this project is to deploy and manage a scalable and highly available Kubernetes cluster at the edge on bare metal servers. This will enable the student to develop skills in areas such as cloud computing, container orchestration, and edge computing.
Furthermore, the student will help us in pentesting and finding general vulnerability issues with an emphasis on our DDos Protection in the L4 Layer.
Additionally to pentesting, QA tsting will be part of the student’s project. The student will help QA testing Gcore’s integration of cybersecurity with the cloud.
We will also introduce the student to our new DDoS Protection Platform and teach him how to run performance tests on it.
These tasks will ensure that the student obtains a deeper understanding of cybersecurity processes in a large company and gains hand-on experience in different testing processes that have a value for the company, too.

Tools:
1. Pentesting: Find general vulnerability issues and report them to your supervisor.
Emphasis: Pentesting of DDoS protection in L4 layer
2. QA testing of our integration of the cybersecurity with our cloud
3. Initiate a performance test of Gcore’s new DDoS Protection Platform and prepare a detailed report.
4. Optional Project: Deploy a bare metal infrastructure for the Kubernetes cluster.
Install and configure a managed Kubernetes solution based on GCORE Cloud.
Set up networking and storage solutions for the cluster to ensure high availability.
Deploy and manage applications on the cluster using standard Kubernetes tools such as Helm and kubectl.
Monitor and maintain the cluster to ensure it remains scalable and available.

Period: 1680480000 – 1687478400

Tutor: Marc LUDWIG

Installation and configuration of a traffic analyser to detect DDoS attacks

Denim LATIC ( Promotion: BCYB21 )

Company: Restena

2, place de l’Université, L-4365 Esch-sur-Alzette

Contact: Jo HOFFMANN
Email: jo.hoffmann@restena.lu
Phone: 42 44 091

Description:
Some network anomalies can only be detected by analysing the traffic passing through it.
Technologies like netflow and IPFIX sample traffic passing through network equipment in real time and send aggregate statistics to a central node. Besides storing the data, the central node also evaluates the data along different kinds of parameters and metrics.
A project within GEANT has developed such an evaluation tool (NeMo) with a focus on detecting DDoS attacks.
The aim of this project is to evaluates NeMo with regards to anomaly and DDoS attack detection. While the first stages of the project will be concerned with implementation and configuration of the tool, subsequent stages will dive into the use-case of anomaly detection, and integration of the tool into the incident response ecosystem at Restena.

Tools:
• Installation of solution in Restena LAB environment
• Configuration and integration with netflow/sflow sources
• DDoS attack generation and detection
• General network flow analysis capabilities and anomaly detection
• Integration into Restena's incident handling process
• Time permitting evaluation of extensibility and integration with other tools such as OTRS, Firewall on Demand, ELK...

Period: 1680480000 – 1687478400

Tutor: Marc LUDWIG