BTS Internships
Internships for BTS Cybersecurity
Showing internships linked to BTS code: BCYB
SIEM migration, alert management and categorisation
Maxime BENOIT ( Promotion: BCYB21 )
Company: IQ-EQ
412F, Route d'Esch, L-1471 Luxembourg
Contact:
Charlie CONTAL
Email:
charlie.contal@iqeq.com
Phone: 466 111 1212
Description:
- Participer à la migration d'un SIEM
- Gérer certaines alertes et les catégoriser
- Entreprendre l'amélioration de certains process et outils
Tools:
- Triage d'alertes et compréhension des logs et contenus
- Compréhension des interfaces de gestion des outils de sécurité
- Gestion des filtres de spam et des protocoles DMARC
- Detection avancée des événements reliés à nos solutions E.D.R.
Period: 1680480000 – 1687478400
Tutor:
Serge DONDELINGER
analysis and optimisation of the log centralisation system and verification using simulated attacks
Filipe ALVES COSTA ( Promotion: BCYB21 )
Company: Lu-CIX
202, ZAE Wolser F, L-3290 Bettembourg
Contact:
Nicolas DEBEFFE
Email:
nicolas.debeffe@lu-cix.lu
Phone: 28992992-80
Description:
Analyse et optimisation du système de centralisation des logs de LU-CIX et (vérification sur base de simulation d'attaques (pentests) :
• améliorer et étendre notre système SIEM (système des logs)
• réaliser des tests de pénétrations "pentests", entre autres sur l'infrastructure de Luxchat.
Tools:
Period: 1680480000 – 1687478400
Tutor:
Roger KRIES
Structure and function of a SOC and event analysis
Aimeric PIERRET ( Promotion: BCYB21 )
Company: Thales Cyber Solutions
5 Rue Goell, L-5326 Contern
Contact:
Vanhasith BOUNYAVET
Email:
vanhnasith.bounyavet@thalesgroup.com
Phone: 621 547 242
Description:
Analyste d'alerte
Rédaction de procédures + présentations orales
Architecture réseaux
Travail en équipe : SOC analysts, ingénieurs, administrateurs
Tools:
Le stagaire sera amené à utiliser les technologies suivantes :
• SIEM
• Confluence
Period: 1680480000 – 1687478400
Tutor:
Marc LUDWIG
Structure and function of a SOC and event analysis
Filipe DUARTE RODRIGUES ( Promotion: BCYB21 )
Company: Thales Cyber Solutions
5 Rue Goell, L-5326 Contern
Contact:
Vanhasith BOUNYAVET
Email:
vanhnasith.bounyavet@thalesgroup.com
Phone: 621 547 242
Description:
Analyste d'alerte
Rédaction de procédures + présentations orales
Architecture réseaux
Travail en équipe : SOC analysts, ingénieurs, administrateurs
Tools:
Le stagaiire sera amené à utiliser les technologies suivantes :
SIEM
Confluence
Period: 1680480000 – 1687478400
Tutor:
Marc LUDWIG
General cybersecurity security audit and élaboration of a basic security governance
Noah BARTOCCI ( Promotion: BCYB21 )
Company: Sudcal SA
11, rue de Luxembourg, L-4220 Esch-sur-Alzette
Contact:
Luca DORIGO
Email:
luca.dorigo@sudcal.lu
Phone: +45 42588998
Description:
Sudcal is a very small company that only recently started prioritizing digitalization. So far, we had relatively few resources to dedicate to ensuring compliance with security best practices.
The student will help assess the infrastructure we have already set up, and will contribute to addressing specific gaps in the security.
Tools:
The student's time will be distributed amongst the following four tasks, depending on our progress at the time of his internship and on his own preferences as to where to focus most efforts:
• Penetration test, both for our Linux server and for the network of the Boiler (which contains the automata that run our heat network).
• General "security audit"
• enumeration of all hosts and services we have running, review of security holes/bad practices, etc.
• Setting up ’Incident response" procedures
• Assisting in the deployment of our customer-facing website where clients can visualize their consumption, ensuring that they are properly authenticated and cannot gain access to restricted information
Period: 1680480000 – 1687478400
Tutor:
Roger KRIES
Deployment of an event detection and alerting software to protect against DDoS attacks
Arno DONEUX ( Promotion: BCYB21 )
Company: Saashup
13, rue de Peppange, L-3378 Livange
Contact:
Bertrand HOUIN
Email:
bertrand@saashup.com
Phone: 0033 781270092
Description:
For the security project we would like to have great logging of Nginx and WAF (Web Application Firewall). Nginx plus is used as the reverse proxy and includes web application firewall, this firewall should protect the applications from DDos (Distributed Denial of Service), unauthorized usage, etc.. This Filtering should be logged inside another application, so that we can create alerting rules based on the event.
Tools:
Deployment of the alerting software and rules are deployed automatically with ansible
• An alert will be send to the team when there is a DDos Attack
• Create scripts to validate the alerts, which will do simulated attacks on the proxy
Nginx plus
• ELK/Greylog/Splunk
• Prometheus/Alertmanager
• Ansible
• Bash/Python
Period: 1680480000 – 1687478400
Tutor:
Christian RODESCH
setting up a default protection against email spoofing
Ricardo MARTINS MARQUES ( Promotion: BCYB21 )
Company: adronh
11A, Avenue de la Porte-Neuve, L-2227 Luxembourg
Contact:
Marlene EL KHOURY
Email:
marlene.elkhoury@adronh.com
Phone: 661 411 285
Description:
<strong>Sujet 1 : Protection contre l’usurpation des emails. (1 mois)</strong>
Mission : le but du stage est de tester activement si un domaine de messagerie est correctement protégé, et générer des messages d’alertes.
Contexte : la plupart des sociétés doivent mettre en place une protection basée sur les protocoles SPF, DKIM, DMARC, BIMI.
Une fois mise en place, on n’est jamais sûr que tout fonctionne bien avant de subir une véritable tentative d’usurpation.
Le but du stage est de mettre en place une procédure qui permet de générer des mails d’usurpation sur le domaine étudié et de vérifier que le alertes arrivent bien.
<strong>Sujet 2: Sécurisation de Exchange Online et 365 collaboratif sur un testlab (2 mois).</strong>
Sécurisation des pièces jointes sensibles partagées par email.
Signature électronique des emails et des documents.
Tools:
Les étapes du travail :
Sujet 1:
1. Recherche/collecte d’information dans le but de comprendre ces concepts.
2. Mise en place sur un domaine de test
3. Recherche d’outil de tests de configuration (pour vérifier que les protocoles sont bien mis en place)
4. Tests actifs sur un domaine existant (générer un mail d’usurpation et vérifier qu’une alerte arrive bien)
Mots clé : SPF, DKIM, DMARC, BIMI, DNS, M365
Le travail se fera dans un environnement MS365.
Period: 1680480000 – 1687478400
Tutor:
Serge DONDELINGER
Vulnerability detection and DDoS protection in a cloud infrastrcuture
Joel OLIVEIRA AMORIM ( Promotion: BCYB21 )
Company: Gcore
2-4, rue Edmond Reuter, L-5326 Contern
Contact:
Vayner VSEVOLOD
Email:
vsevolod.vayner@gcore.com
Mobile: 691 130 571
Description:
The objective of this project is to deploy and manage a scalable and highly available Kubernetes cluster at the edge on bare metal servers. This will enable the student to develop skills in areas such as cloud computing, container orchestration, and edge computing.
Furthermore, the student will help us in pentesting and finding general vulnerability issues with an emphasis on our DDos Protection in the L4 Layer.
Additionally to pentesting, QA tsting will be part of the student’s project. The student will help QA testing Gcore’s integration of cybersecurity with the cloud.
We will also introduce the student to our new DDoS Protection Platform and teach him how to run performance tests on it.
These tasks will ensure that the student obtains a deeper understanding of cybersecurity processes in a large company and gains hand-on experience in different testing processes that have a value for the company, too.
Tools:
1. Pentesting: Find general vulnerability issues and report them to your supervisor.
Emphasis: Pentesting of DDoS protection in L4 layer
2. QA testing of our integration of the cybersecurity with our cloud
3. Initiate a performance test of Gcore’s new DDoS Protection Platform and prepare a detailed report.
4. Optional Project: Deploy a bare metal infrastructure for the Kubernetes cluster.
Install and configure a managed Kubernetes solution based on GCORE Cloud.
Set up networking and storage solutions for the cluster to ensure high availability.
Deploy and manage applications on the cluster using standard Kubernetes tools such as Helm and kubectl.
Monitor and maintain the cluster to ensure it remains scalable and available.
Period: 1680480000 – 1687478400
Tutor:
Marc LUDWIG
Installation and configuration of a traffic analyser to detect DDoS attacks
Denim LATIC ( Promotion: BCYB21 )
Company: Restena
2, place de l’Université, L-4365 Esch-sur-Alzette
Contact:
Jo HOFFMANN
Email:
jo.hoffmann@restena.lu
Phone: 42 44 091
Description:
Some network anomalies can only be detected by analysing the traffic passing through it.
Technologies like netflow and IPFIX sample traffic passing through network equipment in real time and send aggregate statistics to a central node. Besides storing the data, the central node also evaluates the data along different kinds of parameters and metrics.
A project within GEANT has developed such an evaluation tool (NeMo) with a focus on detecting DDoS attacks.
The aim of this project is to evaluates NeMo with regards to anomaly and DDoS attack detection. While the first stages of the project will be concerned with implementation and configuration of the tool, subsequent stages will dive into the use-case of anomaly detection, and integration of the tool into the incident response ecosystem at Restena.
Tools:
• Installation of solution in Restena LAB environment
• Configuration and integration with netflow/sflow sources
• DDoS attack generation and detection
• General network flow analysis capabilities and anomaly detection
• Integration into Restena's incident handling process
• Time permitting evaluation of extensibility and integration with other tools such as OTRS, Firewall on Demand, ELK...
Period: 1680480000 – 1687478400
Tutor:
Marc LUDWIG