Cyber Security Expert Hacking Advanced (5 days)

Cyber Security and Hacking Know-how for Penetrationtesters

Our course "Expert Hacking Advanced" is primarily aimed at those interested in learning advanced hacking techniques. In this workshop, basic knowledge of port scanning, vulnerability scanning, web application hacking and exploit frameworks is requiered and the attacks are expanded. You will have to identify vulnerabilities yourself in the labs, find a suitable attack and implement it. This seminar is not suitable for beginners in the field of hacking. Programming knowledge is helpful.

This course builds on our 5-day Expert Hacking Foundation course. You should either have attended the Foundation course or have equivalent basic hacking knowledge.

Your Benefit

Vulnerability checks and penetration tests are used to test the security of your IT systems. Often the best solucion is to regularly commission specialized penetration testers. At the same time, however, it makes sense to build up knowledge within your own company. You can assess the quality of penetration tests carried out and determine the actual risks of the vulnerabilities discovered. You can also verify information security risks yourself before moving important systems into productive operation. In addition to classic attacks and exploits, more exotic attacks with malicious hardware and modified charging cables, which can even attack mobile devices, are also considered and implemented in our labs.

One focus of the course is to provide important technical background details on hacking tools and exploits. Important exercises should be completed entirely by the participants themselves. The course therefore assumes basic knowledge of Nmap, Metasploit, Windows and Linux.


This course is aimed at

  • penetration testers
  • information security officers
  • information security consultants
  • system administrators

in companies that want to look into information security risks from the attacker's perspective to protect their servers and their company against attacks even better.

Course Dates

Our next course dates (German only)

01.07.-05.07.2024Hybrid: classroom in Munich and virtual classroom (VCL)4.034,10 € incl. VAT
16.09.-20.09.2024Hybrid: classroom in Munich and virtual classroom (VCL)4.034,10 € incl. VAT
04.11.-08.11.2024Hybrid: classroom in Munich and virtual classroom (VCL)4.034,10 € incl. VAT


Please contact us.


Day 1

  • Port- and vulnerability scanning with Kali Linux
      • Port scanning repetition
      • Nmap script scanning
      • Vulnerability scanning with OpenVAS/GVM
      • Lab:
        • TCP and UDP scanning with Nmap
        • Script scanning with Nmap
          • SNMP enumeration
          • Password cracking
          • Vulnerability detection
        • Installation and configuration of OpenVAS
        • Vulnerability scanning with OpenVAS
    • Advanced Exploitation with Metasploit
      • Metasploit Exploits
      • Post exploitation with Metasploit
      • Functionality of the Meterpreter
      • Meterpreter modules
      • Lab:
        • Exploiting and adapting exploits with Metasploit
        • Privilege escalation with Metasploit
    • Advanced Malware
      • Powershell malware
      • Obfuscated malware
      • Lab:
        • Malware obfuscation mit msfvenom

    Day 2

    • Windows server hacking
      • Name services in Windows
      • Attacks against LLMNR and MDNS
      • Windows shares
      • Attacking SMB shares
      • Attacking RDP server
      • Attacking SQL services
      • Lab:
        • Name service spoofing with Responder
        • SMB hash cracking with Hashcat
        • SMB relay attacks with Metasploit
    • Windows Active Directory hacking
      • Kerberos authentifizierung
      • Lab:
        • AD enumeration with Bloodhound

    Day 3

    • Attacking web applications
      • Security of web applications
      • Web application vulnerability scanning
      • Password cracking attacks
      • Lab:
        • Password brute force with OWASP ZAP
        • Password brute force with Hydra
    • Advanced SQL injection
      • SQL injection
      • Advanced SQL injection
      • Blind SQL injection
      • PHP shells
      • Lab:
        • SQL injection with OWASP ZAP
        • Blind SQL-Injection mit OWASP ZAP
    • Attacking web services APIs
      • Functionality of web services
      • JSON based attacks
      • Brute force attacks
      • Lab:
        • Importing web APIs into OWASP ZAP
        • Attacking web services with OWASP ZAP

    Day 4

    • Attacking network communication
      • ARP spoofing
      • DHCP spoofing
      • Man in the middle attacks
      • Attacking spanning tree
      • Attacking SDN
      • Lab:
        • ARP spoofing with Ettercap
        • ARP spoofing with Bettercap
        • TLS man in the middle attacks with SSLsplit
        • DHCP starvation attack
    • Attacking VoIP
      • Attacking VoIP devices and Asterisk servers
      • VoIP eavesdropping
    • Attacking firewalls and VPN
      • Tunneling through firewalls
      • Attacking IPsec and PPTP
      • Lab:
        • Tunneling with HTTP-Tunnel
    • Attacking IPv6 networks
      • IPv6 scanning
      • NDP spoofing
      • Lab:
        • IPv6 scanning with Nmap
        • Attacking IPv6 using the THC IPv6 Attack Toolkit
    • Attacking IoT
      • IoT security measures
      • Attacking SmartHome protocols
    • Bluetooth and RFID hacking
      • Attacking Bluetooth
      • Attacking RFID

    Day 5

    • Unix hacking
        • Wearknesses in Unix/Linux services (X11)
        • Attacking RPC services (NIS, NFS)
        • Exploits in Linux
        • Kernel based rootkits in Linux
        • Metasploit and Meterpreter in Linux
        • Lab:
          • Linux enumeration with Nmap
          • Attacking NFS
          • Attacking SSH authorized_keys
          • Linux privilege escalation
          • Post exploitation with Metasploit
          • Using the Meterpreter
      • Planning and execution of penetration tests
        • Necessary legal contracts
        • Procedures and methods
        • The Open Source Security Testing Methodology Manual (OSSTMM)
        • The OWASP Web Security Testing Guide (WSTG)

      Course Material and Practical Labs

      Each participant receives the course material (~ 800 pages) completely with training presentation and supplementary explanations as well as the lab guide (~ 100 pages), both completely in German language. The training materials are continuously updated and corrected to reflect current topics.

      All hacking tools are used in Labs in an environment with different virtual machines. In particular all the attacks discussed can also be actively tested and executed. The lab part of the seminar is approx. 60%.

      Each participant will also receive a download link with all hacking tools so that you can try out attacks on their own systems.

      Your Trainer

      All seminars are conducted by experienced penetration testers who contribute their years of experience to this course.