SC400: Hacking & Pentesting Basics

Agenda:

• Chapter 1
  • Live hacking demo
  • Basics (the hackers view)
    • From MIT hacker on the roof to Emotet
    • World map of hacker groups
    • How not to get caught
    • Cyber Kill Chain /Attack Matrix
    • Legal fundamentals
    • Ethical hacking rules
    • Proper documentation
    • How BugBountys work
  • Open Source Intelligence
    • Darknet, Google™-Dorking, Shodan, Robtex, RIPE
    • TheHarvester, Maltego
    • Web research with AI tools: usage of AI assistants for prioritization, source finder and automation of research streams
      
      
• Chapter 2
  • Strategy and tactics
  • Phishing /E-Mail-Attacking
    • Basics of e-mail attacks
    • E-Mail-protection (spam/junk/DMARC/SPF/blacklist)
    • Legal and ethical aspects
    • We build a malicious macro (Conceptual)
    • Phishing -- vishing -- smishing
    • Phishing as awareness module
    • Setup of own GoPhish server
    • Creating campaigns
    • Working with templates
    • Hacking with LLMs: possible uses of language models for social engineering scripts, template generation, and automation support
  • WLAN hacking
    • Classic techniques and protection measures
    • Hacking tools on Raspberry basis (Pwnagotchi, Björn-Images): setup concepts, usage scenarios and defense considerations (hands-on Lab)
  • Man-in-the-middle attacks
    
    
• Chapter 3
  • USB hacking
    • USB-Ninja, BashBunny, Keylogger
    • RubberDucky /Digispark
  • Data theft by insider threats
  • Network sniffing and scanning general
    • Basics: ARP-Poisoning, Routing, IP-Tables, Firewalls
    • Tools: NMAP, Wireshark, own Raspberry tools (instead of SharkJack)
  • Tunneling (ICMP, DNS)
  • Infection persistence
    • Schedule tasks, backdoors, covering tracks
  • Automated pentest solutions: overview of automation frameworks, CI/CD integrations and orchestration of scan/exploit pipelines (concept, demo)
    
    
• Chapter 4
  • Lateral movement + pivilege escalation
  • Password complexity and attacks
  • Introduction to Metasploit
  • Password cracking and rainbow tables
  • Web hacking introduction
    • OWASP TopTen, BurpSuite, CrossSite, SQL-Injection
    • Automated web tests & AI assistance: usage of automatic scanners, scriptable Burp workflows and AI-supported analysis aids (overview & practical examples)
      
      
• Chapter 5
  • Vulnerabilities in applications: buffer overflows
  • Pentesting vs. vulnerability scans
  • Cryptography: certificates /encryption
  • Final test
    
    
• Give-Aways / materials:
You will receive the following materials additionally:
• Security trophies
• Raspberry-Kit incl. ink display and pre-configured images (Pwnagotchi / Björn) — tool construction kit for own LAN/WLAN prototypes
• DigiSpark with demo payloads
• Kali-Linux-VM, cheat sheets and scripts
• Permanent access to link platform with over 300 services and tools
• Certificate

Objectives:

• Understanding the mindset and techniques of attackers
• Practical application of classic hacking methods in legal, controlled lab environments
• Ability to design and use your own Raspberry-based proof-of-concept tools (Lab Scope)
• Classification and use of modern tools: LLMs to support recon/phishing templates, AI tools for web research, and automated pentest solutions
• Knowledge of legal frameworks, documentation requirements and ethical hacking standards

Target audience:

Prerequisites:

Our workshop SC400 Hacking & Pentesting Basics is a basic course. Knowledge of IP networks, the WWW and common operating systems is required; in-depth Linux or Windows knowledge is not mandatory. Curiosity and passion for hacking are crucial.

Description:

Learn how hackers think and operate from experienced white hats. The course SC400 Hacking & Pentesting Basics combines theoretical inputs with intensive hands-on labs: from OSINT research through phishing campaigns to WLAN and USB attack scenarios. Participants build their own Raspberry-based prototype tools in the course and test them in secure labs, learn how to use Pwnagotchi/Björn images, and evaluate implications for protective measures.

Additionally, modern trends are covered: How do LLMs support recon and social engineering processes? How can AI-powered web research tools accelerate information gathering? What role do automated pentest solutions play in daily security operations?

Assessment / Certificate
The course concludes with a practical final test that combines theoretical and laboratory technical questions. Upon successful completion, participants receive a certificate of participation.