You are leaving our Website
Using an external Link:
You are now leaving our website. The following page is operated by a third party. We accept no responsibility for the content, data protection, or security of the linked page..
URL:
SC420: Hacking & Pentesting Advanced
Training: Security
Participants gain hands-on attack experience in a grey-box scenario: from initial compromise to domain controller takeover, a full attack is simulated. After theoretical foundations, each participant is provided with an unknown system to perform penetration tests step by step using various tools.
Start: 2025-11-03 | 10:00 am
End: 2025-11-07 | 01:30 pm
Location: Nürnberg
Price: 3.350,00 € plus VAT.
Start: 2026-03-16 | 10:00 am
End: 2026-03-20 | 01:30 pm
Location: Nürnberg
Price: 3.350,00 € plus VAT.
Start: 2026-10-26 | 10:00 am
End: 2026-10-30 | 01:30 pm
Location: Nürnberg
Price: 3.350,00 € plus VAT.
Agenda:
Legal Foundations and Recon
- Framework Topics and Ethical Aspects
- Legal framework for penetration testing
- Liability issues and contract design
- Ethical guidelines and best practices
- Logging and developing recommendations
- Recon and Information Gathering
- OSINT techniques (Open Source Intelligence)
- Network scanning and enumeration
- Remote vulnerability analysis
- Introduction to the Scenario
- Presentation of objectives and framework conditions
- Working with Metasploit and Cobalt Strike
- Overview of available tools and resources
Initial Compromise
- Bypassing BitLocker Encryption
- Analysis of BitLocker configuration
- Application of TPM sniffing techniques
- Extraction of Volume Master Key (VMK)
- Obtaining Local Admin Rights
- Exploitation of operating system vulnerabilities
- Privilege escalation techniques
- Bypassing User Account Control (UAC)
- Disabling Security Solutions
- Analysis of installed security software
- Techniques for bypassing and disabling antivirus and EDR
- Handling Windows Defender, AMSI and AppLocker
Post-Exploitation and Lateral Movement
- Lateral Movement in the Network
- Advanced network scanning and enumeration
- Exploitation of vulnerabilities in network services
- Pass-the-Hash and other lateral movement techniques
- Attacks on Active Directory, EntraID and other IAM
- Enumeration of AD structure
- Bruteforce attacks on Exchange, VNC SSH and RDP
- Exploitation of misconfigurations
- Kerberoasting and AS-REP Roasting
- Establishing Persistence
- Setting up backdoors
- Creating hidden admin accounts
- Manipulation of group policies
Windows and Linux Server Hacking
- Privilege Escalation in LDAP and AD Domain
- Exploitation of permission errors in Linux servers
- Techniques for obtaining domain admin rights
- DCSync attacks
- Exploitation of trust relationships between domains
- Preparation of Golden Ticket Attack
- Extraction of krbtgt hash
- Creation and use of forged Kerberos tickets
Finale and Post-Processing
- Execution of Golden Ticket Attack
- Generation of Golden Ticket
- Demonstration of complete domain control
- Cleanup and Obfuscation
- Deleting traces and logs
- Removing backdoors and malicious configurations
Final Debriefing
- Discussion of techniques used
- Recommendations for hardening and defense
- Reflection on ethical implications and legal consequences
Objectives:
Target audience:
This course SC420 Hacking & Pentesting Advanced is targeted at administrators and pentesters who already have experience in hacking and are pursuing an operational certification such as OSCP.
The course is well suited as an introduction or continuation of the additional qSkills™ module courses of the Redteam Skills:
Prerequisites:
To be able to follow the content and learning pace of the course SC420 Hacking & Pentesting Advanced effectively, we recommend the following prerequisites:
- Participants should have solid knowledge in Windows and Active Directory environments
- Previous penetration testing experience would be a bonus
- Familiarity with C, C++ and PowerShell would also be advantageous, but not necessary.
Description:
Gaining realistic attack experience is a real challenge for aspiring whitehats. This course SC420 Hacking & Pentesting Advanced is specifically designed to simulate the escalation from initial compromise to absolute control through a typical greybox attack and to test various tools in the process. After the necessary theoretical fundamentals, each course participant receives a powered-off unknown computer to perform a step-by-step attack up to the domain controller.Guaranteed implementation:
from 2 Attendees
Booking information
Price:
3.350,00 € plus VAT.
(including lunch & drinks)
Appointment selection:
Authorized training partner
Authorized training partner
Memberships
Memberships
Shopping cart
SC420: Hacking & Pentesting Advanced
was added to the shopping cart.