SC420: Hacking & Pentesting Advanced

Training: Security

Participants gain hands-on attack experience in a grey-box scenario: from initial compromise to domain controller takeover, a full attack is simulated. After theoretical foundations, each participant is provided with an unknown system to perform penetration tests step by step using various tools.

Presence training Presence training

Start: 2025-11-03 | 10:00 am

End: 2025-11-07 | 01:30 pm

Location: Nürnberg

Price: 3.350,00 € plus VAT.

Presence training Presence training

Start: 2026-03-16 | 10:00 am

End: 2026-03-20 | 01:30 pm

Location: Nürnberg

Price: 3.350,00 € plus VAT.

Presence training Presence training

Start: 2026-10-26 | 10:00 am

End: 2026-10-30 | 01:30 pm

Location: Nürnberg

Price: 3.350,00 € plus VAT.

Request prefered appointment period:

* All fields marked with an asterisk are mandatory fields.

Agenda:

Legal Foundations and Recon

  • Framework Topics and Ethical Aspects
    • Legal framework for penetration testing
    • Liability issues and contract design
    • Ethical guidelines and best practices
    • Logging and developing recommendations

 

  • Recon and Information Gathering
    • OSINT techniques (Open Source Intelligence)
    • Network scanning and enumeration
    • Remote vulnerability analysis

 

  • Introduction to the Scenario
    • Presentation of objectives and framework conditions
    • Working with Metasploit and Cobalt Strike
    • Overview of available tools and resources


Initial Compromise

  • Bypassing BitLocker Encryption
    • Analysis of BitLocker configuration
    • Application of TPM sniffing techniques
    • Extraction of Volume Master Key (VMK)
  • Obtaining Local Admin Rights
    • Exploitation of operating system vulnerabilities
    • Privilege escalation techniques
    • Bypassing User Account Control (UAC)

 

  • Disabling Security Solutions
    • Analysis of installed security software
    • Techniques for bypassing and disabling antivirus and EDR
    • Handling Windows Defender, AMSI and AppLocker


Post-Exploitation and Lateral Movement

  • Lateral Movement in the Network
    • Advanced network scanning and enumeration
    • Exploitation of vulnerabilities in network services
    • Pass-the-Hash and other lateral movement techniques

 

  • Attacks on Active Directory, EntraID and other IAM
    • Enumeration of AD structure
    • Bruteforce attacks on Exchange, VNC SSH and RDP
    • Exploitation of misconfigurations
    • Kerberoasting and AS-REP Roasting

 

  • Establishing Persistence
    • Setting up backdoors
    • Creating hidden admin accounts
    • Manipulation of group policies


Windows and Linux Server Hacking

  • Privilege Escalation in LDAP and AD Domain
    • Exploitation of permission errors in Linux servers
    • Techniques for obtaining domain admin rights
    • DCSync attacks
    • Exploitation of trust relationships between domains

 

  • Preparation of Golden Ticket Attack
    • Extraction of krbtgt hash
    • Creation and use of forged Kerberos tickets



Finale and Post-Processing

  • Execution of Golden Ticket Attack
    • Generation of Golden Ticket
    • Demonstration of complete domain control

 

  • Cleanup and Obfuscation
  • Deleting traces and logs
  • Removing backdoors and malicious configurations


Final Debriefing

  • Discussion of techniques used
  • Recommendations for hardening and defense
  • Reflection on ethical implications and legal consequences

Objectives:

The course SC420 Hacking & Pentesting Advanced aims to provide participants with a comprehensive understanding of the legal and ethical foundations of penetration testing, including liability issues and best practices. Additionally, participants shall be provided with practical knowledge of reconnaissance and information gathering techniques, such as OSINT and network scanning, to analyze vulnerabilities remotely. The course promotes the ability for initial system compromise, including BitLocker bypass and obtaining admin privileges, as well as techniques for disabling security solutions. Another objective is to teach participants post-exploitation methods and lateral network movement, including attacks on Active Directory and additional identity management systems. Finally, participants shall be able to execute complex attacks such as the Golden Ticket attack, while simultaneously acquiring and improving strategies for remediation and obfuscation of attack traces.

Target audience:

This course SC420 Hacking & Pentesting Advanced is targeted at administrators and pentesters who already have experience in hacking and are pursuing an operational certification such as OSCP.

The course is well suited as an introduction or continuation of the additional qSkills™ module courses of the Redteam Skills:


Prerequisites:

To be able to follow the content and learning pace of the course SC420 Hacking & Pentesting Advanced effectively, we recommend the following prerequisites:

  • Participants should have solid knowledge in Windows and Active Directory environments
  • Previous penetration testing experience would be a bonus
  • Familiarity with C, C++ and PowerShell would also be advantageous, but not necessary.

Description:

Gaining realistic attack experience is a real challenge for aspiring whitehats. This course SC420 Hacking & Pentesting Advanced is specifically designed to simulate the escalation from initial compromise to absolute control through a typical greybox attack and to test various tools in the process. After the necessary theoretical fundamentals, each course participant receives a powered-off unknown computer to perform a step-by-step attack up to the domain controller.
check-icon

Guaranteed implementation:

from 2 Attendees

Booking information

Price:

3.350,00 € plus VAT.

(including lunch & drinks)

Authorized training partner

NetApp Partner Authorized Learning
Commvault Training Partner
CQI | IRCA Approved Training Partner
Veeam Authorized Education Center
Acronis Authorized Training Center
AWS Partner Select Tier Training
ISACA Accredited Partner
iSAQB
CompTIA Authorized Partner
EC-Council Accredited Training Center

Memberships

Allianz für Cyber-Sicherheit
TeleTrust Pioneers in IT security
Bundesverband der IT-Sachverständigen und Gutachter e.V.
Bundesverband mittelständische Wirtschaft (BVMW)
Allianz für Sicherheit in der Wirtschaft
NIK - Netzwerk der Digitalwirtschaft
BVSW
Bayern Innovativ
KH-iT
CAST
IHK Nürnberg für Mittelfranken
eato e.V.
Sicherheitsnetzwerk München e.V.