SC420: Hacking & Pentesting Advanced

Training: Security

Participants gain hands-on attack experience in a greybox scenario: From initial compromise to domain controller takeover, a complete attack is executed. The course also offers introductions to researching darknet marketplaces/forums for procuring tools of the dark side, using specialized LLMs to develop zero-day exploits, and attack strategies.

Presence training Presence training

Start: 2026-03-16 | 10:00 am

End: 2026-03-20 | 01:30 pm

Location: Nürnberg

Price: 3.350,00 € plus VAT.

Presence training Presence training

Start: 2026-10-26 | 10:00 am

End: 2026-10-30 | 01:30 pm

Location: Nürnberg

Price: 3.350,00 € plus VAT.

Request prefered appointment period:

* All fields marked with an asterisk are mandatory fields.

Agenda:

  • Framework topics and ethical aspects
    • Legal framework for penetration testing
    • Liability issues and contract design
    • Ethical guidelines and best practices
    • Logging and developing recommendations

  • Recon and information gathering
    • OSINT techniques (Open Source Intelligence)
    • Network scanning and enumeration
    • Remote vulnerability analysis
    • Darknet marketplaces - how they work, typical business models, identifying features, risks for organizations
    • Use of specialized AI/LLM models to support offensive workflows

  • Introduction to the scenario
    • Presentation of objectives and framework conditions
    • Working with Metasploit and Cobalt Strike (authorized, controlled)
    • Overview of available tools and resources

  • Initial compromise
    • Analyze BitLocker configurations (defensive & forensic)
    • Techniques for obtaining local admin rights (exploit analysis, patch assessment, privilege escalation methods within the scope of the exam)
    • Deactivation of security solutions: detection methods, EDR bypass mechanisms from a detection & response perspective

  • Post-exploitation and lateral movement
    • In-depth network scanning and enumeration
    • Lateral movement techniques and their detection (pass-the-hash, Kerberoasting, AS-REP Roasting)
    • Attacks on AD / EntraID and other IAM components — detection, hardening, monitoring
    • Persistence mechanisms: detection, cleanup, forensics

  • Windows and Linux server hacking
    • Privilege escalation in heterogeneous environments
    • Techniques for obtaining domain administrator rights — Defense and detection measures
    • Preparation and defense against golden ticket attacks (forensic analysis, detection, risk mitigation)

  • Final exam and follow-up
    • Execution (demonstration in the lab) and observation of attack sequences
    • Cleanup, evidence collection, and forensic follow-up
    • Recommendations for hardening and defense

  • Final discussion
    • Discussion of the techniques used
    • Recommendations for hardening and defense
    • Reflection on ethical implications and legal consequences

  • Special additions
    • Darknet marketplaces Understanding the economy, typical products/services, indicators for procurement/distribution
    • Specialized LLMs & AI models (use in defense and research contexts): Overview of usage scenarios such as automated recon summaries, prioritization of vulnerabilities, generation of secure test scripts for authorized labs, as well as governance and security requirements for use. Clear distinction: no training or use for the development or dismantling of zero-day exploits; focus on responsible application, validation, and responsible disclosure processes
    • Threat intelligence & responsible vulnerability research for handling found exploit information, verification processes, reporting to manufacturers, legal protection, and cooperation with authorities

Objectives:

  • In-depth understanding of penetration testing methodology in realistic greybox scenarios
  • Ability to perform reconnaissance and exploitation workflows in a transparent, documented and legally compliant manner
  • Awareness of new threat landscapes (darknet economy) and understanding how organizations should handle them
  • Competent use of AI support for defensive analysis, automation and prioritization — while maintaining compliance with ethical and legal requirements
  • Learning detection, forensics and hardening measures following complex attack scenarios

Target audience:

The course SC420 Hacking & Pentesting Advanced is targeted at administrators, pentesters and security professionals with extensive hacking experience. It is suitable as preparation for operational certifications (e.g., OSCP) and as an extension of the qSkills™™ module series.

Prerequisites:

To be able to follow the content and learning pace of the course SC420 Hacking & Pentesting Advanced effectively, we recommend the following prerequisites:

  • Solid knowledge in Windows/Active Directory and Linux environments
  • Experience with penetration testing or corresponding prior knowledge recommended
  • Familiarity with scripting languages (PowerShell, Bash, C/C++) advantageous

Description:

The course SC420 Hacking & Pentesting Advanced is designed to simulate realistic attacks within a fully controlled, authorized framework — with focus on traceability, documentation and defensive classification. Participants work on unknown systems, perform reconnaissance and exploitation steps and learn how to responsibly assess, report and mitigate findings. Additionally, they receive classifications on current threat phenomena (e.g. darknet marketplaces) and a comprehensive overview of how AI models support security operations.

check-icon

Guaranteed implementation:

from 2 Attendees

Booking information:

Duration:

5 Days

Price:

3.350,00 € plus VAT.

(including lunch & drinks)

Authorized training partner

NetApp Partner Authorized Learning
Commvault Training Partner
CQI | IRCA Approved Training Partner
Veeam Authorized Education Center
Acronis Authorized Training Center
AWS Partner Select Tier Training
ISACA Accredited Partner
iSAQB
CompTIA Authorized Partner
EC-Council Accredited Training Center

Memberships

Allianz für Cyber-Sicherheit
TeleTrust Pioneers in IT security
Bundesverband der IT-Sachverständigen und Gutachter e.V.
Bundesverband mittelständische Wirtschaft (BVMW)
Allianz für Sicherheit in der Wirtschaft
NIK - Netzwerk der Digitalwirtschaft
BVSW
Bayern Innovativ
KH-iT
CAST
IHK Nürnberg für Mittelfranken
eato e.V.
Sicherheitsnetzwerk München e.V.