Practical Hacking II (HCKP2)

Cybersecurity, ICT Security

This hands-on course explores practical offensive and defensive techniques: map networks, identify targets, and find server and service weaknesses. Through live demos you will study network reconnaissance, vulnerability scanning, exploit development and privilege escalation.

Modules cover workstation compromises, hardening, web app testing, VoIP, mobile exploitation, ATM and car attacks, plus Darknet research. Labs combine live cases and tool reviews, focusing on web application flaws, mobile attack vectors, ATM compromise and darknet and OSINT.

Location, current course term



VirtualPro (online)
10/22/2025 - 10/24/2025 CZECH
Order 		12/10/2025 - 12/12/2025 CZECH
Order
Custom Customized Training (date, location, content, duration)

The course:

Hide detail
  • Network security
    1. Kali Linux – introduction
    2. Network reconnaissance
    3. Port scanning
    4. Identification of operating systems and services
    5. Vulnerability identification and comparison of scanners
    6. Exploitation – live hacker demonstration
    7. Privilege escalation
    8. Metasploitable2 and Metasploitable3
    9. Vulnhub and HackTheBox
    10. Practical demo of compromising several vulnerable servers
    11. Linux – password storage and cracking
    12. Linux – extracting plaintext passwords from memory
    13. Red Teaming and Purple Teaming
  • Workstation hacking
    1. Attacks via physical access
    2. Privilege escalation methods
    3. Attacks on system services
    4. Startup Repair Attack
    5. Sticky Keys Attack
    6. FireWire Inception Attack
    7. Cold Boot Attack
  • Workstation security
    1. Role of antivirus
    2. Encryption
    3. System updates
    4. Physical security
  • Web application security
    1. OWASP Testing Guide methodology
    2. OWASP Top 10
    3. SQLi, XSS, CSRF, XXE, …
    4. Live demonstrations of vulnerabilities
    5. Tool comparisons
    6. Lessons from web penetration tests
  • VoIP security
    1. SIP caller number / name spoofing
    2. SIP Denial of Service
    3. Call eavesdropping
    4. Vulnerabilities in endpoint VoIP phones
    5. PBX compromise
  • Mobile phone security
    1. Collecting user data on Android, iOS and Windows Mobile
    2. Stored history and interesting files
    3. SMS of Death
    4. Call encryption
    5. Attack vectors against communications
    6. Physical security
    7. Pattern vs PIN
    8. Smudge Attack, Spearphone Attack
    9. Bypassing biometric authentication
  • ATM security in practice
    1. Hardware and software of ATMs used in the Czech Republic
    2. Description of protections and vulnerable points
    3. Examples of attack types
    4. Money jackpotting
    5. Skimming
    6. Physical attacks
    7. Experience from real ATM penetration tests
  • Car hacking
    1. Attacks on central locking
  • Darknet ecosystem
    1. Anonymizing networks, Deepnet and darknet, TOR structure
    2. Hidden Services – including live demonstrations
    3. Black markets: goods and services
    4. Drugs, weapons, counterfeit money, passports, ...
    5. Laundering Bitcoins
    6. Attacks in TOR (de-anonymization of users, providers, Hidden Services)
    7. Major TOR and Bitcoin scandals
  • NSA hacking tools
    1. Analysis of the Shadow Brokers leak
    2. Practical demos and descriptions of tools and exploits
    3. EternalBlue, EternalRomance, EternalSynergy, EternalChampion
    4. Fuzzbench, DoublePulsar, DanderSpritz
  • Social networks – Big Brother and anonymity
    1. Overview of social networks with focus on Facebook
    2. Collecting user data and building shadow profiles
    3. Facebook Graph API Explorer
    4. Potential abuse by attackers
    5. Tracking by Google
  • Steganography
    1. History
    2. Modern uses with examples
    3. Subliminal advertising
    4. Microdotting – conspiracy or reality?
    5. Demonstration from the NSA data leak case
    6. Hiding a file inside another file
    7. Alternate Data Streams in NTFS
  • DoS and DDoS attacks
    1. Botnets and their evolution, trends
    2. Link saturation attacks
    3. Amplification attacks
    4. Slow HTTP DoS
    5. Hash collision DoS
    6. XML Bomb
    7. DDoS-as-a-service – demo of offerings
    8. DDoS used for extortion
Assumed knowledge:
Familiarity with Windows and Linux and a basic understanding of TCP/IP network security.
Recommended previous course:
Hacking in Practice (HCKP1)
Schedule:
3 days (9:00 AM - 5:00 PM )
Course price:
799.60 € ( 967.52 € incl. 21% VAT)
Language:

Vybrané zákaznické reference

Mendelova univerzita v Brně, Miroslav O.
Practical Hacking II ( HCKP2)
"Školení splnilo, či spíše překonalo moje očekávání, školitel byl erudovaný a poskytl hodně informací pro další studium. Velmi doporučuji všem, kteří mají zájem o hacking."
RETIA, a.s., Roman B.
Practical Hacking II ( HCKP2)
"Toto školení bylo díky lektorovi jedním z nejlepších, které jsem absolvoval. Lukáš Antal je excelentní lektor a za 3 dny se mu podařilo předat nám ohromné množství užitečných informací, především ze své vlastní praxe. Výklad byl výborně strukturovaný a během školení nebyla žádná hluchá místa. Navíc jsme si v materiálech ze školení odnesli praktické postupy a návody využitelné později při dalším studiu. Lukáš je skutečně jeden z mála lektorů, kterým nemám co vytknout."