Hands-on Hacking Essentials

"Hands-on Hacking Essentials" is an eye-opening course for IT & system administrators and security practitioners

Course duration : 2 days of pure hacking and feeling "1337"

Group size : 12 participants maximum

Target audience : System administrators, information security specialists and -managers and any other IT personnel that is not afraid of the shell or command prompt

Price : 2 days, 1400 EUR + VAT/ 1 participant

Information and registration:  info@clarifiedsecurity.com

Next public training courses

Contents of the course   Fully updated in 2026!

The main topics covered:

  • Introduction (expectations, lab environment)
  • Kali Linux intro (participant's attack platform)
  • Reconnaissance and information gathering
  • Targets (a mix of Windows and Linux machines)
  • Remote exploitation attacks
  • Privilege escalation attacks
  • Attack toolsets (incl. Tuoni C2)
  • "Jumping the (fire)wall" with targeted client-side attacks
  • Pivoting the attacks through the initial compromised workstation
  • Steganography and metadata
  • Credential harvesting
  • Bruteforcing attacks
  • Using AI in attacks
  • Reverse shells
  • Feedback and training wrap-up

Trainers

Trainers are Taavi Sonets , Karl Raik , Mihkel Raba and Sten Mäses .

Karl Raik Karl Raik

Karl joined the team in September 2015 as a Web application pentester. His previous work experience consists mainly of Web Application development. He holds a M.Sc. degree in Cyber Security from Tallinn University of Technology. He wrote his masters thesis about improving Web Attack Campaign overview in Cyber Defense Exercises. Karl is a trainer of our Hands-on Hacking Essentials (HOHE) and Hands-on Hacking Advanced (HOHA) courses.

Taavi Sonets Taavi Sonets

Taavi joined the team in April 2015 as a Web application pentester. His previous work experience consists mainly of Web Application development. He holds a M.Sc. degree in Cyber Security from Tallinn University of Technology. He wrote his masters thesis about improving User Simulation Team Workflow in the Context of Cyber Defense Exercise. Taavi is the main trainer of our Hands-on Hacking training series (HOHE & HOHA) and Hunt The Hacker (HtH) course.

Mihkel Raba Mihkel Raba

Mihkel joined the team in May 2018 as a Web application pentester. He studied telecommunications in Tallinn University of Technology.After that he has spent almost two decades of building secure networks and developing software. Mihkel is a trainer of our Hands-on Hacking Essentials (HOHE) and Hands-on Hacking Advanced (HOHA) courses.

Sten Mäses Sten Mäses

Sten joined the team in August 2023. He has a very particular set of skills and is passionate about capability building and cybersecurity metrics. Sten has a MSc degree (cum laude) in Cybersecurity from a joint curriculum between Tallinn University of Technology and University of Tartu. He wrote his PhD thesis about evaluating cybersecurity-related competences through simulation exercises. Sten is a trainer of our Hands-on Hacking Essentials (HOHE) and Hands-on Hacking Advanced (HOHA) courses.

Training methods

Trainers will engage participants with lectures, live attack demonstrations and practical examples followed by individual hands-on exercise scenarios. Course is interactive, practical, and besides active participation also full of attack stories that help to change the perspective and understanding of real life security threats.

Ideology of this course

The main differences between hacking and penetration testing are the intent and (imposed) limitations. Therefore, the idea behind this training is to see practical information security from the attacker's or "opposing team's" point of view and to deliver first-hand experience or running attacks.

Although this course is highly technical and extensively hands-on, all scenarios are built so that with the help of hints or even full HOWTO's from the scoring server, everyone can complete all exercises regardless of prior 1337 skills or experience level with various operating system.

Everyone will walk through the phases of an attack until successfully pWning various systems and services. There are plenty of attack scenarios to play through and to complete scored objectives. Since the expected participants' skill and experience level is varying to a large degree, we cover a mix of *nix and Windows world and focus on explaining key concepts and on showing the real attack even to those who have never compiled or launched any exploits before.

Intended outcome

During the 2 day hands-on course experience the participants should form a good understanding of current attacker tool-set, attack types and methods. By experiencing the attacker mindset and point of view via hands-onexercises the participants not only will gain much higher appreciation for attack threats, but will be much more alert and better prepared for their own IT systems defence and security testing.

Training environment

Training environment is essentially a mobile training lab that can be brought to the participants anywhere in the world as long as VPN connection via decent Internet connectivity is viable. Training activity takes place inside a special virtualization cluster. Every student has access to a individual Kali machine and targets in a separate subnet.

Scoring server

Scoring server is a multi-functional tool to assist the students and trainers, to make the training more interactive with competitiveness and challenges. All attack scenarios and targets contain challenges and hidden answers that can only be reached and entered into the scoring server via successful attacks. There are plenty of hints and full HOWTOs that can be used a the cost of come points. This lets everyone complete the exercises at their own suitable pace, from simply following the hints and instructions to show off "1337" skills. The scoring system always rewards active participation, so even taking hints and struggling through the scenarios is more fun and rewarding than passive listening. At the same time, those who like challenges can, try more creative approaches and to choose their own way to pWn the box.

Delivery

We can deliver on-site at group pricing anywhere in the world where decent Internet connection is available. Ask us for the group pricing or for times and locations of our public courses. Public groups are currently available directly or via partners in Estonia: BCS Koolitus , Nordic Koolitus .

Feedback

Aigar Käis Aigar Käis,
Head of ICT Risks & Security
Telia Eesti AS
23 JAN 2018
Here in Telia we take security as of paramount importance. It helps us to provide secure services to our customers and improve our systems to be more resilient against evermore evolving cyber-attacks. That’s why we choose Clarified Security HOHE and HOHA courses to keep our key technical staff up to date with security challenges and how to spot and mitigate them in the real world. It is really rewarding to see people with already deep technical knowledge coming back from the training and saying “Wow, didn’t know that hacking into systems was this easy”. We’re definitely considering Clarified Security courses in the future as well.