Next public training courses


Hands-On Hacking Essentials (HOHE) , 2 days, 700 EUR +VAT:

Hands-On Hacking Advanced (HOHA) , 3 days, 1050 EUR +VAT:


Hands-On Hacking Essentials (HOHE) , 2 days, 700 EUR +VAT:

Web Application Security (WAS) , 4 days, 1400 EUR +VAT :

Secure Logging (LOGSEC) , 1 day, 350 EUR +VAT:

Hands-On Hacking Advanced (HOHA) , 3 days, 1050 EUR +VAT:

Information and registration:

Web Application Security (WAS)

As everyday penetration testers, we teach what we are best at. Our Web Application Security (WAS) course follows the dogma that you cannot defend well unless you understand the mindset of the attacker. WAS course is divided into two 2-day modules: Client-Side Attacks (everything that can be attacked via victim's browser) and Server-Side attacks (everything that the attacker can do directly to the WebApp). The course alternates between theory and hands-on lab practice to really drive the point home about various types of attacks. More info

Hands-on Hacking Essentials (HOHE)

You may find our 2-day Hands-on Hacking Essentials (HOHE) "shock therapy" training useful for your IT staff to shock them out of their comfort zone and create team building by living fast in a hackers shoes for 2 days. The main differences between hacking and penetration testing are the intent and (imposed) limitations. Therefore, the idea behind this training is to see practical information security from the attacker's or "opposing team's" point of view and to deliver first-hand experience or running attacks. It is fun "edutainment", engaging and really delivers the point home when participants themselves take over a network and still brief enough to create sufficient awareness & shock effect at IT specialists level in just 2 days. More info

Hands-on Hacking Advanced (HOHA)

Hands-on Hacking Advanced (HOHA) is a follow-up to our Hands-on Hacking Essentials (HOHE) training. While HOHE is an eye-opening “shock therapy” training mostly for defenders, HOHA introduces more of the attacker and red teaming perspective. While the training still focuses mostly on the individual skills of participants, we will introduce red team team-working mode towards the end of the training with team servers and beacon servers. More info

Secure Logging (LOGSEC)

The requirements for security logs are often missing or inadequate. Upon a security incident, it turns out that the typical access and debug logs do not contain enough information to identify "who did what" or "how was it done?" This training consists of lectures followed by hands-on labs on techniques on how to attack the logs (e.g. evade logging, tamper the logs, deceive log analysis tools, etc.) or how to attack through the logs (ever got "shellshocked" or infected via logs?). During the second part of the day, the principles of security logging are covered and then implemented by participants on a sample application in order to detect attacks. If you are a (web) developer, development spec writer, security or incident handling specialist, this training is for you. More info