Content
The primary focus of this course is to provide comprehensive insights into industry-standard penetration testing techniques. The Pentesting Lab will be conducted by various industry experts who will share their knowledge and experience. Throughout the course, we will offer a comprehensive overview of common techniques for scanning and attacking applications. Additionally, we will demonstrate the practical application of these tools in real-world scenarios. You will learn practically about privilege escalation, lateral movement, compromising a domain controller (and many more things) and how to report the findings in a standardized way.
Material
Lecture slides:
Old lecture slides:
Administrative Information
Deadline: 31st of May, 2025
Deliverables:
You will be graded on 3 main parts each equally worth (one third of the grade). For parts 2 and 3 provide a proper pentesting report using your findings template:
- Lecture challenges: Throughout the course you will get the chance to collect some lecture challenge flags. You receive them either in the sessions or can solve them afterwards. Submit them at the ctfd.
- Linux pentesting challenge - Find the description here.
- Windows AD pentesting challenge - Find the description here.
Pentesting report:
Your report should meet the requirements of industry standards as shown in the lecture. See for instance the reports of
cure53.
Grading
| Percentage |
Grade |
| > 90% |
Sehr gut (1) |
| 78.5% – 90% |
Gut (2) |
| 67.5% – 78.49% |
Befriedigend (3) |
| 50% – 67.49% |
Genügend (4) |
| < 50% |
Nicht genügend (5) |
Important notes
- There will be no second chance option
- Submission deadlines are hard. We give you multiple weeks to solve an assignment, so ensure to start on time.
Oral exam
After the deadline of all assignments, there will be an oral exam. The oral exam is
mandatory. You will have the option to select one of the multiple time slots where you need to be able to answer questions to each assignment and task that you fulfilled.
Insufficient answers will lead to a
point deduction that can even yield a negative grade. We will provide more information on what you need to know for the oral exam for each assignment individually.
Plagiarism
We encourage discussions with other students and really appreciate that. However, we
do not tolerate any plagiarism at all. We will check all submissions for plagiarism. All affected students will receive
0 points and a
Ungültig/Täuschung with all its consequences.
Thus, do not give away your source code to other students. You are responsible for protecting your source code and solutions from unintended access of others. In the end, we do not want you to copy code and solutions. We want you to learn and understand the topics for yourself!
Lecture Dates
| Date |
Begin |
End |
Location |
Event |
Type |
Comment |
| 2025/04/07 |
16:00 |
17:30 |
HS i1 |
Abhaltung |
VU |
fix/ |
| 2025/04/28 |
16:00 |
17:30 |
HS i1 |
Abhaltung |
VU |
fix/ |
| 2025/05/05 |
16:00 |
17:30 |
HS i1 |
Abhaltung |
VU |
fix/ |
| 2025/05/12 |
16:00 |
17:30 |
HS i1 |
Abhaltung |
VU |
fix/ |
| 2025/05/19 |
16:00 |
17:30 |
HS i1 |
Abhaltung |
VU |
fix/ |
| 2025/05/26 |
16:00 |
17:30 |
HS i1 |
Abhaltung |
VU |
fix/ |
| 2025/06/02 |
16:00 |
17:30 |
HS i1 |
Abhaltung |
VU |
fix/ |
| 2025/06/16 |
16:00 |
17:30 |
HS i1 |
Abhaltung |
VU |
fix/ |
| 2025/06/23 |
16:00 |
17:30 |
HS i1 |
Abhaltung |
VU |
fix/ |
| 2025/06/30 |
16:00 |
17:30 |
HS i1 |
Abhaltung |
VU |
fix/ |
Lecturers
