pds-it
['Product detail page','no']
IT security / network security
The illustrations were created in cooperation between humans and artificial intelligence. They show a future in which technology is omnipresent, but people remain at the center.
AI-generated illustration

IT security in action: detecting, fending off and preventing cyber attacks

Knowing attack patterns, identifying security gaps, setting up protective measures - anti-hacking training with lots of practical exercises
Online
3 days
German
Download PDF
€ 1.890,-
plus VAT.
€ 2.249,10
incl. VAT.
Booking number
41187
Venue
Online
6 dates
€ 1.890,-
plus VAT.
€ 2.249,10
incl. VAT.
Booking number
41187
Venue
Online
6 dates
Become a certified
Machine Learning Engineer
This course is part of the certified Master Class "Machine Learning Engineer". If you book the entire Master Class, you save over 15 percent compared to booking this individual module.
To the Master Class
In-house training
In-house training for your Employees only - exclusive and effective.
Inquiries
In cooperation with
Almost every second company in Germany has been the victim of a hacker attack in the last two years. The Federal Office for Information Security classifies the situation as critical. The risk of cyber attacks is one of the biggest threats to companies and poses major challenges for IT administrator, security officers and analysts analysts. In this hands-on security training course, you will gain in-depth insights into all important security topics and learn how to get a handle on threats. You will learn how hackers operate, which gateways they use and what measures you can take to close them at an early stage. You will not only acquire the necessary specialist knowledge. You will also slip into the role of the hacker and carry out practical attacks yourself. For the interactive exercises, you will be given remote access to a security lab where you can play out attacks on a company network yourself. In the next step, you will learn how to protect your systems from such attacks. At the end, you will have the necessary knowledge to harden your systems and be able to react appropriately in the event of an incident.
Contents

1. basics of cyber security

  • Hacking versus IT security
  • Attackers, motivations and tactics
  • General definitions and important metrics
  • Attack techniques and tactics according to Mitre Att&ck

2. initial infections

  • Different types of social engineering
  • Password-based procedures
  • Advantages and disadvantages of password policies
  • Phishing and bypassing MFA / 2FA
  • Attacks on Microsoft 365 systems
  • Adversary-in-the-browser attacks
  • Browser-in-the-browser attacks
  • Recognize and prevent phishing
  • Browser-based types of attack
  • Attacks with peripheral devices
  • Exploit engineering versus social engineering

3. Infrastructure security

  • Introduction of the attack chain
  • Enumeration and footprinting
  • Discovery and port scanning
  • Offline cracking via hashing process
  • Reverse and bind shells
  • Assessment of vulnerabilities
  • Command injections, webshells and SSRF
  • Introduction to Metasploit

4. linux security

  • Linux-Exploitation
  • Lateral movement and pivoting
  • Privilege Escalation
  • Post Exploitation

4. windows security

  • Windows security basics
  • The Windows Credential System
  • IPS invasion
  • Pivoting
  • Memory Corruptions
  • Exploit Mitigations
  • Meterpreter
  • Keylogging
  • Client-Side-Exploitation
  • The Sysinternals Suite
  • Library hijacking

5. Active Directory security

  • Active Directory basics
  • Coercion attacks
  • Pass the Hash (PTH) and Pass the Ticket (PTT)
  • AD persistence (Golden Tickets and Silver Tickets)
  • Impersonation
  • Kerberoasting
  • Over-pass the hash / Pass the key
  • Skeleton Key
  • Machine Account Quota
  • AdminSDHolder
  • Enterprise Access Model
  • Privileged Acess Workstations

6. post exploitation

  • Native and meterpreter commands for post exploitation
  • Living-off-the-land attacks
  • Fileless malware
  • Lateral Movement (RDP, WMI, WinRM, DCOM RPC)

7. defense-in-depth

  • Introduction to the Defense-in-Depth concept
  • Hardening of Windows and Active Directory
  • The kill chain
  • Network defense
  • Basics of the ISMS
  • Threat modeling and protecting crown jewels
  • Development and operation of Security Operations Centers (SOC)
  • Incident response guidelines
  • Threat intelligence

8. ransomware

  • Preventive and secure backup strategies
  • Disaster recovery with RPO and RTO
  • Restoration of data
  • Protective measures against ransomware
  • Weighing up: To pay or not to pay?
  • Decryption considerations
  • Overview of ransomware tools

9. case studies and practical exercises

This course offers a curriculum that consists largely of practical exercises and case studies. As a result, the essential safety concepts are covered in depth. Each topic has been carefully selected to provide participants with both the necessary knowledge and practical skills that can be immediately applied in their daily work.

Your benefit

You can make sensible decisions in your daily work environment to improve IT security efficiently and sustainably.

 

Numerous practical exercises will enable you to recognize and fend off attacks and close existing security gaps.

 

You will learn how to fend off 0-day and 1-day attacks and meet the technical and organizational requirements of the GDPR and NIS2 regulations.

 

You will gain an overview and in-depth knowledge of attack vectors as well as response and protection measures.

 

You will learn how to deal with the constantly changing challenges in the field of cyber security.

trainer
Oliver-Tobias Ripka
Methods

This training training is conducted in a group of a maximum of 15 participants using the Zoom video conferencing software.

 

Individual support from the trainers is guaranteed - in the virtual classroom or individually in break-out sessions.

 

every participant is given access to an IT security lab, a virtual environment in which a company network is simulated - with various operating systems (Windows, Linux, BSD), servers, clients, firewalls, PDCs, proxies, NG firewalls, IPS, WAF and endpoint protection. Various security exercises are carried out in the lab. The IT Security Lab can be accessed online via a web browser.

Final examination
Recommended for

This course is aimed at IT security officers, IT administrator (client, server, network), programmers, IT engineers and Employees in Security Operations Centers (SOC) as well as anyone who wants to view security risks through the eyes of the attacker and develop better solution scenarios.

 

Initial experience in the operation and administration of IT systems (Windows and Linux) and basic knowledge of IT security are required.

Start dates and details

Form of learning

Learning form

2.6.2025
Online
Places free
Implementation secured
Online
Places free
Implementation secured
21.7.2025
Online
Places free
Implementation secured
Online
Places free
Implementation secured
13.10.2025
Online
Places free
Implementation secured
Online
Places free
Implementation secured
26.1.2026
Online
Places free
Implementation secured
Online
Places free
Implementation secured
13.4.2026
Online
Places free
Implementation secured
Online
Places free
Implementation secured
6.7.2026
Online
Places free
Implementation secured
Online
Places free
Implementation secured
Do you have questions about training?
Call us on +49 761 595 33900 or write to us at service@haufe-akademie.de or use the contact form.