1. Introduction to workshops

• Discussing basic topics related to IT security  (terminology, risk  and elements of Risk Management, what is system „hardening” and where to look for sources of information related to it)

1. Preparation for exercises

• Discussing laboratory environment (VMware Workstation, network topology, operational systems)

1. OSINT (open-source intelligence) elements

• Discussing where and what information related to company’s infrastructure and employees can be found on the Internet by potential intruders

1. Network scanning and detecting details related to operational systems and services

• Discussing tools used for OS and services discovery

1. Scanning and analysing vulnerabilities

• Discussing selected tools used to automate vulnerability scanning (OpenVAS)
• Discussing reports results

1. Hacking systems and devices

• Discussing selected tools and methods of system hacking. Taking control over vulnerable system stealing password, intercepting webcam and keyboard input. Privilege escalation and sample Active Directory attacks.

1. Wireless network security and password cracking

• Wireless network security analysis and intercepting traffic which will enable cracking password Discussing selected tools. Cracking WEP and WPA2 passwords.

1. Social engineering in practice

• Discussing selected tools used in social engineering attacks, preparing environment for social engineering campaign