HackLab: Hands-on Hacking

How hackers work

5 -9 February 2018 | the Hague | 30 April - 4 May 2018 | 24 - 28 September 2018

Computer hacking is the practice of influencing computer hardware and software to accomplish a goal outside of their original purpose. A computer hacker is a person who identifies weaknesses and exploits them. Hacking is considered a complex activity. This course will explore the world of hacking and shed a light on how hackers work.

Course objectives

This practical five-day course equips participants with hands-on black box, white box and grey box vulnerability testing. We will address testing of web applications, mobile applications, mobile devices, wireless security, host based and network based infrastructure.

The course takes the participants through the different stages of our proven methodology of information gathering, target selection and vulnerability identification and exploitation. Besides the methodology we will also discuss the different leading practices, such as OWASP and go into the different tools for vulnerability testing.  

  • Practical five-day course
  • Proven methodology of information gathering, target selection and vulnerability identification and exploitation
  • Discuss the different leading practices and go into the different tools for vulnerability testing

Target group

  • Security managers
  • Application developers
  • IT professionals
  • IT auditors who have an interest in ‘Vulnerability Assessment’ and ’hacking’.

Participants of the course are expected to have a basic understanding of network, TCP/IP and Operating Systems (Windows and Linux).

Course outline

Day 1

  • Introduction & Security Trends
  • Penetration testing methodology & External Infrastructure penetration test
  • Firewall security / Prevention systems
  • Physical security assessments and social engineering

Day 2

  • Recap & Infrastructure security tests
  • Infrastructure security tests continued
  • Host-based security test & Wireless security test
  • Wireless security test continued

Day 3

  • Recap & Security Architecture
  • Code review
  • OWASP top 10
  • Executing of a web application vulnerability assessment

Day 4

  • Recap & Mobile Applications and security
  • Security Operating Centres
  • Malware analysis / Incident response
  • Hacking game

Day 5

  • Recap & Interview the client
  • Vulnerability assessment execution
  • Reporting and presentation of the results
  • Evaluation and closing


The course will be given in English or Dutch, depending on the participants preferred language. The course material is in English.

Date, location and time

This five-day course will be held on:

5 - 9 February 2018, the Hague
30 April - 4 May 2018
24 - 28 September 2018

This course starts at 9.00 a.m. and ends at 5.00 p.m.


The costs are € 2,500 ex VAT. Catering (lunch) and course materials are included in the price.

Permanent Education

Deloitte Academy is accredited by the NBA PE institution and has the NRTO label. This course qualifies for 30 PE hours. You can also register your PE-hours at the NOB or VRC.

For more information about our accreditation, we refer you to our Permanent Education page.


'Experienced and knowledgeable people, clear and deep explanation of all topics'
Participant 2015

'The examples and challenges were good points, because they give a more explicit image of the theory that was thought' 
Participant 2015

'The platform was great - Helpfull and friendly course instructors'
Participant 2016

Education Journey

When you followed HackLab: Hands-on Hacking, the next course that you can follow is the Red Team Operations. Also the HackLab: Malware Analysis.

HackLab: Red Team Operations.
Hacking is not exclusive to cyberspace, but can also be done in the physical world. How are these attacks performed? From gaining physical access to digitally exploiting systems without being noticed once you are in.

HackLab: Malware Analysis.
Malware stands for malicious software, scripts or code meant to aid an attacker to hack a system, keep control, steal information or to cause damage. Malware poses a large risk to an organization and having theoretical knowledge on this matter is not enough anymore. Hands-on experience is required on how to discover, analyse and fight malware and is a difficult task without the right knowledge and experience. During this hands-on course experience, participants will gain experience in the analysis of malware, from the initial approach of dissecting to the analysing of advanced malware. 


Until four weeks before the start of the course you may cancel your participation in writing free of charge, or you may propose to attend on another date. Should you cancel within four weeks before the start of the course you will have to pay the full registration fee. In the event of insufficient participants we reserve the right to cancel the course at any time or move the date of the event. If so, you will be informed in due time.


Rob Muris

Rob Muris

Senior Consultant

Rob Muris is a senior consultant within the Cyber Risk Services team of Deloitte Netherlands. His specialties are conducting penetration tests on major infrastructures and providing hacking presentati... Meer

Coen Steenbeek

Coen Steenbeek

Senior Manager

I’m a senior manager with a strong technical background. Within Deloitte Risk Advisory I work in the Managed Cyber Risk Services team, and I am responsible for the services we deliver from the Cyber I... Meer

Ari Davies

Ari Davies


Ari is Director at Deloitte Cyber Risk Services and has over 12 years of information security and ethical hacking experience. He is an experienced penetration testing consultant and engagement manager... Meer