Workshop
A structured session that takes participants from zero to their first real exploits.
Quick introductions, legal disclaimer, and learning objectives. Participants pair up into teams of two.
How to open the browser developer console, inspect network traffic, and understand what happens behind the scenes.
What databases are, how SQL works, and why insecure code leads to SQL injection. 5 minutes theory, then participants exploit a real vulnerable application themselves.
How HTML, CSS, and JavaScript work together, and what happens when user input is not sanitized. Participants inject scripts into a real web application.
Live demonstration with custom hardware. Monitor mode, deauthentication attack, capturing handshakes, and brute-forcing the WiFi password. All on a test network brought by the instructor.
Introduction to boxes: SSH access, privilege escalation, exploiting applications running as root. Ends with a cliffhanger to motivate further learning.
Next steps, resources for continued learning, and personal certificates handed to each participant.
Participants exploit actual vulnerable applications running in Docker containers on the Endolum Academy platform. Not a slideshow.
Teams of two. Collaborative problem solving, discussion, and shared screen time. Everyone is actively involved.
Custom hardware setup with a test WiFi network. Monitor mode, deauth attack, handshake capture, password cracking. All live.
Every participant receives a personalized certificate of completion. Good for portfolios and LinkedIn.
Participants only need a laptop with a browser. No prior hacking knowledge required. The session starts from the basics.
Access to the Endolum Academy Discord community and free challenges to continue learning after the session.
IT apprentices and students who want to see what cybersecurity looks like in practice. Already delivered at multiple Swiss vocational schools.
Team events, security awareness days, or onboarding for IT staff. A practical alternative to the usual awareness presentation.
Interactive workshop format for tech events. Engaging content that gets participants actively hacking within minutes.
Inspiring the next generation. The format works well for career days, STEM events, and technology introduction programs.
Feedback from Hack-On sessions at Swiss vocational schools. Published with permission.
"The IT security workshop was very well structured and clearly explained. The tasks were practical, fitting to the topic, and meaningfully deepened what was learned. I particularly liked that you had to actively think and participate. The workshop clearly sparked my interest in cybersecurity and hacking."
"You can tell the instructor is genuinely interested in the subject and speaks from real experience. The exercises were well designed and engaging."
"The challenges were really well made with a great interface. Great inputs with many practical learnings."
"Very well structured with theory followed directly by hands-on tasks. That approach really sparked my interest."
"Being able to try everything practically yourself means you take away a lot of value from the workshop."
"I found the difficulty level rather high, but because of that the learning effect was even greater."
"Very good workshop. I learned a lot and it was very exciting to follow along."
"In my opinion it was a very informative and entertaining course."
"Very helpful. Quite good to test everything practically yourself."
"Very cool course with a great instructor. I learned a lot and had a good time."
"It was great. We had a lot of fun and learned a ton."
"It was very amusing and I learned a lot."
2.5 hours including a short break
Up to 30 participants. Larger groups on request.
On-site at your location. Anywhere in Switzerland.
Each participant needs a laptop with a browser. WiFi provided by you. Everything else is handled.
German or English. Platform interface is in English.
Manuel Buerge. WorldSkills Gold Medal Coach, Lead Threat Intel Analyst, founder of Endolum Academy.
Tell me about your group, the preferred date, and location. I reply personally, usually within 24 hours.