Pentest "Kungfu“ - Advanced Cyber Security Exploit Workshop
廖小姐,電話:+852 2788 5704


We always hear about the term of “Pentest”, what is it about? What is it used for? How do we carry out penetration test against various servers and systems?

In this advanced workshop, we shall share our “Kung Fu” with you such that you can apply the techniques learnt to uncover system vulnerabilities before attackers do.

Course Objectives

Penetration test (pentest) is used to uncover the vulnerabilities of the system and the tester can carry out further exploitation to see whether he/she could gain any confidential information and restricted access.

During the workshop, students will work in groups to dig out vulnerabilities and report their findings. Participants are required to complete assigned mission through hands-on exploration and creative thinking.

We will use BackTrack which is a free live CD with various penetration test tools to carry out all the hands-on exercises.

Hands-on missions experience real-world penetration test techniques.

Course Content

Penetration Test Process

    • Penetration test framework, process, methodology and ethics
    • OWASP top 10 vulnerabilities reload
    • Common vulnerabilities and misconfiguration of web application and network
    • Web application and network penetration test as well as Scripting Kungfu
    • Get to know a vulnerability
    • Further Attack: Metasploit – An exploit framework and post-exploitation with Meterpreter scripting
    • More on scripting stuff in Python, NMap Script Engine and Meterpreter Scripting


    • lBasic Linux and Win32 commands
    • lBasic knowledge in TCP/IP and networking concepts
    • lProgramming and scripting experience but not mandatory
    • lInterested in offensive techniques to dig some flaws out

Target Trainees

    • Anyone with an interest in penetration testing
    • IT auditors, system administrator, software developers


25-26 March 2021


09:30 – 17:00


1/F, HKPC Building, 78 Tat Chee Avenue, Kowloon, Hong Kong


Cantonese with English terminology


Early Bird Price (deadline on 25 February  2021):

Non-member: HK$6,500 per person

– Member of Organiser/Supporting Organisations: HK$6,400 per person

Regular Price:

– Non-member: HK$6,600 per person

– Member of Organiser/Supporting Organisations: HK$6,500 per person

RTTP Approved Course

This course is an approved Reindustrialisation and Technology Training Programme (RTTP), which offers up to 2/3 course fee reimbursement upon successful applications. For details:

The application deadline is 11 March 2021.  Late submission will NOT be considered.

Certificate of Training

Participants who have attained 75% or more attendance will be awarded Attendance Certificate.



Mr Anthony LAI

Founder & Security Researcher, VX Research Limited                                 

Anthony LAI who has hybrid experience in application development, code security, penetration test, threat analysis and audit areas for 14 years. He has done vulnerability assessment, penetration, IT audit and training for government and various corporates. He is now a lead consultant and threat advisor of several MNCs. He acts as a researcher in Knownsec for Web security.                                             

Anthony has spoken in Blackhat USA 2010, DEFCON 18-20, AVTokyo 2011-2012, 2013.5, HITCON 2010-2011 as well as Codegate 2011. He has set up a security research group called VXRL ( in Hong Kong, which connects various whitehats and security researchers.             

He is a SANS GWAPT, GREM and GCFA holder.


Download Full Course Detail ▼