Workshop 5 - Workshop on Pentest Kungfu 2019

Speaker: Mr. Anthony Lai


HKPC Building, 78 Tat Chee Avenue, Kowloon, Hong Kong
Date: 7 - 8 Nov 2019 (2 days)


09:30 - 17:00
Non-member Fee
HK$6,800 (Early Bird: HK$6,600)
Member Fee for Organiser/Supporting Organisation HK$6,600 (Early Bird: HK$6,400)

Medium of Instruction

Cantonese with handout in English

Nature & Objectives

Penetration test (pentest) is used to uncover the vulnerabilities of the system and the tester can carry out further exploitation to see whether he/she could gain any confidential information and restricted access.

During the workshop, students will work in groups to dig out vulnerabilities and report their findings. Participants are required to complete assigned mission through hands-on exploration and creative thinking.

We will use BackTrack which is a free live CD with various penetration test tools to carry out all the hands-on exercises.

Hands-on missions to experience to real-world penetration test techniques.

Course Outline

Penetration test process

  • Penetration test framework, process, methodology and ethics
  • OWASP Top 10 vulnerabilities reload
  • Common vulnerabilities and misconfiguration of web application and network
  • Web application and network penetration test as well as Scripting kungfu
  • Get to know a vulnerability
  • Further Attack: Metasploit - An exploit framework and post-exploitation with Meterpreter scripting
  • We will discuss over more scripting stuff in Python, NMap Script Engine and Meterpreter Scripting

Who Should Attend


  • Basic Linux and Win32 commands
  • Basic knowledge in TCP/IP and networking concepts
  • Programming and scripting experience but not mandatory
  • Interested in offensive techniques to dig some flaws out

Target audience:

  • Anyone with an interest in penetration testing
  • IT auditors, system administrator, software developers


Mr. Anthony Lai
Valkyrie-X Security Research Group (VXRL)

Mr. Anthony Lai | Information Security Summit - Over the Horizon Cyber Security | align=

Anthony Lai has hybrid experience in application development, code security, penetration test, threat analysis and audit areas for 14 years. He has done vulnerability assessment, penetration, IT audit and training for government and various corporates. He is now a lead consultant and threat advisor of several MNCs. He acts as a researcher in Knownsec for Web security.

Anthony has spoken in Blackhat USA 2010, DEFCON 18-20, AVTokyo 2011-2012, 2013.5, HITCON 2010-2011 as well as Codegate 2011. He has set up a security research group called VXRL ( in Hong Kong, which connects various whitehats and security researchers.

He is a SANS GWAPT, GREM and GCFA holder.

Copyright © 2019 Hong Kong Productivity Council. All Rights Reserved.