Live Hacking

Live Hacking is one of the most impressive and entertaining ways to demonstrate how easy it is for criminals to gain access to third party data or to spy on others. As a stand-alone event or integrated into your regular meetings – live hacking is the ideal tool for sustainably increasing security awareness in your company.

Catalog of topics

Each hack can be combined and, if desired, packed into a „war story“. We are also happy to consider other individual wishes you may have. Live Hacking sessions take between 10 and 30 minutes.

Nicht bearbeiten!

Your content goes here. Edit or remove this text inline or in the module Content settings. You can also style every aspect of this content in the module Design settings and even apply custom CSS to this text in the module Advanced settings.

Google Hacking

Using what is known as Google Dorks, it is very easy to gain access to unprotected systems such as printers or webcams over the internet.
Duration: 10 minutes

Credit cards

This scenario demonstrates how credit cards with a contactless payment function can be read using a smartphone.
Duration: 10 minutes


This hack demonstrates how dangerous phishing emails can be for careless or untrained users and how phishing attacks can irreversibly transfer money to an attacker‘s account.
Duration: 25 minutes

Presenter Hack

This scenario demonstrates, how an attacker can get unauthorized access to the system via the radio interface of a presenter.
Duration: 15 minutes

Rubber Ducky

Using a USB flash drive, an attacker can compromise systems without much effort in order to access or encrypt data.
Duration: 15 minutes

SMS Spoofing

This scenario illustrates how easily SMS messages can be forged and addresses the risks associated with SMS spoofing in combination with other attack scenarios.
Duration: 10 minutes

SQL Injection
This hack shows how an attacker can use SQL Injection to get unauthorized access to a sample online bank.
Duration: 20 minutes

This hack demonstrates the risks connected to the use of public networks and also shows how dangerous the automatic WiFi search function of mobile devices can be.
Duration: 20 minutes

Business Logic Flaw

Due to complex applications, errors in the business logic (so-called business logic vulnerabilities) are not uncommon and can have fatal business-damaging consequences. In addition, these do not require a deep technical understanding, but often just a little creativity.
Duration: 10 minutes


Each session starts with a short introduction before proceeding to the actual live hacking demonstration. If required, we schedule in extra time for attendees to ask questions and discuss the issues afterwards.

Our consultants

Our Senior Consultants at the usd HeroLab have many years of practical experience in identifying vulnerabilities and performing pen tests, i.e. in legally hacking our international clients. Moreover, our pentesters are certified according to internationally recognized standards, such as the “Certified Ethical Hacker”, or the “Offensive Security Certified Professional”.



Please contact us with any questions or queries.


Phone: +49 6102 8631-190
Contact Form


Daniel Heyne
usd Team Lead Sales,
Security Consultant Pentest, OSCP, OSCE