SuperFlexComing Soon

Cybersecurity: Dark Lab Academy - Penetration Testing

Cybersecurity: Dark Lab Academy - Penetration Testing


May 23 - Jul 21, 2023

Course overview

Dark Lab Academy is a cutting-edge program launched by PwC Hong Kong (PwC), in partnership with Xccelerate, to upskill and re-skill the next generation of cybersecurity talent. This course is built to create a talent pipeline equipped to aid organizations and greater society in protecting data and systems, mitigating cyber risks and improving resilience against modern cyber threats.

Dark Lab Academy’s course pertains to penetration testing, a skill used by ethical hackers to evaluate the effectiveness of technical controls throughout computational systems. Learning penetration testing is essential to understanding how sophisticated adversaries think and act. Students of this program will become proficient in this and other in-demand cybersecurity skills, allowing them to explore the domain at their own pace.

This penetration testing course will span 10 weeks, with content divided into 3 distinct sections– the first of which addressing fundamental theory essential to utilize across all penetration testing engagements.

The second section will act as a sandbox for students, comprising websites and applications intentionally configured to host vulnerabilities reflected in the OWASP Top 10 Framework, similar to real-world situations that PwC’s Dark Lab encounter on a daily basis.

The third section builds on concepts of its predecessors, with practical exercises based on deliberately insecure open source environments used for testing vulnerabilities commonly found in Java-based applications that use popular components.


Course Delivery

Course schedule

Self-paced, learn anytime or anywhere

Weekly face-to-face tutorials

Flexible learning

Remote learning

Campus hot desk available to all students

Access anytime or anywhere

Access to digital content e.g. documentation/video recordings/practical skills

Online support from mentors

Course plan

Fundamentals - Learn Basic Cybersecurity Skills Modules (1 - 3)

Module 1

Introduction & Fundamentals

Learn why cybersecurity is a critical component to modern business.

Work with real industry professionals to get a sense of their impact.

Understand the variety of potential roles you can move into through this exciting career path.

Module 2

Theoretical Concepts and Techniques

Cover key terminology and concepts to understand the penetration testing landscape.

Dive into the OWASP Top 10 Framework which entails the most critical security risks to web applications - learn about at least one area of the OWASP Top 10 per week through a blend of theory and practical exercises.

Become familiar with command execution and learn how to find tools and resources to help you beyond the course.

Module 3

Hands-On Cyber Ranger and Advanced Concepts

Work in custom-built environments to learn how to identify and exploit potential vulnerabilities.

Learn advanced penetration testing concepts including scanning defenses, pivoting between networks, deploying proxy chains and more.

Polish your skills and prepare to become Dark Lab Academy certified.

Request a detailed syllabus


Explore the course features


Full access to all learning materials

Pre-recorded content

Industry-Centric Projects


Curriculum Access

Unlimited during bootcamp

Full access to all learning materials

Pre-recorded content

Industry-Centric Projects


Curriculum Access

Unlimited during bootcamp

Payment options

Explore our payment plans and choose the best option for you.


FPS Transfer

Bank Transfer


Credit Card

Introducing instalments


Make 12 payments over 12 months with 0% interest

New users get HK$200 cash reward for opening Livi account with code X#livi

Users can enjoy up to 8% cash back (up to $100 a month)

Frequently Asked Questions

The examination consists of two parts - a 24-hour penetration testing examination assessing the knowledge and skills obtained throughout the course, followed by a documentation report due 24 hours after the practical element.

Yes, PwC Dark Lab will be offering a full-time permanent job offer as a Junior Penetration Tester to all students that complete the course and successfully pass an examination that comprises hands-on practical exercises in the virtual cyber range. This is subject to undergoing the standard PwC standard onboarding process (e.g., application, background checks, and streamlined interviews).

The era of cloud computing, Internet of Things (IoT), automation and online collaboration tools has accelerated digital and human connectivity. These new hybrid human-digital ecosystems are often fragile, with the cyber threat landscape becoming increasingly sophisticated as malicious attackers take advantage for profitability, sabotage, and espionage. As organisations look to improve their cyber-resilience, they are faced with another problem - a talent shortage. This hurdle has jeopardised the ability of organisations to act swiftly and decisively to safeguard against dynamic cyber threats. We aim to solve the cyber talent shortage issue through upskilling and reskilling our workforce. In doing so, we will have a deeper resource pool to call upon to protect our society from the ever-changing cyber threat landscape.

At this point in time, yes. This is subject to further review and change in the future.

Students will also be eligible to join Dark Lab’s bug bounty program via the Cyberbay platform. This will grant students access to a range of real, live systems by various large corporations and Small to Medium Enterprises (SMEs) to continually “learn and hack” after the course, and subsequently be able to “hack and earn” for cash and credits.

As above - though we may want to elaborate this more when we decide what to do with the badge, including having token/gamification to generate demand

The course will provide students with on-demand learning content, ranging from documentation to videos and a cyber range to hone practical skills. Every week, our instructors will host two one-hour open sessions to receive questions and provide more specific guidance on the condition that students have attempted the course and homework. Discord channel will be open for students to raise questions, share information, and encourage each other.

All students require is the willingness to learn, good attitude, and the ability to “try harder”. We advocate passion as that will always allow you to get to where you want in life.

All citizens residing in Hong Kong will be eligible for enrolment in Dark Lab Academy’s cybersecurity course. Students that successfully completed the course training, quizzes and lab exercises, and passed the examination designed by PwC Hong Kong will obtain the Dark Lab Academy digital badge to demonstrate their skills learnt during the course. Please note at the moment the guaranteed job offered by PwC Dark Lab (i.e. full-time permanent job as a Junior Penetration Tester) are only applicable for those with Hong Kong Permanent Resident status.

Upon successful enrollment of the Dark Lab Academy cybersecurity course, students will be shared the course schedule detailing on open sessions arrangement, course breakdown and module breakdown.

The Dark Lab Academy cybersecurity course will adopt the self-learning approach, whereby students will be able to access the documentation, videos, and cyber range through the on-demand platform to learn at their own pace. The course materials will be released on a weekly basis to ensure students are able to focus on the latest content. To support students learning during the 10-week course, two one-hour open sessions in English and Cantonese will be hosted every week by Instructors to address selected questions raised on the Discord channel. The open sessions will be held according to the agreed timeslot between the instructor and the cohort, while the video recording of the sessions will be available for students unable to attend. The Discord channel will be available 24x7 for students to raise questions for Instructors, exchange information with each other, and encourage collaboration throughout the course.

Upon successful completion of the 10-week Dark Lab Academy cybersecurity course, students will have two further weeks to hone their skills in the cyber range. They will also be entitled to make an appointment for one attempt of the examination from the start of the course until the end of this 2-week period, totaling 12-weeks. Please note there is no fixed date or expiration period for the examination attempt, and there is no penalty for changing the examination date up to two times during the 12-week period. The examination is attempted online (i.e., remotely) without any assistance or collaboration from peers. The examination consists of two parts: (1) 24-hour penetration testing examination to assess the student’s knowledge and skills obtained throughout the course by hacking up to three vulnerable machines, and (2) submission of documentation report 24 hours after the practical element detailing the steps performed and tools leveraged during the hands-on practical examination to fully compromise the vulnerable machines. A sample report template will be made available to students upon the start of the course as part of the course materials. Students may familiarize themselves with the reporting structure and would need to adhere to a professional documented approach to pass the examination.

The CISA certificate is the global standard for professionals who have a career in information systems particularly in auditing, control, and security. This may be helpful for students to grasp concepts more easily in our course. However, they are not necessarily assessing and/or demonstrating the same skillsets as the Dark Lab Academy course. Given our course focuses on ensuring students are able to perform a hands-on practical assessment to evaluate if web applications are vulnerable to the most critical security risks. As a result, the CISA certificate will neither be a pre-requisite to apply for the course, nor part of the requirement to get the job in PwC’s Dark Lab.

Upon obtaining the Dark Lab Academy digital badge, students are eligible to join Dark Lab’s bug bounty platform, which offers monetary awards for finding and reporting certain types of vulnerabilities and bugs. This can be done in a part-time or freelance capacity, with no time commitment. Details of the program will be made available upon request.

There are no pre-requisites to enrolling for the Dark Lab Academy course. Our objective is to lower the barriers of entry to the cybersecurity profession, provide accessibility to all groups of people regardless of their technical background, and democratize cybersecurity as it is viewed by PwC Dark Lab as a basic human right.



Yes, it’s possible. We can add a function in the smart contract that allows the owner to transfer the NFT back to the minter (PwC).

Yes. We can modify the smart contract so that it’s not transferable. For example, we can make it so that the NFT is only allowed to be transferred once (during minting, from PwC to the student).

We can revoke the actual NFT from the student. To implement, we add a function in the smart contract that allows the owner to transfer the NFT back to the minter (PwC).

Accelerating humanity by educating workforces