An insecure IT environment may seriously endanger the operations or even the continued existence of companies. Small, insignificant errors often cause dangerous gaps in IT networks. The prerequisite for eliminating these errors is identification of the gaps. Although IT infrastructures and applications may be robustly designed according to high-quality standards, they may still contain weaknesses. In order to identify these weaknesses, a penetration test is ideally suited as a control instrument. Because this is the only way to effectively examine IT networks for security gaps both externally and internally. However, implementation of these simulated hacker attacks is anything but easy and will be discussed during the workshop.