This document describes two security labs - a social engineering lab and a physical security lab. In the social engineering lab, students are instructed to find a phishing email in their junk folder and analyze why it is considered spam. The physical security lab simulates a situation where an attacker exploits physical security vulnerabilities to access a company's network and steal password hashes from one of the Windows computers. Students are guided through steps as an attacker to gain remote desktop access to the target computer, export registry files containing password hashes, and use a tool to extract and view the password hashes, including that of the Administrator account.