• Startsiden
  • Kurs
  • Securing Windows Infrastructure with Sami Laiho + Paula Januszkiewicz

Securing Windows Infrastructure with Sami Laiho + Paula Januszkiewicz

Are you ready to join the two worldclass speakers Paula Januszkiewicz and Sami Laiho to learn all about how to master attack techniques, defenses & modern Security Strategies in Windows Security during this five day event? We promise in depth learning, a dinner with the experts and a fun learning environment.

This intensive, hands-on training is designed for enterprise administrators, security professionals, penetration testers, and security architects who want to master Windows security from both an attack and defense perspective. Delivered by an industry experts with years of real-world experience, this course goes beyond theory-offering practical knowledge, live demonstrations, and no mercy for misconfigurations. 

We will deep dive into modern attack techniques, covering privilege escalation, identity-based attacks, and advanced exploitation methods used by adversaries. At the same time, we will explore the most effective security measures to mitigate these threats, focusing on hardening infrastructure, implementing Zero Trust strategies, and enforcing least privilege. 

During these 5 days we recommend a good cup of coffee - this event is really intense and in order not to miss a thing you MUST stay awake! 

Target Audience  

Enterprise administrators, infrastructure architects, security professionals, systems engineers, network administrators, IT professionals, security consultants and other people responsible for implementing network and perimeter security. 

About the speakers Paula Januszkiewicz and Sami Laiho

Paula Januszkiewicz is the Founder and CEO of CQURE and CQURE Academy, companies she established back in 2008. She is also an Enterprise Security MVP, honorable Microsoft Regional Director, and a world-class cybersecurity expert, consulting Customers worldwide.

Sami Laiho is one of the world’s leading professionals in the Windows OS. Sami has been working with and teaching OS troubleshooting, management and security for more than 15 years.

Now to the fun stuff - whats on the agenda?

Module 1: Understanding Windows Platform 

  1. Introduction to the Windows 10/11 and Windows Server security concepts 
  2. Architecture overview
  3. Key System Components
    1. Processes, Threads and Jobs
    2. Services, Functions and Routines
    3. Sessions
    4. Objects and Handles
    5. Registry
  4. Rights, permissions and privileges
  5. Access Tokens
  6. Win32 API

Module 2: Modern Attack Techniques 

  1. Discussion: Top attack techniques
  2. Advanced Persistent Threats
  3. Initial access vectors
    1. Phishing – rev shell mail phishing blob
    2. Valid Credentials– password spray exc.
    3. Spoofing – DNS Twist
    4. Vulnerable components (drive by download)
    5. Weak defaults
    6. Other vectors

Module 3: Local Privilege Escalation Techniques 

  1. Escalation through Windows Services
    1. Unquoted service path
    2. Image and DLL manipulation
  2. Schedule Tasks
  3. Access Token Manipulation
    1. SeImpersonate
    2. SeTcb
    3. Create User Token
  4. Process Injection
  5. DLL Injection and Reflective DLL Injection
  6. CreateRemoteThread
  7. Process memory (powerpick / psinject)
  8. Memory Injection
  9. Other techniques

Module 4: Attacks On Identity Infrastructure 

  1. Pass-the-Hash, OverPTH attacks
    1. Pass the ticket
    2. Golden and silver ticket
    3. Pass the PRT
    4. Shadow Credentials / NGC
  2. NBNS/LLMNR spoofing, NTLM Relay, Kerberoasting
  3. DCSync and DCShadow
  4. AdminSDholder
  5. Other identity attack techniques

Module 5: Attack and protection of MSSQL 

  1. Offline access
  2. TDS Injection
  3. Weak Authentication Schema
  4. Securing MSSQL server instance
  5. TDE Encryption
  6. Extracting credentials

Module 6: Securing Windows Platform 

  1. Malware protection approach
  2. Implementing Application Whitelisting
  3. Configuring Exploit Guard
  4. Attack Surface Reduction Rules
  5. Controlled Folder Access
  6. Reviewing security benchmarks

Module 7: Protecting Identity in the Modern Infrastructure  

  1. Credential Guard
  2. LAPS
  3. LSA Protection 
  4. SMB Signing and Encryption
  5. Managing Krbtgt
  6. Detection of the identity attacks
  7. Monitoring AD Infrastructure 
  8. Analyzing complex AD infrastructure (Bloodhound, Pingcastle etc.)

Module 8: Secure Active Directory Certificate Services (PKI) 

  1. Reviewing misconfigurations
  2. Misusing certificates
  3. Implementing best practices
  4. Kill-Chain with certificates

Module 9. Windows Infrastructure Services 

  1. Securing and monitoring DNS Service
  2. Securing and monitoring Internet Information Services
  3. Securing the File Server

Module 10  : Hardening IT Security Foundations 

  1. Introduction to the current and future state of IT security
  2. Implementing hard disk encryption –Building a BulletProof BitLocker!
  3. Using Baselines to protect clients and servers (and how to fix Microsoft’s broken default ones)

Module 11 : Identity and Access Security 

  1. Implementing Directory Tiering and Privileged Access Workstations
  2. Moving to Biometrics and Two-Factor Authentication
  3. Implementing the principle of least privilege – getting rid of admin rights

Module 12 : Modern Security Strategies 

  1. Implementing Allow-Listing
  2. Moving to Zero Trust networking