Security Tips from Expert who has access to a Source Code of Windows!

Powered by


About the training

Everyone has heard about hackers. It is commonly known that their jobs differ from system administrator jobs. However, things they do in their darkened rooms are definitely interesting and worth knowing. Many of the techniques they use are very useful in everyday administration tasks.

Topics covered in this seminar help you to walk in hacker's shoes and evaluate your network from their point of view. Be careful – this workshop is designed for IT and Security professionals who want to take their skills and knowledge to the next level. After this workshop, you will be familiar with hacker techniques, which can be useful to protect yourself against. This is a two day training with hands-on demos and reasonable and smart explanations.

Materials

Author’s unique tools, presentations slides with notes, workshop instructions.

Certification

At the end participants will receive the online Certificate of attendance signed by the CQURE Speaker.

Program

Over the course of these two days, we will cover:

Module 1: Windows 10 / Windows Server 2016 - Platform Security and Internals

This module will prepare you for the training! It also contains very useful tips about auditing your environment and understanding security mechanisms used by Windows.

  1. Detecting unnecessary services
  2. Misusing service accounts
  3. Services architecture
  4. Implementing rights, permissions and privileges
  5. Integrity Levels
  6. Usage of privileged accounts
  7. Browser security
  8. Registry internals
  9. Monitoring registry activity
  10. Boot configuration
  11. Access tokens
  12. Information gathering tools
  13. PowerShell as a hacking tool
  14. Security management automation

Module 2: Attacks on Credentials and Prevention Solutions

This module involves usage of the custom tools built by the CQURE Team. Some of the tools were first on the market, so you are learning from the best!

  1. Extracting hashes from SAM and NTDS.dit databases
  2. Meaning of SYSTEM and SECURITY registry hives
  3. Kerberos and NTLMv2 issues
  4. Performing the Pass-The-Hash attack
  5. Performing the Pass-The-Ticket attack
  6. Cached logons (credentials)
  7. Data Protection API (DPAPI) case for cached logons
  8. CredentialGuard (Virtual Secure Mode)
  9. Performing the LSA Secrets dump and implementing prevention
  10. Implementing account scoping
  11. Good practices for implementing Local Admin Password Solution
  12. Authentication Mechanism Assurance
  13. Using virtual smart cards

 

 

Module 3: Attacking and Securing Windows Network

Starting from simple network sniffing, ending up with advanced network monitoring to the size of the buffers written. Several techniques used during the training.

  1. Monitoring network usage by processes
  2. Monitoring network stack (stackwalk)
  3. Building a network visibility map
  4. Host identification
  5. Port scanning techniques
  6. Vulnerability scanning
  7. Sniffing techniques
  8. Active sniffing: ARP cache poisoning and DNS spoofing
  9. IP address spoofing
  10. NETBIOS issues
  11. SMB Relay attack
  12. Enabling SMB signatures
  13. Implementing IPSec and DNSSe

Module 4: Handling Ransomware and Other Malicious Software

In this module you will become familiar with the techniques used by modern malware. Especially for ransomware the launch process itself has changed over years to reach its final form – it is important to know how to prevent it.

  1. Analysis of Malware Samples
  2. Virus, Worms, Trojans and Spywares
  3. Detection of Malicious Code
  4. Implementation of Ransomware prevention
  5. Application Whitelisting (AppLocker, DeviceGuard) and EMET
  6. Code signing techniques

Module 5: Offline Access – Threats and Prevention

Offline access is immediately rewarding the attacker: you do not have to try hard to get the highest privileges and possibility to change anything you want on a drive. In this module you will learn the impact of offline access and how according to best practices we can prevent it.

  1. Misusing USB and other ports
  2. Offline Access techniques
  3. Implementation of the BitLocker in the enterprise scale

Module 6: Windows Security Summary

Module covers discussion about solutions and implementations with top priorities.

The trainer

Microsoft Security Trusted Advisor, Director of CQURE

Greg has been working with Windows Security since the very beginning of his professional career. He started as a system administrator, then moved to a consultant role, IT manager and chief information security officer (CISO). Now he is mainly responsible for consulting services delivered worldwide by CQURE He has access to a source code of Windows.