Security Tips from Expert who has access to a Source Code of Windows!
About the training
Everyone has heard about hackers. It is commonly known that their jobs differ from system administrator jobs. However, things they do in their darkened rooms are definitely interesting and worth knowing. Many of the techniques they use are very useful in everyday administration tasks.
Topics covered in this seminar help you to walk in hacker's shoes and evaluate your network from their point of view. Be careful – this workshop is designed for IT and Security professionals who want to take their skills and knowledge to the next level. After this workshop, you will be familiar with hacker techniques, which can be useful to protect yourself against. This is a two day training with hands-on demos and reasonable and smart explanations.
Author’s unique tools, presentations slides with notes, workshop instructions.
At the end participants will receive the online Certificate of attendance signed by the CQURE Speaker.
Over the course of these two days, we will cover:
Module 1: Windows 10 / Windows Server 2016 - Platform Security and Internals
This module will prepare you for the training! It also contains very useful tips about auditing your environment and understanding security mechanisms used by Windows.
- Detecting unnecessary services
- Misusing service accounts
- Services architecture
- Implementing rights, permissions and privileges
- Integrity Levels
- Usage of privileged accounts
- Browser security
- Registry internals
- Monitoring registry activity
- Boot configuration
- Access tokens
- Information gathering tools
- PowerShell as a hacking tool
- Security management automation
Module 2: Attacks on Credentials and Prevention Solutions
This module involves usage of the custom tools built by the CQURE Team. Some of the tools were first on the market, so you are learning from the best!
- Extracting hashes from SAM and NTDS.dit databases
- Meaning of SYSTEM and SECURITY registry hives
- Kerberos and NTLMv2 issues
- Performing the Pass-The-Hash attack
- Performing the Pass-The-Ticket attack
- Cached logons (credentials)
- Data Protection API (DPAPI) case for cached logons
- CredentialGuard (Virtual Secure Mode)
- Performing the LSA Secrets dump and implementing prevention
- Implementing account scoping
- Good practices for implementing Local Admin Password Solution
- Authentication Mechanism Assurance
- Using virtual smart cards
Module 3: Attacking and Securing Windows Network
Starting from simple network sniffing, ending up with advanced network monitoring to the size of the buffers written. Several techniques used during the training.
- Monitoring network usage by processes
- Monitoring network stack (stackwalk)
- Building a network visibility map
- Host identification
- Port scanning techniques
- Vulnerability scanning
- Sniffing techniques
- Active sniffing: ARP cache poisoning and DNS spoofing
- IP address spoofing
- NETBIOS issues
- SMB Relay attack
- Enabling SMB signatures
- Implementing IPSec and DNSSe
Module 4: Handling Ransomware and Other Malicious Software
In this module you will become familiar with the techniques used by modern malware. Especially for ransomware the launch process itself has changed over years to reach its final form – it is important to know how to prevent it.
- Analysis of Malware Samples
- Virus, Worms, Trojans and Spywares
- Detection of Malicious Code
- Implementation of Ransomware prevention
- Application Whitelisting (AppLocker, DeviceGuard) and EMET
- Code signing techniques
Module 5: Offline Access – Threats and Prevention
Offline access is immediately rewarding the attacker: you do not have to try hard to get the highest privileges and possibility to change anything you want on a drive. In this module you will learn the impact of offline access and how according to best practices we can prevent it.
- Misusing USB and other ports
- Offline Access techniques
- Implementation of the BitLocker in the enterprise scale
Module 6: Windows Security Summary
Module covers discussion about solutions and implementations with top priorities.
Microsoft Security Trusted Advisor, Director of CQURE
Greg has been working with Windows Security since the very beginning of his professional career. He started as a system administrator, then moved to a consultant role, IT manager and chief information security officer (CISO). Now he is mainly responsible for consulting services delivered worldwide by CQURE He has access to a source code of Windows.