fbpx
cybersecurity
education
€ EUR
  • $ USD
  • € EUR
  • #bootcamp
  • #course

Winter Infrastructure Pentesting Bootcamp

with Paula Januszkiewicz, Michael Grafnetter, Artur Kalinowski, Marcin Kozłowski
January 27, 2025, 9:00 am
Days
Hours
Min.
Sec.

During this 5-day course in 37,5 hours of super intensive Winter BOOTCAMP you will gain crucial cybersecurity knowledge and skills in terms of Infrastructure Penetration Testing. Moreover, you will be able to:

    • Get the highest quality and unique learning experience – the class is limited to 20 participants by default.
    • Get the opportunity to interact with our world-renowned Experts.
    • Go through CQURE’s custom lab exercises and practice them after the course.
    • Receive a lifelong certification after completing the course!
    • Get 12-month access to the recordings!

 

(9:00am – 4:30pm CET Monday to Friday)

3250

Why this course?

Looking for a way to mix a Winter getaway vibe with some serious skill-building?

Join us for the Winter Infrastructure Pentesting Bootcamp! From January 27th to January 31st, 2025, you’ll spend five days diving deep into the world of cybersecurity. This bootcamp is perfect for experienced cybersecurity pros—think penetration testers, security analysts, and IT administrators—who want to up their game in network defense and attack strategies.

Each day packs in 7.5 hours of hands-on learning that’s both challenging and rewarding. 

Looking for a way to mix a Winter getaway vibe with some serious skill-building?

Join us for the Winter Infrastructure Pentesting Bootcamp! From January 27th to January 31st, 2025, you’ll spend five days diving deep into the world of cybersecurity. This bootcamp is perfect for experienced cybersecurity pros—think penetration testers, security analysts, and IT administrators—who want to up their game in network defense and attack strategies.

Each day packs in 7.5 hours of hands-on learning that’s both challenging and rewarding. 

Pricing plan

We offer you pricing plan designed and adjusted to your specific needs and budget. Buy now or book your spot and pay later.

Course timeline

  • 1. Before the course

    You will receive a Student Guide with instruction on how to prepare for the training, information regarding all the technical requirements and your own individual login credentials to the virtual environment.

  • 2. During the course

    You will be able to exercise and review all learned content on an ongoing basis.

  • 3. After the course

    You will receive a Certificate of Completion, all the materials which have been created and presented by the trainer as well as an access to our community on the Discord server.

Course benefits

How our lessons look like

  • Loads of Knowledge
  • Implementation workshop
  • Course materials
  • Unique exercises
  • Certification

Loads of Knowledge

During this bootcamp, you will dive into the essential tasks for high-quality penetration testing. We’ll explore efficient network mapping and target discovery methods, search for vulnerabilities with a focus on reducing false positives through manual verification, and master exploitation techniques using both custom and commercial tools. 

Implementation workshop

This workshop will guide you through critical tasks performed by skilled attackers or penetration testers against Windows infrastructure and its key components.

Each session concludes with a review of securing techniques, ensuring you understand how to fortify defenses after identifying weaknesses. By the end, you’ll have a well-rounded skill set for conducting thorough penetration tests and enhancing security measures.

Course materials

During the course, you will be provided with a bunch of materials such as lab exercises, presentations, intriguing articles and useful tools to make your tasks a little bit easier!

Unique exercises

All exercises are based on Windows Server, Windows 10, and Kali Linux.  After the workshop, you will receive PowerPoint slides, tools, and lab instructions.

Certification

After finishing the course, you will be granted a CQURE Certificate of Completion. Please note that after completing the course you will also be eligible for CPE points!

Course syllabus

The Winter Infrastructure Pentesting Bootcamp agenda consists of 10 Modules that will be covered during intense 5 Days.

Main takeaways:

  • In-depth knowledge of reconnaissance and enumeration: You’ll learn how to map and analyze networks to spot vulnerabilities and potential entry points. 
  • Advanced skills in vulnerability & threat hunting:  Gain expertise in using cutting-edge tools and techniques to find, understand, and exploit system weaknesses. 
  • Mastery of Active Directory (AD) and Azure Entra ID exploitation: Discover sophisticated attack and defense tactics for identity-based attacks. 
  • Proficiency in advanced Windows services attacks: Learn how to exploit and defend against attacks on critical Windows services and infrastructure. 
  • Expertise in enterprise exploitation and post-exploitation techniques: Understand how to exploit key enterprise services and maintain persistence within compromised networks. 

 

  • Day 1: Mastering Reconnaissance and Enumeration

    • Module 1. Reconnaissance Techniques
      1. Review of goals for testing 
      2. Mastering scanning tools 
      3. Attacking password authentication 
      4. Executing initial access techniques 
      5. Network traffic sniffing and analysis 
      6. Covert channel delivery and exfiltration 
    • Module 2: Operating System Oriented Environment Enumeration
      1. Understanding Windows & Linux network architecture  
      1. Enumerating Windows domains and workstations  
      2. Identifying high value targets (users, admins, devices etc.) 
      3. Identifying roles of different machines (Domain Controllers, File Servers, etc.)  
      4. Utilizing Nmap for operating system-specific scans  
      5. Accessing sensitive data 
    • Daily Summary

      Discussing possible points of entry and mitigation strategies.

  • Day 2: Mastering Hunting for Vulnerabilities

    • Module 3: Hunting for Vulnerabilities
      1. Discovering live systems 
      2. Getting information from open ports 
      3. Misusing typical services NetBIOS, SMB, and other 
      4. Metasploit and other tools  
      5. Automation techniques  
      6. Mastering Powershell / Powersploit  
      7. Manipulating SMB, RDP, and other protocols for control and data exfiltration 
    • Daily Summary

      Discussing vulnerability management and possible mitigations.

  • Day 3: Mastering Identity Attacks and Protocol Flows

    • Module 4: Attacks on NTLM: Execution and Mitigations
      1. Understanding and exploiting NTLM  
      2. Pass-The-Hash 
      3. Over-Pass-The-Hash 
      4. NTLM relay 
      5. NTLM attacks detections 
      6. Hardening NTLM authentication  
    • Module 5: Attacks on Kerberos authentication: Execution and Mitigations
      1. Understanding and exploiting Kerberos  
      2. Core concepts (tickets, keys, SPN) 
      3. Authentication flow 
      4. PKIinit 
      5. Refreshing PAC 
      6. Authentication Monitoring 
    • Module 6: Attacks against Kerberos tickets: Execution and Mitigations
      1. Pass-The-Ticket 
      2. Silver ticket 
      3. Golden ticket 
      4. Keberoasting 
    • Daily Summary

      Discussing identity protection techniques.

  • Day 4: Advanced Attacks on Active Directory and Entra ID

    • Module 7: Advanced AD Attacks: Execution and Mitigations
      1. DCSync 
      2. DCShadow 
      3. NGC/shadow credentials 
      4. Advanced persistence techniques 
      5. Skeleton Key 
      6. Windows Hello for Business Security,  
      7. AdminSDholder 
      8. Offline access attacks 
      9. Decrypting secrets with DPAPI and DPAPI-NG 
      10. Attacks against smart card authentication 
    • Module 8: Azure and Entra ID Pivoting
      1. Cloud enumeration  
      2. On-prem to cloud pivoting  
      3. Cloud to on-prem pivoting  
      4. Entra ID security review 
      5. Stealing Entra ID tokens 
      6. Entra ID MFA and FIDO2 auditing 
      7. Entra ID application security 
      8. Catching signs of attack on-prem and in the Cloud 
    • Daily Summary

      Discussing security features and misconfigurations that help or lead to attacks.

  • Day 5: Mastering Enterprise Exploitation, Post-Exploitation and Pivoting

    • Module 9: Mastering Exploitation of Enterprise Services
      1. Exploiting PKI services 
      2. Exploiting MSSQL Severs 
      3. Exploiting IIS 
      4. Exploiting ADFS 
      5. Bypassing application whitelisting 
    • Module 10: Mastering Persistence and Lateral Movement
      1. Techniques for lateral movement recap 
      2. BITS Jobs 
      3. Boot or Login Autostart Execution 
      4. Boot or Login Initialization Scripts 
      5. Browser Extensions 
      6. Compromising Software Binary 
      7. Event-Triggered Execution 
      8. External Remote Services 
      9. Hijack Execution Flow 
      10. Office Application Startup 
      11. Scheduled Task/Job 
      12. Server Software Component 
      13. Traffic Signaling 
      14. Persistence through Registry keys 
      15. Malicious services 
      16. Fileless malware 
    • Daily Summary

      Discussing mitigations and monitoring capabilities.  

Who is it for?

Audience

This bootcamp is designed for you if you are a: 

  • Penetration tester 
  • Security analyst 
  • IT administrator 
  • Cybersecurity professional
  • & a geek with IT background who wants to start an adventure in the cybersecurity pentesting field 
Platform and Technical Requirements

To participate in the course you need a stable internet connection. For best learning experience we also need you to have a webcam, headphones and a microphone. Open RDP port 3391 for the connection to the lab environment is needed as well. We will setup a secure Zoom classroom for every day of the course – we will send you a safe link to join the conference by e-mail.

Exercises

All exercises are based on Windows Server, Windows 10, and Kali Linux. This course is based on practical knowledge from tons of successful projects, many years of real-world experience and no mercy for misconfigurations or insecure solutions! Remember that the labs will stay online for an extra three weeks so you may practice even more after the
training is completed!

How to persuade your manager that this course is meaningful?

Investing in knowledge is one of the most worthy investment not only for us, but also for our environment. Learning new skills and insights in terms of cybersecurity may benefit with gaining awareness and as a result, may prevent falling a victim to cyber threats in the future.

Protects the Company

You will be the valuable element in regards to company’s safety – knowing about potential threats and ways of avoiding them may be incredibly useful in a daily company life.

Improves Employees skills

Not only your company will gain a specialist in terms of cybersecurity, but also you will unlock the door for expanding your skills horizon even further.

Boosts customer confidence

Completed course with personal certification may be the perfect advantage when it comes to business.

Helps comply with regulations

Knowledge is power—it helps navigate through complex regulatory landscapes. Keeping up-to-date with the latest cybersecurity regulations and standards ensures your company remains compliant, thus avoiding costly penalties and reputational damage.

Saves money in the long run

Who would have want to pay regularly for help in case of emergency data leakage in a company? It’s much better to educate the employees and prevent any cybersecurity risks.

Prepares for emerging threats

After our course, you will be educated in the possible threats and you will identify any suspicious activity online with ease.

Register now and learn from the best!

During this 5-day course in 37,5 hours of super intensive Winter BOOTCAMP you will gain crucial cybersecurity knowledge and skills in terms of Infrastructure Penetration Testing. Moreover, you will be able to:

    • Get the highest quality and unique learning experience – the class is limited to 20 participants by default.
    • Get the opportunity to interact with our world-renowned Experts.
    • Go through CQURE’s custom lab exercises and practice them after the course.
    • Receive a lifelong certification after completing the course!
    • Get 12-month access to the recordings!

Your Experts

This course is delivered by one of the greatest, world-renowned Cybersecurity Experts with practical knowledge from tons of successful projects, many years of real-world experience, great teaching skills and no mercy for misconfigurations or insecure solutions.

Paula

Januszkiewicz

Founder & CEO, Microsoft Regional Director, MVP, MCT

Paula is a world-class Cybersecurity Expert with over 19 years of experience in the field. She is often a top-rated speaker at the world biggest conferences as her unique stage presence is always well-received among diverse audiences. To top it all, she has the access to the source code of Windows!

Michael

Grafnetter

Windows Security Expert, MVP, MCT, CEI, MCP

Cybersecurity Expert on Windows Security, Microsoft Azure and PowerShell with over 11 years of experience in teaching IT professionals, the author of the DS Internals PowerShell module.

Artur

Kalinowski

Cybersecurity Expert

During almost 20 years of his IT career Artur developed his skills in cybersecurity from different perspectives. His experience ranges from a forensic analytics and a university lecturer to a security administrator. Artur worked for government financial institutions and for global cybersecurity companies.

Marcin

Kozłowski

Cybersecurity Expert

Non-standard approach to issues in the area of cybersecurity, thirst for new knowledge, more than 15 years in the industry and Marcin seems not to have changed. Marcin is a holder of OSWP and CEH certificates.

How can we help you?

Suggested searches

    Search history

      Popular searches:

      Not sure what course to look for?

      Mobile Newsletter Form