Apply for “Advanced Windows Security Course for 2017”

A 6-week Online Certification Program Designed By Paula Januszkiewicz For Advanced Professionals Who Want To Crush The Threats In 2017

START: November 28, 2016
Application Closed

Why are we doing this?

Are you committed to levelling up in Windows Security? Good, so are we.

What excites us the most is turning professionals into key experts. We like to think that our experience is YOUR shortcut.

You see, according to the industry’s statistics, by 2019 the market will be short of over 1 million (!) security experts with skills needed to effectively protect the system.

We want to change it. That’s why we created a certification program “Advanced Windows Security Course for 2017”.

How is this training different from others?

Only once a year

You’ll only learn things that will be crucial and most relevant in the following year. We run the training only once a year, never with the same content.

Only advanced stuff

You’ll skip the fluff and go straight to the advanced stuff. The pace is quite intense, so expect a smoke coming out of your ears.

Only NEW tools and techniques

The training is pretty hands-on, because it has been designed by passionate practitioners and obsessive researchers from CQURE Team.

Only cool presenters!

We’ll bring a bunch of experts on board, but it’s Paula Januszkiewicz who will be your main teacher and the host of the program.

Course Formula

LIVE Trainings

You’ll join our 2-hour long live classes on a special interactive platform – happening twice a week at 7PM CET (10AM PST / 1PM EST).

Action packed

You’ll go through 12 modules in 6 weeks. We’re not fluffing around, you’ve been warned.

Once a Year Only

We organise this course only once a year, in its last quarter. Every next edition is updated with new tools and challenges.

Interactive classroom

After every class you’ll be able to ask questions.

Extra materials

We’ve prepared for you slides, extra materials and homework for each session.

12-month Access

You’ll get a full year of online access to all the recordings (counted from the first class).

The Training Lab

During the course you’ll have access to a special training platform where you can safely test your hacks.

Social & Network

You’ll become a member of a closed Facebook group, where you can not only share your challenges and geeky jokes… but also network.

CQURE Certificate - "Windows Security Master 2017"

You’ll receive an official CQURE certificate “Windows Security Master 2017″ after passing the final exam. Yes, there will be a final exam.

Course Syllabus

Module 1

Windows 10 / Windows Server 2016 – Platform Security and Internals

~ November 28, 2016 (7PM CET / 10AM PST / 1PM EST) ~

This warm-up module will prepare you for the training! It also contains very useful tips about auditing your environment and understanding security mechanisms used by Windows.

  • Detecting unnecessary services
  • Misusing service accounts
  • Implementing rights, permissions and privileges
  • Integrity Levels
  • Usage of privileged accounts
  • Browser security
  • Registry internals
  • Monitoring registry activity
  • Boot configuration
  • Access tokens
  • Information gathering tools
  • PowerShell as a hacking tool

Module 2

Attacks on Credentials & Prevention Solutions

~ December 1, 2016 (7PM CET / 10AM PST / 1PM EST) ~

This module involves usage of the custom tools built by the CQURE Team. Some of our innovative tools were the first on the market… so you are learning from the best. 😉

  • Extracting hashes from SAM and NTDS.dit databases
  • Meaning of SYSTEM and SECURITY registry hives
  • Kerberos and NTLMv2 issues
  • Performing the Pass-The-Hash attack
  • Performing the Pass-The-Ticket attack
  • Cached logons (credentials)
  • Data Protection API (DPAPI) case for cached logons
  • CredentialGuard (Virtual Secure Mode)
  • Performing the LSA Secrets dump and implementing prevention
  • Implementing account scoping
  • Good practices for implementing Local Admin Password Solution
  • Authentication Mechanism Assurance
  • Using virtual smart cards

Module 3

Attacking & Securing Windows Network

~ December 6, 2016 (7PM CET / 10AM PST / 1PM EST) ~

From simple network sniffing, to advanced network monitoring. Brace yourself — we’ll use various sneaky techniques during this training.

  • Monitoring network usage by processes
  • Monitoring network stack (stackwalk)
  • Building a network visibility map
  • Host identification
  • Port scanning techniques
  • Vulnerability scanning
  • Sniffing techniques
  • Active sniffing: ARP cache poisoning and DNS spoofing
  • IP address spoofing
  • NETBIOS issues
  • SMB Relay attack
  • Enabling SMB signatures
  • Implementing IPSec and DNSSec

Module 4

Handling Ransomware & Other Malicious Software

~ December 8, 2016 (7PM CET / 10AM PST / 1PM EST) ~

In this module you will become familiar with the techniques used by modern malware. Especially for ransomware the launch process itself has changed over years to reach its final form — it is important to know how to prevent it.

  • Analysis of Malware Samples
  • Virus, Worms, Trojans and Spywares
  • Detection of Malicious Code
  • Implementation of Ransomware prevention
  • Application Whitelisting (AppLocker, DeviceGuard) and EMET
  • Code signing techniques

Module 5

Implementing Security Policy Settings

~ December 13, 2016 (7PM CET / 10AM PST / 1PM EST) ~

The policies you choose impact the level of vulnerabilities of your network to security breaches and attacks. In this module you will learn about the most important (and not obvious) security settings.

  • Group Policy Objects issues
  • Group Policy Objects security settings
  • Group Policy Preferences issues
  • Best practices for Group Policy
  • Implementing Advanced GPO Features

Module 6

Offline Access – Threats & Prevention

~ December 15, 2016 (7PM CET / 10AM PST / 1PM EST) ~

Offline access is immediately rewarding the attacker: you don’t even have to try hard to get the highest privileges and possibility to change anything you want on a drive. In this module you will learn the impact of offline access and how to prevent it (according to the best practices).

  • Misusing USB and other ports
  • Offline Access techniques
  • Implementation of the BitLocker in the enterprise scale

Module 7

Providing Data Security & Availability

~ December 20, 2016 (7PM CET / 10AM PST / 1PM EST) ~

Data security is absolutely necessary to maintain business continuity. It should assure privacy and implement prevention solutions to block unauthorized access from databases, file stocks etc. Since data security is one of the main priorities for organizations, this module covers the most important aspects of it.

  • Designing data protection for Microsoft Office, PDF and other file types
  • Deploying Active Directory Rights Management Services
  • Deploying File Classification Infrastructure and Dynamic Access Control
  • Configuring a secure File Server
  • Securing and auditing access to Files and Folders
  • Implementing FSRM, managing Quotas, File Screens, and Storage Reports
  • Attacks and hardening for Microsoft SQL Server
  • Clustering selected Windows services

Module 8

Attacking & Securing Web Server

~ December 22, 2016 (7PM CET / 10AM PST / 1PM EST) ~

This module presents techniques and a series of steps required to secure a Web server. As soon as you know what a secure Web server is, you can learn how to apply the configuration settings to create one. This module provides a systematic, repeatable approach that you can use in your enterprise.

  • Configuring IIS features for security
  • Deploying Server Name Indication and Centralized SSL Certificate Support
  • Monitoring Web Server resources and performance
  • Distributed Denial of Service attacks
  • Local Denial of Service
  • Deploying Distributed Denial of Service attack prevention
  • Extracting information from the IIS logs
  • Implementing Application Request Routing
  • Deploying Network Load Balancing and Web Farms

Module 9

Forensics Techniques

~ January 10, 2017 (7PM CET / 10AM PST / 1PM EST) ~

This module teaches the various types of digital forensic techniques and evidence gathering methods available currently in Windows: from disk analysis, to memory dumps and memory analysis.

  • Computer Forensics; Objectives of Forensics Analysis
  • Role of Forensics Analysis in Incident Response
  • Forensic Readiness And Business Continuity
  • Types of Computer Forensics; 
  • Computer Forensic Investigator; Computer Forensics Process
  • Collecting Electronic Evidence; Analyzing Prefetch; Analyzing Windows Jump List
  • Analyzing Windows ShellBag; Analyzing Windows AppCompatibility Cache Utility
  • NTFS Filesystem Analysis; Analyzing Windows Journal 
  • Analyzing Windows $MFT and NTFS Metadata
  • Scanning portable executables
  • Forensic Analysis Guidelines; Forensics Analysis Tools
  • Memory acquisition techniques; Finding data and activities in memory
  • Tools and techniques to perform memory forensic

Module 10

Security Monitoring Operations

~ January 12, 2017 (7PM CET / 10AM PST / 1PM EST) ~

Module covers discussion and practical usage of chosen tools. Below is the list of all the tools that we could cover during the training — we will choose the most interesting ones together. Using tools: Performance Monitor, PAL, Process Monitor, Process Explorer, MPSReport, SPSReport, SPDisposeCheck, Dependency Walker, SQL Nexus, LogParser, Indihiang, PowerShell, Application Verifier, Logger/LogViewer, XPerf – Windows Performance Analyzer, PerfView – Low Level Profiler for .NET applications, DebugDiag – Debug Diagnostic, ProcDump, WinDbg, Netmon, Fiddler – HTTP Debugger Proxy, NP .NET Profiler and other useful ones!

  • Configuring Centralized Windows Event
  • Log Collection
  • Monitoring Critical Windows Events
  • Detecting Malware via Windows Event Logs
  • Scripting and Automation
  • PowerShell used for monitoring
  • Microsoft baseline security analyzer
  • NTFS and registry auditing
  • Creating system baselines
  • Scripting tools

Module 11

Incident Response & Handling Steps with Microsoft Advanced Threat Analytics & Sysmon

~ January 17, 2017 (7PM CET / 10AM PST / 1PM EST) ~

200+ days. That’s the average amount of time that attackers reside within your network until they are detected, gathering classified data and information, waiting to strike at just the right moment. In this module you will learn how to identify breaches and threats using behavioral analysis and provides a clear, actionable report on a simple attack timeline. We will be using customized tools!

  • How to Identify an Incident; Handling Incidents Techniques
  • Incident Response Team Services
  • Defining the Relationship between Incident Response, Incident Handling, and Incident Management
  • Handling: Short-term lease subnets; Handling: Honeytokens
  • Handling: Suspicious Activities Time Line; Handling: Filtering Suspicious Activities
  • Handling: Self-learning; ATA Console and ATA Configuration
  • Telemetry; Sysmon implementation
  • Using custom CQURE tools to extract information from Sysmon logs
  • Sysmon integration with Splunk; Incident Response Best Practices
  • Incident Response Policy; Incident Response Plan Checklist


Module 12

Windows Security Summary

~ January 19, 2017 (7PM CET / 10AM PST / 1PM EST) ~

In this module we’ll focus on discussing TOP PRIORITY solutions and implementations. We’ll go through the very practical, ready to use CQURE To-Do Security Checklist. It will also be your last chance to ask questions before the final exam.

Application Closed

Click here to browse the modules:

PLEASE NOTE: There will be an online final exam covering all 12 modules. To receive an official CQURE certificate “Windows Security Master 2017” you have to get at least 70% of the answers right. We highly recommend that you don’t leave the revision until the last minute. 😉

Your teachers

Paula Januszkiewicz

Founder and CEO of CQURE

Paula is a Microsoft Security Trusted Advisor, IT Security Auditor and Penetration Tester. On top of that, she’s an Enterprise Security MVP and trainer (MCT). She shares her expertise on Windows Security through online writing and speaking at conferences (she already checked off TechEd North America, TechEd Europe, TechEd Middle East, RSA, TechDays, CyberCrime — to name but a few). She proudly holds the role of the Security Architect in IDesign and manages her own company CQURE.

Greg Tworek

Director of CQURE

Greg has been working with Windows Security since the very beginning of his professional career. He started as a system administrator, then moved to a consultant role, IT manager and chief information security officer (CISO). Now he is mainly responsible for consulting services delivered worldwide by CQURE.

Kamil Bączyk

Senior Infrastructure & Security Expert

Kamil deeply believes that combining work and hobby is the key to success. In CQURE he has his heart and soul in the Microsoft infrastructure, cloud and security solutions. Kamil’s experience allows him to perform architecture consulting, penetration tests and authored trainings and seminars.

Chris Pietrzak

Infrastructure Architect & Security Expert

Chris is a true geek that follows the maxim: everything is possible it is just a matter of time! As for day-to-day work at CQURE he designs and implements solutions for Security, Network & Management area, mainly for various platforms, he is an architect for various network solutions from HP and CISCO, and edge solutions from CheckPoint, Fortinet and SonicWall.

Michał Jankowski-Lorek

Cloud Solutions & Machine Learning Expert

Michael designs and implements solutions for Databases, Network & Management area, mainly for Microsoft platform. As for day-to-day work, he works as Solution Architect, designing and planning database related solutions and software, mainly based on Microsoft and Oracle servers. He also designs and administers IT Infrastructure based on Microsoft systems and network solution from CISCO.

Who Is It For

Intermediate to Advanced
Windows Security Professionals

This program is for you, if you want to level up and become key expert in your company (or even in your field). We promise to challenge your ways of thinking and executing.

Ethical Hackers
(who are familiar with…)

Attendee needs to have general fluency in Windows environment (including security skills, penetration testing etc.) Active Directory related knowledge is required. Take the quiz to see where are you at.

Brave Newbies

If you are a newbie you can still apply, but the program WILL NOT cover the basics — so it might be really challenging for you to get in or to keep up with the group.

If you’re not sure where are you at, you can quickly

test yourself by taking Paula’s Security Quiz >>>

(If you score 13 points and above — this training is for you)

What CQURE Academy Students say

Let me start by saying Paula is amazing!! The passion for the topic really shows. As an engineer with 16 years of experience, I am impressed. Thank you for the education, and entertainment.

Dave Kordyban

Network Engineer | Garrett County Government

Course by CQURE Academy is a great course. Intense, deep and revealing. As it also happened before, Paula Januszkiewicz knows how to blow your mind. As great athletes make their discipline look easy when you watch them perform, so Paula makes Windows purr like a little kitten. Even though I am fully aware of how much I still don’t know, after a course such as this Windows is not mysterious anymore. This is a great feeling.

Doru-Catalin Togea

Information Security Advisor | Norwegian Police

We have learned a lot about IIS, hacking and much much more. Our motivation has increased during this course and of course great interest in your work Paula. Impressed with your enthusiastic energic way of presenting.

Styrk Finne

Senior Professional System Engineer | CSC Norway

Once Again, What Are You Getting


  • You’ll participate in a live, online certification program, divided into 12 modules spread over 6 weeks.
  • Live, online sessions happening twice a week, 2 hours each (at 7PM CET / 10AM PST / 1PM EST).
  • The syllabus covers 12 modules: Attacking & Securing Windows Network, Handling Ransomware, Forensics Techniques, Incident Response… and much more.
  • The program has an interactive, hands-on formula — and after every class you’ll be able to ask questions.
  • During the 6 week program you’ll also get free access to the CQURE Training Lab and closed Facebook group where you can share your challenges and upgrade your network.
  • You’ll receive an official CQURE certificate “Windows Security Master 2017” if you pass the final exam.
  • All the video recordings and extra materials are yours to keep for 12 months from the start of the program.

Tuition: $2,850

Application Closed

We’ll be taking on board 200 students only. Admission is selective. We prioritize: your skills and professional achievements, but also your attitude and how you can contribute to the group — so that we all can learn from each other. Good luck!

Frequently Asked Questions