Admissions for the 2nd Edition of “Advanced Windows Security Course” are now closed. 

A 6-week Online Certification Program Designed By Paula Januszkiewicz For Advanced Professionals Who Want To Crush The Threats In 2018

Notify me about the next opening
Course registration is now closed

Proudly Opening The 2018 Edition!

Are you committed to levelling up in Windows Security? Good, so are we.

What excites us the most is turning professionals into key experts. We like to think that our experience is YOUR shortcut.

You see, according to the industry’s statistics, by 2019 the market will be short of over 1 million (!) security experts with skills needed to effectively protect the system.

We want to change it. That’s why we created a certification program “Advanced Windows Security Course 2018”.

This course happens ONLY once a year, is never the same and is limited to 150 students who have to apply to take part.

How is this training different from others?

Only once a year

You’ll only learn things that will be crucial and most relevant in the following year. We run the training only once a year, never with the same content.

Only advanced stuff

You’ll skip the fluff and go straight to the advanced stuff. The pace is quite intense, so expect a smoke coming out of your ears.

Only NEW tools and techniques

The training is pretty hands-on, because it has been designed by passionate practitioners and obsessive researchers from CQURE Team.

Only cool presenters!

We’ll bring a bunch of experts on board, but it’s Paula Januszkiewicz who will be your main teacher and the host of the program.

Course Formula

LIVE Trainings

You’ll join our 2-hour long live classes on a special interactive platform – happening twice a week at 7PM CET (10AM PST / 1PM EST).

Action packed

You’ll go through 12 modules in 6 weeks. We’re not fluffing around, you’ve been warned.

Once a Year Only

We organise this course only once a year, in its last quarter. Every next edition is updated with new tools and challenges.

Interactive classroom

After every class you’ll be able to ask questions.

Extra materials

We’ve prepared for you slides, extra materials and homework for each session.

12-month Access

You’ll get a full year of online access to all the recordings (counted from the first class).

The Training Lab

During the course you’ll have access to a special training platform where you can safely test your hacks.

Social & Network

You’ll become a member of a closed Facebook group, where you can not only share your challenges and geeky jokes… but also network.

CQURE Certificate - "Windows Security Master 2018"

You’ll receive an official CQURE certificate “Windows Security Master 2018″ after passing the final exam. Yes, there will be a final exam.

Course Syllabus

Module 1

Windows 10 / Windows Server 2016 – Platform Security & Internals

~ December 7, 2017 (7PM CET / 10AM PST / 1PM EST) ~

This warm-up module will prepare you for the training. It contains powerful insights on auditing your environment and understanding security mechanisms used by Windows.

  • Detecting unnecessary services
  • Misusing service accounts
  • Services architecture
  • Implementing rights, permissions and privileges
  • Integrity levels
  • Usage of privileged accounts
  • Browser security
  • Registry internals
  • Monitoring registry activity
  • Boot configuration
  • Access tokens
  • Information gathering tools

Module 2

Attacks On Credentials & Prevention Solutions

~ December 12, 2017 (7PM CET / 10AM PST / 1PM EST) ~

This module involves usage of the custom tools built by the CQURE Team. Some of our innovative tools were the first on the market… so you are learning from the best. 😉

  • Extracting hashes from SAM and NTDS.dit databases
  • Meaning of SYSTEM and SECURITY registry hives
  • Kerberos and NTLMv2 issues
  • Performing the Pass-The-Hash attack
  • Performing the Pass-The-Ticket attack
  • Cached logons (credentials)
  • Data Protection API (DPAPI) case for cached logons
  • CredentialGuard (Virtual Secure Mode)
  • Performing the LSA Secrets dump and implementing prevention
  • Implementing account scoping
  • Good practices for implementing Local Admin Password Solution
  • Authentication Mechanism Assurance
  • Using virtual smart cards

Module 3

PowerShell as a hacking tool

~ December 14, 2017 (7PM CET / 10AM PST / 1PM EST) ~

PowerShell is a really powerful tool used on daily basis by millions of administrators but it can also be very dangerous and successfully used by malicious users to evade software restrictions or to perform escalation of privileges. In this module, we will focus on security features offered by Powershell but also we will consider if we should allow for Powershell and when it can be used by hackers.

  • Understanding potential and threat of PowerShell
  • Bypassing script execution policy
  • Working with deep script logging
  • PowerShell transcript
  • Just Enough Administration and remote management with PowerShell
  • Code Signing with PowerShell

Module 4

Microsoft SQL Server Security

~ December 19, 2017 (7PM CET / 10AM PST / 1PM EST) ~

Database servers are usually one of the most important servers in the infrastructure it’s all because they are containing precious corporate data and are used as a backend for most of the LOB applications. This module will give you a solid background on how to protect Microsoft SQL Server as a service running on Windows operating system.

  • Stilling credentials and hashes with MITM attack.
  • Protecting SQL Server authentication and network communication.
  • Protecting SQL Server data and backups at rest.
  • Cryptography in SQL Server environment
  • End to end encryption of data with Always Encrypted SQL Server

Module 5

Raising the bar for malware

~ January 9, 2018 (7PM CET / 10AM PST / 1PM EST) ~

It is crucial to understand different ways of how malware executes. Commonly seen formats are: EXE, DLL, PIF, SCR, CPL, BAT, COM, CMD, PS1, PS2, VBS, VBE, JS, JSE, CHM, and LNK. Each of the formats requires a specific way of managing them. This module covers different approaches for blocking specific types of files, it also covers custom malware preparation.

  • Preparing Application Inventory
  • Implementing AppLocker / discussing other code execution prevention solutions
  • Understanding Non-exe executable files
  • Understanding Ransomware techniques
  • Malware customization

Module 6

Office 365 Security

~ January 11, 2018 (7PM CET / 10AM PST / 1PM EST) ~

When you move your company to the cloud, you must fully understand how to configure numerous security features to get most of Office 365 offering. To ensure the security and confidentiality of your data.

  • Office 365 Privacy
  • Identity models (cloud, synchronized, federated)
  • Multi-Factor Authentication
  • Controlling how your users access the data
  • Level up your security with Exchange Online Protection
  • Your fight against advanced threats with the help of ATP
  • Data loss prevention

Module 7

Improving security with Azure

~ January 16, 2018 (7PM CET / 10AM PST / 1PM EST) ~

We still cannot believe that cloud technologies can really help us in securing the on-premise environment. But the answer is only one here: give it a try. Deploying new solution takes minutes instead of months and may be disabled any time if you do not like it. So let’s review some of them to see what benefit they can bring to you.

  • Office 365 security technologies
  • Microsoft Azure-based technologies
  • Azure Backup
  • Operations Management Suite
  • Windows Defender ATP

Module 8

Virtualization-based security

~ January 18, 2018 (7PM CET / 10AM PST / 1PM EST) ~

Virtual machines made it easier to deploy, manage, service and automate the infrastructure. The benefits are many; however, virtualization also requires us to think differently about the security of our virtualized infrastructure and applications.

  • Workload administrator and Fabric Administrator
  • Potential security holes in standard Hyper-V deployment
  • Prepare your environment for shielded VM deployment
  • Host Guardian Service
  • Template for shielded VMs
  • Shielding data file
  • Shielded VM creating
  • Testing shielded VM enhanced security

Module 9

Machine learning for security

~ January 23, 2018 (7PM CET / 10AM PST / 1PM EST) ~

The defensive game is complex, never-ending and we are usually one step behind hacker; that’s why it is so important to become familiar with machine learning and its potential in the fight against hackers and other security threats. In next couples of years, there will be a vast improvement in state-of-the-art machine learning algorithms and tools for cybersecurity.
In this module, you will get the general knowledge about machine learning, what is it and how it can help us. You will also see how currently it’s used in cybersecurity.

  • Overview and concepts of AI and machine learning
  • Machine learning and reputation based anti-malware solutions
  • Understanding Microsoft Advanced Threat Analytics
  • Anomaly detection algorithms for Intrusion Detection Systems (IDS)
  • Machine learning in centralized logging solutions

Module 10

Windows 2016 security and infrastructure improvements

~ January 25, 2018 (7PM CET / 10AM PST / 1PM EST) ~

We will trust you if you tell us you got rid of Windows 2003. But what about 9 years old (yes!) Windows 2008? Maybe it is a high time to move to the newest Microsoft Server Operating System? Before taking this brave (but reasonable) step, please come to our session and see what the Windows Server 2016 can offer you.

  • Virtualization, Shielded VMs and Containers
  • Identity and Access Improvements
  • PowerShell
  • Networking enhancements
  • Device Guard and Credential Guard technologies
  • IIS 10 and application platform

Module 11

Practical Public Key Infrastructure

~ January 30, 2018 (7PM CET / 10AM PST / 1PM EST) ~

Cryptography, including encryption and signatures, are basics for modern security. It’s implemented in session security, authentication protocols and processes, and data at rest. It’s then essential to know what to use when, when we are about to secure the data. Let’s explore a common approach to typical administrative problems.

  • Session security
  • Message Security
  • Data at rest Security

Module 12

Advanced Monitoring and Auditing

~ February 1, 2018 (7PM CET / 10AM PST / 1PM EST) ~

It is a well-known fact that the proper reaction to incidents is the key to keep your environment secure. But wait – how can you properly react if you do not properly monitor events within your infrastructure? It is high time to design it in the right way. Starting from your workstations, through mobile devices, servers, network appliances up to the cloud level. During the module, we will show you how to plan your monitoring and how to implement it in a way giving you all the information you need.

  • Workstation monitoring
  • Server monitoring
  • Non-PC devices monitoring
  • Data access monitoring and auditing
  • Processing and analyzing of the collected data
  • Cloud-based technologies

Module 13

Encryption in Windows (surprise)

~ February 6, 2018 (7PM CET / 10AM PST / 1PM EST) ~

Windows uses a certain set of algorithms for various functionalities. It is important to know where and what algorithms are used and where are the keys stored. Most of them are leveraged by a data protection application-programming interface (API). Because data protection is part of the operating system, every application can now secure data without needing any specific cryptographic code other than the necessary function calls to DPAPI. Overall, DPAPI is a service that allows to provide protection for sensitive application data, such as passwords and private keys.

  • Practical use of DPAPI SYSTEM Classic
  • Practical use of DPAPI USER Classic
  • Practical use of DPAPI-NG
  • Extraction of system secrets
  • Extraction of user secrets


Notify me about the next opening

Click here to browse the modules:

PLEASE NOTE: There will be an online final exam covering all 12 modules. To receive an official CQURE certificate “Windows Security Master 2018” you have to get at least 70% of the answers right. We highly recommend that you don’t leave the revision until the last minute. 😉

Your teachers

Paula Januszkiewicz

Founder and CEO of CQURE

Paula is a Microsoft Security Trusted Advisor, IT Security Auditor and Penetration Tester. On top of that, she’s an Enterprise Security MVP and trainer (MCT). She shares her expertise on Windows Security through online writing and speaking at conferences (she already checked off TechEd North America, TechEd Europe, TechEd Middle East, RSA, TechDays, CyberCrime — to name but a few). She proudly holds the role of the Security Architect in IDesign and manages her own company CQURE.

Kamil Bączyk

Senior Infrastructure & Security Expert

Kamil deeply believes that combining work and hobby is the key to success. In CQURE he has his heart and soul in the Microsoft infrastructure, cloud and security solutions. Kamil’s experience allows him to perform architecture consulting, penetration tests and authored trainings and seminars.

Chris Pietrzak

Infrastructure Architect & Security Expert

Chris is a true geek that follows the maxim: everything is possible it is just a matter of time! As for day-to-day work at CQURE he designs and implements solutions for Security, Network & Management area, mainly for various platforms, he is an architect for various network solutions from HP and CISCO, and edge solutions from CheckPoint, Fortinet and SonicWall.

Michał Jankowski-Lorek

Cloud Solutions & Machine Learning Expert

Michael designs and implements solutions for Databases, Network & Management area, mainly for Microsoft platform. As for day-to-day work, he works as Solution Architect, designing and planning database related solutions and software, mainly based on Microsoft and Oracle servers. He also designs and administers IT Infrastructure based on Microsoft systems and network solution from CISCO.

Greg Tworek

Director of CQURE

Greg has been working with Windows Security since the very beginning of his professional career. He started as a system administrator, then moved to a consultant role, IT manager and chief information security officer (CISO). Now he is mainly responsible for consulting services delivered worldwide by CQURE.

Who Is It For

Intermediate to Advanced
Windows Security Professionals

This program is for you, if you want to level up and become key expert in your company (or even in your field). We promise to challenge your ways of thinking and executing.

Ethical Hackers
(who are familiar with…)

Attendee needs to have general fluency in Windows environment (including security skills, penetration testing etc.) Active Directory related knowledge is required. Take the quiz to see where are you at.

Brave Newbies

If you are a newbie you can still apply, but the program WILL NOT cover the basics — so it might be really challenging for you to get in or to keep up with the group.

If you’re not sure where are you at, you can quickly

test yourself by taking Paula’s Security Quiz >>>

(If you score 13 points and above — this training is for you)

What CQURE Academy Students say

All of their classes are based on their real world experience with the products, not just the typical Official Curriculum style classes that teach you things for an exam, but that you will never use. You’ll find that all of the material you’ll learn in the class will be used, at some point, in your security career.

Jack Perry

Security Principal Consultant | Presidio

Totally professional, total great stuff, in-depth knowledge and a perfect Learning Atmosphere! I like it! Thanks so much for sharing your experience and knowledge!

Martin Weber

CTO | IT.innovation.4U GmbH

Let me start by saying Paula is amazing!! The passion for the topic really shows. As an engineer with 16 years of experience, I am impressed. Thank you for the education, and entertainment.

Dave Kordyban

Network Engineer | Garrett County Government

Once Again, What Are You Getting

  • You’ll participate in a live, online certification program, divided into 12 modules spread over 6 weeks.
  • Live, online sessions happening twice a week, 2 hours each (at 7PM CET / 10AM PST / 1PM EST).
  • The syllabus covers 12 modules: Attacking & Securing Windows Network, Handling Ransomware, Forensics Techniques, Incident Response… and much more.
  • The program has an interactive, hands-on formula — and after every class you’ll be able to ask questions.
  • During the 6 week program you’ll also get free access to the CQURE Training Lab and closed Facebook group where you can share your challenges and upgrade your network.
  • You’ll receive an official CQURE certificate “Windows Security Master 2018” if you pass the final exam.
  • All the video recordings and extra materials are yours to keep for 12 months from the start of the program.

Notify me about the next opening

Course registration is now closed.

We’ll be taking on board 150 students only. Admission is selective. We prioritize: your skills and professional achievements, but also your attitude and how you can contribute to the group — so that we all can learn from each other. Good luck!

Frequently Asked Questions