The All-New Advanced Windows Security Course

By Paula Januszkiewicz, CQURE Academy & Sami Laiho (!)

Stand out from the crowd with this strictly limited 6-week online certified course for intermediate and advanced professionals.

Admissions are now closed



Be One of the Elite in 2019

Are you committed to levelling up in Windows Security? Good, so are we.

What excites us the most is turning professionals into key experts. We like to think that our experience is YOUR shortcut.

You see, according to the industry’s statistics, by 2019 the market will be short of over 1 million (!) security experts with skills needed to effectively protect the system.

We want to change it. That’s why we created a certification program “Advanced Windows Security Course 2019”.

Everything you need to know to prepare against the threats heading our way in 2019 has been trimmed down into 12 intensive modules which are taught over a six-week period by Paula and by special guest instructor world-renowned Windows OS expert Sami Laiho.

This course happens ONLY once a year, is never the same and is limited to 200 students who have to apply to take part.


How is this training different from others?

Only once a year

You’ll only learn things that will be crucial and most relevant in the following year. We run the training only once a year, never with the same content.

Only advanced stuff

You’ll skip the fluff and go straight to the advanced stuff. The pace is quite intense, so expect a smoke coming out of your ears.

Only NEW tools and techniques

The training is pretty hands-on, because it has been designed by passionate practitioners and obsessive researchers from CQURE Team.

Only cool presenters!

We’ll bring a bunch of experts on board, but it’s Paula Januszkiewicz along with Sami Laiho who will be your main teachers and the hosts of the program.

Course Formula

LIVE Trainings

You’ll join our 2-hour long live classes on a special interactive platform – happening twice a week at 7PM CET (10AM PST / 1PM EST).

Action packed

You’ll go through 12 modules in 6 weeks. We’re not fluffing around, you’ve been warned.

Once a Year Only

We organise this course only once a year, in its last quarter. Every next edition is updated with new tools and challenges.

Interactive classroom

After every class you’ll be able to ask questions.

Extra materials

We’ve prepared for you slides, extra materials and homework for each session.

12-month Access

You’ll get a full year of online access to all the recordings (counted from the first class).

The Training Lab

During the course you’ll have access to a special training platform where you can safely test your hacks.

Social & Network

You’ll become a member of a closed Facebook group, where you can not only share your challenges and geeky jokes… but also network.

CQURE Certificate - "Windows Security Master 2019"

You’ll receive an official CQURE certificate “Windows Security Master 2019″ after passing the final exam. Yes, there will be a final exam.

Course Syllabus

Module 1

Infrastructure Pentesting – Hackers Perspective or Notes From the Field

~ November 29, 2018 (7PM CET / 10AM PST / 1PM EST) ~

In this module, we will show you how the real attacks on IT infrastructure are performed nowadays. We will explain which tools and methods are used by the attackers and how social engineering is used to make employees perform activities that are dangerous to the company’s IT infrastructure. The training is based on real-world scenarios.

  • Information gathering / OSINT
  • Penetration testing tools and methodology
  • Social engineering tools, methods and its effectiveness

Module 2

Windows Authentication Internals – Level Hard

~ December 4, 2018 (7PM CET / 10AM PST / 1PM EST) ~

Windows authentication is complex solution allowing us to use multiple methods and protocols to prove who we are. You probably know Kerberos or NTLM but have you ever wondered how those and other protocols really work? What makes it strong and what are the weaknesses? Join us in an adventure to see internals of Windows authentication mechanism to fully understand what everyone is taking for granted. This module will be really hard so brace yourself!

  • NTLM protocol
  • Kerberos protocol
  • SSPI
  • Local Security Authority
  • Credentials Processes in Windows Authentication
  • Credential Providers

Module 3

Advanced Attacks Against Active Directory

~ December 6, 2018 (7PM CET / 10AM PST / 1PM EST) ~

Active Directory (AD) is used by most of businesses around the world for identity management therefore it is a main target for attackers and when successfully exploited gives keys to the kingdom. An attacker with access to AD may reconfigure GPO, create hidden backdoors or access sensitive systems. Common attacks include: Pass the Hash or Pass the Ticket but how about others more sophisticated ways of compromising AD. In this module we will show advanced attacks against Active Directory and how to detect and mitigate those threats.

  • Privilege abuse and misconfigurations in AD 
  • Advanced attacks against PAM and Identity solutions 
  • Kerberoasting 
  • Golden and silver ticket attacks

Module 4

Windows 10 Secure Kernel model

~ December 11, 2018 (7PM CET / 10AM PST / 1PM EST) ~

Learn how Virtual Secure Mode, Isolated User Mode and Secure Kernel work in Windows 10 and how they protect against threats like Pass-The-Hash.

Module 5

Malicious Software Execution Prevention – Ransomware on the rise

~ December 13, 2018 (7PM CET / 10AM PST / 1PM EST) ~

Ransomware attacks are constantly on the rise adapting and bypassing modern antivirus solutions. In this module we will analyze how modern ransomware operates. Then we will explore Windows internal technologies that you can use to protect your organization against this attack: AppLocker, Device Guard, Windows Defender Exploit Guard. Buckle up this is demo intense and hardcore session to show you how to stop malware in your organization.

  • AppLocker
  • Device Guard
  • Code Integrity Signed Policy
  • Secure boot
  • Virtualization-based security

Module 6

BlackBelt – Becoming a Process Explorer and Process Monitor Ninja!

~ December 18, 2018 (7PM CET / 10AM PST / 1PM EST) ~

Process Explorer – Everyone who interacts with the Windows operating system needs to know the most downloaded tool of the Sysinternals toolkit called Process Explorer. It is a tool that can help you analyze and troubleshoot almost any error or bad behavior in the operating system.

Learning to use this tool will help you to catch bad behaving applications and drivers, not to forget catching hiding malware that the anti-malware doesn’t find. You do understand that Task Manager can never know what’s wrong with Windows? It is conceptually impossible – Not a joke! Process Monitor – There is an age old saying in Windows: “If something breaks in Windows, run Process Monitor”.

This is absolutely true, and Process Monitor is one of the best tools to use in troubleshooting. In this course, Troubleshooting Processes and Registry with Sysinternals Process Monitor, you’ll learn how to utilize Process Monitor for troubleshooting. First, you’ll explore how to find settings in the Registry and learn how to resolve bottlenecks in performance. Next, you’ll cover how to fix broken applications.

Finally, you’ll learn how to analyze slow boot sequences. By the end this course, you’ll know how to effectively use one of the most important troubleshooting tools available.

Module 7

Web Penetration Testing – Lessons from the Field

~ January 8, 2019 (7PM CET / 10AM PST / 1PM EST) ~

We will go over some of the most interesting web attacks and present how multiple misconfigurations can result in full website compromise. We will be talking about:

  • Modern security headers
  • Cross Site Scripting
  • Server Side Request Forgery
  • XML External Entity
  • Server and client side security

Module 8

Office 365 Advanced Security for GDPR

~ January 10, 2019 (7PM CET / 10AM PST / 1PM EST) ~

GDPR is a new regulation in EU law on data protection and privacy that affects organizations all over the word. Huge fines for non-compliance or violation pushes companies to adopt to new standards. Join us and explore advanced security features which Office 365 offers. Understand how you can get even more out of your existing subscription in this demo intense module. Everything with an importance of GDPR in the background. In this module we will focus on:

  • Office 365 advanced security
  • Office 365 data protection
  • GDPR requirements overview
  • Office 365 features for GDPR

Module 9

ESAE: Hardening Privilege Access Workstations

~ January 15, 2019 (7PM CET / 10AM PST / 1PM EST) ~

Isolation of administrative systems is a fundamental principle of Enhanced Security Administrative Environment (ESAE) architecture. The first and core step to create this separation comes through implementation of Privileged Access Workstations (PAWs). There are many myths about this non trivial concept. Join and learn how to properly separate contexts and prevent user-targeted attacks, how to secure privileged accounts and mitigate privilege identity theft with hardened PAW configuration.

  • Enhanced Security Administrative Environment
  • Privileged Access Workstations
  • Workstation hardening
  • Privilege identity protection

Module 10

Enhanced Security Administrative Environment: Red Forest with Windows Server 2019

~ January 17, 2019 (7PM CET / 10AM PST / 1PM EST) ~

With “ESAE: Red Forest” Microsoft has responded to the repeated success of attackers pursuing horizontal kill chains via pass-the-hash and related attacks. Work with us to understand how to securely implement this difficult reference architecture and other best practices that seek to isolate privileged credentials. Even single mistake during implementation phase may ruin the whole effort making your enterprise vulnerable. In this module we will show how to build most secure environment and what are common pitfalls you need watch out for. 

  • Enhanced Security Administrative Environment
  • Red Forest / Bastion Forest
  • Privileged access management
  • MIM
  • Advanced Active Directory configuration

Module 11

Advanced Monitoring and Auditing of Windows 2019 Infrastructure

~ January 22, 2019 (7PM CET / 10AM PST / 1PM EST) ~

It is a well-known fact that the proper reaction for incidents is the key to keeping your environment secure. But wait – how can you properly react if you do not properly monitor events within your infrastructure? It is high time to design it in the right way. Starting from your workstations, through mobile devices, servers, network appliances up to the cloud level. During the module we will show you how to plan your monitoring on enterprise level and how to implement it in a way giving you all the information you need.

  • SIEM solutions
  • Advanced AD monitoring
  • Threat detection with event correlation
  • Proactive monitoring
  • Holistic approach to enterprise systems monitoring

Module 12

What’s New in WS 19

~ January 24, 2019 (7PM CET / 10AM PST / 1PM EST) ~

Windows Server 2019 brings in a lot of new awesome features which increase productivity and security of your infrastructure. Windows 2019 has built-in sensors for WD ATP, which leverages cloud and machine learning for threat intelligence which greatly increase security and visibility of threats on your network. It also includes System Insights, which is a new feature that brings local predictive analytics capabilities natively to Windows Server 2019.

These predictive capabilities – each based on a machine-learning model – analyze Windows Server system data, such as performance counters and events, providing insight into the state of your environment and helping you reduce the operational expenses associated with monitoring your Windows Server instances. System Insights introduces a set of capabilities focused on capacity forecasting, predicting future usage for computing, networking, and storage which brings your enterprise scale management to totally new level.


Click here to browse the modules:

PLEASE NOTE: There will be an online final exam covering all 12 modules. To receive an official CQURE certificate “Windows Security Master 2019” you have to get at least 70% of the answers right. We highly recommend that you don’t leave the revision until the last minute. 😉

Your teachers

Paula Januszkiewicz

Founder and CEO of CQURE

Paula is a Microsoft Security Trusted Advisor, IT Security Auditor and Penetration Tester. On top of that, she’s an Enterprise Security MVP and trainer (MCT). She shares her expertise on Windows Security through online writing and speaking at conferences (she already checked off TechEd North America, TechEd Europe, TechEd Middle East, RSA, TechDays, CyberCrime — to name but a few). She proudly holds the role of the Security Architect in IDesign and manages her own company CQURE.

Sami Laiho

Guest Speaker | Windows OS Expert

Sami Laiho is one of the world’s leading professionals in the Windows OS. Sami has been working with and teaching OS troubleshooting, management and security for more than 15 years. Sami’s session was evaluated as the best session in TechEd North America 2014, TechEd Europe 2014 and TechEd Australia 2013. Sami’s session at Ignite 2015 was evaluated as #2 out of 1000+ sessions and all of his four sessions were in the top 15 sessions on the Windows track.

Michał Jankowski-Lorek

Cloud Solutions & Machine Learning Expert

Michael designs and implements solutions for Databases, Network & Management area, mainly for Microsoft platform. As for day-to-day work, he works as Solution Architect, designing and planning database related solutions and software, mainly based on Microsoft and Oracle servers. He also designs and administers IT Infrastructure based on Microsoft systems and network solution from CISCO.

Krystian Zieja

Systems Architect and Solutions Expert

Krystian is a professional Infrastructure and Database Consultant with over 15 years of extensive experience in designing IT solutions. His practice spans from teaching Oracle Courses in OAI at University, to providing services for big public and consulting companies serving Clients from four continents.

Michael Grafnetter

Identity, Cloud & Security Architect

Michael is an expert on Windows Security and PowerShell and holds a master’s degree in Software Engineering. He is the author of the open-source Directory Services Internals (DSInternals) PowerShell module and Thycotic Weak Password Finder, tools used by security auditors and penetration testers worldwide.

Artur Wojtkowski

Cybersecurity Specialist

CQURE’s Specialist with over 10 years of experience gained in many industries, mainly in telecommunication, banking and insurance sector. He has excellent skills in the area of infrastructure, web and mobile application penetration testing.

Who Is It For

Intermediate to Advanced
Windows Security Professionals

This program is for you, if you want to level up and become key expert in your company (or even in your field). We promise to challenge your ways of thinking and executing.

Ethical Hackers
(who are familiar with…)

Attendee needs to have general fluency in Windows environment (including security skills, penetration testing etc.) Active Directory related knowledge is required. Take the quiz to see where are you at.

Brave Newbies

If you are a newbie you can still apply, but the program WILL NOT cover the basics — so it might be really challenging for you to get in or to keep up with the group.

If you’re not sure where are you at, you can quickly test yourself by taking Paula’s Security Quiz >>> (If you score 13 points and above — this training is for you)

What CQURE Academy Students say

Milan Racko

IT Security Specialist

AWSC18 helped me to better understand what are the security risks, how to identify them and how to protect against them primary in Microsoft on premise and cloud environments. I earned valuable knowledge and also it helped me to develop our security department in my team. I am looking forward for another courses from CQURE Academy.

Jack Perry

Security Principal Consultant | Presidio

All of their classes are based on their real world experience with the products, not just the typical Official Curriculum style classes that teach you things for an exam, but that you will never use. You’ll find that all of the material you’ll learn in the class will be used, at some point, in your security career.

Martin Weber

CTO | IT.innovation.4U GmbH

Totally professional, total great stuff, in-depth knowledge and a perfect Learning Atmosphere! I like it! Thanks so much for sharing your experience and knowledge!

Marek Chmel

SQL Server DBA | AT&T

All of their classes are based on their real world experience with the products, not just the typical Official Curriculum style classes that teach you things for an exam, but that you will never use. You’ll find that all of the material you’ll learn in the on-premise will be used, at some point, in your security career.

Paweł Partyka

Azure Security Infrastructure Consultant | Microsoft

During AWSC course I have learned about various attack techniques against credentials, secrets and Windows OS. I also obtained knowledge on mitigation possibilities. The course help me to have more confidence in my cyber security skills and have more meaningful discussion about the threats with my customers.

Doru-Catalin Togea

Information Security Advisor | Norwegian Police

As it also happened before, Paula Januszkiewicz knows how to blow your mind. As great athletes make their discipline look easy when you watch them perform, so Paula makes Windows purr like a little kitten. Even though I am fully aware of how much I still don’t know, after a course such as this Windows is not mysterious anymore. This is a great feeling.

Kamil Więcek

IT Expert | ING Bank Śląski

I’ve recently attended a training held by CQURE. It was PACKED with knowledge and tools. Of course another course not everything was discussed in details (lack of time)on-premise but CQURE team delivered a great value within just a few hours. I was a student not so long ago and I wish that our universities were teaching as efficiently as CQURE does.

Styrk Finne

Senior Professional System Engineer | CSC Norway

We have learned a lot about IIS, hacking and much much more. Our motivation has increased during this course and of course great interest in your work Paula. Impressed with your enthusiastic energic way of presenting.

Once Again, What Are You Getting

  • You’ll participate in a live, online certification program, divided into 12 modules spread over 6 weeks.
  • Live, online sessions happening twice a week, 2 hours each (at 7PM CET / 10AM PST / 1PM EST).
  • The syllabus covers 12 modules: Attacking & Securing Windows Network, Handling Ransomware, Forensics Techniques, Incident Response… and much more.
  • The program has an interactive, hands-on formula — and after every class, you’ll be able to ask questions.
  • During the 6 week program you’ll also get free access to the CQURE Training Lab and closed Facebook group where you can share your challenges and upgrade your network.
  • You’ll receive an official CQURE certificate “Windows Security Master 2019” if you pass the final exam.
  • All the video recordings and extra materials are yours to keep for 12 months from the start of the program.


We’ll be taking on board 200 students only. Admission is selective. We prioritize: your skills and professional achievements, but also your attitude and how you can contribute to the group — so that we all can learn from each other. Good luck!

Frequently Asked Questions