Only Once a Year
You’ll only learn things that will be crucial and most relevant in the following 2022. We run the training only once a year, always with the newest content. .
The Advanced Windows Security Course – 2022 Edition
By Paula Januszkiewicz · Sami Laiho · CQURE Academy Experts
Are You Ready to Outperform in 2022?
Upgrade your cybersecurity skills with The Advanced Windows Security Course – our flagship certified online course designed by industry experts for ambitious cybersecurity geeks who want to perform at the highest level in the upcoming year!
Notify Me about 2023 EditionPrice $2799
Find yourself in the elite in 2022
Outperform your expectations and get noticed by employers in 2022 with this certified online course by CQURE.
Designed by award-winning experts who work at the cutting edge of the security industry, our signature six-week course for intermediate and advanced professionals has practicality at its core.
Over 12 intense modules, you’ll acquire the key skills, tools and techniques to stand up to threats and secure your Windows operating system in 2022, however, and wherever you are working.
Be Ready
Cyber-crime, predicted to cost $6 trillion annually next year, could soon be the world’s third-largest economy. Staying secure means taking proactive action to protect your digital estate.
This course will train you to think like a bad actor so you can identify and resolve vulnerabilities in your system before they are exploited.
We take a deep dive into the most dangerous threats and clue you in on the configuration mistakes that could result in data or financial loss.
Be CQURE Certified
As more people make the switch to a cybersecurity career in 2022, make sure your skills set you apart.
Earning a 2022 Windows Security Master certificate is more than a personal achievement; it lets the world know that you are serious about levelling up your skills and advancing your career.
This course happens ONLY once a year, is never the same and is limited to 200 students who have to apply to take part.
–
How is this course different from others?
Only Advanced Stuff
You’ll skip the fluff and go straight to the advanced stuff. The pace is quite intense, so expect a smoke coming out of your ears.
Only NEW Tools and Techniques
The training is pretty hands-on, because it has been designed by passionate practitioners and obsessive researchers from CQURE Team.
Only Cool Presenters!
We’ll bring a bunch of experts on board with Paula Januszkiewicz and Sami Laiho among teachers and the hosts of the program.
Course Formula
LIVE Trainings
You’ll join our 2-hour long live classes on a special interactive platform – happening twice a week at 7PM CET (10AM PST / 1PM EST).
Action packed
You’ll go through 12 modules in 6 weeks. We’re not fluffing around, you’ve been warned.
Once a Year Only
We organise this course only once a year. Every next edition is updated with new tools and challenges.
Interactive classroom
After every class you’ll be able to ask questions.
Extra materials
We’ve prepared for you slides, extra materials and homework for each session.
12-month Access
You’ll get a full year of online access to all the recordings (counted from the first class).
The Training Lab
During the course you’ll have access to a special training platform where you can safely test your hacks.
Social & Network
You’ll become a member of a closed Facebook group, where you can not only share your challenges and geeky jokes… but also network.
CQURE Certificate - "Windows Security Master 2022"
You’ll receive an official CQURE certificate “Windows Security Master 2022″ after passing the final exam. Yes, there will be a final exam. And 24hrs counting towards your CPE’s.
Course Syllabus
Module 1
Applying the Lesson Learned: The Ultimate Guide to Incident Response and Forensics for 2022
~ January 18, 2022 ~
Forensics and Incident Handling are constantly evolving, as well as crucial topics in the area of cybersecurity. In order to stay on top of the attackers, the knowledge of Individuals and Teams responsible for collecting digital evidence and handling the incidents has to be constantly enhanced and updated. This Module covers multiple skills necessary to find, collect and preserve data in a correct manner, analyze it and get to know as much about the incident as possible.
During this AWSC session, the students will be guided through a general approach to forensics and incident handling and network forensics, important aspects of Windows internals, memory and storage analysis and detecting indicators of compromise. Paula will also cover advanced subjects such as malware analysis – including guiding the students through a live analysis of the infamous Coinvault ransomware.”
Module 2
Active Directory Persistence Techniques
~ January 20, 2022 ~
During this Module, Michael Grafnetter, Microsoft MVP and Black Hat Briefings Speaker,
will show several attack vectors that might lead to privilege escalation and/or persistence.
He will present his most important discovery called NGC Key Injection (AKA Shadow Credentials) which is a new type of persistent Active Directory backdoor.
He will also go through Hidden Accounts, DCSync, DCShadow, SSH Key Injection, RID Hijacking, Golden Ticket Attack, Golden SAML, Skeleton Key, and more!
During this module, you will learn not only how these identity-related attacks work but also how to mitigate these risks in your organization. Once hackers manage to compromise Active Directory, they typically want to maintain administrative access even after passwords of privileged accounts get changed.
In this session, we will be discussing various techniques of achieving and detecting such persistence in Active Directory, including Shadow Credentials, Hidden Accounts, UnPAC-the-Hash, NTAuth Abuse, Golden Ticket, SID History Injection, or ACL Backdoors like DCSync and Server (Un)Trust Accounts.
Module 3
Hacker’s Perspective on Cloud Security and its Mistakes: Can Cloud Manage Security Better?
~ January 25, 2022 ~
In the past, one of the reasons for not using the public cloud was security concerns. Today, a properly managed cloud environment is just as secure as any other type of well-maintained environment. Yet we need to remember that no security operation is perfect. Even the best-managed cloud environment is at risk of security failures—especially if security is undermined at the tenant level by cloud tenants who fail to properly secure the cloud resources that they are using. As organizations migrate to cloud services, decision-makers have to prioritize a new security strategy according to the cloud assets. This means that identity and privileged access management have become the new security key objects of interest along with a strong zero trust mindset that continuously verifies authentication and authorization requests.
During this Module, we take a look at the improper configurations that could compromise the cloud and discuss the security solutions and features to mitigate the existing risk. The goal is not to embarrass the cloud but to highlight easy-to-make errors that can have very big security repercussions. A very practical look at various cloud services is guaranteed!
Module 4
Public Key Infrastructure Under Revision: The Perspective for 2022
~ January 27, 2022 ~
Public Key Infrastructure (PKI) is a vital part of a modern organizations’ security. Since its boom, internal PKI systems has not changed a lot, but as well the problems that we observe during almost all pentests In general, the set of use cases, challenges, standards related to PKI has changed over the years. . It’s time to revise your knowledge about one of the cornerstones of enterprise security and learn few tricks that attackers are using to spoof any identity. What are common pitfalls and mistakes that can lead to a full breach of trust and your systems? Where are hidden certificates in Windows infrastructure and who and how can use them? How do Azure Information Protection, Windows Hello for Business and other modern technologies rely on Certificates and their security?
Brace yourself, this Module will be demo intense! Mike will show you hackers’ points of interest based on real-life scenarios and elaborate the pitfalls!
Module 5
Implementing Principle of Least Privilege
~ February 1, 2022 ~
In the new world of Zero Trust most companies are now aiming to get rid of local administrative rights for their end-users. Sami Laiho has specialized in this field since 2002 and is the world-leading specialist in his field.
Even the NT 3.1 User Guide states, that in Windows, there is no security if you give people local admin rights. Local admin rights give you the ability to bypass all company Group Policy / MDM -settings, take any logged on users’ identity, read/delete any files on the computer even with Deny ACLs, and probably the worst – the ability to breach the rest of the company systems.
Taking away end-user admin rights can lower the number of Helpdesk tickets by 75%! Most people say that: “if I don’t have admin rights I can’t fix my computer” – No, in reality, it’s: “if you don’t have admin rights you can’t break your computer!”.
Most people think this hinders usability and is not possible for certain old apps, laptop users, or devs.
Sami has successfully taken away admin rights from all of these, in companies ranking from a single-person to a company with more than half a million users.
Module 6
Implementing Privileged Access Workstations
~ February 3, 2022 ~
Learn how you build a secure way of managing enterprise services. Since the year 2000, you were not supposed to logon to servers with RDP, but most people still do. This is not the way to manage Windows! This session offers you three different ways/levels of managing servers from what’s known as a “Privileged Access Workstation.” Believe Jeffrey Snover when he says you should not treat your servers like pets, treat them like cattle. Don’t pet your servers one by one with RDP but with RSAT, WAC and PowerShell. In a modern well-managed environment with all the threats like Pass The Hash, Pass The Ticket etc. you have to limit the attack surface by reducing the number of endpoints that can take down the enterprise. If you can connect to a server or a jump server with RDP from a secretaries computer, you’re doing it wrong.
Module 7
File upload in .NET application
~ February 8, 2022 ~
“As organizations move to remote and distanced workspaces, it becomes increasingly critical to ensure the security of file uploads, since leaving file uploads unrestricted creates an attack vector for malicious files. While file upload is useful in many situations, the security implications of hosting a file-upload facility are significant.
During this Module, we will play with C# to implement an application that allows users to upload different files. We will pretend to be an attacker or someone curious enough to test the function and check the vectors for possible malicious actions.
Attendees will become familiar with the tools and techniques that can be utilized to stay safe. After this Module, it will be easier to protect our applications from compromise!”
Module 8
IIS under attack – file upload
~ February 10, 2022 ~
So, they have done it – a vulnerability has been discovered in Microsoft IIS and finally exploited! It could allow an attacker to upload arbitrary and malicious files to an affected system. Time is of the essence here – so act fast.
We will investigate what has happened and what is wrong with (no longer) our server. Finally, a little clean-up and hardening will take place.
After this Module, you will become more familiar with detecting and responding to a security incident. We will try to harden our server to prevent this from happening ever again.
Module 9
Deploying Smart Card Authentication in Windows
~ February 15, 2022 ~
In this session, our Expert, Michael Grafnetter will dive deep into the smart card logon capability of Windows, a feature that had been available in Active Directory years before Passwordless became cool.
He will specifically look at different ways of protecting certificate private keys using TPM chips, which have become a standard in Windows PCs, eliminating the inherent hardware costs of deploying certificate-based authentication.
Michael will also be covering the configuration of smart card-based authentication for Active Directory Federation Services (ADFS), Internet Information Services (IIS), and RADIUS (VPN and Wi-Fi).
Last but not least, we will be discussing some configuration mistakes that could have a negative impact on Active Directory security.
Module 10
Reverse Engineering malware to hunt for zero-days
~ February 17, 2022 ~
There are many things we can discover by using dynamic analysis, but in order to gain full understanding on what’s going on – we often need to dive deep into the binary’s secrets. This is where Reverse Engineering becomes very useful. Sophisticated malware may employ zero-day vulnerabilities – but execute them only if certain conditions are satisfied. We can learn or modify all those conditions as long as we can access the code itself. We will show you how to use Ghidra in order to analyze logic, discover hidden secrets, and even patch binaries to change their behavior. The true power of Ghidra lays within its free decompiler so we don’t have to speak fluent assembler.
Module 11
Insecure web authentication as part of Red Teaming assessments
~ February 22, 2022 ~
o Web authentication is a common entry point to company systems, hence skilful Red Teamers know how to look for vulnerabilities in this area. We will present various web attacks and explain issues’ root-cause in handling JWT, cookies, and other sensitive secrets. You can count on corner cases, unexpected cryptographic attacks, and really weird behaviour of innocent code..
Module 12
Containerization and Kubernetes
~ February 24, 2022 ~
In this module, we will dive into Azure Kubernetes Service architecture!
Secure deployment of AKS.
Time goes by faster and faster. Easy to use and quickly implementable solutions are the most-wanted option on the market. Azure Kubernetes Service (AKS) allows you to quickly deploy a production-ready Kubernetes cluster in Azure. But fast cannot mean too hasty.
During this module, you will learn how to safely deploy AKS. We will study together Azure Policies for AKS. After that, you will know what to use and how. That’s not everything, you have to know your enemy, learn five ways how to kill the cluster.
Notify Me about 2023 Edition
Click here to browse the modules:
PLEASE NOTE: There will be an online final exam covering all 12 modules. To receive an official CQURE certificate “Windows Security Master 2022” you have to get at least 70% of the answers right. We highly recommend that you don’t leave the revision until the last minute. 😉
Your teachers
Paula Januszkiewicz
FOUNDER AND CEO OF CQURE
Paula Januszkiewicz, MVP, MCT and Microsoft Reginal Director has 15 years of experience in the cybersecurity field, performing penetration tests, architecture consulting, trainings and seminars. She has performed hundreds of security projects, including those for governmental organizations and big enterprises, at the same time being a top speaker and a keynote speaker at many well-known conferences, including Microsoft Ignite (rated No 1 Speaker among 1100 speakers at a conference with 26000 attendees), RSA (in 2017 in San Francisco her session was one of the 5 hottest sessions), Black Hat, CyberCrime etc., where she is often rated as No 1 speaker. Her presentations gather thousands of people. In 2019, Paula’s presentation was voted best of Black Hat Asia 2019 Briefings!
Sami Laiho
GUEST SPEAKER | WINDOWS OS EXPERT
Sami Laiho is one of the world’s leading professionals in the Windows OS. Sami has been working
with and teaching OS troubleshooting, management and security for more than 15 years. Sami’s
session was evaluated as the best session in TechEd North America 2014, TechEd Europe 2014 and
TechEd Australia 2013. Sami’s session at Ignite 2015 was evaluated as #2 out of 1000+ sessions
and all of his four sessions were in the top 15 sessions on the Windows track.
Michał Jankowski-Lorek
SECURITY DATABASE EXPERT
Mike Jankowski-Lorek, PhD, is a Cloud Solutions & Machine Learning Expert at CQURE. He is data scientist, solution architect, developer and consultant. Mike designs and implements solutions for Databases, data analysis and natural language processing. He is interested in Big data, High Availability and real-time analytics especially when combined with machine learning and artificial intelligence or NLP. Mike has recently defended his PhD thesis in which he combined academic knowledge, professional experience and strong technical skills! Holder of many IT certificates such as MCT, MCP and MCDBA.
Michael Grafnetter
IDENTITY, CLOUD & SECURITY ARCHITECT
Michael is an expert on Active Directory security who works as a cybersecurity consultant, trainer, and researcher. He is best known as the author of the open-source Directory Services Internals (DSInternals) PowerShell module and Thycotic Weak Password Finder, tools used by security auditors and penetration testers worldwide. He holds a master’s degree in Software Engineering and is a former Microsoft MVP.
Artur Wojtkowski
Cybersecurity Specialist
Artur Wojtkowski is CQURE Expert with over 10 years of experience gained in many industries, mainly in telecommunication, banking and insurance sector. He has excellent skills in the area of infrastructure, web and mobile application penetration testing. He received the OSCE certification recently! During his career his tasks also included: performing social engineering tests, security code review, performance testing, security management in telecommunication companies, ISO 27001 implementation, administration of SIEM and PKI systems. Member of (ISC)2 and (ISC)2 Poland.
Adrian Denkiewicz
CYBERSECURITY EXPERT
Adrian Denkiewicz is CQURE Expert with over 8 years of experience as Penetration Tester, Cybersecurity Specialist and Software Developer. He has worked for financial, ecommerce, and semiconductor industry. Adrian performed dozens of penetration tests and security reviews cooperating with teams from all over. Adrian recently received the OSCP and OSWP certification; however – his ambitions are wider so he is working hard to develop his special skills even more!
Przemysław Tomasik
CYBERSECURITY EXPERT
Przemysław Tomasik is a CQURE Cybersecurity Expert with over 15 years of experience in IT, focusing the last decade on security and compliance aspects. He has worked for financial, e-commerce, and hospitality industry in Fortune 500 companies. In 2017, he opened a new chapter in his IT career – educating IT Pros in security. He conducts training in an interesting and accessible way, focusing on current trends and using his solid knowledge, especially on secure coding techniques. Przemek has delivered many penetration tests scoped from web applications to infrastructure, configuration and code review. He has years of practical experience in vulnerability management on Enterprise level. As a Cybersecurity Expert he is also responsible for security advisory and architecture review in a variety of projects. Przemek has recently started the OSCP certification to sharpen his skills.
Who Is It For
Intermediate to Advanced
Windows Security Professionals
This program is for you, if you want to level up and become key expert in your company (or even in your field). We promise to challenge your ways of thinking and executing.
Ethical Hackers
(who are familiar with…)
Attendee needs to have general fluency in Windows environment (including security skills, penetration testing etc.) Active Directory related knowledge is required. Take the quiz to see where are you at.
Brave Newbies
If you are a newbie you can still apply, but the program WILL NOT cover the basics — so it might be really challenging for you to get in or to keep up with the group.
What CQURE Academy Students say
Milan Racko
IT Security Specialist
–
AWSC18 helped me to better understand what are the security risks, how to identify them and how to protect against them primary in Microsoft on premise and cloud environments. I earned valuable knowledge and also it helped me to develop our security department in my team. I am looking forward for another courses from CQURE Academy.
Jack Perry
Security Principal Consultant | Presidio
–
All of their classes are based on their real world experience with the products, not just the typical Official Curriculum style classes that teach you things for an exam, but that you will never use. You’ll find that all of the material you’ll learn in the class will be used, at some point, in your security career.
Martin Weber
CTO | IT.innovation.4U GmbH
–
Totally professional, total great stuff, in-depth knowledge and a perfect Learning Atmosphere! I like it! Thanks so much for sharing your experience and knowledge!
Marek Chmel
SQL Server DBA | AT&T
–
All of their classes are based on their real world experience with the products, not just the typical Official Curriculum style classes that teach you things for an exam, but that you will never use. You’ll find that all of the material you’ll learn in the on-premise will be used, at some point, in your security career.
Paweł Partyka
Azure Security Infrastructure Consultant | Microsoft
–
During AWSC course I have learned about various attack techniques against credentials, secrets and Windows OS. I also obtained knowledge on mitigation possibilities. The course help me to have more confidence in my cyber security skills and have more meaningful discussion about the threats with my customers.
Doru-Catalin Togea
Information Security Advisor | Norwegian Police
–
As it also happened before, Paula Januszkiewicz knows how to blow your mind. As great athletes make their discipline look easy when you watch them perform, so Paula makes Windows purr like a little kitten. Even though I am fully aware of how much I still don’t know, after a course such as this Windows is not mysterious anymore. This is a great feeling.
Kamil Więcek
IT Expert | ING Bank Śląski
–
I’ve recently attended a training held by CQURE. It was PACKED with knowledge and tools. Of course another course not everything was discussed in details (lack of time)on-premise but CQURE team delivered a great value within just a few hours. I was a student not so long ago and I wish that our universities were teaching as efficiently as CQURE does.
Styrk Finne
Senior Professional System Engineer | CSC Norway
–
We have learned a lot about IIS, hacking and much much more. Our motivation has increased during this course and of course great interest in your work Paula. Impressed with your enthusiastic energic way of presenting.
BENEFITS SUMMARY:
- You’ll participate in a live, online certification program, divided into 12 modules + 1 bonus module spread over 6 weeks.
- Live, online sessions happening twice a week, 2 hours each (at 7PM CET / 10AM PDT / 1PM EDT).
- The syllabus covers 12 modules: Analysis on Fileless Malware, Certificates and Public Key Infrastructure, Cloud Penetration Testing, Privilege Escalation Bugs and Techniques, Pentesting Azure Active Directory, Azure Security Configuration Review… and much more.
- The program has an interactive, hands-on formula — and after every class, you’ll be able to ask questions.
- During the 6 week program, you’ll also get free access to the CQURE Training Lab and closed Facebook group where you can share your challenges and upgrade your network.
- Official CQURE certificate “Windows Security Master 2022” after passing the final exam.
- All the video recordings and extra materials are yours to keep for 12 months from the start of the program.
- 30-Day, Money-Back Guarantee
Price: $2799
We’ll be taking on board 200 students only. Admission is selective. We prioritize: your skills and professional achievements, but also your attitude and how you can contribute to the group — so that we all can learn from each other. Good luck!
Frequently Asked Questions
Who is this for?
This course is for geeks who want to become advanced Windows security experts. If you want to set yourself (and your company) apart from your competition, this is the course for you. You must already be fluent in the Windows environment (including security skills, penetration testing etc.). Active Directory related knowledge is required. We already have a great group of approved applicants from the Microsoft Ignite Conference where we did a soft launch of this course. Including:
- Professionals with over 5 years of experience in Windows and security related projects.
- Working in public, commercial, and security consulting companies.
If you are not sure if you qualify for the course, take the quiz to see where you stand. If you score above 12 points, you should apply here.
How does the application process work? Do I need to pay anything before the end of December?
In order to qualify for the course, you need to complete the application form here. The application is FREE 🙂 In the first days of December, we will review the applications. If you qualify, we will email you straight after we approve your application. If you do not qualify, we will also inform you by email. If we need more information from you, we may ask you to schedule a short interview with a member of our team. After we approve your application, you will have some time to submit your payment. You can pay online (recommended) or contact us to pay via your company payables department.
Am I getting a Certification upon finishing the course?
Well.. not exactly. You must pass the final exam to receive a certification (it is a part of the course so no additional payment is required). To pass the exam, you must answer 70% of the questions correctly. When you pass the exam, you will receive a CQURE Academy Certificate – “Windows Security Master 2022.”
How exactly does the “Advanced Windows Security Course For 2022” work?
Once your application is approved and you pay your tuition, this is what you will get access to:
-
- 12 Live Online Sessions with Paula or other CQURE Academy teachers. Sessions happen twice a week on Tuesday and Thursday. Sessions will be held at 7PM CEST (1PM New York / 10AM San Francisco). Each session will last 2 hours. You can ask questions on every session.
- 12-month access to video recordings of every session.
- Slides & Scripts & Tools from the Live Sessions for download.
- Free Access to our CQURE Lab, for 6 weeks of the course (so you can practice and do homework).
- Access to a Private Facebook Group (for students only), where you can network and exchange questions and ideas during the time of the course.
- Certification Exam in the end of the course.
- CQURE Academy Certificate – “Windows Security Master 2022” – if you pass the exam.
What is the CQURE Lab?
CQURE Academy design CQURE Labs are a great battlefield! You will learn how to hack and secure in a safe environment. Virtual lab can be accessed from anywhere where there is an Internet connection. After login, you will have full access to preconfigured virtual machines (with great performance) where you will be able to attack different targets, search for misconfigurations, search for the evidence and other interesting and very practical activities. During the training you will be given certain tasks to do at home and because CQURE Lab can be accessed anytime, during the day and night – you plan your activities by yourself, depending on your availability and mood! Technically CQURE Lab is a set of virtual machines available through RDP connection. You will obtain your own username, password and connection parameters and you can connect to the lab from any RDP client.
What if I miss the Live Online Sessions?
You get full access to all Live Session video recordings. We highly encourage you to participate in the live sessions so you can interact with us and the other students live online. You will learn best when we help you work through your questions. Keep up with the course flow we have designed will help you hold yourself accountable to complete the course in a timely manner. That being said, we understand life and work happen. That is why you will have access to all of the material for 12 months.
How is this course different from other Security Courses offered in the market?
We are not just a training company. All of our experts spend 60% of their time working as consultants on client cases around the world. We split the rest of our time evenly between research and teaching. This allows us to stay up to date on cutting edge security knowledge, skills and tools that other training institutes lack. This rare. Every year’s course will be completely rebuilt to keep up with emerging security trends. Finally, we believe the best way to make you learn is to keep the course fun, social, an interactive. We are cool geeks 🙂 Paula is widely recognized as the best speaker and trainer at international security conferences. At the Microsoft Ignite 2015, unofficial polling marked her as the best speaker (no, we did not ‘hack’ the results!).
×