
Only Once a Year
You’ll only learn things that will be crucial and most relevant in the following 2024. We run the training only once a year, always with the newest content.
By Paula Januszkiewicz · Sami Laiho · CQURE Academy Experts
Upgrade your cybersecurity skills with The Advanced Windows Security Course – our flagship certified online course designed by industry experts for ambitious cybersecurity geeks who want to perform at the highest level in the upcoming year!
EARLY-BIRD PRICE $2199* $3199
Step into the Pro League
In the realm of cybersecurity, knowledge is the ultimate currency. While it may appear that the digital world offers unlimited access to information, it’s critical to discern that not all information holds significant value.
We’re thrilled to invite you to join our exclusive course, a platform where esteemed experts share their hard-earned wisdom from the frontlines of the battle against cybercrime. This is not a run-of-the-mill course targeting the broad market. Instead, our call resonates with impressive individuals who have showcased noteworthy achievements and harbor the ambition to ascend the ranks of the cybersecurity elite.
Since launching the ADVANCED WINDOWS SECURITY COURSE back in 2016, it’s been an absolute delight for us to host this event each year. We’ve built incredible connections with countless participants, all united by their eagerness to strengthen their skills in cybersecurity. It is heartening to witness the unwavering support from our community and their enthusiastic participation in this quest for cybersecurity excellence.
Make your mark and capture the attention of potential employers in 2024 with this certified online course by CQURE. This unique course takes place ONLY once a year and each iteration offers a fresh perspective. Enrollment is exclusive to a select group of 100 students, chosen meticulously through a stringent application process.
Crafted by award-winning experts working on the cutting edge of the security industry, our six-week course for intermediate and advanced professionals holds practicality at its core. You’ll acquire the tools and techniques necessary to fortify your Windows operating system against threats in 2024, irrespective of your work location.
Venture into the Dark Side and Validate Your Worth
Our course empowers you to think like an adversary, enabling you to detect and rectify vulnerabilities in your system before they can be exploited. We deep dive into the most daunting threats and pinpoint configuration mistakes that could culminate in data or financial losses.
Earning the 2024 Windows Security Master certificate is more than just a personal achievement; it’s an outward expression of your commitment to upgrading your skills and propelling your career forward. Join us in our annual cybersecurity journey, and let’s embark on a trailblazing adventure together in 2024!
The Advanced Windows Security Course for 2024 will cover a diverse range of 12 subjects, all hand-selected by our globally acclaimed TOP cybersecurity experts – Paula Januszkiewicz, Sami Laiho, and Mike Jankowski-Lorek to name a few. The crucial topics are set to define the field in 2024, equipping you with the foresight and knowledge to stay ahead of the curve.
The agenda for the course will cover: During the course, you will learn how to handle the incident, perform memory & disk forensics, harden Active Directory infrastructure, and implement a secure authentication mechanisms in various scenarios. We will also cover how to master log files and implement AD/AAD tiering & Privileged Access Workstations. As for the security in the cloud, the Advanced Windows Security Course will go through the topics of Zero Trust architecture, deploying passkey authentication with Microsoft Entra ID, and adopting MDTI & its integration with Microsoft Sentinel. This is only the tip of the iceberg so buckle up and prepare for the knowledge!
Don’t miss out on our exclusive EARLY-BIRD discount. It’s an opportunity you wouldn’t want to miss the EARLY-BIRD APPLICATION and the special price of $2199 that comes with it!
Contact us if you’re interested in TEAM PLAN for your organization.
How is this course different from others?
You’ll only learn things that will be crucial and most relevant in the following 2024. We run the training only once a year, always with the newest content.
You’ll skip the fluff and go straight to the advanced stuff. The pace is quite intense, so expect a smoke coming out of your ears.
The training is pretty hands-on, because it has been designed by passionate practitioners and obsessive researchers from CQURE Team.
We’ll bring a bunch of experts on board with Paula Januszkiewicz and Sami Laiho among instructors and the hosts of the program.
Course Formula
LIVE Trainings
You’ll join our 2-hour long live classes on a special interactive platform – happening twice a week at 7PM CET (10AM PST / 1PM EST).
Action packed
You’ll go through 12 modules in 6 weeks. We’re not fluffing around, you’ve been warned.
Once a Year Only
We organise this course only once a year. Every next edition is updated with new tools and challenges.
Interactive classroom
After every class you’ll be able to ask questions.
Extra materials
We’ve prepared for you slides, extra materials and homework for each session.
12-month Access
You’ll get a full year of online access to all the recordings (counted from the first class).
The Training Lab
During the course you’ll have access to a special training platform where you can safely test your hacks.
Social & Network
You’ll become a member of a closed DISCORD group, where you can not only share your challenges and geeky jokes… but also network.
CQURE Certificate – “Windows Security Master 2024”
You’ll receive an official CQURE certificate “Windows Security Master 2024″ after passing the final exam. Yes, there will be a final exam. And 24hrs counting towards your CPE’s.
Course Syllabus
Module 1
~ October 24, 2023 ~
by Sami Laiho
Can you RDP into a server or a jump server from any computer in your network? Can you manage your Virtualization and Backups with your Domain Admin accounts? Can Domain Admins log on to normal workstations? If you answered “Yes” to any of these questions, oh boy you are in trouble…
In this crucial AWSC module, our Expert Sami Laiho will show you why segregating potential access to sensitive data from administrative operations is a key. Sami will introduce the concept of Privileged Access Workstations (PAWs) as the missing component in creating a well-tiered, secure Active Directory (or Azure Active Directory) environment.
The module is divided into 3 segments:
Deploying Directory Tiering:
• On-Prem (AD),
• Cloud (AAD).
Deploying Privileged Access Computers for on-prem:
• Different solutions for where to run PAWs,
• IPsec or something else?
• Controlling the network connections and access to malicious content.
Deploying Privileged Access Computers for the Cloud:
• Different solutions for where to run PAWs,
• Conditional access or something else?
• Controlling the network connections and access to malicious content.
Module 2
~ October 26, 2023 ~
by Michael Grafnetter
This AWSC Module is designed to show you the planning process and implementation of a passwordless authentication deployment within the Microsoft Entra ID ecosystem.
With the arrival of Passkey (formerly known as FIDO2) authentication support to Apple iOS, it is now finally possible to go fully passwordless, both in Active Directory and Entra ID (previously named Azure Active Directory). In this session, we are going to discuss the entire process of Passkey authentication deployment in hybrid and multi-platform environments, including the configuration options, identity lifecycle management, security considerations, and current limitations of this technology.
Module 3
~ October 31, 2023 ~
by Jan Marek
During this AWSC module, our Expert Jan Marek will lead an in-depth exploration of modern EDR circumvention options. The primary objective of this session is to provide you with a comprehensive understanding of the sophisticated techniques currently used by cyber attackers. You’ll understand the limitations of EDR as the only one defense mechanism for defending your endpoints.
We will dive into strategies used by hackers to operate within the user space, often evading detection by traditional security measures. Participants will gain insight into kernel callbacks, Event Tracing for Windows (ETW), detailed examination of system calls (syscalls) and their role in advanced threat evasion.
Module 4
~ November 2, 2023 ~
by Ronald Harmsen
As containerization, especially through Kubernetes, continues its popularity for development teams, it’s crucial to understand the potential challenges and pitfalls that can arise in this dynamic environment. Join our Expert Ronald Harmsen in this insightful AWSC module as we delve into the complexity of running such practices securely.
The session will address critical questions that every development team should consider: How can we ensure that our APIs are not exposed, potentially leading to security vulnerabilities? What measures can be implemented to prevent unintended connections to incorrect or even malicious containers within a Kubernetes cluster? Understanding exactly what is running and deciding if it should be running at all is crucial, and we’ll explore strategies to do so effectively.
Module 5
~ November 7, 2023 ~
by Damian Widera
In this insightful AWSC module, our Expert Damian Widera will demonstrate the relationship between encryption techniques and SQL Server performance.
Damian will guide you through the process of designing and developing a secure and high-performing solution within the SQL Server environment. Participants will gain hands-on experience in selecting encryption methods tailored to their specific business needs. Through practical demonstrations and in-depth discussions, you’ll gain a comprehensive understanding of how different encryption techniques impact SQL Server operations.
Module 6
~ November 9, 2023 ~.
by Paula Januszkiewicz & Mike Jankowski-Lorek, PhD
In this Module of the AWSC course, CQURE Academy Experts Paula J and Dr. Mike will show you in detail the power of logs within the area of cybersecurity, as it holds the key to understanding, detecting, and mitigating cyber threats.
The session will cover exploration of the following points: Cyber Kill Chain and Cyber Kill Chain – Protection, providing attendees with the view on stages that attackers go during an attack and protection methods. You’ll gain hands-on experience and knowledge on a variety of useful tools. Last but not least, Paula and Dr. Mike will focus on Azure Sentinel – Cloude-native SIEM, that provides intelligent security analytics for enterprises. Our Experts, together with AWSC participants, will explore it from the general overview down to the deep details of the entity behavior and analytics.
Module 7
~ November 14, 2023 ~.
by Mike Jankowski-Lorek, PhD
In this AWSC module, Dr. Mike Jankowski-Lorek will get into the concept of the Zero Trust model. He’ll explain why this concept remains interesting, yet often challenging to adopt in practice. Participants will gain deep insights into the Zero Trust by using Microsoft products.
Dr. Mike’s extensive experience as a penetration tester and incident responder brings a unique perspective to the session. You’ll gain practical knowledge, complemented by a wide range of real-world examples and demonstrations, on how to secure your environment for the Zero Trust model. The module will also emphasize critical missteps to avoid during implementation.
Module 8
~ November 16, 2023 ~
by Michael Grafnetter
This AWSC Module, led by our Expert Michael Grafnetter, will guide you through the Active Directory security hardening, showing the expertise needed to secure environments against evolving threats.
In IT there is a well-known concept called “Security by default”. Unfortunately, most Active Directory features were developed almost 30 years ago and to achieve backward compatibility with legacy systems, even the default configuration of a Windows Server 2022 domain controller is far from being as secure as possible. As a consequence, a freshly deployed Active Directory environment is relatively easy to compromise. That is why we will go through a checklist of both common and lesser-known Active Directory security settings, which should result in a very secure configuration.
We are also going to discuss various auditing tools which can be used to compare the current configuration against various security baselines
Module 9
~ November 21, 2023 ~
by Paula Januszkiewicz
During this insightful Module, our Expert Paula J will show her newest expertise on memory analysis techniques and disk storage acquisition and analysis. Forensics is a constantly evolving and crucial topic in cybersecurity. To stay on top attackers, the knowledge of Individuals and Teams responsible for collecting digital evidence and handling the incidents must be constantly enhanced and updated.
Paula will guide you through the secrets of memory dumping and show you how to use advanced tools. After that, participants will explore volatility to analyze Windows memory images and system memory dump. This Module will develop your skills in Storage Acquisition and Analysis as well: among others, we will focus on methods and technologies that enable reviving, extracting and recovering partitions and… juicy information. You can expect a deep dive into the detailed analysis and a guide on how to create a full incident timeline!
Module 10
~ November 23, 2023 ~
by Michael Grafnetter
In this AWSC Module, Michael Grafnetter will dive deep into the secrets of Kerberos authentication. The session will cover many different types of attacks against the Kerberos protocol, including the roasting, forging, and relaying techniques. You will also be provided with hands-on insights on securing your systems.
Module 11
~ November 28, 2023 ~
by Sami Laiho
Every computer, whether in a corporate LAN or a public network, needs to be protected with a firewall. This also applies to all servers! And this means the device itself and not a firewall on the perimeter. Zero Trust means that those protections are in place wherever you might take your computer, and that we can identify the computer and user, not just the address where it claims to be. With Windows Firewall you can block pass-the-hash and other lateral movement techniques. By adding IPsec, you can enjoy all the benefits of 802.1x authenticated networks – only better, more granular and for free!
Join Sami Laiho, our Expert, in this Module and learn how he manages different sized environments and deploys the concept of Client Firewalls.
1. Windows Defender Firewall with Advanced Security
• Managing Windows Firewall
• Managing policies via GPO
• Managing policies via Intune
2: Deploying IPsec
• AH, ESP, and IKE protocols
• Domain Isolation – prevent unauthorized computers from communicate with you
• Creating firewall rules for computer or user accounts, not IP/SUBNETs
3: Troubleshooting
• Troubleshooting the Firewall
• Troubleshooting IPsec
Module 12
~ November 30, 2023 ~
by Piotr Pawlik
Unlock the potential of Microsoft’s Threat Intelligence platform in this dynamic AWSC Module. Join our Expert Piotr Pawlik and learn how to operationalize Microsoft’s Threat Intelligence articles and Intel Profiles in MDTI to revolutionize your security approach. We’ll start with an introduction to MDTI and its crucial role in constructing an Early Warning System for Threats. Next, we’ll dive into the world of interoperability, bridging Microsoft 365 Defender and Microsoft Sentinel for a unified defense strategy. In this technically-rich session, we’ll explore Intel Profiles, present real-world analyst case studies, and establish seamless integration with Microsoft Sentinel to thwart APT actor tactics.
Timeline:
Module 13
~ December 5, 2023 ~
by Andy Wendel
The active directory is your crown jewels. Nearly everybody has it in place and every is using but not protecting it.
The last years in experience with APT-groups and ransomware gave us a picture of how attackers crawl through your networks and how they work.
So – within these 2 hours of training, you will see, understand, and train yourself how attackers work, understand their toolsets, and then, learn how to securely protect your active directory the master way.
Learn about Tier-models, ESAE (it is deprecated but fully supported), pingcastle, the protected user group, ReCoBS and immutable-backup, and a lot more.
PLEASE NOTE: There will be an online final exam covering all 12 modules. To receive an official CQURE certificate “Windows Security Master 2024” you have to get at least 70% of the answers right. We highly recommend that you don’t leave the revision until the last minute. 😉
Your instructors
Paula Januszkiewicz, MVP, MCT and Microsoft Regional Director has more than 19 years of experience in the cybersecurity field, performing penetration tests, architecture consulting, trainings and seminars. She has performed hundreds of security projects, including those for governmental organizations and big enterprises, at the same time being a top speaker and a keynote speaker at many well-known conferences.
Sami Laiho is one of the world’s leading professionals in the Windows OS troubleshooting and security. Sami has been working with and teaching OS troubleshooting, management and security for more than 25 years. In 2018, Sami’s two sessions were evaluated as the Top 2 sessions (out of 1700+ sessions) at Microsoft Ignite in Orlando.
Mike Jankowski-Lorek is a solution architect, developer, data scientist and security expert with more than 18-years’ experience in the field. He designs and implements solutions for organization identity and access databases, network and security monitoring and management, mainly working in Microsoft ecosystem for medium to enterprise level organizations. Mike holds multiple certifications, especially security, database and software development related. As a passionate person he loves sharing his knowledge
Michael is an expert on Active Directory security who works as a cybersecurity consultant, instructor, and researcher. He is best known as the author of the open-source Directory Services Internals (DSInternals) PowerShell module and Thycotic Weak Password Finder, tools used by security auditors and penetration testers worldwide. He holds a master’s degree in Software Engineering and is Microsoft MVP.
Piotr Pawlik is CQURE’s Cybersecurity Expert, System Engineer and Unified Communications Expert with experience in design, implementation, and support for Microsoft solutions. During his work for Orange Business Services, Piotr was responsible for planning and deployment of security solutions for the biggest customers in Poland (insurance, banking, education and government sectors) and many customers located in Europe. Piotr’s main areas of expertise are: Microsoft Private Cloud (Hyper-V virtualization and System Center 2012), Microsoft Public Cloud (Office 365 and Azure), Microsoft Exchange Server 2010/2013, Lync Server 2010/2013, Office Communications Servers and Windows Server family. His additional experience includes disaster recovery, capacity planning, virtualization and business continuity. Excellent problem-solving skills and interpersonal skills.
Software engineer with over 20 years of professional experience in all aspects of data platform development. He has participated in a number of projects in international environments and possesses practical knowledge of procedures and tools which are necessary for successful implementation of such projects. Damian currently focuses on building solutions based on Microsoft Azure environment including complex database driven systems, machine learning, big data processing, tuning and optimization. As an experienced instructor, speaker and columnist, he is always eager to take part in new engagements. In 2022, for the 14th time, he has been awarded Microsoft’s Data Platform MVP. In addition, he holds various Microsoft Certifications since 2004: Microsoft Certified Trainer, Solution Developer and Application Developer for .NET, Database Administrator, Microsoft Certified Solutions Expert.
Ronald Harmsen is a solution architect, developer, instructor and speaker based in the Netherlands. Ronald has been active in professional software development since the mid-90s and has worked on projects for a range of large international companies as well as SME’s and startups. His focus is on delivering well engineered, maintainable and secure software. When not working on customer projects, Ronald consults and trains several teams in Scandinavia, UK, Netherlands & Belgium in achieving this by applying DevOps principles, Event Driven Architectures and Domain Driven Design. Currently he mainly works with technologies like Microsoft Azure, Kubernetes and software development in dotnet, building IoT and microservice based cloud-first systems. Ronald can also be found as a speaker on development conferences and meetups.
Jan Marek is a red teamer, security consultant and architect with more than 18 years of proven experience. His professional career includes training and speaking-related activities as well. He focuses primarily on products in the area of cybersecurity, private and public cloud, specifically Windows Security, Microsoft Cloud Security Stack (Azure Sentinel, Azure Defender, M365 Defender, Defender for Endpoint, Defender for Identity), Microsoft Hyper-V, Windows Server and Active Directory. To prove his knowledge, he has passed many certifications – OSCP | eCPPT | CHFI, CEH, CEI, Comptia Pentest+, MCSE, MCSA, MCITP, MCTS, MS, MCT. For his speaking-/writing- related activities, he was awarded with the Microsoft Community Contributor and Microsoft Most Valuable Professional (MVP) in the Cloud and Datacenter Management category.
Who Is It For
This program is for you, if you want to level up and become key expert in your company (or even in your field). We promise to challenge your ways of thinking and executing.
Attendee needs to have general fluency in Windows environment (including security skills, penetration testing etc.) Active Directory related knowledge is required. Take the quiz to see where are you at.
If you are a newbie you can still apply, but the program WILL NOT cover the basics — so it might be really challenging for you to get in or to keep up with the group.
What CQURE Academy Students say
Milan Racko
IT Security Specialist
–
AWSC18 helped me to better understand what are the security risks, how to identify them and how to protect against them primary in Microsoft on premise and cloud environments. I earned valuable knowledge and also it helped me to develop our security department in my team. I am looking forward for another courses from CQURE Academy.
Jack Perry
Security Principal Consultant | Presidio
–
All of their classes are based on their real world experience with the products, not just the typical Official Curriculum style classes that teach you things for an exam, but that you will never use. You’ll find that all of the material you’ll learn in the class will be used, at some point, in your security career.
Martin Weber
CTO | IT.innovation.4U GmbH
–
Totally professional, total great stuff, in-depth knowledge and a perfect Learning Atmosphere! I like it! Thanks so much for sharing your experience and knowledge!
Marek Chmel
SQL Server DBA | AT&T
–
All of their classes are based on their real world experience with the products, not just the typical Official Curriculum style classes that teach you things for an exam, but that you will never use. You’ll find that all of the material you’ll learn in the on-premise will be used, at some point, in your security career.
Paweł Partyka
Azure Security Infrastructure Consultant | Microsoft
–
During AWSC course I have learned about various attack techniques against credentials, secrets and Windows OS. I also obtained knowledge on mitigation possibilities. The course help me to have more confidence in my cyber security skills and have more meaningful discussion about the threats with my customers.
Doru-Catalin Togea
Information Security Advisor | Norwegian Police
–
As it also happened before, Paula Januszkiewicz knows how to blow your mind. As great athletes make their discipline look easy when you watch them perform, so Paula makes Windows purr like a little kitten. Even though I am fully aware of how much I still don’t know, after a course such as this Windows is not mysterious anymore. This is a great feeling.
Kamil Więcek
IT Expert | ING Bank Śląski
–
I’ve recently attended a training held by CQURE. It was PACKED with knowledge and tools. Of course another course not everything was discussed in details (lack of time)on-premise but CQURE team delivered a great value within just a few hours. I was a student not so long ago and I wish that our universities were teaching as efficiently as CQURE does.
Styrk Finne
Senior Professional System Engineer | CSC Norway
–
We have learned a lot about IIS, hacking and much much more. Our motivation has increased during this course and of course great interest in your work Paula. Impressed with your enthusiastic energic way of presenting.
We’ll be taking on board 100 students only. Admission is selective. We prioritize: your skills and professional achievements, but also your attitude and how you can contribute to the group — so that we all can learn from each other. Good luck!
Frequently Asked Questions
This course is for geeks who want to become advanced Windows security experts. If you want to set yourself (and your company) apart from your competition, this is the course for you. You must already be fluent in the Windows environment (including security skills, penetration testing etc.). Active Directory related knowledge is required. We already have a great group of approved applicants from the Microsoft Ignite Conference where we did a soft launch of this course. Including:
If you are not sure if you qualify for the course, take the quiz to see where you stand. If you score above 12 points, you should apply here.
In order to qualify for the course, you need to complete the application form here. The application is FREE 🙂 We will review the applications to see if you qualify, we will email you straight after we approve your application. If you do not qualify, we will also inform you by email. If we need more information from you, we may ask you to schedule a short interview with a member of our team. After we approve your application, you will have some time to submit your payment. You can pay online (recommended) or contact us to pay via your company payables department.
Well.. not exactly. You must pass the final exam to receive a certification (it is a part of the course so no additional payment is required). To pass the exam, you must answer 70% of the questions correctly. When you pass the exam, you will receive a CQURE Academy Certificate – “Windows Security Master 2024.”
Once your application is approved and you pay your tuition, this is what you will get access to:
CQURE Academy design CQURE Labs are a great battlefield! You will learn how to hack and secure in a safe environment. Virtual lab can be accessed from anywhere where there is an Internet connection. After login, you will have full access to preconfigured virtual machines (with great performance) where you will be able to attack different targets, search for misconfigurations, search for the evidence and other interesting and very practical activities. During the training you will be given certain tasks to do at home and because CQURE Lab can be accessed anytime, during the day and night – you plan your activities by yourself, depending on your availability and mood! Technically CQURE Lab is a set of virtual machines available through RDP connection. You will obtain your own username, password and connection parameters and you can connect to the lab from any RDP client.
You get full access to all Live Session video recordings. We highly encourage you to participate in the live sessions so you can interact with us and the other students live online. You will learn best when we help you work through your questions. Keep up with the course flow we have designed will help you hold yourself accountable to complete the course in a timely manner. That being said, we understand life and work happen. That is why you will have access to all of the material for 12 months.
We are not just a training company. All of our experts spend 60% of their time working as consultants on client cases around the world. We split the rest of our time evenly between research and teaching. This allows us to stay up to date on cutting edge security knowledge, skills and tools that other training institutes lack. This rare. Every year’s course will be completely rebuilt to keep up with emerging security trends. Finally, we believe the best way to make you learn is to keep the course fun, social, an interactive. We are cool geeks 🙂 Paula is widely recognized as the best speaker and instructor at international security conferences. At the Microsoft Ignite 2015, unofficial polling marked her as the best speaker (no, we did not ‘hack’ the results!).