The Advanced Windows Security Course – 2024 Edition

By Paula Januszkiewicz · Sami Laiho · CQURE Academy Experts

Are You Ready to Outperform in 2024?

Upgrade your cybersecurity skills with The Advanced Windows Security Course – our flagship certified online course designed by industry experts for ambitious cybersecurity geeks who want to perform at the highest level in the upcoming year!

START: October 24, 2023

Step into the Pro League

In the realm of cybersecurity, knowledge is the ultimate currency. While it may appear that the digital world offers unlimited access to information, it’s critical to discern that not all information holds significant value.

We’re thrilled to invite you to join our exclusive course, a platform where esteemed experts share their hard-earned wisdom from the frontlines of the battle against cybercrime. This is not a run-of-the-mill course targeting the broad market. Instead, our call resonates with impressive individuals who have showcased noteworthy achievements and harbor the ambition to ascend the ranks of the cybersecurity elite.

Since launching the ADVANCED WINDOWS SECURITY COURSE back in 2016, it’s been an absolute delight for us to host this event each year. We’ve built incredible connections with countless participants, all united by their eagerness to strengthen their skills in cybersecurity. It is heartening to witness the unwavering support from our community and their enthusiastic participation in this quest for cybersecurity excellence.

Make your mark and capture the attention of potential employers in 2024 with this certified online course by CQURE. This unique course takes place ONLY once a year and each iteration offers a fresh perspective. Enrollment is exclusive to a select group of 100 students, chosen meticulously through a stringent application process.

Crafted by award-winning experts working on the cutting edge of the security industry, our six-week course for intermediate and advanced professionals holds practicality at its core. You’ll acquire the tools and techniques necessary to fortify your Windows operating system against threats in 2024, irrespective of your work location.

Venture into the Dark Side and Validate Your Worth

Our course empowers you to think like an adversary, enabling you to detect and rectify vulnerabilities in your system before they can be exploited. We deep dive into the most daunting threats and pinpoint configuration mistakes that could culminate in data or financial losses.

Earning the 2024 Windows Security Master certificate is more than just a personal achievement; it’s an outward expression of your commitment to upgrading your skills and propelling your career forward. Join us in our annual cybersecurity journey, and let’s embark on a trailblazing adventure together in 2024!

The Advanced Windows Security Course for 2024 will cover a diverse range of 12 subjects, all hand-selected by our globally acclaimed TOP cybersecurity experts – Paula Januszkiewicz, Sami Laiho, and Mike Jankowski-Lorek to name a few. The crucial topics are set to define the field in 2024, equipping you with the foresight and knowledge to stay ahead of the curve.

The agenda for the course will cover: During the course, you will learn how to handle the incident, perform memory & disk forensics, harden Active Directory infrastructure, and implement a secure authentication mechanisms in various scenarios. We will also cover how to master log files and implement AD/AAD tiering & Privileged Access Workstations. As for the security in the cloud, the Advanced Windows Security Course will go through the topics of Zero Trust architecture, deploying passkey authentication with Microsoft Entra ID, and adopting MDTI & its integration with Microsoft Sentinel. This is only the tip of the iceberg so buckle up and prepare for the knowledge!

Don’t miss out on our exclusive EARLY-BIRD discount. It’s an opportunity you wouldn’t want to miss the EARLY-BIRD APPLICATION and the special price of $2199 that comes with it!

Contact us if you’re interested in TEAM PLAN for your organization.

How is this course different from others?

Only Once a Year

You’ll only learn things that will be crucial and most relevant in the following 2024. We run the training only once a year, always with the newest content. 

Only Advanced Stuff

You’ll skip the fluff and go straight to the advanced stuff. The pace is quite intense, so expect a smoke coming out of your ears.

Only NEW Tools and Techniques

The training is pretty hands-on, because it has been designed by passionate practitioners and obsessive researchers from CQURE Team.

Only Cool Presenters!

We’ll bring a bunch of experts on board with Paula Januszkiewicz and Sami Laiho among instructors and the hosts of the program.

Course Formula

LIVE Trainings

You’ll join our 2-hour long live classes on a special interactive platform – happening twice a week at 7PM CET (10AM PST / 1PM EST).

Action packed

You’ll go through 12 modules in 6 weeks. We’re not fluffing around, you’ve been warned.

Once a Year Only

We organise this course only once a year. Every next edition is updated with new tools and challenges.

Interactive classroom

After every class you’ll be able to ask questions.

Extra materials

We’ve prepared for you slides, extra materials and homework for each session.

12-month Access

You’ll get a full year of online access to all the recordings (counted from the first class).

The Training Lab

During the course you’ll have access to a special training platform where you can safely test your hacks.

Social & Network

You’ll become a member of a closed DISCORD group, where you can not only share your challenges and geeky jokes… but also network.

CQURE Certificate – “Windows Security Master 2024”

You’ll receive an official CQURE certificate “Windows Security Master 2024″ after passing the final exam. Yes, there will be a final exam. And 24hrs counting towards your CPE’s.

Course Syllabus

Module 1

Implementing AD/AAD Tiering & Privileged Access Workstations

~ October 24, 2023 ~

by Sami Laiho

Can you RDP into a server or a jump server from any computer in your network? Can you manage your Virtualization and Backups with your Domain Admin accounts? Can Domain Admins log on to normal workstations? If you answered “Yes” to any of these questions, oh boy you are in trouble…  

In this crucial AWSC module, our Expert Sami Laiho will show you why segregating potential access to sensitive data from administrative operations is a key. Sami will introduce the concept of Privileged Access Workstations (PAWs) as the missing component in creating a well-tiered, secure Active Directory (or Azure Active Directory) environment. 

The module is divided into 3 segments: 

Deploying Directory Tiering:
• On-Prem (AD),
• Cloud (AAD). 

Deploying Privileged Access Computers for on-prem:
• Different solutions for where to run PAWs,
• IPsec or something else?
• Controlling the network connections and access to malicious content. 

Deploying Privileged Access Computers for the Cloud:
• Different solutions for where to run PAWs,
• Conditional access or something else?
• Controlling the network connections and access to malicious content. 

Module 2

Deploying Passkey Authentication with Microsoft Entra ID

~ October 26, 2023 ~

by Michael Grafnetter

This AWSC Module is designed to show you the planning process and implementation of a passwordless authentication deployment within the Microsoft Entra ID ecosystem. 

With the arrival of Passkey (formerly known as FIDO2) authentication support to Apple iOS, it is now finally possible to go fully passwordless, both in Active Directory and Entra ID (previously named Azure Active Directory). In this session, we are going to discuss the entire process of Passkey authentication deployment in hybrid and multi-platform environments, including the configuration options, identity lifecycle management, security considerations, and current limitations of this technology.

Module 3

Modern EDR Evasion Techniques

~ October 31, 2023 ~

by Jan Marek

During this AWSC module, our Expert Jan Marek will lead an in-depth exploration of modern EDR circumvention options. The primary objective of this session is to provide you with a comprehensive understanding of the sophisticated techniques currently used by cyber attackers. You’ll understand the limitations of EDR as the only one defense mechanism for defending your endpoints. 

We will dive into strategies used by hackers to operate within the user space, often evading detection by traditional security measures. Participants will gain insight into kernel callbacks, Event Tracing for Windows (ETW), detailed examination of system calls (syscalls) and their role in advanced threat evasion. 

Module 4

Keeping your Kubernetes Environments Safe and Stable

~ November 2, 2023 ~

by Ronald Harmsen

As containerization, especially through Kubernetes, continues its popularity for development teams, it’s crucial to understand the potential challenges and pitfalls that can arise in this dynamic environment. Join our Expert Ronald Harmsen in this insightful AWSC module as we delve into the complexity of running such practices securely. 

The session will address critical questions that every development team should consider: How can we ensure that our APIs are not exposed, potentially leading to security vulnerabilities? What measures can be implemented to prevent unintended connections to incorrect or even malicious containers within a Kubernetes cluster? Understanding exactly what is running and deciding if it should be running at all is crucial, and we’ll explore strategies to do so effectively. 

Module 5

Microsoft SQL Server Encryption for Performance

~ November 7, 2023 ~

by Damian Widera

In this insightful AWSC module, our Expert Damian Widera will demonstrate the relationship between encryption techniques and SQL Server performance.  

Damian will guide you through the process of designing and developing a secure and high-performing solution within the SQL Server environment. Participants will gain hands-on experience in selecting encryption methods tailored to their specific business needs. Through practical demonstrations and in-depth discussions, you’ll gain a comprehensive understanding of how different encryption techniques impact SQL Server operations. 

Module 6

Mastering the Log Files

~ November 9, 2023 ~.

by Paula Januszkiewicz & Mike Jankowski-Lorek, PhD

In this Module of the AWSC course, CQURE Academy Experts Paula J and Dr. Mike will show you in detail the power of logs within the area of cybersecurity, as it holds the key to understanding, detecting, and mitigating cyber threats. 

The session will cover exploration of the following points: Cyber Kill Chain and Cyber Kill Chain – Protection, providing attendees with the view on stages that attackers go during an attack and protection methods. You’ll gain hands-on experience and knowledge on a variety of useful tools. Last but not least, Paula and Dr. Mike will focus on Azure Sentinel – Cloude-native SIEM, that provides intelligent security analytics for enterprises. Our Experts, together with AWSC participants, will explore it from the general overview down to the deep details of the entity behavior and analytics. 

Module 7

Hacking Zero Trust in the Windows Environment: Security Controls That Make Attacker’s Life Difficult

~ November 14, 2023 ~.

by Mike Jankowski-Lorek, PhD

In this AWSC module, Dr. Mike Jankowski-Lorek will get into the concept of the Zero Trust model. He’ll explain why this concept remains interesting, yet often challenging to adopt in practice. Participants will gain deep insights into the Zero Trust by using Microsoft products. 

Dr. Mike’s extensive experience as a penetration tester and incident responder brings a unique perspective to the session. You’ll gain practical knowledge, complemented by a wide range of real-world examples and demonstrations, on how to secure your environment for the Zero Trust model. The module will also emphasize critical missteps to avoid during implementation.  

Module 8

Mastering Active Directory Security Hardening

~ November 16, 2023 ~

by Michael Grafnetter

This AWSC Module, led by our Expert Michael Grafnetter, will guide you through the Active Directory security hardening, showing the expertise needed to secure environments against evolving threats. 

In IT there is a well-known concept called “Security by default”. Unfortunately, most Active Directory features were developed almost 30 years ago and to achieve backward compatibility with legacy systems, even the default configuration of a Windows Server 2022 domain controller is far from being as secure as possible. As a consequence, a freshly deployed Active Directory environment is relatively easy to compromise. That is why we will go through a checklist of both common and lesser-known Active Directory security settings, which should result in a very secure configuration.

We are also going to discuss various auditing tools which can be used to compare the current configuration against various security baselines

Module 9

Mastering the Memory & Disc Forensics

~ November 21, 2023 ~

by Paula Januszkiewicz

During this insightful Module, our Expert Paula J will show her newest expertise on memory analysis techniques and disk storage acquisition and analysis. Forensics is a constantly evolving and crucial topic in cybersecurity. To stay on top attackers, the knowledge of Individuals and Teams responsible for collecting digital evidence and handling the incidents must be constantly enhanced and updated. 

Paula will guide you through the secrets of memory dumping and show you how to use advanced tools. After that, participants will explore volatility to analyze Windows memory images and system memory dump. This Module will develop your skills in Storage Acquisition and Analysis as well: among others, we will focus on methods and technologies that enable reviving, extracting and recovering partitions and… juicy information. You can expect a deep dive into the detailed analysis and a guide on how to create a full incident timeline! 

Module 10

Kerberos Authentication Security

~ November 23, 2023 ~

by Michael Grafnetter

In this AWSC Module, Michael Grafnetter will dive deep into the secrets of Kerberos authentication. The session will cover many different types of attacks against the Kerberos protocol, including the roasting, forging, and relaying techniques. You will also be provided with hands-on insights on securing your systems.

Module 11

Securing your Endpoint with Windows Firewall and IPsec

~ November 28, 2023 ~

by Sami Laiho

Every computer, whether in a corporate LAN or a public network, needs to be protected with a firewall. This also applies to all servers! And this means the device itself and not a firewall on the perimeter. Zero Trust means that those protections are in place wherever you might take your computer, and that we can identify the computer and user, not just the address where it claims to be. With Windows Firewall you can block pass-the-hash and other lateral movement techniques. By adding IPsec, you can enjoy all the benefits of 802.1x authenticated networks – only better, more granular and for free! 

Join Sami Laiho, our Expert, in this Module and learn how he manages different sized environments and deploys the concept of Client Firewalls. 

1. Windows Defender Firewall with Advanced Security 
• Managing Windows Firewall 
• Managing policies via GPO 
• Managing policies via Intune 
2: Deploying IPsec 
• AH, ESP, and IKE protocols 
• Domain Isolation – prevent unauthorized computers from communicate with you 
• Creating firewall rules for computer or user accounts, not IP/SUBNETs 
3: Troubleshooting 
• Troubleshooting the Firewall 
• Troubleshooting IPsec 

Module 12

Adopting MDTI and Build Integration with Sentinel

~ November 30, 2023 ~

by Piotr Pawlik

Unlock the potential of Microsoft’s Threat Intelligence platform in this dynamic AWSC Module. Join our Expert Piotr Pawlik and learn how to operationalize Microsoft’s Threat Intelligence articles and Intel Profiles in MDTI to revolutionize your security approach. We’ll start with an introduction to MDTI and its crucial role in constructing an Early Warning System for Threats. Next, we’ll dive into the world of interoperability, bridging Microsoft 365 Defender and Microsoft Sentinel for a unified defense strategy. In this technically-rich session, we’ll explore Intel Profiles, present real-world analyst case studies, and establish seamless integration with Microsoft Sentinel to thwart APT actor tactics. 


  • Intro to MDTI and Microsoft Defender 
  • Microsoft Defender Threat Intelligence as an Early Warning System for Threats 
  • Intel Profiles 
  • Integration and Interop with Microsoft 365 Defender 
  • Case study: APT attacks on Teams – used techniques and tactics. How MDTI could help here? 
  • Attack demos – MDTI integration with Sentinel and Defender. 
  • Summary & Conclusions 

Module 13

BONUS Module – Security Active Directory Advanced – GOD MODE

~ December 5, 2023 ~

by Andy Wendel

The active directory is your crown jewels. Nearly everybody has it in place and every is using but not protecting it.

The last years in experience with APT-groups and ransomware gave us a picture of how attackers crawl through your networks and how they work.

So – within these 2 hours of training, you will see, understand, and train yourself how attackers work, understand their toolsets, and then, learn how to securely protect your active directory the master way.

Learn about Tier-models, ESAE (it is deprecated but fully supported), pingcastle, the protected user group, ReCoBS and immutable-backup, and a lot more.

PLEASE NOTE: There will be an online final exam covering all 12 modules. To receive an official CQURE certificate “Windows Security Master 2024” you have to get at least 70% of the answers right. We highly recommend that you don’t leave the revision until the last minute. 😉

Your instructors

Paula Januszkiewicz


Paula Januszkiewicz, MVP, MCT and Microsoft Regional Director has more than 19 years of experience in the cybersecurity field, performing penetration tests, architecture consulting, trainings and seminars. She has performed hundreds of security projects, including those for governmental organizations and big enterprises, at the same time being a top speaker and a keynote speaker at many well-known conferences.

Sami Laiho


Sami Laiho is one of the world’s leading professionals in the Windows OS troubleshooting and security. Sami has been working with and teaching OS troubleshooting, management and security for more than 25 years. In 2018, Sami’s two sessions were evaluated as the Top 2 sessions (out of 1700+ sessions) at Microsoft Ignite in Orlando.

Michał Jankowski-Lorek, PhD


Mike Jankowski-Lorek is a solution architect, developer, data scientist and security expert with more than 18-years’ experience in the field. He designs and implements solutions for organization identity and access databases, network and security monitoring and management, mainly working in Microsoft ecosystem for medium to enterprise level organizations. Mike holds multiple certifications, especially security, database and software development related. As a passionate person he loves sharing his knowledge

Michael Grafnetter


Michael is an expert on Active Directory security who works as a cybersecurity consultant, instructor, and researcher. He is best known as the author of the open-source Directory Services Internals (DSInternals) PowerShell module and Thycotic Weak Password Finder, tools used by security auditors and penetration testers worldwide. He holds a master’s degree in Software Engineering and is Microsoft MVP.

Piotr Pawlik


Piotr Pawlik is CQURE’s Cybersecurity Expert, System Engineer and Unified Communications Expert with experience in design, implementation, and support for Microsoft solutions. During his work for Orange Business Services, Piotr was responsible for planning and deployment of security solutions for the biggest customers in Poland (insurance, banking, education and government sectors) and many customers located in Europe. Piotr’s main areas of expertise are: Microsoft Private Cloud (Hyper-V virtualization and System Center 2012), Microsoft Public Cloud (Office 365 and Azure), Microsoft Exchange Server 2010/2013, Lync Server 2010/2013, Office Communications Servers and Windows Server family. His additional experience includes disaster recovery, capacity planning, virtualization and business continuity. Excellent problem-solving skills and interpersonal skills.

Damian Widera


Software engineer with over 20 years of professional experience in all aspects of data platform development. He has participated in a number of   projects   in   international environments and   possesses practical knowledge of procedures and tools which are necessary for successful implementation of such projects. Damian currently focuses on building solutions based on Microsoft Azure environment including complex database driven systems, machine learning, big data processing, tuning and optimization. As an experienced instructor, speaker and columnist, he is always eager to take part in new engagements. In 2022, for the 14th time, he has been awarded Microsoft’s Data Platform MVP. In addition, he holds various Microsoft Certifications since 2004:  Microsoft Certified Trainer, Solution Developer and Application Developer for .NET, Database Administrator, Microsoft Certified Solutions Expert.

Ronald Harmsen


Ronald Harmsen is a solution architect, developer, instructor and speaker based in the Netherlands. Ronald has been active in professional software development since the mid-90s and has worked on projects for a range of large international companies as well as SME’s and startups. His focus is on delivering well engineered, maintainable and secure software. When not working on customer projects, Ronald consults and trains several teams in Scandinavia, UK, Netherlands & Belgium in achieving this by applying DevOps principles, Event Driven Architectures and Domain Driven Design. Currently he mainly works with technologies like Microsoft Azure, Kubernetes and software development in dotnet, building IoT and microservice based cloud-first systems. Ronald can also be found as a speaker on development conferences and meetups.

Jan Marek

Cybersecurity Expert

Jan Marek is a red teamer, security consultant and architect with more than 18 years of proven experience. His professional career includes training and speaking-related activities as well. He focuses primarily on products in the area of cybersecurity, private and public cloud, specifically Windows Security, Microsoft Cloud Security Stack (Azure Sentinel, Azure Defender, M365 Defender, Defender for Endpoint, Defender for Identity), Microsoft Hyper-V, Windows Server and Active Directory. To prove his knowledge, he has passed many certifications – OSCP | eCPPT | CHFI, CEH, CEI, Comptia Pentest+, MCSE, MCSA, MCITP, MCTS, MS, MCT. For his speaking-/writing- related activities, he was awarded with the Microsoft Community Contributor and Microsoft Most Valuable Professional (MVP) in the Cloud and Datacenter Management category.

Who Is It For

Intermediate to Advanced
Windows Security Professionals

This program is for you, if you want to level up and become key expert in your company (or even in your field). We promise to challenge your ways of thinking and executing.

Ethical Hackers
(who are familiar with…)

Attendee needs to have general fluency in Windows environment (including security skills, penetration testing etc.) Active Directory related knowledge is required. Take the quiz to see where are you at.

Brave Newbies

If you are a newbie you can still apply, but the program WILL NOT cover the basics — so it might be really challenging for you to get in or to keep up with the group.

What CQURE Academy Students say

Milan Racko

IT Security Specialist

AWSC18 helped me to better understand what are the security risks, how to identify them and how to protect against them primary in Microsoft on premise and cloud environments. I earned valuable knowledge and also it helped me to develop our security department in my team. I am looking forward for another courses from CQURE Academy.

Jack Perry

Security Principal Consultant | Presidio

All of their classes are based on their real world experience with the products, not just the typical Official Curriculum style classes that teach you things for an exam, but that you will never use. You’ll find that all of the material you’ll learn in the class will be used, at some point, in your security career.

Martin Weber

CTO | IT.innovation.4U GmbH

Totally professional, total great stuff, in-depth knowledge and a perfect Learning Atmosphere! I like it! Thanks so much for sharing your experience and knowledge!

Marek Chmel

SQL Server DBA | AT&T

All of their classes are based on their real world experience with the products, not just the typical Official Curriculum style classes that teach you things for an exam, but that you will never use. You’ll find that all of the material you’ll learn in the on-premise will be used, at some point, in your security career.

Paweł Partyka

Azure Security Infrastructure Consultant | Microsoft

During AWSC course I have learned about various attack techniques against credentials, secrets and Windows OS. I also obtained knowledge on mitigation possibilities. The course help me to have more confidence in my cyber security skills and have more meaningful discussion about the threats with my customers.

Doru-Catalin Togea

Information Security Advisor | Norwegian Police

As it also happened before, Paula Januszkiewicz knows how to blow your mind. As great athletes make their discipline look easy when you watch them perform, so Paula makes Windows purr like a little kitten. Even though I am fully aware of how much I still don’t know, after a course such as this Windows is not mysterious anymore. This is a great feeling.

Kamil Więcek

IT Expert | ING Bank Śląski

I’ve recently attended a training held by CQURE. It was PACKED with knowledge and tools. Of course another course not everything was discussed in details (lack of time)on-premise but CQURE team delivered a great value within just a few hours. I was a student not so long ago and I wish that our universities were teaching as efficiently as CQURE does.

Styrk Finne

Senior Professional System Engineer | CSC Norway

We have learned a lot about IIS, hacking and much much more. Our motivation has increased during this course and of course great interest in your work Paula. Impressed with your enthusiastic energic way of presenting.


  • You’ll participate in a live, online certification program, divided into 12 modules + 1 bonus module spread over 6 weeks.
  • Live, online sessions happening twice a week, 2 hours each (at 7PM CET / 10AM PDT / 1PM EDT).
  • The syllabus covers 12 modules.
  • The program has an interactive, hands-on formula — and after every class, you’ll be able to ask questions.
  • During the 6 week program, you’ll also get free access to the CQURE Training Lab and closed Discord group where you can share your challenges and upgrade your network.
  • Official CQURE certificate “Windows Security Master 2024” after passing the final exam.
  • All the video recordings and extra materials are yours to keep for 12 months from the start of the program.
  • 30-Day, Money-Back Guarantee


We’ll be taking on board 100 students only. Admission is selective. We prioritize: your skills and professional achievements, but also your attitude and how you can contribute to the group — so that we all can learn from each other. Good luck!

Frequently Asked Questions