Featuring Experts: Paula Januszkiewicz, Sami Laiho, Michael Grafnetter & more!
Crafted by top cybersecurity experts working on the frontlines of the cybersecurity industry
DURATION: 31 October – 10 December, 2024
SUMMER SALE OPEN FOR APPLICATIONS SUBMITTED BEFORE JULY 30
Original price was: €2999.€1879Current price is: €1879.
Crafted by top cybersecurity experts working on the frontlines of the cybersecurity industry, our six-week course for intermediate and advanced professionals holds practicality at its core. You’ll acquire the tools and techniques necessary to prepare yourself against threats in 2025, irrespective of your work location.
This unique course takes place ONLY once a year and each edition offers a fresh perspective and a new Syllabus.
Enrollment is exclusive and limited to a select group of students, chosen meticulously through a stringent application process.
Crafted by top cybersecurity experts working on the frontlines of the cybersecurity industry, our six-week course for intermediate and advanced professionals holds practicality at its core. You’ll acquire the tools and techniques necessary to prepare yourself against threats in 2025, irrespective of your work location.
This unique course takes place ONLY once a year and each edition offers a fresh perspective and a new Syllabus.
Enrollment is exclusive and limited to a select group of students, chosen meticulously through a stringent application process.
The Advanced Windows Security Course for 2025 is unique and not everyone’s cup of tea.
It’s designed for those who already have a solid foundation in cybersecurity.
That’s why it’s available BY APPLICATION ONLY.
To make sure everyone can keep up and benefit, we carefully review all applications.
You’ll only learn things that will be crucial and most relevant in the following 2025. We run the training only once a year, always with the newest content.
You’ll skip the fluff and go straight to the advanced stuff. The pace is quite intense, so expect a smoke coming out of your ears.
The training is pretty hands-on because it has been designed by passionate practitioners and obsessive researchers from the CQURE Team. This course is filled with the newest tools and techniques so you will gain the most useful skills in the current cybersecurity reality.
We’ll bring a bunch of experts on board with Paula Januszkiewicz and Sami Laiho among instructors and the hosts of the program.
Make your mark and capture the attention of potential employers in 2025 with this certified online course by CQURE. This unique course takes place ONLY once a year and each iteration offers a fresh perspective. Enrollment is exclusive to a select group of students, chosen meticulously through a stringent application process.
During the course you will be provided with a bunch of materials such as lab exercises, presentations, intriguing articles and useful tools to make your tasks a little bit easier!
You will be granted access to our closed Discord community server where you will be able to share your thoughts with other IT specialists.
You’ll receive an official CQURE certificate “Windows Security Master 2025″ after passing the final exam. Yes, there will be a final exam. And 24 hours counting towards your CPE’s.
The Advanced Windows Security Course for 2025 will cover a diverse range of 12 subjects, all hand-selected by our globally acclaimed TOP cybersecurity experts – Paula Januszkiewicz, Sami Laiho, and Mike Jankowski-Lorek to name a few. The crucial topics are set to define the field in 2024, equipping you with the foresight and knowledge to stay ahead of the curve.
The full agenda for the upcoming event is currently in development. As you know, at CQURE Academy we’re focused on ensuring our courses maintain the high standard of content and expertise you’ve come to expect from us.
Each year, we strive to enhance our program, incorporating feedback and trends to keep it relevant and impactful.
In this module, we will go deep into the foundational aspects of penetration testing and information gathering within a modern Windows enterprise environment. Learners will explore the attack surface of contemporary enterprises, focusing on identifying and exploiting vulnerable default configurations that could serve as entry points for attackers. The analysis and exploitation of NTLM and Kerberos authentication protocols, crucial for understanding how attackers bypass authentication mechanisms, will also be covered. Additionally, participants will learn to manipulate protocols such as SMB and RDP, vital for gaining unauthorized access and maintaining persistence within a network. This module is essential for cybersecurity professionals aiming to strengthen their skills in identifying and mitigating potential security weaknesses in Windows environments.
Building on the knowledge from part 1, this module advances into more sophisticated penetration testing techniques and post-exploitation strategies. Learners will explore relaying and coercing attacks, understanding how attackers can leverage these methods to escalate privileges and move laterally within a network. The module revisits detecting and exploiting vulnerable default configurations, reinforcing this critical skill. Post-exploitation tactics are examined in depth, including advanced data exfiltration techniques to understand how sensitive information can be stealthily extracted.
This module provides an in-depth look at contemporary threats and defenses for hybrid Active Directory environments. Participants will begin with reconnaissance and enumeration techniques, essential for mapping out the network and identifying potential entry points.
A key focus is on lateral movement using Public Key Infrastructure (PKI) and how attackers exploit AD and Entra ID for further steps of the attacks.
Learners will also go into Entra ID security monitoring, gaining insights into detecting and mitigating identity-based threats. Finally, the module covers incident management from a Security Operations Center (SOC) analyst’s perspective, providing practical strategies for responding to and managing security incidents.
This module offers an in-depth exploration of advanced techniques for escalating privileges to domain admin within a Windows environment, a critical skill for cybersecurity professionals. Participants will learn to identify and exploit certificate permission misconfigurations, a common yet overlooked vulnerability that can provide unauthorized administrative access. We will cover escalation methods through legacy solutions still prevalent in many networks, highlighting how outdated but standard practices can be exploited. Learners will also get deep into leveraging default configurations, understanding how attackers can use these to their advantage. The module also addresses protection API issues and network insecurity, providing insights into how these weaknesses can be manipulated for privilege escalation. Finally, a comprehensive analysis of exploiting various vulnerabilities will be covered.
In this module, we will discuss securing credentials both in the cloud and on-premises. Participants will start with an introduction to the Data Protection API (DPAPI) and system secrets, understanding their role in protecting sensitive information. The course covers the classic DPAPI flow and techniques for retrieving cached logon data, providing insights into potential vulnerabilities. Learners will explore advanced topics such as retrieving the golden key from the Local Security Authority (LSA) and the relationship between DPAPI and KeePass. Additionally, the module addresses credential retrieval from RDP connections and the use cases for DPAPI-NG. Finally, it delves into TBAL (Token Binding Authentication Layer) for protecting credentials in the cloud and offers a deep dive into the security and assessment of cloud credentials.
All technologies and systems currently use cryptography while most of them use certificates at some point. Since its boom, internal PKI systems have not changed a lot, but neither have the problems that we observe during almost all pentests. It’s time to revise your knowledge about one of the cornerstones of enterprise security and learn a few tricks that attackers are using to spoof any identity.
Where do the certificates reside in Windows infrastructure, and who and how can use them?
You’ll find all the answers in this module.
While we recognize that identity is the most important security boundary in today’s landscape, we also believe that properly configured firewalls still have a vital role to play in the defense-in-depth approach to information security.
Many guidelines on domain controller (DC), server, and workstation hardening recommend configuring host-based firewalls to reduce the attack surface, making it harder to perform remote code execution, lateral movement, and authentication relay attacks. However, there is no single comprehensive source of information on this topic, leading to overly permissive host-based firewalls in most organizations. Few admins have the knowledge and courage to change this status quo.
In this session, we will try to address this situation by discussing a set of highly restrictive DC firewall rules and Remote Procedure Call (RPC) filters that can be applied to most production environments. We will touch member servers and workstations as well and we will also discuss how to make the process of firewall configuration flexible and repeatable using PowerShell. After this talk, we hope to see fewer Any-to-Any firewall rules during future Active Directory security assessments.
This module focuses on the critical aspects of managing and securing privileged access within an enterprise. Participants will learn to apply tiering strategies for effective management, ensuring a structured and secure access hierarchy. The course covers deploying Privileged Access Management (PAM) to safeguard sensitive accounts from unauthorized access. Attendees will also explore the implementation of Privileged Access Workstations (PAWs), designed to provide a secure environment for administrators. Additionally, the module addresses deploying Privileged Identity Management (PIM) to enhance the oversight and control of privileged identities.
In this technical deep-dive session, we will test-drive all the new security, performance, and supportability features in Active Directory available in Windows Server 2025 Insider Preview. Yes, you are reading this right, there are new features in the on-prem Active Directory!
This module is basically exploration of digital forensics and incident response tailored for hybrid environments. Participants will start with an overview of digital forensics in hybrid settings, understanding the unique challenges and opportunities they present. The course then reviews effective incident response strategies, providing a solid foundation for managing security incidents. Advanced digital forensics techniques specific to hybrid environments will be covered, equipping learners with the skills to analyze and investigate complex security breaches. Additionally, securing monitoring operations and enhancing threat hunting capabilities are emphasized, ensuring continuous protection and proactive threat detection. Finally, we will discuss advanced incident detection methods and threat hunting practices, crucial for identifying and mitigating threats swiftly.
This module provides an in-depth exploration of advanced monitoring and threat hunting using Microsoft Defender XDR. Participants will begin by mastering the basics of Kusto Query Language (KQL), learning essential operators and data types, and understanding how to construct queries to extract critical information from specialized schemas. The course then focuses on detecting anomalies by writing custom KQL queries that identify unusual patterns, behaviors, and deviations, helping uncover hidden threats such as suspicious processes or unexpected network events. Learners will also engage in proactive threat hunting, exploring real-world scenarios to dissect PowerShell execution events, pivot on processes, and identify suspicious commands.
Although Microsoft advises their customers to migrate from Active Directory Federation Services (ADFS) to Entra ID, many large enterprises and academic institutions beg to differ. In this module, we will look at the security best practices and common misconfigurations of federation services.
In the realm of cybersecurity, knowledge is the ultimate currency. While the digital world may offer unlimited access to information, it’s critical to discern that not all information holds significant value. AWSC is a certified 6-week online cybersecurity course created for advanced professionals as well as all the geeks who are already fluent in the Windows environment (including security skills, penetration testing, etc.).
This program is for you, if you want to level up and become key expert in your company (or even in your field). We promise to challenge your ways of thinking and executing.
Attendee needs to have general fluency in Windows environment (including security skills, penetration testing etc.) Active Directory related knowledge is required. Take the quiz to see where are you at.
If you are a newbie you can still apply, but the program WILL NOT cover the basics — so it might be really challenging for you to get in or to keep up with the group.
Investing in knowledge is one of the most worthy investment not only for us, but also for our environment. Learning new skills and insights in terms of cybersecurity may benefit with gaining awareness and as a result, may prevent falling a victim to cyber threats in the future.
You will be the valuable element in regards to company’s safety – knowing about potential threats and ways of avoiding them may be incredibly useful in a daily company life.
Not only your company will gain a specialist in terms of cybersecurity, but also you will unlock the door for expanding your skills horizon even further.
Completed course with personal certification may be the perfect advantage when it comes to business.
Knowledge is power—it helps navigate through complex regulatory landscapes. Keeping up-to-date with the latest cybersecurity regulations and standards ensures your company remains compliant, thus avoiding costly penalties and reputational damage.
Who would have want to pay regularly for help in case of emergency data leakage in a company? It’s much better to educate the employees and prevent any cybersecurity risks.
After our course, you will be educated in the possible threats and you will identify any suspicious activity online with ease.
Crafted by top cybersecurity experts working on the frontlines of the cybersecurity industry.
DURATION: 31 October – 10 December, 2024
PRESALE FOR APPLICATIONS SUBMITTED BEFORE MAY 30
This course is for geeks who want to become advanced Windows security experts. If you want to set yourself (and your company) apart from your competition, this is the course for you. You must already be fluent in the Windows environment (including security skills, penetration testing, etc.). Active Directory-related knowledge is required. We already have a great group of approved applicants from the Microsoft Ignite Conference where we did a soft launch of this course. Including:
If you are not sure if you qualify for the course, take the quiz to see where you stand. If you score above 12 points, you should apply here.
To qualify for the course, you need to complete the application form here. The application is FREE 🙂. We will review the applications to see if you qualify, and we will email you straight after we approve your application. If you do not qualify, we will also inform you by email. If we need more information from you, we may ask you to schedule a short interview with a member of our team. After we approve your application, you will have some time to submit your payment. You can pay online (recommended) or contact us to pay via your company payables department.
Well… not exactly. You must pass the final exam to receive a certification (it is a part of the course so no additional payment is required). To pass the exam, you must answer 70% of the questions correctly. When you pass the exam, you will receive a CQURE Academy Certificate – “Windows Security Master 2025.”
Once your application is approved and you pay your tuition, this is what you will get access to:
CQURE Academy design CQURE Labs are a great battlefield! You will learn how to hack and secure in a safe environment. Virtual lab can be accessed from anywhere where there is an Internet connection. After login, you will have full access to preconfigured virtual machines (with great performance) where you will be able to attack different targets, search for misconfigurations, search for the evidence and other interesting and very practical activities. During the training you will be given certain tasks to do at home and because CQURE Lab can be accessed anytime, during the day and night – you plan your activities by yourself, depending on your availability and mood! Technically CQURE Lab is a set of virtual machines available through RDP connection. You will obtain your own username, password and connection parameters and you can connect to the lab from any RDP client.
You get full access to all live session video recordings. We highly encourage you to participate in the live sessions so you can interact with us and the other students live online. You will learn best when we help you work through your questions. Keeping up with the course flow we have designed will help you hold yourself accountable to complete the course promptly. That being said, we understand life and work happen. That is why you will have access to all of the material for 12 months.
We are not just a training company. All of our experts spend 60% of their time working as consultants on client cases around the world. We split the rest of our time evenly between research and teaching. This allows us to stay up to date on cutting-edge security knowledge, skills, and tools that other training institutes lack. This rare. Every year’s course will be completely rebuilt to keep up with emerging security trends. Finally, we believe the best way to make you learn is to keep the course fun, social, and interactive. We are cool geeks :). Paula is widely recognized as the best speaker and instructor at international security conferences. At the Microsoft Ignite 2015, unofficial polling marked her as the best speaker (no, we did not ‘hack’ the results!).
This course is delivered by one of the greatest, world-renowned Cybersecurity Experts with practical knowledge from tons of successful projects, many years of real-world experience, great teaching skills and no mercy for misconfigurations or insecure solutions.
Paula is a world-class Cybersecurity Expert with over 19 years of experience in the field. She is often a top-rated speaker at the world biggest conferences as her unique stage presence is always well-received among diverse audiences. To top it all, she has the access to the source code of Windows!
Cybersecurity Expert, solution architect, consultant, penetration tester, and developer with more than 20 years of experience in the field. Mike holds multiple certifications, in security, database and software development. He also holds a Ph.D. in Computer Science.
Cybersecurity Expert on Windows Security, Microsoft Azure and PowerShell with over 11 years of experience in teaching IT professionals. He holds a master’s degree in Software Engineering and in 2016 he was awarded with the title in the Microsoft Azure Category.
Sami is one of the world’s leading professionals in the Windows OS troubleshooting and security. Sami has been working with and teaching OS troubleshooting, management and security for more than 25 years. In 2018, Sami’s two sessions were evaluated as the Top 2 sessions (out of 1700+ sessions) at Microsoft Ignite in Orlando.
System Engineer and Unified Communications Expert. His areas of expertise includes Microsoft Private Cloud, Microsoft Public Cloud (Office 365 and Azure), Microsoft Exchange Server 2010/2013, Lync Server 2010/2013, Office Communications Servers and Windows Server family.
During almost 20 years of his IT career Artur developed his skills in cybersecurity from different perspectives. His experience ranges from a forensic analytics and a university lecturer to a security administrator. Artur worked for government financial institutions and for global cybersecurity companies.
Do you want to receive the geekiest cybersecurity solutions, tools, and tricks, straight to your inbox?
Learn more about our offer in terms of Consulting. Our Cybersecurity Experts perform consulting work on a daily basis, hence we are fully prepared for any challenge.
Learn more about our offer in terms of Consulting. Our Cybersecurity Experts perform consulting work on a daily basis, hence we are fully prepared for any challenge.
Lorem ipsum dolor sit amet, consectetur adipiscing elit. Ut elit tellus, luctus nec ullamcorper mattis, pulvinar dapibus leo.
