• $ USD
  • € EUR
  • #advanced
  • #live-online

Advanced Windows Security Course for 2025 CHECKOUT

by Paula Januszkiewicz · Sami Laiho · Michael Grafnetter · CQURE Academy Experts
October 31, 2024, 7:00 pm

6-week Live Online Cybersecurity Certified Course

Featuring Experts: Paula Januszkiewicz, Sami Laiho, Michael Grafnetter & more!

Crafted by top cybersecurity experts working on the frontlines of the cybersecurity industry

  • 12 modules -in 6 weeks
  • Interactive, hands-on formula feat. Q&A for each session
  • Access to the CQURE Training Lab during the course

DURATION: 31 October – 10 December, 2024



Why this course?

Crafted by top cybersecurity experts working on the frontlines of the cybersecurity industry, our six-week course for intermediate and advanced professionals holds practicality at its core. You’ll acquire the tools and techniques necessary to prepare yourself against threats in 2025, irrespective of your work location.

This unique course takes place ONLY once a year and each edition offers a fresh perspective and a new Syllabus.

Enrollment is exclusive and limited to a select group of students, chosen meticulously through a stringent application process.


Crafted by top cybersecurity experts working on the frontlines of the cybersecurity industry, our six-week course for intermediate and advanced professionals holds practicality at its core. You’ll acquire the tools and techniques necessary to prepare yourself against threats in 2025, irrespective of your work location.

This unique course takes place ONLY once a year and each edition offers a fresh perspective and a new Syllabus.

Enrollment is exclusive and limited to a select group of students, chosen meticulously through a stringent application process.


Course benefits

  • You’ll participate in a live, online certification program, divided into 12 modules + 1 bonus module spread over 6 weeks.
  • Live, online sessions happening twice a week, 2 hours each (at 7PM CET / 10AM PDT / 1PM EDT).
  • The syllabus covers 12 modules.
  • The program has an interactive, hands-on formula — and after every class, you’ll be able to ask questions.
  • During the 6 week program, you’ll also get free access to the CQURE Training Lab and closed Discord group where you can share your challenges and upgrade your network.
  • Official CQURE certificate “Windows Security Master 2025” after passing the final exam.
  • All the video recordings and extra materials are yours to keep for 12 months from the start of the program.
  • 30-Day, Money-Back Guarantee

How is this training different from others?

  • Only once a year
  • Advanced stuff
  • Up-to-date tools
  • Cool presenters!
  • Exclusive study
  • Extra materials
  • Social & Network
  • Certification

Only once a year

You’ll only learn things that will be crucial and most relevant in the following 2025. We run the training only once a year, always with the newest content.

Advanced stuff

You’ll skip the fluff and go straight to the advanced stuff. The pace is quite intense, so expect a smoke coming out of your ears.

Up-to-date tools

The training is pretty hands-on because it has been designed by passionate practitioners and obsessive researchers from the CQURE Team. This course is filled with the newest tools and techniques so you will gain the most useful skills in the current cybersecurity reality.

Cool presenters!

We’ll bring a bunch of experts on board with Paula Januszkiewicz and Sami Laiho among instructors and the hosts of the program.

Exclusive study

Make your mark and capture the attention of potential employers in 2025 with this certified online course by CQURE. This unique course takes place ONLY once a year and each iteration offers a fresh perspective. Enrollment is exclusive to a select group of students, chosen meticulously through a stringent application process.

Extra materials

During the course you will be provided with a bunch of materials such as lab exercises, presentations, intriguing articles and useful tools to make your tasks a little bit easier!

Social & Network

You will be granted access to our closed Discord community server where you will be able to share your thoughts with other IT specialists.


You’ll receive an official CQURE certificate “Windows Security Master 2025″ after passing the final exam. Yes, there will be a final exam. And 24 hours counting towards your CPE’s.

Course syllabus

The Advanced Windows Security Course for 2025 will cover a diverse range of 12 subjects, all hand-selected by our globally acclaimed TOP cybersecurity experts – Paula Januszkiewicz, Sami Laiho, and Mike Jankowski-Lorek to name a few. The crucial topics are set to define the field in 2024, equipping you with the foresight and knowledge to stay ahead of the curve.

The full agenda for the upcoming event is currently in development. As you know, at CQURE Academy we’re focused on ensuring our courses maintain the high standard of content and expertise you’ve come to expect from us.

Each year, we strive to enhance our program, incorporating feedback and trends to keep it relevant and impactful.


  • Module 1: Penetration Testing Techniques and Information Gathering for Windows Environment part 1

    • October 31, 2014
      with Paula Januszkiewicz, Mike Jankowski-Lorek, PhD, Marcin Kozłowski, Artur Kalinowski

      In this module, we will go deep into the foundational aspects of penetration testing and information gathering within a modern Windows enterprise environment. Learners will explore the attack surface of contemporary enterprises, focusing on identifying and exploiting vulnerable default configurations that could serve as entry points for attackers. The analysis and exploitation of NTLM and Kerberos authentication protocols, crucial for understanding how attackers bypass authentication mechanisms, will also be covered. Additionally, participants will learn to manipulate protocols such as SMB and RDP, vital for gaining unauthorized access and maintaining persistence within a network. This module is essential for cybersecurity professionals aiming to strengthen their skills in identifying and mitigating potential security weaknesses in Windows environments.

  • Module 2: Penetration Testing Techniques and Information Gathering for Windows Environment part 2

    • November 5, 2024
      with Paula Januszkiewicz, Mike Jankowski-Lorek, PhD, Marcin Kozłowski, Artur Kalinowski

      Building on the knowledge from part 1, this module advances into more sophisticated penetration testing techniques and post-exploitation strategies. Learners will explore relaying and coercing attacks, understanding how attackers can leverage these methods to escalate privileges and move laterally within a network. The module revisits detecting and exploiting vulnerable default configurations, reinforcing this critical skill. Post-exploitation tactics are examined in depth, including advanced data exfiltration techniques to understand how sensitive information can be stealthily extracted.

  • Module 3: PKI Designing and Migration Strategies

    • November 7, 2024
      with Mike Jankowski-Lorek, PhD

      This module provides an in-depth look at contemporary threats and defenses for hybrid Active Directory environments. Participants will begin with reconnaissance and enumeration techniques, essential for mapping out the network and identifying potential entry points.
      A key focus is on lateral movement using Public Key Infrastructure (PKI) and how attackers exploit AD and Entra ID for further steps of the attacks.
      Learners will also go into Entra ID security monitoring, gaining insights into detecting and mitigating identity-based threats. Finally, the module covers incident management from a Security Operations Center (SOC) analyst’s perspective, providing practical strategies for responding to and managing security incidents.

  • Module 4: Advanced Technics of Escalation to Domain Admin

    • November 12, 2024
      with Paula Januszkiewicz, Mike Jankowski-Lorek, PhD

      This module offers an in-depth exploration of advanced techniques for escalating privileges to domain admin within a Windows environment, a critical skill for cybersecurity professionals. Participants will learn to identify and exploit certificate permission misconfigurations, a common yet overlooked vulnerability that can provide unauthorized administrative access. We will cover escalation methods through legacy solutions still prevalent in many networks, highlighting how outdated but standard practices can be exploited. Learners will also get deep into leveraging default configurations, understanding how attackers can use these to their advantage. The module also addresses protection API issues and network insecurity, providing insights into how these weaknesses can be manipulated for privilege escalation. Finally, a comprehensive analysis of exploiting various vulnerabilities will be covered.

  • Module 5: The Deep Dive to Securing Credentials in the Cloud and on Premise

    • November 14, 2024
      with Paula Januszkiewicz, Mateusz Ziebura

      In this module, we will discuss securing credentials both in the cloud and on-premises. Participants will start with an introduction to the Data Protection API (DPAPI) and system secrets, understanding their role in protecting sensitive information. The course covers the classic DPAPI flow and techniques for retrieving cached logon data, providing insights into potential vulnerabilities. Learners will explore advanced topics such as retrieving the golden key from the Local Security Authority (LSA) and the relationship between DPAPI and KeePass. Additionally, the module addresses credential retrieval from RDP connections and the use cases for DPAPI-NG. Finally, it delves into TBAL (Token Binding Authentication Layer) for protecting credentials in the cloud and offers a deep dive into the security and assessment of cloud credentials.

  • Module 6: Modern Hybrid Active Directory Identity Attacks and Defense

    • November 19, 2024
      with Mike Jankowski-Lorek, PhD

      All technologies and systems currently use cryptography while most of them use certificates at some point. Since its boom, internal PKI systems have not changed a lot, but neither have the problems that we observe during almost all pentests. It’s time to revise your knowledge about one of the cornerstones of enterprise security and learn a few tricks that attackers are using to spoof any identity.
      Where do the certificates reside in Windows infrastructure, and who and how can use them?
      You’ll find all the answers in this module.

  • Module 7: Mastering Windows Firewall in Enterprise Environments

    • November 21, 2024
      with Michael Grafnetter

      While we recognize that identity is the most important security boundary in today’s landscape, we also believe that properly configured firewalls still have a vital role to play in the defense-in-depth approach to information security.
      Many guidelines on domain controller (DC), server, and workstation hardening recommend configuring host-based firewalls to reduce the attack surface, making it harder to perform remote code execution, lateral movement, and authentication relay attacks. However, there is no single comprehensive source of information on this topic, leading to overly permissive host-based firewalls in most organizations. Few admins have the knowledge and courage to change this status quo.
      In this session, we will try to address this situation by discussing a set of highly restrictive DC firewall rules and Remote Procedure Call (RPC) filters that can be applied to most production environments. We will touch member servers and workstations as well and we will also discuss how to make the process of firewall configuration flexible and repeatable using PowerShell. After this talk, we hope to see fewer Any-to-Any firewall rules during future Active Directory security assessments.

  • Module 8: Advanced Privileged Access Management

    • November 26, 2024
      with Sami Laiho

      This module focuses on the critical aspects of managing and securing privileged access within an enterprise. Participants will learn to apply tiering strategies for effective management, ensuring a structured and secure access hierarchy. The course covers deploying Privileged Access Management (PAM) to safeguard sensitive accounts from unauthorized access. Attendees will also explore the implementation of Privileged Access Workstations (PAWs), designed to provide a secure environment for administrators. Additionally, the module addresses deploying Privileged Identity Management (PIM) to enhance the oversight and control of privileged identities.

  • Module 9: Active Directory Enterprise Security Features in Windows Server 2025 aka AD is not Dead

    • November 28, 2024
      with Michael Grafnetter

      In this technical deep-dive session, we will test-drive all the new security, performance, and supportability features in Active Directory available in Windows Server 2025 Insider Preview. Yes, you are reading this right, there are new features in the on-prem Active Directory!

  • Module 10: Digital Forensic and Incident Response in Hybrid Environment

    • December 3, 2024
      with Paula Januszkiewicz, Mateusz Ziebura

      This module is basically exploration of digital forensics and incident response tailored for hybrid environments. Participants will start with an overview of digital forensics in hybrid settings, understanding the unique challenges and opportunities they present. The course then reviews effective incident response strategies, providing a solid foundation for managing security incidents. Advanced digital forensics techniques specific to hybrid environments will be covered, equipping learners with the skills to analyze and investigate complex security breaches. Additionally, securing monitoring operations and enhancing threat hunting capabilities are emphasized, ensuring continuous protection and proactive threat detection. Finally, we will discuss advanced incident detection methods and threat hunting practices, crucial for identifying and mitigating threats swiftly.

  • Module 11: Advanced Monitoring and Threat hunting with MS Defender XDR

    • December 5, 2024
      with Peter Pawlik

      This module provides an in-depth exploration of advanced monitoring and threat hunting using Microsoft Defender XDR. Participants will begin by mastering the basics of Kusto Query Language (KQL), learning essential operators and data types, and understanding how to construct queries to extract critical information from specialized schemas. The course then focuses on detecting anomalies by writing custom KQL queries that identify unusual patterns, behaviors, and deviations, helping uncover hidden threats such as suspicious processes or unexpected network events. Learners will also engage in proactive threat hunting, exploring real-world scenarios to dissect PowerShell execution events, pivot on processes, and identify suspicious commands.

  • Module 12: Entra ID Federated Authentication – The Dos and Don'ts

    • December 10, 2024
      with Michael Grafnetter

      Although Microsoft advises their customers to migrate from Active Directory Federation Services (ADFS) to Entra ID, many large enterprises and academic institutions beg to differ. In this module, we will look at the security best practices and common misconfigurations of federation services.

Who is it for?

In the realm of cybersecurity, knowledge is the ultimate currency. While the digital world may offer unlimited access to information, it’s critical to discern that not all information holds significant value. AWSC is a certified 6-week online cybersecurity course created for advanced professionals as well as all the geeks who are already fluent in the Windows environment (including security skills, penetration testing, etc.).

Intermediate to advanced Windows Security Professionals

This program is for you, if you want to level up and become key expert in your company (or even in your field). We promise to challenge your ways of thinking and executing.

Ethical Hackers (who are familiar with…)

Attendee needs to have general fluency in Windows environment (including security skills, penetration testing etc.) Active Directory related knowledge is required. Take the quiz to see where are you at.

Brave Newbies

If you are a newbie you can still apply, but the program WILL NOT cover the basics — so it might be really challenging for you to get in or to keep up with the group.

How persuade your manager that this course is meaningful?

Investing in knowledge is one of the most worthy investment not only for us, but also for our environment. Learning new skills and insights in terms of cybersecurity may benefit with gaining awareness and as a result, may prevent falling a victim to cyber threats in the future.

Protects the Company

You will be the valuable element in regards to company’s safety – knowing about potential threats and ways of avoiding them may be incredibly useful in a daily company life.

Improves Employees skills

Not only your company will gain a specialist in terms of cybersecurity, but also you will unlock the door for expanding your skills horizon even further.

Boosts customer confidence

Completed course with personal certification may be the perfect advantage when it comes to business.

Helps comply with regulations

Knowledge is power—it helps navigate through complex regulatory landscapes. Keeping up-to-date with the latest cybersecurity regulations and standards ensures your company remains compliant, thus avoiding costly penalties and reputational damage.

Saves money in the long run

Who would have want to pay regularly for help in case of emergency data leakage in a company? It’s much better to educate the employees and prevent any cybersecurity risks.

Prepares for emerging threats

After our course, you will be educated in the possible threats and you will identify any suspicious activity online with ease.

Register now and learn from the best!

6-week Live Online Cybersecurity Certified Course

Crafted by top cybersecurity experts working on the frontlines of the cybersecurity industry.

  • 12 modules
  • 6 weeks – twice a week, 2 hours each
  • Interactive, hands-on formula feat. Q&A for each session
  • Access to the CQURE Training Lab during the course
  • Discord group
  • CQURE certificate “Windows Security Master 2025” after passing the final exam.

DURATION: 31 October – 10 December, 2024



  • Who is it for?

    This course is for geeks who want to become advanced Windows security experts. If you want to set yourself (and your company) apart from your competition, this is the course for you. You must already be fluent in the Windows environment (including security skills, penetration testing, etc.). Active Directory-related knowledge is required. We already have a great group of approved applicants from the Microsoft Ignite Conference where we did a soft launch of this course. Including:

    • Professionals with over 5 years of experience in Windows and security-related projects.
    • Working in public, commercial, and security consulting companies.

    If you are not sure if you qualify for the course, take the quiz to see where you stand. If you score above 12 points, you should apply here.

  • How does the application process work? Do I need to pay anything before the end of October?

    To qualify for the course, you need to complete the application form here. The application is FREE 🙂. We will review the applications to see if you qualify, and we will email you straight after we approve your application. If you do not qualify, we will also inform you by email. If we need more information from you, we may ask you to schedule a short interview with a member of our team. After we approve your application, you will have some time to submit your payment. You can pay online (recommended) or contact us to pay via your company payables department.

  • Am I getting a Certification upon finishing the course?

    Well… not exactly. You must pass the final exam to receive a certification (it is a part of the course so no additional payment is required). To pass the exam, you must answer 70% of the questions correctly. When you pass the exam, you will receive a CQURE Academy Certificate – “Windows Security Master 2025.”

  • How exactly does the “Advanced Windows Security Course For 2025” work?

    Once your application is approved and you pay your tuition, this is what you will get access to:

    • 12 Live Online Sessions with Paula or other CQURE Academy instructors. Sessions happen twice a week on Tuesday and Thursday. Sessions will be held at 7 PM CEST (1 PM New York / 10 AM San Francisco). Each session will last 2 hours. You can ask questions in every session.
    • 12-month access to video recordings of every session.
    • Slides & Scripts & Tools from the Live Sessions for download.
    • Free Access to our CQURE Lab, for 6 weeks of the course (so you can practice and do homework).
    • Access to a Private Discord Group (for students only), where you can network and exchange questions and ideas during the time of the course.
    • Certification Exam at the end of the course.
    • CQURE Academy Certificate – “Windows Security Master 2025” – if you pass the exam.
  • What is the CQURE Lab?

    CQURE Academy design CQURE Labs are a great battlefield! You will learn how to hack and secure in a safe environment. Virtual lab can be accessed from anywhere where there is an Internet connection. After login, you will have full access to preconfigured virtual machines (with great performance) where you will be able to attack different targets, search for misconfigurations, search for the evidence and other interesting and very practical activities. During the training you will be given certain tasks to do at home and because CQURE Lab can be accessed anytime, during the day and night – you plan your activities by yourself, depending on your availability and mood! Technically CQURE Lab is a set of virtual machines available through RDP connection. You will obtain your own username, password and connection parameters and you can connect to the lab from any RDP client.

  • What if I miss the live online sessions?

    You get full access to all live session video recordings. We highly encourage you to participate in the live sessions so you can interact with us and the other students live online. You will learn best when we help you work through your questions. Keeping up with the course flow we have designed will help you hold yourself accountable to complete the course promptly. That being said, we understand life and work happen. That is why you will have access to all of the material for 12 months.

  • How is this course different from other Security Courses offered in the market?

    We are not just a training company. All of our experts spend 60% of their time working as consultants on client cases around the world. We split the rest of our time evenly between research and teaching. This allows us to stay up to date on cutting-edge security knowledge, skills, and tools that other training institutes lack. This rare. Every year’s course will be completely rebuilt to keep up with emerging security trends. Finally, we believe the best way to make you learn is to keep the course fun, social, and interactive. We are cool geeks :). Paula is widely recognized as the best speaker and instructor at international security conferences. At the Microsoft Ignite 2015, unofficial polling marked her as the best speaker (no, we did not ‘hack’ the results!).

Your Experts

This course is delivered by one of the greatest, world-renowned Cybersecurity Experts with practical knowledge from tons of successful projects, many years of real-world experience, great teaching skills and no mercy for misconfigurations or insecure solutions.



Founder & CEO, Microsoft Regional Director, MVP, MCT

Paula is a world-class Cybersecurity Expert with over 19 years of experience in the field. She is often a top-rated speaker at the world biggest conferences as her unique stage presence is always well-received among diverse audiences. To top it all, she has the access to the source code of Windows!


Jankowski-Lorek, Ph.D.

Director of Consulting, Cybersecurity Expert, MCT

Cybersecurity Expert, solution architect, consultant, penetration tester, and developer with more than 20 years of experience in the field. Mike holds multiple certifications, in security, database and software development. He also holds a Ph.D. in Computer Science.



Windows Security Expert, MVP, MCT, CEI, MCP

Cybersecurity Expert on Windows Security, Microsoft Azure and PowerShell with over 11 years of experience in teaching IT professionals. He holds a master’s degree in Software Engineering and in 2016 he was awarded with the title in the Microsoft Azure Category.



Windows OS Expert, MVP

Sami is one of the world’s leading professionals in the Windows OS troubleshooting and security. Sami has been working with and teaching OS troubleshooting, management and security for more than 25 years. In 2018, Sami’s two sessions were evaluated as the Top 2 sessions (out of 1700+ sessions) at Microsoft Ignite in Orlando.



Cybersecurity Expert, MCITP, MCTS

System Engineer and Unified Communications Expert. His areas of expertise includes Microsoft Private Cloud, Microsoft Public Cloud (Office 365 and Azure), Microsoft Exchange Server 2010/2013, Lync Server 2010/2013, Office Communications Servers and Windows Server family.



Cybersecurity Expert

During almost 20 years of his IT career Artur developed his skills in cybersecurity from different perspectives. His experience ranges from a forensic analytics and a university lecturer to a security administrator. Artur worked for government financial institutions and for global cybersecurity companies.



Cybersecurity Analyst

Mateusz Ziebura is an expert in the field of cybersecurity. At CQURE, he specializes in incident response, regularly supporting and participating in post-attack situation analysis, and assisting companies in cybersecurity education. A highly skilled researcher!

How can we help you?

Suggested searches

    Search history

      Popular searches:

      Not sure what course to look for?

      Mobile Newsletter Form