Windows 10/11 Security in Enterprises

Instructors: cirosec consultants 

Duration: 3 days

This three-day training covers the security of the current Windows operating systems: Windows 10/11 and Server 2016/2019/2022. Our experienced trainers will introduce you to security-relevant features and their requirements and configuration possibilities as well as to new challenges regarding the management and administration of these systems. Using hands-on exercises and demonstrations based on typical threat scenarios for clients and servers, you will learn how to employ the new technologies and possibilities to secure these systems.

In this training, we will first discuss typical threat scenarios and show exemplary attacks against Windows machines in their various environments of implementation, such as on laptops during field work, tower computers in central management, or servers in the internal network. These threat scenarios are contrasted with reasonable hardening and security measures in the course of the training. This allows experienced Windows administrators to gain a thorough understanding of possible threats, while IT security managers are able to get to know the security features of Windows operating systems.

Presenting important security-relevant innovations, we focus on the possibilities of Windows 10/11 Enterprise and of the server versions currently supported by Windows.

The contents cover, for example, the following subject areas:

• Technical functioning of the security architecture of the Windows operating systems
• Attacks using the hardware
• Practical tips for the implementation of the principle of least privilege
• Presentation of typical hardening measures in Windows 10/11, Server
• Presentation of the Windows Defender feature family, for instance:
  • Defender Antivirus
  • Defender Exploit Guard
    • Exploit Protection
    • Attack Surface Reduction
  • Defender System Guard
    • Credential Guard
    • Application Control
  • Defender Firewall
  • Defender for Endpoint
• Implementation of hardening measures for devices in the domain environment running Windows operating systems
• Presentation of virtualization-based security features
• Hardware and software requirements for different security features
• Presentation of cloud-based security features

The following topics are presented with regard to the security-relevant features:

• Protection of devices (e.g. BitLocker, TPM)
• Securing the boot process (e.g. Secure Boot, Trusted Boot, Configurable Code Integrity)
• Securing the login credentials (e.g. Credential Guard, Windows Hello for Business)
• Runtime protection (e.g. Windows Defender, AppLocker)
• Detection of compromises (Microsoft Defender for Endpoint, formerly Defender ATP)

In addition, we will show the typical organizational and technical challenges for the secure operation of a Windows client environment and discuss possible solutions for the following areas:

• Basic hardening of Windows operating systems
  • Microsoft Security Compliance Toolkit
  • Secure administration of endpoints (least privilege)
  • Microsoft Local Administrator Password Solution

Our training environment enables you to get to know relevant configuration settings and how to handle selected tools. We use common, freely available hacker tools to demonstrate the effects of individual hardening measures and features. During the training, each participant can use a laptop with various pre-installed tools.

Target group:
Security managers, (client) administrators, SOC members, blue team or red team members and (project) managers in the Windows clients or Windows client security field who are looking for ways to secure their clients.

Requirement:
The participants should have solid user experience in the Windows environment. Knowledge about administrative tools or attacking tools is an advantage. The exercises require the use of command-line tools such as PowerShell and of common administrative tools from the Active Directory environment. Where necessary, our trainers are happy to assist with the use of attacking tools and Microsoft tools. The exercises are set up in multiple levels, which means that, on the one hand, even experienced Windows administrators will still be challenged, while it is on the other hand made easy for beginners to understand the contents covered in the training as we will guide you through the solutions.

Price:
€ 2,400

This training will be held in German.

Date:
June 4 - June 6, 2024 online
October 8-10, 2024 Cologne
November 19-21, 2024  Munich

Place:
The training course will take place in fine, specially selected hotels:

• Munich: Pullman Hotel Munich
• Köln: Köln Marriott Hotel

We will gladly reserve a room for you at a special rate in the hotel where the training course takes place.

We may also gladly offer you the course in form of an in-house training.

Online registration