Instructors: cirosec consultants
Duration: 3 days
In this training, our experienced instructors will demonstrate the way hackers proceed nowadays to get full control of Windows environments – and they show you how to protect yourself or your company from such attacks. We use several demonstrations and practical exercises to show typical attacks on Windows clients and Windows servers as well as on the services run on them, such as Microsoft IIS or Microsoft SQL Server. These specific attack scenarios are easily understandable for all participants and allow us to present possibilities for the hardening of systems with little or well-known standard tools and freely available tools in order to complicate or even prevent such attacks.
Whether you are a blue team member, administrator, SOC employee or IT security manager: You have to know and understand the common techniques of different attackers as well as their aims and procedures if you want to protect your IT infrastructure. Within the framework of this training, you will get to know typical hacker tools that are part of the basic equipment of each red team or hacker. This course primarily focuses on using these tools to demonstrate the exploitation of insecure configurations and reconstruct general problems in Windows environments. The exploitation of vulnerabilities in applications, which are usually only available for a limited time (such as buffer overflows and kernel exploits), are not part of this training. These topics are covered in our training “Hacking Extreme”.
Our training environment and the attack and defense possibilities that we show are based on the latest features of Windows 10 Enterprise or Windows Server 2016.
The following attacks are addressed:
- Bypassing Windows authentication
- Stealing login credentials when systems are switched off
- Reading credentials while the system is running
- Pass-the-hash and pass-the-ticket attacks as well as „lateral movement“
- Relay attacks on SMB
- Encryption malware
- Bypassing user account control
- Exploitation of vulnerabilities in applications
- Privilege escalation on Windows systems
- Reading the Active Directory group and permissions structure
- Attacks on network services and web applications
Based on Windows 10 Enterprise and Windows Server 2016, we show the following aspects to counter these attacks:
- Basic hardening of Windows systems
- Minimization of services
- Secure administration/least privilege
- Secure configuration of necessary components
To achieve this, we explain and demonstrate in detail the configuration of the following features and how they work:
- Secure Boot, Trusted Boot
- Windows Defender
- Exploit Guard
- Credential Guard
- Application Guard
- Device Guard
- Windows Hello and passwords
- Group Managed Service Accounts
- Application control (AppLocker)
- Microsoft EMET
- User account control
- Local Administrator Password Solution (LAPS)
- Just Enough Administration (JEA)
- Group policies and delegation
Covered tools and means for hardening:
- Use of the Microsoft Security Compliance Manager
- Use of the Microsoft Security Compliance Toolkit
- PowerShell – Desired State Configuration
- Group policy editor
- CIS-CAT Benchmark
- Selected vulnerability scanners
- Windows 10 Enterprise 1709 and newer
- Windows Server 2016 1709 and newer
- MS SQL Server on Windows Server 2016
- Microsoft IIS on Windows Server 2016
All attacking tools are available in the local demonstration environment which allows the participants to gain hands-on experience with the tools and effects of the hardening and configuration measures. Participants will use laptops in this intensive training course, so they can apply the acquired knowledge in practical exercises.
Security managers, administrators, SOC members, blue team or red team members and (project) managers in the Windows or Windows security field who are looking for ways to secure or assess their Windows environment.
This training is a perfect supplement to our Hacking Extreme training.
The participants should at least have user experience in the Windows environment. The contents deepen selected and current topics and technologies that build upon basic knowledge in the Windows operating systems (clients, servers), (IIS) web server and MS SQL fields. Some exercises require the use of command-line tools such as PowerShell. Where necessary, our trainers are happy to assist with the use of attacking tools and Microsoft tools. The exercises are set up in multiple levels, which means that even experienced administrators will still be challenged, while it is made easy for beginners to understand all contents thanks to our sample solutions.
Early booking discount:
If you register 8 weeks prior to the start of the training, you will receive an early booking discount of 5%.
The training is conducted in German by two experienced trainers. They work as consultants and can thus complement the course with comprehensive and recent practical experience. You will receive CPE Points for participating in the Hardening and Secure Configuration training. The training takes 24 hours. You will get a certificate after having completed the training.
April 9 - April 11, 2019 Cologne
September 10 - 12 September, 2019 Munich
November 05 - November 07, 2019 Ludwigsburg
The training course will take place in fine, specially selected hotels:
We will gladly reserve a room for you at a special rate in the hotel where the training course takes place.
We may also gladly offer you the course in form of an in-house training.