This two-day knowledge-packed training is a deep-dive into the inner workings and security of Windows and Active Directory. This training will help you to understand and implement security controls that aid in stopping or detecting modern attacks attack techniques used by red teams and targeted attackers.
Combining a large and private hands-on lab and having instructors with over 12+ year’s experience in breaking into Windows networks, you will leave this training excited and prepared for the next steps in Windows and AD security.
This course is powered and delivered by the experts of Outflank
Who should attend
The training is optimally suited for:
- Defenders, Windows and Active Directory administrators who want to strengthen their knowledge of Windows and Active Directory internals, security concepts and defensive measures.
- Penetration testers and ethical hackers wanting to provide better recommendations to their clients on defensive measures.
- Security professionals interested in expanding their knowledge of Windows and Active Directory related modern attack techniques, Red Teaming and defend against it.
- Forensic professionals who want to better understand the entire flow of an attacker and offensive tactics.
- Technical auditors wanting to increase their hands-on experience and technical skills.
- Attendees of other Outflank trainings who are looking for more in-depth knowledge on Windows and Active Directory security concepts as well as defensive measures.
Key learning objectives
The training is focussed on several key elements:
- Key theoretical concepts e.g. kill chain, course of action matrix, pyramid of pain, tiering security model, etc.
- Windows inner workings and key concepts that are often abused by attackers, or can help you in stopping or detecting attackers. Amongst others: How do processes work in detail? ACL and security descriptors, AMSI, Local Security Authority Subsystem Service, DCOM/WMI, relaying attacks.
- Active Directory inner workings and key concepts that are often abused by attackers, or can help you in stopping or detecting attackers. Amongst others: the inner workings of Kerberos and LDAP, attacks abusing the Kerberos protocol (i.e. golden ticket, silver ticket), domain trusts and attacks such as unconstrained delegation, resource-based delegation or Microsoft Exchange and common misconfigurations.
- Windows logging in detail, with amongst others topics such as WEF, Sysmon, centralised logging, ATT&CK and EDR features.
- Security of networking protocols, and the power of the built-in Windows firewall.
- Recent developments related to Azure Active Directory that could introduce new risks or help you addressing them.
- Relevant security models to enhance the security of Windows and Active Directory environments. Amongst others: privilege access workstations, the clean source principal and the Microsoft tiering model.
This training uses the same approach as other trainings by Outflank. This means:
- Interactive setting with multiple trainers, each bringing their dedicated area of expertise.
- A combination of theory and learning by doing.
- Large lab environments per student that represent real office networks.
- Students will learn about and perform both offensive and defensive steps in the lab; working with Cobalt Strike and with modern ways of log centralisation and security monitoring.
- Detailed labmanual that guides the students through each lab assignment, including extra assignments for more experienced students.
- Full set of training material to take home and restudy at a later moment.
Personal lab environment
During the training, participants have access to a personal lab environment that acts as a playground area. Having a personal lab is a key differentiator compared to many other labs. This environment is comparable to common enterprise networks as it contains Windows servers and desktops, an Active Directory domain, multiple services, user accounts and service accounts. Furthermore, commonly found insecurities are configured on purpose, as well as detective measures are in place, e.g. central monitoring environments using open source and commercial tools (e.g. IDS, Splunk/ELK stack). We have spent significant time making this lab as real as possible.
Hardware requirements for attendees
A laptop that has the ability to run a Remote Desktop Connection.
Pre-required knowledge for attendees
It helps if you already have detailed experience with Windows and Active Directory, commonly found in a systems engineering role. Yet, the training is setup in such a way that any participant with a technical IT background and a basic level of security knowledge can follow the topics; it welcomes both novices and veterans. There are extra lab assignments for students that want to go the extra mile.
About the trainers
The training is hosted by a selection of three of the trainers enlisted below. Working at the Dutch company Outflank, they focus on Red Teaming operations and advanced penetration tests. The training is created based on their 10+ years of experience with offensive operations and advising their clients on defending against targeted attackers. They each bring their own unique expertise to this training, ranging from SOC operations, custom malware and infrastructure security.
|Location||BCN Utrecht Daltonlaan 100, 3584 BJ Utrecht|
|Price||€ 1800,- per participant, excluding taxes|
Where it all began After jobs at various computer shops, an online gaming adventure got quite serious: ending up playing Unreal Tournament capture the flag on a high level. Being frustrated by ..
Where it all began Computers got my attention when I was about 10 years old. It started with games, but quickly all those weird commands you had to enter before the game got my attention. Not h..
Where it all began I am terrible at playing computer games. At the age of 10, I was attracted by a completely different side of computers than most of my friends. I was pulled into the world of..
MyCqure member login
Already a member? You can log in with your e-mail address and password. If you’ve registered through a social-media account or linked it to your account, just select the platform you’ve linked to, to log in.
Log in with your e-mail address and password
Log in with Facebook or LinkedIn
No Cqure account yet?
If you don't have an account yet, you can sign up by filling out the registration form or linking a social-media account. Signing up is easy and it takes just a few moments.
Here are the advantages at a glance
- check Responses show up right away in the Knowledge platform.
- check Signing up for events is easy.
- check You can log in quickly with Facebook or Linkedin.
- check Forms are completed with your profile details.
Sign up in with Facebook or LinkedIn