This two-day knowledge-packed training is a deep-dive into the inner workings and security of Windows and Active Directory. This training will help you to understand and implement security controls that aid in stopping or detecting modern attacks attack techniques used by red teams and targeted attackers.
Combining a large and private hands-on lab and having instructors with over 12+ year’s experience in breaking into Windows networks, you will leave this training excited and prepared for the next steps in Windows and AD security.
This course is powered and delivered by the experts of Outflank
Who should attend
The training is optimally suited for:
- Defenders, Windows and Active Directory administrators who want to strengthen their knowledge of Windows and Active Directory internals, security concepts and defensive measures.
- Penetration testers and ethical hackers wanting to provide better recommendations to their clients on defensive measures.
- Security professionals interested in expanding their knowledge of Windows and Active Directory related modern attack techniques, Red Teaming and defend against it.
- Forensic professionals who want to better understand the entire flow of an attacker and offensive tactics.
- Technical auditors wanting to increase their hands-on experience and technical skills.
- Attendees of other Outflank trainings who are looking for more in-depth knowledge on Windows and Active Directory security concepts as well as defensive measures.
Key learning objectives
The training is focussed on several key elements:
- Key theoretical concepts e.g. kill chain, course of action matrix, pyramid of pain, tiering security model, etc.
- Windows inner workings and key concepts that are often abused by attackers, or can help you in stopping or detecting attackers. Amongst others: How do processes work in detail? ACL and security descriptors, AMSI, Local Security Authority Subsystem Service, DCOM/WMI, relaying attacks.
- Active Directory inner workings and key concepts that are often abused by attackers, or can help you in stopping or detecting attackers. Amongst others: the inner workings of Kerberos and LDAP, attacks abusing the Kerberos protocol (i.e. golden ticket, silver ticket), domain trusts and attacks such as unconstrained delegation, resource-based delegation or Microsoft Exchange and common misconfigurations.
- Windows logging in detail, with amongst others topics such as WEF, Sysmon, centralised logging, ATT&CK and EDR features.
- Security of networking protocols, and the power of the built-in Windows firewall.
- Recent developments related to Azure Active Directory that could introduce new risks or help you addressing them.
- Relevant security models to enhance the security of Windows and Active Directory environments. Amongst others: privilege access workstations, the clean source principal and the Microsoft tiering model.
This training uses the same approach as other trainings by Outflank. This means:
- Interactive setting with multiple trainers, each bringing their dedicated area of expertise.
- A combination of theory and learning by doing.
- Large lab environments per student that represent real office networks.
- Students will learn about and perform both offensive and defensive steps in the lab; working with Cobalt Strike and with modern ways of log centralisation and security monitoring.
- Detailed labmanual that guides the students through each lab assignment, including extra assignments for more experienced students.
- Full set of training material to take home and restudy at a later moment.
Personal lab environment
During the training, participants have access to a personal lab environment that acts as a playground area. Having a personal lab is a key differentiator compared to many other labs. This environment is comparable to common enterprise networks as it contains Windows servers and desktops, an Active Directory domain, multiple services, user accounts and service accounts. Furthermore, commonly found insecurities are configured on purpose, as well as detective measures are in place, e.g. central monitoring environments using open source and commercial tools (e.g. IDS, Splunk/ELK stack). We have spent significant time making this lab as real as possible.
Hardware requirements for attendees
A laptop that has the ability to run a Remote Desktop Connection.
Pre-required knowledge for attendees
It helps if you already have detailed experience with Windows and Active Directory, commonly found in a systems engineering role. Yet, the training is setup in such a way that any participant with a technical IT background and a basic level of security knowledge can follow the topics; it welcomes both novices and veterans. There are extra lab assignments for students that want to go the extra mile.
About the trainers
The training is hosted by a selection of three of the trainers enlisted below. Working at the Dutch company Outflank, they focus on Red Teaming operations and advanced penetration tests. The training is created based on their 10+ years of experience with offensive operations and advising their clients on defending against targeted attackers. They each bring their own unique expertise to this training, ranging from SOC operations, custom malware and infrastructure security.
|Location||Will follow soon ( Amsterdam or Utrecht )|
|Price||€ 1800,- per participant, excluding taxes|
Where it all began After jobs at various computer shops, an online gaming adventure got quite serious: ending up playing Unreal Tournament capture the flag on a high level. Being frustrated by ..
Where it all began Computers got my attention when I was about 10 years old. It started with games, but quickly all those weird commands you had to enter before the game got my attention. Not h..
Where it all began I am terrible at playing computer games. At the age of 10, I was attracted by a completely different side of computers than most of my friends. I was pulled into the world of..
Inloggen voor Mijn Cqure leden
Bestaande leden kunnen inloggen met e-mail en wachtwoord. Heb je via een social media account geregistreerd of deze gekoppeld aan je account? Kies dan het gekoppelde platform om in te loggen.
Login met e-mail en wachtwoord
Login met Facebook of Linkedin
Nog geen Mijn Cqure account?
Heb je nog geen account? je kunt je aanmelden door het registratieformulier in te vullen, of door een social media account te koppelen. Het aanmelden is eenvoudig en binnen enkele ogenblikken geregeld.
De voordelen op een rijtje:
- check Reacties onmiddelijk zichtbaar.
- check Eenvoudig inschrijven voor events.
- check Snel inloggen met Facebook of Linkedin.
- check Formulieren aangevuld met jouw profielgegevens.
Aanmelden met Facebook of Linkedin