Kurser

Kursusadministration

Brug for hjælp?

  • Gregersensvej 8
  • 2630 Taastrup
Google MapsApple MapsRejseplanen
  • Forskerparken Fyn, Forskerparken 10F
  • 5230 Odense M
Google MapsApple MapsRejseplanen
  • Teknologiparken Kongsvang Allé 29
  • 8000 Aarhus C
Google MapsApple MapsRejseplanen
  • NordsøcentretPostboks 104
  • 9850Hirtshals
Google MapsApple MapsRejseplanen
  • Gammel Ålbovej 1
  • 6092Sønder Stenderup
Google MapsApple MapsRejseplanen
3 dages virtuelt kursus

Virtual Masterclass: Windows Infrastructure Pen-testing

Lær strategi og avancerede teknikker til at udføre intern infrastruktur penetration test i meget sikker Windows-infrastruktur. Vores kursus er udviklet omkring professionel penetration test og sikkerhed bevidsthed i erhvervslivet og IT-områder. Undervisningen foregår på engelsk.

Evaluering

5stjerner

Alle arrangementer på Teknologisk Institut bliver evalueret af deltagerne. Stjernerne angiver deltagernes gennemsnitlige tilfredshed.

Evalueringen er baseret på: 2 besvarelser

Form virtual delivery

Before you participate on a virtual course, we always try to arrange a 15-20 minute test session with the participants a week before to make sure that everyone is capable to attend the Masterclass. Below you will find the technical requirements for connecting to the virtual training:

  • A computer with a stable internet connection (preferably Windows or Mac OS)
  • Permissions for outgoing RDP connections to external servers (to our lab environment) – port 3389
  • A headset (headphones + microphone)
  • Webcam (built-in or plug-in)
  • Additional monitor will be helpful but it’s not required

To make sure that all participants gain the necessary infrastructure security concepts and knowledge, our classes have an intensive hands-on labs format.

Participant Profile

Pen-testers, Windows network administrators, security professionals, systems engineers, IT professionals, security consultants and other people responsible for implementing infrastructure security.

Prerequisites

You have some knowledge of security concepts, such as operating system services and architecture. However, all required concepts will be covered throughout the course.

Content

Module 1: Evolution of Hacking
  • Evolution of vulnerabilities
  • Persistent Threats
  • Malware evolution
  • Modern Attack Techniques
Module 2: Penetration testing methodology
  • Reconnaissance
  • Enumeration
  • Exploitation
  • Privilege escalation
  • Lateral movement
  • Persistency
  • Reporting and cleanup
Module 3: Reconnaissance and enumeration
  • Open Source Intelligence
  • Google Hacking
  • DNS enumeration
  • Network scanning
  • Service discovery
  • IPS/IDS consideration and handling
  • 802.1x bypass
Module 4: OS Security and elevation of privileges
  • Services Security
  • Permissions and Privileges
  • Offline Attacks
  • DPAPI Attacks with custom CQURE Tools
  • Cached Logons Attacks with custom CQURE Tools
  • Exploiting a lack of access controls
  • Application whitelisting bypass
Module 5: Identity attacks and lateral movement
  • Pass-The-Hash Attacks
  • Pass-The-Ticket Attacks
  • Kerberoasting
  • DCSync
  • DCShadow
  • Smb Relay
Module 6: Common service attacks
  • Microsoft SQL Server attacks
  • PKI misconfiguration detection and attacks
  • Compromising Web Server
  • Active Directory Security
  • Print server security
Module 7: Tampering with Communication
  • Wireless Protocols Security
  • NetBIOS Spoofing
  • SMB Security
  • LLMNR
  • HTTP/HTTPS
Module 8: AV bypass and evasion techniques
  • Malicious Files Execution
  • Anti-antimalware techniques
  • Non-exe Malware
  • File-less malware techniques
  • SIEM and PAM consideration
Module 9: Legal Issues
  • Paperwork
  • Reporting
  • Responsibility
  • White hat ethics

CPE Point (Continuing professional education)

It will be possible to earn CPE points after completion this course.

Material

Author's unique tools, over 100 pages of exercises and presentations slides with notes.

Instructor

CQURE Kamil
Kamil Baczyk is an Infrastructure and Security Expert, Office 365 Most Valuable Professional, trainer (Microsoft Certified Trainer) and Certified Technology Specialist (CTS). He is a member of Microsoft Windows Server System (WSS.PL), one of the top speakers in the Warsaw Windows Users & Specialists Group (WGUiSW), He is a member of International Association of Microsoft Certified Trainers (IAMCT) and Polish Infrastructure Group (PiNG) leader and mentor for WGUiSW Idol 2013 contest. Microsoft Windows Server / Client / Virtualization / SharePoint / Office 365 / ITIL and CEH related specializations.

or

Paula Janus
Paula Januszkiewicz is a word-renowned Security Expert. Paula loves to perform Penetration Tests, IT Security Audits, and after all she says: ‘harden’em all’! Enterprise Security MVP and trainer (MCT) and Microsoft Security Trusted Advisor.

Har du faglige spørgsmål, så kontakt:
Andre kigger også på