Masterclass: Securing Windows Infrastructure

Standard Price: 5250 PLN net | 1300 EUR net
3 days, Advanced level
ISSA Poland members: standard price -10%
October 2016, Warsaw, Poland

Training Schedule

10-10-2016 to 12-10-2016Warsaw - 5250 PLN net | 1300 EUR net

WARSAW - Training Agenda (EN)

WARSAW - Training Agenda (PL)

Are you in need for dedicated IT security training? Invite us over! We deliver worldwide!


This course is Level 3  in Cqure Academy Learning Path!

Paula Januszkiewicz Hexcode 2014

About the Trainer

Paula Januszkiewicz

Paula is an IT Security Auditor and Penetration Tester, Enterprise Security MVP and trainer (MCT) and Microsoft Security Trusted Advisor. She also is a top-speaker on many well-known conferences (for example: TechEd North America, TechEd Europe, TechEd Middle East, TechDays worldwide RSA worldwide, CyberCrime etc.) and a publihed author of articles on Windows Security. She conducted hundreds of IT security audits and penetration tests, including those for military customers. Her distinct specialization is definitely in Microsoft security solutions, the field she holds multiple Microsoft certifications in (MCITP, MCTS, MCSE, MCDBA etc.).  A number of certifications in other related technologies add up to a successful expert portfolio.  Paula is passionate about sharing her knowledge with others. In her private time, she enjoys researching new technologies, which she converts into authored trainings. She authored a book on Threat Management Gateway 2010. She has been doing penetration tests for 10 years now! She has got official access to a source code for Windows!



Windows Infrastructure Hardening has become a mandatory step performed on a regular basis by any organization that sees security as a priority. Businesses nowadays are almost fully dependent on IT services, making the hardening and securing processes even more intense. The number of possible attack surfaces has emerged exponentially in direct relation to the increasingly competitive field of current technology we are witnessing where developers try to achieve more and more functionality from implemented solutions and applications. The CAST 616: Securing Windows Infrastructure is designed with the single purpose of providing Info-‐Sec professionals with complete knowledge and practical skills necessary to secure their network infrastructure which is fast becoming if already not a top priority plus a major tech challenge for most security conscious organizations. This 3 day training deep dives into the key aspects of solving infrastructure-related problems by appreciating the key elements of how Windows Internal Security mechanisms actually work and how it can be further optimized without jeopardizing or easing an organization's IT Environment configuration settings which becomes common as time passes. Some of the highlights of this course are techniques used in Kernel Debugging, Malware hunting, deep diving into BitLocker and the automation of the whole hardening process.


Target audience

  • Enterprise administrator
  • Infrastructure architect
  • Security professional
  • System engineer
  • Network administrator
  • IT professional
  • Security consultant



To attend this training you should have a good hands on expirience in administering Windows infrastructure. At least 8 years in the field is recommended.



Authors' unique tools, over 200 pages of exercises, presentations slides with notes.



At the end participants will receive the Certificate of Achievement signed by the CQURE Trainer.



Module 1. Designing Secure Windows Infrastructure

1. Providing the complete knowledge for the areas that can be secured

Module 2. Securing Windows Platform

1. Defining and disabling unnecessary services

2. Implementing secure service accounts, permissions and privileges

3. Driver signing

Module 3. Malware Protection

1. Techniques used by modern malware

2. Malware investigation techniques

3. Analyzing cases of real malware

4. Implementing protection mechanisms

Module 4. Managing Physical Security

1. Managing port security: USB, FireWire, and other

2. Mitigating Offline Access

3. Implementing and managing BitLocker

Module 5. Deploying and configuring Public Key Infrastructure

1. Role and capabilities of the PKI in the infrastructure

2. Designing PKI architecture

3. PKI Deployment - Best practices

Module 6. Configuring Secure Communication

1. Deploying and managing Windows Firewall - advanced and useful features

2. Deploying and configuring IPsec

3. Deploying secure Remote Access (VPN, Direct Access, Workplace Join, RDS Gateway)

4. Deploying DNS and DNSSEC

Module 7. Securing Web Server

1. Configuring IIS features for security

2. Deploying Server Name Indication and Centralized SSL Certificate Support

3. Monitoring Web Server recources and performance

4. Deploying Distributed Denial of Service attack prevention

5. Deploying Network Load Balancing and Web Farms

Module 8. Providing Data Security and Availability

1. Designing data protection for Microsoft Office, PDF and other file types

2. Deploying Active Directory Rights Management Services

3. Deploying File Calssification Infrastructure and Dynamic Access Control

4. Configuring a secure File Server

5. Hardening basics for Microsoft SQL Server

6. Clustering selected Windows services

Module 9. Mitigating the common password attacks

1. Performing Pass-the-Hash attack

2. Performing the LSA Secrets dump

Module 10. Automating Windows Security

1. Impementing Advanced GPO Features

2. Deploying Software Restriction: Applocker

3. Advanced PowerShell for administration

© 2012 HEXCODE All Rights Reserved