Location - LISBON
Date - 13-17, January, 2020
Paula Januszkiewicz

Paula Januszkiewicz is a world-renowned Security Expert. Paula loves to perform Penetration Tests, IT Security Audits, and after all she says: ‘harden’em all’! Enterprise Security MVP and trainer (MCT) and Microsoft Security Trusted Advisor.

Top-speaker at world known conferences, including being No 1 speaker at Microsoft Ignite!

Pure coolness with a value! This training shows how to overuse mistakes that are made nowadays in the infrastructures. It is great to learn from other people’s mistakes, right?

Paula Januszkiewicz

We connected the two of our most popular cybersecurity courses to create a totally new quality. While it is perfectly reasonable to take only one of these courses, when properly mixing the knowledge from both – penetration testing and forensics – you simply obtain added value! Extending penetration tests with stealth techniques? Trying to find your own traces during investigations? We have it covered. Taking both courses together maybe won’t give you more knowledge about the tools or techniques than taking them separately, but you’ll be able to look at these topics from the significantly wider perspective.

  • Duration: 2 days

You will enjoy it! The course teaches infrastructure security concepts, including the techniques on how to attack and how to respond with an appropriate countermeasure implementation. Our course has been developed around professional penetration testing and security awareness in the business and IT fields. To make sure that all participants gain the necessary infrastructure security knowledge, our classes have an intensive hands-on format.

All labs are always up to date and have 3 levels of difficulty. They can be easily adjustable to the overall level of the group. Every exercise is supported with lab instructions and multiple tools, both traditional and specialized. CQURE trainers recommend students have some knowledge of security concepts, such as operating system services and architecture. However, all required concepts will be covered throughout the course.

  • Duration: 3 days

The secure infrastructure configuration should be the most important line of defense in every organization. Unfortunately, people, the most valuable resource, are not always aware of the level of security in their companies, possible points of entry, how operating systems are attacked, and how to protect the infrastructure from successful attacks which are sometimes caused by configuration mistakes. Understanding internal OS protection mechanisms and services/roles completely provides a huge impact on the whole infrastructure security level. Unfortunately, the problem is... rarely anyone has this impact!

This is a deep dive course on security operations: vulnerability management, anomalies detection, discovery of industry attacks and threats, understanding how compromised system or solution looks like, defining the indicators of the attack, incident handling also daily servicing on SIEM platform. We will also walk through the advanced access rights, password mechanisms, windows internals, PowerShell usage for security purposes, gaining unauthorized access, advanced DNS configuration and common configuration mistakes, forensics techniques, Active Directory security, IIS Security, debugging, advanced monitoring and troubleshooting and much more! Topics covered during this training will help you to walk in hackers’ shoes and evaluate your infrastructure from their point of view.

The training focuses on detecting, responding, and resolving computer security incidents and covers the following security techniques:

  • The steps of the incident handling process
  • Detecting malicious applications and network activity
  • Common attack techniques that compromise hosts
  • Detecting and analyzing system and network vulnerabilities
  • Continuous process improvement by discovering the root causes of incidents

It is a must-go for enterprise administrators, security officers and architects. Delivered by one of the best people in the market in the security field – with practical knowledge from tons of successful projects, many years of real-world experience, great teaching skills and no mercy for misconfigurations or insecure solutions.

To attend this training you should have a good hands-on experience in administering Windows infrastructure. At least 8 years in the field is recommended.

Enterprise administrators, infrastructure architects, security professionals, systems engineers, network administrators, IT professionals, security consultants and other people responsible for implementing network and perimeter security.

Author’s unique tools, over 300 pages of exercises and presentations slides with notes.

  • Evolution of vulnerabilities
  • Persistent Threats
  • Malware evolution
  • Services Security
  • Active Directory Security
  • Permissions and Privileges
  • Password Security
  • Offline Attacks
  • Pass-The-Hash Attacks with custom CQURE Tools
  • Pass-The-Ticket Attacks
  • DPAPI Attacks with custom CQURE Tools
  • Cached Logons Attacks with custom CQURE Tools
  • Exploiting a lack of access controls
  • SQL Server Service
  • Authentication Modes
  • Stored Procedures
  • Network Scanning
  • Man-in-the-middle Attacks
  • Wireless Protocols Security
  • NetBIOS Spoofing
  • SMB Security
  • Anti-antimalware techniques
  • Non-exe Malware
  • Open Source Intelligence
  • Possible Targets
  • Building Advanced Queries
  • Cross Site Scripting
  • Injection Attacks
  • Information Leakage and Error Handling
  • Paperwork
  • Reporting
  • Responsibility
  • Types of Computer Security Incidents
  • Examples of Computer Security Incidents
  • Signs of an Incident
  • Incident Prioritization
  • Incident Response
  • Incident Handling
  • Integrity Levels
  • Anti-malware & Firewalls
  • Application Whitelisting, Application Virtualization
  • Privileged Accounts, Authentication, Monitoring, and UAC
  • Whole Disk Encryption
  • Browser Security
  • EMET
  • Dangerous Endpoint Applications Session Zero
  • Privileges, permissions and rights
  • Passwords security (techniques for getting and cracking passwords
  • Registry Internals
  • Monitoring Registry Activity
  • Boot configuration
  • Services architecture
  • Access tokens
  • Web Application Firewall
  • HTTP Proxies, Web Content Filtering, and SSL Decryption
  • SIMs, NIDS, Packet Captures, and DLP
  • Honeypots/Honeynets
  • Network Infrastructure – Routers, Switches, DHCP, DNS
  • Wireless Access Points
  • How to Identify an Incident
  • Handling Incidents Techniques
  • Incident Response Team Services
  • Defining the Relationship between Incident Response, Incident Handling, and Incident Management
  • Incident Response Best Practices
  • Incident Response Policy
  • Incident Response Plan Checklist
  • Denial-of-Service Incidents
  • Distributed Denial-of-Service Attack
  • Detecting DoS Attack
  • Incident Handling Preparation for DoS
  • DoS Response and Preventing Strategies
  • Following the Containment Strategy to Stop DoS
  • Detecting Unauthorized Access Incident
  • Incident Handling Preparation
  • Incident Prevention
  • Following the Containment Strategy to Stop Unauthorized Access
  • Eradication and Recovery
  • Detecting the Inappropriate Usage Incidents
  • Multiple Component Incidents
  • Containment Strategy to Stop Multiple Component Incidents
  • Network Traffic Monitoring Tools
  • Count of Malware Samples
  • Virus, Worms, Trojans and Spywares
  • Incident Handling Preparation
  • Incident Prevention
  • Detection of Malicious Code
  • Containment Strategy
  • Evidence Gathering and Handling
  • Eradication and Recovery
  • Industry Best Practices
  • Critical Security Controls
  • Host, Port and Service Discovery
  • Vulnerability Scanning
  • Monitoring Patching, Applications, Service Logs
  • Detecting Malware via DNS logs
  • Monitoring Change to Devices and Appliances
  • Leveraging Proxy and Firewall Data
  • Configuring Centralized Windows Event Log Collection
  • Monitoring Critical Windows Events
  • Detecting Malware via Windows Event Logs
  • Scripting and Automation
  • Importance of Automation
  • PowerShell
  • Computer Forensics
  • Objectives of Forensics Analysis
  • Role of Forensics Analysis in Incident Response
  • Forensic Readiness And Business Continuity
  • Types of Computer Forensics
  • Computer Forensic Investigator
  • Computer Forensics Process
  • Collecting Electronic Evidence
  • Challenging Aspects of Digital Evidence
  • Forensics in the Information System Life Cycle
  • Forensic Analysis Guidelines
  • Forensics Analysis Tools
  • Memory acquisition techniques
  • Finding data and activities in memory
  • Tools and techniques to perform memory forensic
  • Legal Issues
  • Date25-27, November, 2019
  • Date 13-17, January, 2020