Masterclass: Hacking and Hardening Windows Infrastructure Workshop

Tuesday May 22 09:00 - 17:00

Including Windows 10 and its new security features! Can Windows 10 be hacked?! <
>Security Tips from Expert who has access to a Source Code of Windows! <

Everyone has heard about hackers. It is commonly known that their jobs differ from system administrator jobs. However, things they do in their darkened rooms are definitely interesting and worth knowing. Many of the techniques they use are very useful in everyday administration tasks. Is it that easy to get into systems? What about Windows 10 – are all of these security features preventing all of the attacks possible before? Well no! And we need to know how to implement features properly in order to be on a safe side! Windows 10 is designed to protect against known and emerging security threats across the spectrum of attack vectors but this can be achieved only when configuring these settings properly! A Hackers’ knowledge is considered to be valuable, both by system creators and common users. Administrators do not have to be taught how to be a hacker; it is often enough to show them one simple, but very interesting tool or technique, to change the point of view on their own IT environment. Topics covered in this seminar help you to walk in hacker’s shoes and evaluate your network from their point of view. Be careful – this workshop is designed for IT and Security professionals who want to take their skills and knowledge to the next level. After this workshop, you will be familiar with hacker techniques, which can be useful to protect yourself against. This is a one day training with demos and reasonable and smart explanations.

Audience
Network administrators, infrastructure architects, security professionals, systems engineers, network administrators, IT professionals, security consultants and other people responsible for implementing network and perimeter security.

Materials
Author’s unique tools, presentations slides with notes, workshop instructions.

Module 1: Windows 10 / Windows Server 2016 – Platform Security and Internals
This module will prepare you for the training! It also contains very useful tips about auditing your environment and understanding security mechanisms used by Windows.
a. Detecting unnecessary services
b. Misusing service accounts
c. Services architecture
d. Implementing rights, permissions and privileges
e. Integrity Levels
f. Usage of privileged accounts
g. Browser security
h. Registry internals
i. Monitoring registry activity
j. Boot configuration
k. Access tokens
l. Information gathering tools
m. PowerShell as a hacking tool
n. Security management automation

Module 2: Attacks on Credentials and Prevention Solutions
This module involves usage of the custom tools built by the CQURE Team. Some of the tools were first on the market, so you are learning from the best!
a. Extracting hashes from SAM and NTDS.dit databases
b. Meaning of SYSTEM and SECURITY registry hives
c. Kerberos and NTLMv2 issues
d. Performing the Pass-The-Hash attack
e. Performing the Pass-The-Ticket attack
f. Cached logons (credentials)
g. Data Protection API (DPAPI) case for cached logons
h. Credential Guard (Virtual Secure Mode)
i. Performing the LSA Secrets dump and implementing prevention
j. Implementing account scoping
k. Good practices for implementing Local Admin Password Solution
l. Authentication Mechanism Assurance
m. Using virtual smart cards

Module 3: Attacking and Securing Windows Network
Starting from simple network sniffing, ending up with advanced network monitoring to the size of the buffers written. Several techniques used during the training.
a. Monitoring network usage by processes
b. Monitoring network stack (stackwalk)
c. Building a network visibility map
d. Host identification
e. Port scanning techniques
f. Vulnerability scanning
g. Sniffing techniques
h. Active sniffing: ARP cache poisoning and DNS spoofing
i. IP address spoofing
j. NETBIOS issues
k. SMB Relay attack
l. Enabling SMB signatures
m. Implementing IPSec and DNSSec

Module 4: Handling Ransomware and Other Malicious Software
In this module you will become familiar with the techniques used by modern malware. Especially for ransomware the launch process itself has changed over years to reach its final form – it is important to know how to prevent it.
a. Analysis of Malware Samples
b. Virus, Worms, Trojans and Spywares
c. Detection of Malicious Code
d. Implementation of Ransomware prevention
e. Application Whitelisting (AppLocker, Device Guard) and EMET
f. Code signing techniques

Module 5: Offline Access – Threats and Prevention
Offline access is immediately rewarding the attacker: you do not have to try hard to get the highest privileges and possibility to change anything you want on a drive. In this module you will learn the impact of offline access and how according to best practices we can prevent it.
a. Misusing USB and other ports
b. Offline Access techniques
c. Implementation of the BitLocker in the enterprise scale

Module 6: Windows Security Summary
Module covers discussion about solutions and implementations with top priorities.

Paula Januszkiewicz

CEO of CQURE and CQURE Academy

Paula is a top speaker at many well-known conferences including TechEd North America, TechEd Europe, TechEd Middle East, RSA, TechDays and CyberCrime. Last year she was rated as number one speaker at MS Ignite – the biggest Information Technology conference! Paula is engaged as a keynote speaker for security related events and she writes articles on Windows Security. She drives her own company CQURE, working on security related issues and projects. Paula has conducted hundreds of IT security audits and penetration tests, including those for governmental organizations. Her distinct specialization is definitely on Microsoft security solutions in which she holds multiple Microsoft certifications, besides being familiar with and possessing certifications in other related technologies. Paula is passionate about sharing her knowledge with others. In private, she enjoys researching new technologies, which she converts to authored trainings. She wrote a book about Threat Management Gateway 2010, and is working on her next book. She also has access to a source code of Windows!