Download Target audience

Survey
yes no Was this document useful for you?
   Thank you for your participation!

* Your assessment is very important for improving the workof artificial intelligence, which forms the content of this project

page
1
page
2
page
3
Document related concepts

Distributed firewall wikipedia , lookup

Piggybacking (Internet access) wikipedia , lookup

Zero-configuration networking wikipedia , lookup

Wireless security wikipedia , lookup

Cracking of wireless networks wikipedia , lookup

Computer security wikipedia , lookup

Remote Desktop Services wikipedia , lookup

Service-oriented architecture implementation framework wikipedia , lookup

Transcript 
Masterclass: Windows Security and Infrastructure Management
Duration: 5 days
Paula Januszkiewicz is a word-renowned Security
Expert. Paula loves to perform Penetration Tests,
IT Security Audits, and after all she says:
‘harden’em all’! Enterprise Security MVP and
trainer (MCT) and Microsoft Security Trusted
Advisor.
Top-speaker at world known conferences,
including being No 1 speaker at Microsoft Ignite!
This is a deep dive course on infrastructure services configuration, increasing their level of security and windows
internals. It is a must-go for enterprise administrators, security officers and architects. Delivered by one of the best
people in the market in the security field – with practical knowledge from tons of successful projects, many years
of real-world experience, great teaching skills and no mercy for misconfigurations or insecure solutions.
The secure infrastructure configuration should be the most important line of defense in every organization.
Unfortunately, people, the most valuable resource, are not always aware of the level of security in their
companies, possible points of entry, how operating systems are attacked, and how to protect the infrastructure
from successful attacks which are sometimes caused by configuration mistakes. Understanding internal OS
protection mechanisms and services/roles completely provides a huge impact on the whole infrastructure security
level. Unfortunately, the problem is… rarely anyone has this impact!
Advanced access rights, password mechanisms, windows internals, PowerShell usage for security purposes,
gaining unauthorized access, advanced DNS configuration and common configuration mistakes, Active Directory
security, IIS Security, debugging, advanced monitoring and troubleshooting and much more! Topics covered
during this training will help you to walk in hackers’ shoes and evaluate your infrastructure from their point of
view.
All exercises are based on Windows Server 2012 R2, Windows 8.1 and Windows Server 2016, Windows 10.
Paula says:
Windows internals should be familiar to anyone who wants to know what works or… what does not!
Prerequisites:
To attend this training you should have a good hands-on experience in administering Windows infrastructure. At
least 8 years in the field is recommended.
Target audience
Enterprise administrators, infrastructure architects, security professionals, systems
engineers, network
administrators, IT professionals, security consultants and other people responsible for implementing network and
perimeter security.
Materials
Author’s unique tools, over 300 pages of exercises, presentations slides with notes.
Agenda
Module 1: Windows Internals & System Architecture
1. Introduction to the Windows 10 and Windows Server 2016
Module 4: Debugging & Auditing
1.
Available debuggers
2.
Working with symbols
2. Architecture overview and terms
3.
Windows Global Flags
3. Key System Components
4.
Process debugging
Processes, Threads and Jobs
5.
Kernel-mode debugging
b) Services, Functions and Routines
6.
User-mode debugging
c)
7.
Setting up kernel debugging with a virtual machine as
security concepts
a)
Sessions
d) Objects and Handles
e)
8.
Debugging the boot process
4. Advanced Local Procedure Call
9.
Crash dump analysis
5. Information gathering techniques
10.
Direct Kernel Object Manipulation
Windows Debugging
11.
Finding hidden processes
b) Performance Monitor
12.
Rootkit Detection
c)
Module 5: Memory Analysis
a)
Registry
the target
Windows Driver Kit
d) Other useful tools
1.
Memory acquisition techniques
2.
Finding data and activities in memory
1. Process and thread internals
3.
Step-by-step memory analysis techniques
2. Protected processes
4.
Tools and techniques to perform memory forensic
3. Process priority management
Module 6: Storage Management
Module 2: Process and Thread Management
4. Examining Thread Activity
5. Process and thread monitoring and troubleshooting
techniques (advanced usage of Process Explorer, Process
Monitor, and other tools)
Module 3: System Security Mechanisms
1. Integrity Levels
1.
Securing and monitoring Files and Folders
2.
Protecting Shared Files and Folders by Using Shadow
Copies
3.
Implementing Storage Spaces
4.
Implementing iSCSI
5.
Implementing FSRM, managing Quotas, File Screens,
and Storage Reports
2. Session Zero
3. Privileges, permissions and rights
6.
Tasks, Dynamic Access Control
4. Passwords security (techniques for getting and cracking
passwords)
7.
7. Driver signing (Windows Driver Foundation)
8. User Account Control Virtualization
9. System Accounts and their functions
10. Boot configuration
11. Services architecture
12. Access tokens
13. Biometric framework for user authentication
Module 8: Infrastructure Security Solutions
Configuring and troubleshooting Distributed File
System
5. Registry Internals
6. Monitoring Registry Activity
Implementing Classification and File Management
Module 7: Startup and Shutdown
1.
Boot Process overview
2.
BIOS Boot Sector and Bootmgr vs. the UEFI Boot
Process
3.
Booting from iSCSI
4.
Smss, Csrss, and Wininit
5.
Last Known Good configuration
6.
Safe Mode capabilities
7.
Windows Recovery Environment (WinRE)
8.
Troubleshooting Boot and Startup Problems
8.
Remote Access
1.
Windows Server Core Improvements in Windows Server
9.
2016
10. Wireless technology recognition
2.
AppLocker implementation scenarios
3.
Advanced
BitLocker
implementation
Network Location Awareness
11. Wireless fingerprinting
techniques
12. Wireless hacking ideas and demos
(provisioning, Standard User Rights and Network Unlock﴿
13. Optimizing wireless hacking
4.
Advanced Security Configuration Wizard
14. Protecting wireless networks
5.
IPSec
6.
Advanced GPO Management
Module 10: Monitoring and Event Tracing
7.
Practicing Diagnostic and Recovery Toolkit
8.
Tools
Module 9: Layered Network Services
1.
Windows Diagnostic Infrastructure
2.
Building auditing
3.
Expression‐based audit policies
4.
Logging Activity for Accounts and processes
1.
Network sniffing techniques
5.
Auditing tools, techniques and improvements
2.
Fingerprinting techniques
6.
Auditing removable storage devices
3.
Enumeration techniques
4.
Networking Services Security (DNS, DHCP, SNMP, SMTP
and other)
5.
Direct Access
6.
High Availability features: cluster improvements and SMB
﴾Scale – Out File Server)
7.
Network Load Balancing
Module 11: Points of Entry Analysis
1.
Offline access
2.
Linux BackTrack /other tools vs. Windows Security
3.
Unpatched Windows and assigned attacks
4.
Domain Controller attacks
5.
Man‐in‐the Middle attacks
6.
Services security
Related documents
Nauman Parkar
Nauman Parkar
java -agentlib:hprof Prog
java -agentlib:hprof Prog
Network Management Session 1 Network Basics
Network Management Session 1 Network Basics
System Testing and Debugging
System Testing and Debugging
EEN 542 – Digital Integrated Circuits
EEN 542 – Digital Integrated Circuits
Operating Systems Questions
Operating Systems Questions
CS590F Software Reliability Why
CS590F Software Reliability Why
This course is an introduction to computer operating systems
This course is an introduction to computer operating systems
(P1) How networks communicate
(P1) How networks communicate