Masterclass: Windows Security and Infrastructure Management

Enterprise administrators, infrastructure architects, security professionals, systems engineers, network administrators, IT professionals, security consultants and other people responsible for implementing network a perimeter security.

• Introduction to the Windows 7/8.1 and Windows Server 2008/2012 R2 security concepts
• Architecture overview and terms:

1. Key System Components
2. Processes, Threads and Jobs
3. Services, Functions and Routines
4. Sessions
5. Objects and Handles
6. Registry

• Advanced Local Procedure Call
• Information gathering techniques:

1. Windows Debugging
2. Performance Monitor
3. Windows Driver Kit
4. Other useful tools

Module 2: Process and Thread Management

• Process and thread internals
• Protected processes
• Process priority management
• Examining Thread Activity
• Process and thread monitoring and troubleshooting techniques (advanced usage of Process Explorer, Process Monitor, and other tools)

Module 3: System Security Mechanisms

• Integrity Levels
• Session Zero
• Privileges, permissions and rights
• Passwords security (techniques for getting and cracking passwords)
• Registry Internals
• Monitoring Registry Activity
• Driver signing (Windows Driver Foundation)
• User Account Control Virtualization
• System Accounts and their functions
• Boot configuration
• Services architecture
• Access tokens
• Biometric framework for user authentication

Module 4: Debugging & Auditing

• Available debuggers
• Working with symbols
• Windows Global Flags
• Process debugging
• Kernel-‐mode debugging
• User-‐mode debugging
• Setting up kernel debugging with a virtual machine as the target
• Debugging the boot process
• Crash dump analysis
• Direct Kernel Object Manipulation
• Finding hidden processes
• Rootkit Detection

Module 5: Memory Analysis

• Memory acquisition techniques
• Finding data and activities in memory
• Step-‐by-‐step memory analysis techniques
• Tools and techniques to perform memory forensic

Module 6: Storage Management

• Securing and monitoring Files and Folders
• Protecting Shared Files and Folders by Using Shadow Copies
• Implementing Storage Spaces
• Implementing iSCSI
• Implementing FSRM, managing Quotas, File Screens, and Storage Reports
• Implementing Classification and File Management Tasks, Dynamic Access Control
• Configuring and troubleshooting Distributed File System

Module 7: Startup and Shutdown

• Boot Process overview
• BIOS Boot Sector and Bootmgr vs. the UEFI Boot Process
• Booting from iSCSI
• Smss, Csrss, and Wininit
• Last Known Good configuration
• Safe Mode capabilities
• Windows Recovery Environment (WinRE)
• Troubleshooting Boot and Startup Problems

Module 8: Infrastructure Security Solutions

• Windows Server Core Improvements in Windows Server 2012 R2
• AppLocker implementation scenarios
• Advanced BitLocker implementation techniques(provisioning, Standard User Rights and Network Unlock)
• Advanced Security Configuration Wizard
• IPSec
• Advanced GPO Management
• Practicing Diagnostic and Recovery Toolkit
• Tools

Module 9: Layered Network Services

• Network sniffing techniques
• Fingerprinting techniques
• Enumeration techniques
• Networking Services Security (DNS, DHCP, SNMP, SMTP and other)
• Direct Access
• High Availability features: cluster improvements and SMB (Scale – Out File Server)
• Network Load Balancing
• Remote Access
  
• Network Location Awareness
• Wireless technology recognition
• Wireless fingerprinting
• Wireless hacking ideas and demos
• Optimizing wireless hacking
• Protecting wireless networks

Module 10: Monitoring and Event Tracing

• Windows Diagnostic Infrastructure
• Building auditing
• Expression-‐based audit policies
• Logging Activity for Accounts and processes
• Auditing tools, techniques and improvements
• Auditing removable storage devices

Module 11: Points of Entry Analysis

• Offline access
• Linux BackTrack /other tools vs. Windows Security
• Unpatched Windows and assigned attacks
• Domain Controller attacks
• Man-‐in-‐the Middle attacks
• Services security

To attend this training you should have a good hands-on experience in administering Windows infrastructure. At least 8 years in the field is recommended.