Learn the 12 skills that our CQURE team has identified as crucial to keep your IT safe in 2018

1. 12 Crucial Windows Security Skills for 2018
Paula Januszkiewicz
CQURE: CEO, Penetration Tester; Security Expert
CQURE Academy: Trainer
MVP: Enterprise Security, MCT
info@cqureacademy.com
Greg Tworek
CQURE: CTO, Security Expert
CQURE Academy: Trainer
MVP: Enterprise Security, MCT

2. What does CQURE do?
Consulting Services:
Extensive IT Security Audits and Penetration Tests of all
kinds
Configuration Audit and Architecture Design
Social Engineering Tests
Advanced Troubleshooting and Debugging
Emergency Response Services
R&D & Publications
Trainings & Seminars:
Offline (mainly in New York or via our partners worldwide)
Online (you will hear more about it in the end of this Webinar)

3. Michael
Kama
Dorothy
Patrycja
Michal
Paula
Greg
Ken
Chris
Krystian
Aga
Grzegorz Zuza
Milosz Ada

4. To ensure the good quality of your experience:
1. If you have problems with viewing the Webinar try
refreshing the page first or try another browser.
2. If problems persist please let us know in the comment
section or on info@cqureacademy.com.
3. If there will be connection or software problem, please look
into your email box or fb.com/cqure for instructions.
4. We will be taking questions at the end of the Webinar
during Q and A session so write them down!

5. What can you expect today?
1. The BIG REVEAL of 12 skills that our CQURE team has
identified as crucial to keep your IT safe in 2018.
2. Live demonstrations!
3. Tips on how you learn this stuff on your own.
4. A hacking challenge with a cool prize :)
5. Live Q&A with the CQURE Team and myself.
6. You will get files of all the tools we will be using here!

6. What was your score in our Windows Security QUIZ 2.0
- share in the comment section!

7. According to the industry’s statistics, by 2019 the
market will need 6 mln security professionals.
But only 4 to 5 million of them will have the needed
qualifications.
*Source: Financial Times

9. What you should learn NOW to
become proficient in Windows
Security in less time than others?

10. #1 Skill Group: Platform Security & Internals

11. #2 Skill Group: Attacks On Credentials & Prevention
Solutions

12. #3 Skill Group: PowerShell As A Hacking Tool
PowerShell is really powerful tool used on daily basis by
millions of administrators but it can also be very danger
and successfully used by malicious users to evade
software restrictions or to perform escalation of
privileges.
1. Understanding potential and threat of PowerShell
2. Bypassing script execution policy
3. Working with deep script logging
4. PowerShell transcript
5. Just Enough Administration and remote management
with PowerShell
6. Code Signing with PowerShell

13. #4 Skill Group: Office 365 Security
When you move your company to the cloud, you must fully
understand how to configure numerous security features to get
most of Office 365 offering. To ensure the security and
confidentiality of your data.
1. Office 365 Privacy
2. Identity models (cloud, synchronized, federated)
3. Multi-Factor Authentication
4. Controlling how your users access the data
5. Level up your security with Exchange Online Protection
6. Your fight against advanced threats with the help of ATP
7. Data loss prevention

14. #5 Skill Group: Raising the bar for malware

16. #6 Skill Group: Microsoft SQL Server Security
Database servers are usually one of the most important
servers in the infrastructure it’s all because they are
containing precious corporate data and are used as
backend for most of the LOB applications.
You should be familiar with:
1. Stilling credentials and hashes with MITM attack
2. Protecting SQL Server authentication and network
communication
3. Protecting SQL Server data and backups at rest
4. Cryptography in SQL Server environment
5. End to end encryption of data with Always Encrypted
SQL Server

17. #7 Skill Group: Improving security with Azure
We still cannot believe that cloud technologies can
really help us in securing the on-premise
environment. But the answer is only one here: give it
a try! Deploying new solution takes minutes instead
of months and may be disabled any time if you do
not like it. So let’s review some of them to see what
benefit they can bring to you.
You should know at least the following:
1. Office 365 security technologies
2. Microsoft Azure based technologies
3. Azure Backup
4. Operations Management Suite
5. Windows Defender ATP

18. #8 Skill Group: Virtualization based security
Virtualization also requires us to think differently about the
security of our virtualized infrastructure and applications.
You need to know at least the following:
1. Workload administrator and Fabric Administrator
2. Potential security holes in standard Hyper-V deployment
3. Prepare your environment for shielded VM deployment
4. Host Guardian Service
5. Template for shielded VMs
6. Shielding data file
7. Shielded VM creating
8. Testing shielded VM enhanced security

19. #9 Skill Group: Machine Learning for Security
Forexample:Whatif weuseacustomreflectivePELoadertocreateandruncustomcode?

20. #10 Skill Group: Windows 2016 security and
infrastructure improvements
We will trust you if you tell us you got rid of Windows 2003. But
what about 9 years old (yes!) Windows 2008? Maybe it is a high
time to move to the newest Microsoft Server Operating System?
Before taking this brave (but reasonable) step, please come to our
session and see what the Windows Server 2016 can offer you.
You should be familiar with:
1. Virtualization, Shielded VMs and Containers
2. Identity and Access Improvements
3. PowerShell
4. Networking enhancements
5. Device Guard and Credential Guard technologies
6. IIS 10 and application platform

21. #11 Skill Group: Practical Public Key Infrastructure
Pretty much every time we do an audit we see
incorrectly implemented PKI
Be aware of the newest security trends in the
certificate services
You should be familiar with:
1. Internal or 3rd party certificates - where to use on,
where to use the other
2. What certificate should be used where? Different types
of certificates
3. Mastering certificate requests - Tools, process
techniques
4. Message Security
5. Bitlocker
6. RMS for File Servers

22. #12 Skill Group: Advanced Monitoring and Auditing
It is well known fact that the proper reaction for incidents is the key
for keeping your environment secure. But wait - how can you
properly react if you do not properly monitor events within your
infrastructure? It is high time to design it in the right way. Starting
from your workstations, through mobile devices, servers, network
appliances up to the cloud level. During the module we will show you
how to plan your monitoring and how to implement it in a way giving
you all the information you need.
1. Workstation monitoring
2. Server monitoring
3. Non-PC devices monitoring
4. Data access monitoring and auditing
5. Processing and analyzing of the data collected
6. Cloud based technologies

24. Skill #1: Platform Security & Internals
Skill #2: Attacks On Credentials & Prevention Solutions
Skill #3: PowerShell as a hacking tool
Skill #4: Office 365 Security
Skill #5: Raising the bar for malware
Skill #6: Microsoft SQL Server Security
1 - 6

25. Skill #7: Improving security with Azure
Skill #8: Virtualization based security
Skill #9: Machine Learning for Security
Skill #10: Windows 2016 security and infrastructure improvements
Skill #11: Practical Public Key Infrastructure
Skill #12: Advanced Monitoring and Auditing
7 - 12

26. So… HOW to learn security?

27. Summary: Understanding is the key to success
Understanding is the key to security
Continuous vulnerability discovery
Context-Aware Analysis
Prioritization
Remediation and Tracking
Configuration reviews
Put on the Hacker’s Shoes
Prevention is the key to success

28. Additional resources to learn on your own
Websites
CQURE Academy Blog
Ars Technica
The Register
The Hacker News
Dark Reading
Krebs on Security
Computer World
Threat Post
Beta News
Tech News World
Tech Crunch
ZDNetSecurity Affairs
Computer Weekly
Network World
SC Magazine
Wired
Schneier on Security
Microsoft Virtual Academy

32. The course finishes with an exam.
If you pass (you get at least 70% answers correct)
you will get our CQURE Academy CERTIFICATE:
Windows Security Master 2018

34. https://www.cqureacademy.com/advanced2018

38. The Prize For Hackers Who Won Today’s
Challenge:
A free seat at “Advanced Windows Security Course
For 2018” (worth $2,900!)

39. Q&A Time!