About the course

This course is a live, online certification program divided into 16 modules and spread over 12 months.

All workshops are interactive and demo-intensive and eventually equip you with essential cybersecurity skills for Windows systems. Everything based on the newest content to give you relevant industry knowledge.

The syllabus covers the following topics: securing the Windows platforms, Hardening Active Directory infrastructure, Cloud-based incident response in Azure and Microsoft 365, Detecting and hunting for malware activities and prevention, Implementing privileged access workstations, Advancing PowerShell for security and administration, Everything you need to know about application whitelisting, High-priority security features in Azure, Secure monitoring of SQL Server integrated with SIEM solutions, Techniques for effective automation with PowerShell, Threat hunting supported by AI, Cyber threat intelligence, Mastering monitoring operations in Azure, Boosting penetration testing skills, Defending against threats using SIEM and XDR, and Implementing secure Entra ID.

Last but not least, you get to learn from some of the best cybersecurity specialists in their field: Paula Januszkiewicz, Mike Jankowski-Lorek, PhD, Michael Grafnetter, Uroš Babić, Amr Thabet, Sami Laiho, Damian Widera, Arnaud Petitjean and Piotr Pawlik.

Module 1: Securing Windows Platform: Windows 11 & Windows Server 2022

Date: January 30th

Instructor: Mike Jankowski-Lorek, PhD

• Defining and disabling unnecessary services
• Implementing rights, permissions and privileges
• Code signing
• Implementing secure service accounts

Module 2: Hardening Active Directory Infrastructure

Date:February 27th

Instructor: Michael Grafnetter

• Modern Identity Attack Techniques
• Preventing Credential Theft and Misuse
• Recommended AD Configuration Options
• OS-Level Credential Protection Features: LSA Protected Process, Credential Guard, and RDP Restricted Admin Mode
• Detecting Backdoors in Active Directory

Module 3: Cloud-based incident response in Azure and Microsoft 365

Date: March 13th

Instructor: Uroš Babić

• Azure&O365 cloud security challenges
• Zero Trust principles and architecture
• Incident response management process
• Cyber kill chain process
• Hunting through attack chain
• Azure monitor
• Azure incident response – best practices

Module 4: Detecting and hunting for malware activities and prevention

Date: March 27th

Instructor: Amr Thabet

• Intro to malware and malware functionalities
• Hunting for malware C&C communication in network activities
• Hunting for malware behaviour in Sysmon logs
• Creating a Yara rule for malware family of a suspicious functionality

Module 5: Implementing Privileged Access Workstations

Instructor: Sami Laiho

• Privileged Access Workstations – how and why?
• Different hardware and VM solutions for implementing PAWs
• Difference between normal and privileged
• Implementing and Managing On-prem PAWs
• Implementing and Managing Cloud-service PAWs

Module 6: Advancing at PowerShell for security and administration

Date: May 29th

Instructor: Michael Grafnetter

• PowerShell security and specific hacktools (like DSInternals)
• Advanced PowerShell course
• Auditing Active Directory using PowerShell

Module 7: Everything you need to know about application whitelisting

Date: June 12th

Instructor: Sami Laiho

• Whitelisting in general
• Implementing AppLocker
• Managing AppLocker
• Troubleshooting AppLocker

Module 8: High priority security features in Azure

Date: June 26th

Instructor: Uroš Babić

• Managing identity and access in Microsoft Entra ID
• Network security
• Microsoft Purview data protection
• Microsoft Defender for Cloud
• Application security

Module 9: Securing monitoring of SQL Server to feed SIEM solutions

Date: July 31st

Instructor: Damian Widera

• SQL Server security baseline concepts
• SQL Server instance security
• Managing logins & passwords

Module 10: Techniques for effective automation with PowerShell

Date: August 28th

Instructor: Arnaud Petitjean

• Navigating execution policies: picking the right security strategy
• PowerShell language modes: locking down your scripts
• Fortify your scripts: the power of digital signatures
• Restricting execution permissions: enforcing least privilege for scripts
• Protecting sensitive information: secure secrets management in PowerShell
• AMSI: Defending against malicious code with PowerShell
• Comprehensive logging: auditing and monitoring your PowerShell scripts

Module 11: Threat hunting with AI support

Date: September 11th

Instructor: Paula Januszkiewicz

• Introduction to threat hunting and AI in cybersecurity
• Leveraging AI to detect anomalies and threats
• Automating threat hunting with machine learning
• Using AI-powered tools for real-time threat detection

Module 12: Cyber threat intelligence

Date: September 25th

Instructor: Paula Januszkiewicz; Mike Jankowski-Lorek, PhD; Piotr Pawlik

• Threat Intelligence, Assessment and Threat Modeling
• Open-Source Intelligence Tools and Techniques
• Patterns of Attack

Module 13: Mastering monitoring operations in Azure

Date: October 30th

Instructor: Piotr Pawlik

• Microsoft 365 Security from SOC Analyst perspective
• Microsoft 364 Defender for Endpoint – EDR story
• Detection and response with Sentinel – Let’s attack Contoso network

Module 14: Boosting your penetration testing skills

Date: November 13th

Instructor: Paula Januszkiewicz

• From zero to domain admin almost always working exploitation techniques and discovery
Advanced network penetration testing Bypassing modern security controls Reporting and remediation strategies in penetration testing

Module 15: Defending against threats with SIEM Plus XDR

Date: November 27th

Instructor:Uroš Babić

• Intro with Unified Security Operation with Defender XDR, Microsoft Sentinel and Security Copilot in the Defender XDR portal
• Configuring and managing Microsoft Defender XDR and integration with Defender Family
• Configuring and managing Microsoft Sentinel
• Configuring and managing Security Copilot
• Automated investigation and incident response with Microsoft Sentinel, Microsoft Defender XDR and Security Copilot
• Automatic attack disruption in Microsoft Defender XDR and SOC optimization
• hreat Hunting through attack chain with Defender XDR

Module 16: Implementing Secure Entra ID

Date: December 11th

Instructor: Piotr Pawlik

• Entra ID security settings
• Entra ID identity protection
• Entra ID privileged identity management (PIM)
• Entra ID password protection