Course code: SECDAY5« Back

Security Day: Ultimate Hacking and Forensics Experience for IT Pros

Are there any attacks that are effective, reliable and almost always work? Of course! Even though an organization manages well the infrastructure, patches are regularly installed, network is monitored – there are attacks that are still working perfectly as it is really a matter of misconfiguration rather than serious security vulnerability. Could cloud technologies help it? Are Office 365, Azure secure? How to measure it? Is it worth to move some of the services to the cloud and mitigate the risk of breach? The problem is that some infrastructure mechanisms relay on type of communication used within the attacks and they use it for the normal communication: single sign-on authentication, service accounts, network sharing etc. and in vast majority of organizations that can be leveraged! Join Paula during this seminar to become familiar what are the biggest mistakes in infrastructure security that from the attacker perspective can be pretty much always exploited and leave the conference with suggestions & ideas how to reach the next level of security in your workspaces

No terms found, contact our client service.

AffiliateDurationCatalogue priceHandbook priceITB
Praha1 9 999 CZK - 10

Termín:

17.9. 2019


Cena:

9 999 Kč bez DPH
Cena zahrnuje oběd (stravenky), slané a sladké občerstvení, nealko nápoje. Na akci se nevztahují žádné slevy, cena 9 999,- Kč bez DPH je konečná.

Lokalita:

Microsoft Czech Republic and Slovakia

Vyskočilova 1561/4a  140 00 Praha 4

Microsoft – zasedací místnost Morava

autobus č. 118, 124, 170 – zastávky Vyskočilova / Brumlovka

Audience

Network administrators, infrastructure architects, security professionals, systems engineers, network administrators, IT professionals, security consultants and other people responsible for implementing network and perimeter security.
Speaker
Paula Januszkiewicz, the CEO of CQURE is a world-renowned Security Expert. Paula loves to perform Penetration Tests, IT Security Audits, and after all she says: ‘harden’em all’! Enterprise Security MVP and trainer (MCT) and Microsoft Security Trusted Advisor. Harvard Business School, Executive MBA Graduate with source code of Windows. Paula is a top-speaker at world known conferences, including being No 1 speaker at Microsoft Ignite!
Materials
Authors’ unique tools, presentation slides with notes, seminar instructions.
Note:
Security Day is seminar BYOD type (nothing pre-installed is needed, no virtual labs), students will have an opportunity to follow Paula’s live hacking demos and after the Security Day participants receive certificate and recognition from world renowned CQURE Academy. There is a recommendation to participants to have some knowledge of security concepts, such as operating system services and architecture. However, all required concepts will be covered throughout the Security Day.

Certification

At the end participants will receive the online Certificate of attendance signed by the CQURE Speaker.

Program:

08:30 - 09:00 Registration
09:00 - 10:00 Module 1
10:00 - 10:15 Coffee break (drinks & snack)
10:15 - 11:15 Module 2
11:15 - 12:15 Lunch
12:15 - 13:15 Module 3
13:15 - 13:30 Coffee break (drinks)
13:30 - 14:30 Module 4
14:30 - 14:45 Coffee break (drinks & snack)
14:45 - 15:45 Module 5
15:45 - 16:00 Coffee break (drinks)
16:00 - 16:30 Module 6

Agenda

Module 1: Defining the Role of Security Solutions in the Infrastructure
This module highlights the role of security in digital transformation initiatives and allows for better understanding of the impact that mobility and cloud have on the organization.
1. Security in hybrid environments
2. Zero trust networks as a new network security paradigm
3. Security management automation
4. Windows Subsystem for Linux
5. Exploit Guard
6. Aspects of security monitoring and incident response

Module 2: The meaning of the Kill-Chain
In Module 2, you will learn techniques used by modern malware. For ransomware and other types of malware observed in the wild, the whole kill chain has changed over years to reach its current form. And your defense should change too.
1. Application Whitelisting (AppLocker, Device Guard)
2. Whitelisting implementation best practices
3. Code signing techniques
4. Hardware supported protection techniques
5. Cloud-based protection against malware
6. Implementing account scoping
7. Good practices for implementing Local Admin Password Solution
8. Cloud based monitoring

Module 3: Identity as a perimeter. Attacks and defense.
This module involves various attacks on identity, mitigations and risk assessment factors.
1. Decrypting passwords from storage locations
2. Credential Guard (Virtual Secure Mode)
3. Multi-factor Authentication
4. Stealing passwords and tokens from OS memory
5. Meaning of SYSTEM and SECURITY registry hives
6. Extracting hashes from SAM and NTDS.dit databases
7. Kerberos and NTLMv2 issues
8. Performing the Pass-The-Hash attack
9. Cached logons (credentials) security
10. Data Protection API (DPAPI) as a foundation for Windows cryptography

Module 4: Implementing threat prevention and detection through a comprehensive platform in the Hybrid environments
In this module you will become familiar with important aspects of cloud security including easy to use solutions, integration with the current environment and monitoring tools.
1. Information Protection issues
2. Classification and protection of data
3. Azure Information Protection
4. Microsoft Operations Management Suite
5. Active Directory and Azure AD security
6. Azure AD Privileged Identity Management
7. Multi Factor Authentication with Azure
8. Cloud Access Security Broker (CASB)
9. Windows Defender Advanced Threat Protection
10. Advanced Threat Analytics
11. Azure Advanced Threat Protection
12. Office Advanced Threat Protection
13. Protecting against virtualization platform issues – Shielded VMs
14. Storage Encryption
15. Azure Key Vault
16. Just Enough Administration
17. Desired State Configuration
18. ESAE: Red Forest
19. Privileged Access Management

Module 5: Securing Monitoring Operations and Forensics
Starting from analysis of available monitoring solutions, ending up with designing the secure monitoring process.
1. Industry Best Practices
2. Critical Security Controls
3. Host, Port and Service Discovery
4. Vulnerability Scanning
5. Monitoring Patching, Applications, Service Logs
6. Detecting Malware via DNS logs
7. Monitoring Change to Devices and Appliances
8. Leveraging Proxy and Firewall Data
9. Configuring Centralized Windows Event
10. Log Collection
11. Monitoring Critical Windows Events
12. Detecting Malware via Windows Event Logs
13. Scripting and Automation
14. Importance of Automation
15. Role of Forensics Analysis in Incident Response
16. Forensic Readiness and Business Continuity
17. Computer Forensics Process
18. Collecting Electronic Evidence
19. Challenging Aspects of Digital Evidence

Module 6: Windows and Cloud Security Summary
Module covers discussion about solutions and implementations with top priorities. In this module we will focus especially on Hybrid environment and its security. Also, on how to combine different solutions on premise and cloud to get the most functionality and flexibility together with high security.

Previous courses

no preceding courses

Next courses

no following course
No data.
The prices are without VAT.