Detailed Course Outline
Module 1: Securing Windows Platform: Windows 11 & Windows Server 2022
- Defining and disabling unnecessary services
- Implementing rights, permissions and privileges
- Code signing
- Implementing secure service accounts
Module 2: Hardening Active Directory Infrastructure
- Modern Identity Attack Techniques
- Preventing Credential Theft and Misuse
- Recommended AD Configuration Options
- OS-Level Credential Protection Features: LSA Protected Process, Credential Guard, and RDP Restricted Admin Mode
- Detecting Backdoors in Active Directory
Module 3: Cloud-based incident response in Azure and Microsoft 365
- Azure&O365 cloud security challenges
- Zero Trust principles and architecture
- Incident response management process
- Cyber kill chain process
- Hunting through attack chain
- Azure monitor
- Azure incident response – best practices
Module 4: Detecting and hunting for malware activities and prevention
- Intro to malware and malware functionalities
- Hunting for malware C&C communication in network activities
- Hunting for malware behaviour in Sysmon logs
- Creating a Yara rule for malware family of a suspicious functionality
Module 5: Implementing Privileged Access Workstations
- Privileged Access Workstations – how and why?
- Different hardware and VM solutions for implementing PAWs
- Difference between normal and privileged
- Implementing and Managing On-prem PAWs
- Implementing and Managing Cloud-service PAWs
Module 6: Advancing at PowerShell for security and administration
- PowerShell security and specific hacktools (like DSInternals)
- Advanced PowerShell course
- Auditing Active Directory using PowerShell
Module 7: Everything you need to know about application whitelisting
- Whitelisting in general
- Implementing AppLocker
- Managing AppLocker
- Troubleshooting AppLocker
Module 8: High priority security features in Azure
- Managing identity and access in Microsoft Entra ID
- Network security
- Microsoft Purview data protection
- Microsoft Defender for Cloud
- Application security
Module 9: Securing monitoring of SQL Server to feed SIEM solutions
- SQL Server security baseline concepts
- SQL Server instance security
- Managing logins & passwords
Module 10: Techniques for effective automation with PowerShell
- Navigating execution policies: picking the right security strategy
- PowerShell language modes: locking down your scripts
- Fortify your scripts: the power of digital signatures
- Restricting execution permissions: enforcing least privilege for scripts
- Protecting sensitive information: secure secrets management in PowerShell
- AMSI: Defending against malicious code with PowerShell
- Comprehensive logging: auditing and monitoring your PowerShell scripts
Module 11: Threat hunting with AI support
- Introduction to threat hunting and AI in cybersecurity
- Leveraging AI to detect anomalies and threats
- Automating threat hunting with machine learning
- Using AI-powered tools for real-time threat detection
Module 12: Cyber threat intelligence
- Threat Intelligence, Assessment and Threat Modeling
- Open-Source Intelligence Tools and Techniques
- Patterns of Attack
Module 13: Mastering monitoring operations in Azure
- Microsoft 365 Security from SOC Analyst perspective
- Microsoft 364 Defender for Endpoint – EDR story
- Detection and response with Sentinel – Let’s attack Contoso network
Module 14: Boosting your penetration testing skills
- From zero to domain admin almost always working exploitation techniques and discovery
- Advanced network penetration testing
- Bypassing modern security controls
- Reporting and remediation strategies in penetration testing
Module 15: Defending against threats with SIEM Plus XDR
- Intro with Unified Security Operation with Defender XDR, Microsoft Sentinel and Security Copilot in the Defender XDR portal
- Configuring and managing Microsoft Defender XDR and integration with Defender Family
- Configuring and managing Microsoft Sentinel
- Configuring and managing Security Copilot
- Automated investigation and incident response with Microsoft Sentinel, Microsoft Defender XDR and Security Copilot
- Automatic attack disruption in Microsoft Defender XDR and SOC optimization
- Threat Hunting through attack chain with Defender XDR
Module 16: Implementing Secure Entra ID
- Entra ID security settings
- Entra ID identity protection
- Entra ID privileged identity management (PIM)
- Entra ID password protection
