Detailed Course Outline
Module 1:Windows Internals & System Architecture
- Introduction to the Windows 10 and Windows Server 2019 security concepts
- Architecture overview and terms
- Key System Components
- Advanced Local Procedure Call
- Information gathering techniques
Module 2: Process and Thread Management
- Process and thread internals
- Protected processes
- Process priority management
- Examining Thread Activity
- Process and thread monitoring and troubleshooting techniques (advanced usage of Process Explorer, Process Monitor, and other tools)
Module 3: System Security Mechanisms
- Integrity Levels
- Session Zero
- Privileges, permissions and rights
- Passwords security (techniques for getting and cracking passwords)
- Registry Internals
- Monitoring Registry Activity
- Driver signing (Windows Driver Foundation)
- User Account Control Virtualization
- System Accounts and their functions
- Boot configuration
- Services architecture
- Access tokens
- Biometric framework for user authentication
Module 4: Debugging & Auditing
- Available debuggers
- Working with symbols
- Windows Global Flags
- Process debugging
- Kernel-mode debugging
- User-mode debugging
- Setting up kernel debugging with a virtual machine as the target
- Debugging the boot process
- Crash dump analysis
- Direct Kernel Object Manipulation
- Finding hidden processes
- Rootkit Detection
Module 5: Memory Analysis
- Memory acquisition techniques
- Finding data and activities in memory
- Step-by-step memory analysis techniques
- Tools and techniques to perform memory forensic
Module 6: Storage Management
- Securing and monitoring Files and Folders
- Protecting Shared Files and Folders by Using Shadow Copies
- Implementing Storage Spaces
- Implementing iSCSI
- Implementing FSRM, managing Quotas, File Screens, and Storage Reports
- Implementing Classification and File Management Tasks, Dynamic Access Control
- Configuring and troubleshooting Distributed File System
Module 7: Startup and Shutdown
- Boot Process overview
- BIOS Boot Sector and Bootmgr vs. the UEFI Boot Process
- Booting from iSCSI
- Smss, Csrss, and Wininit
- Last Known Good configuration
- Safe Mode capabilities
- Windows Recovery Environment (WinRE)
- Troubleshooting Boot and Startup Problems
Module 8: Infrastructure Security Solutions
- Windows Server Core Improvements in Windows Server 2019
- AppLocker implementation scenarios
- Advanced BitLocker implementation techniques (provisioning, Standard User Rights and Network Unlock﴿
- Advanced Security Configuration Wizard
- IPSec
- Advanced GPO Management
- Practicing Diagnostic and Recovery Toolkit
- Tools
Module 9: Layered Network Services
- Network sniffing techniques
- Fingerprinting techniques
- Enumeration techniques
- Networking Services Security (DNS, DHCP, SNMP, SMTP and other)
- Direct Access
- High Availability features: cluster improvements and SMB ﴾Scale – Out File Server)
- Network Load Balancing
Module 10: Monitoring and Event Tracing
- Windows Diagnostic Infrastructure
- Building auditing
- Expression‐based audit policies
- Logging Activity for Accounts and processes
- Auditing tools, techniques and improvements
- Auditing removable storage devices
Module 11: Points of Entry Analysis
- Offline access
- Kali Linux /other tools vs. Windows Security
- Unpatched Windows and assigned attacks
- Domain Controller attacks
- Man‐in‐the Middle attacks
- Services security
