This course is a live, online certification
program divided into 16 modules and
spread over 12 months.
All workshops are interactive and demo-intensive
and eventually equip you with essential
cybersecurity skills for Windows systems. Everything
based on the newest content to give you relevant
industry knowledge.
The syllabus covers the following topics: securing the Windows platforms, Hardening Active
Directory infrastructure, Cloud-based incident response in Azure and Microsoft 365, Detecting and
hunting for malware activities and prevention, Implementing privileged access workstations,
Advancing PowerShell for security and administration, Everything you need to know about
application whitelisting, High-priority security features in Azure, Secure monitoring of
SQL Server integrated with SIEM solutions, Techniques for effective automation with PowerShell,
Threat hunting supported by AI, Cyber threat intelligence, Mastering monitoring operations in
Azure, Boosting penetration testing skills, Defending against threats using SIEM and XDR, and
Implementing secure Entra ID.
Last but not least, you get to learn from some of the best cybersecurity specialists in their field: Paula
Januszkiewicz, Mike Jankowski-Lorek, PhD, Michael Grafnetter, Uroš Babić, Amr Thabet, Sami Laiho,
Damian Widera, Arnaud Petitjean and Piotr Pawlik.
Module 1: Securing Windows Platform: Windows 11 & Windows Server 2022
Date: January 30th
Instructor: Mike Jankowski-Lorek, PhD
- Defining and disabling unnecessary services
- Implementing rights, permissions and privileges
- Code signing
- Implementing secure service accounts
Module 2: Hardening Active Directory Infrastructure
Date:February 27th
Instructor: Michael Grafnetter
- Modern Identity Attack Techniques
- Preventing Credential Theft and Misuse
- Recommended AD Configuration Options
- OS-Level Credential Protection Features: LSA Protected Process, Credential Guard, and RDP
Restricted Admin Mode
- Detecting Backdoors in Active Directory
Module 3: Cloud-based incident response in Azure and Microsoft 365
Date: March 13th
Instructor: Uroš Babić
- Azure&O365 cloud security challenges
- Zero Trust principles and architecture
- Incident response management process
- Cyber kill chain process
- Hunting through attack chain
- Azure monitor
- Azure incident response – best practices
Module 4: Detecting and hunting for malware activities and prevention
Date: March 27th
Instructor: Amr Thabet
- Intro to malware and malware functionalities
- Hunting for malware C&C communication in network activities
- Hunting for malware behaviour in Sysmon logs
- Creating a Yara rule for malware family of a suspicious functionality
Module 5: Implementing Privileged Access Workstations
Date: April 24th
Instructor: Sami Laiho
- Privileged Access Workstations – how and why?
- Different hardware and VM solutions for implementing PAWs
- Difference between normal and privileged
- Implementing and Managing On-prem PAWs
- Implementing and Managing Cloud-service PAWs
Module 6: Advancing at PowerShell for security and administration
Date: May 29th
Instructor: Michael Grafnetter
- PowerShell security and specific hacktools (like DSInternals)
- Advanced PowerShell course
- Auditing Active Directory using PowerShell
Module 7: Everything you need to know about application whitelisting
Date: June 12th
Instructor: Sami Laiho
- Whitelisting in general
- Implementing AppLocker
- Managing AppLocker
- Troubleshooting AppLocker
Module 8: High priority security features in Azure
Date: June 26th
Instructor: Uroš Babić
- Managing identity and access in Microsoft Entra ID
- Network security
- Microsoft Purview data protection
- Microsoft Defender for Cloud
- Application security
Module 9: Securing monitoring of SQL Server to feed SIEM solutions
Date: July 31st
Instructor: Damian Widera
- SQL Server security baseline concepts
- SQL Server instance security
- Managing logins & passwords
Module 10: Techniques for effective automation with PowerShell
Date: August 28th
Instructor: Arnaud Petitjean
- Navigating execution policies: picking the right security strategy
- PowerShell language modes: locking down your scripts
- Fortify your scripts: the power of digital signatures
- Restricting execution permissions: enforcing least privilege for scripts
- Protecting sensitive information: secure secrets management in PowerShell
- AMSI: Defending against malicious code with PowerShell
- Comprehensive logging: auditing and monitoring your PowerShell scripts
Module 11: Threat hunting with AI support
Date: September 11th
Instructor: Paula Januszkiewicz
- Introduction to threat hunting and AI in cybersecurity
- Leveraging AI to detect anomalies and threats
- Automating threat hunting with machine learning
- Using AI-powered tools for real-time threat detection
Module 12: Cyber threat intelligence
Date: September 25th
Instructor: Paula Januszkiewicz; Mike Jankowski-Lorek, PhD; Piotr Pawlik
- Threat Intelligence, Assessment and Threat Modeling
- Open-Source Intelligence Tools and Techniques
- Patterns of Attack
Module 13: Mastering monitoring operations in Azure
Date: October 30th
Instructor: Piotr Pawlik
- Microsoft 365 Security from SOC Analyst perspective
- Microsoft 364 Defender for Endpoint – EDR story
- Detection and response with Sentinel – Let’s attack Contoso network
Module 14: Boosting your penetration testing skills
Date: November 13th
Instructor: Paula Januszkiewicz
- From zero to domain admin almost always working exploitation techniques
and discovery
Advanced network penetration testing
Bypassing modern security controls
Reporting and remediation strategies in penetration testing
Module 15: Defending against threats with SIEM Plus XDR
Date: November 27th
Instructor:Uroš Babić
- Intro with Unified Security Operation with Defender XDR, Microsoft Sentinel and Security
Copilot in the Defender XDR portal
- Configuring and managing Microsoft Defender XDR and integration with
Defender Family
- Configuring and managing Microsoft Sentinel
- Configuring and managing Security Copilot
- Automated investigation and incident response with Microsoft Sentinel, Microsoft Defender
XDR and Security Copilot
- Automatic attack disruption in Microsoft Defender XDR and SOC optimization
- hreat Hunting through attack chain with Defender XDR
Module 16: Implementing Secure Entra ID
Date: December 11th
Instructor: Piotr Pawlik
- Entra ID security settings
- Entra ID identity protection
- Entra ID privileged identity management (PIM)
- Entra ID password protection