Masterclass: Windows Infrastructure Pen-testing Training

  • Learn via: Virtual Classroom
  • Duration: 3 Days
  • Download PDF
  • We can host this training at your preferred location. Contact us!

You will enjoy it! The course teaches strategy and advance techniques for performing internal infrastructure penetration testing in highly secure Windows infrastructure. Our course has been developed around professional penetration testing and security awareness in the business and IT fields. To make sure that all participants gain the necessary infrastructure security concepts and knowledge, our classes have an intensive hands-on labs format. 


We have gathered knowledge from top worldwide known experts and combine their skills to prepare unique content allowing you to prepare for performing penetration testing or read team exercise for your organization.


Every exercise is supported with lab instructions and multiple tools, both traditional and specialized. CQURE trainers recommend students have some knowledge of security concepts, such as operating system services and architecture. However, all required concepts will be covered throughout the course. 


Paula says: Penetration Test combines a lot of components that make a test to be a bit more professional. Starting with report templates, attitude, being legal and first steps, ending up with great tools and techniques. This course is fun but with a value! 

Pen-testers, read teamers, Windows network administrators, security professionals, systems engineers, IT professionals, security consultants and other people responsible for implementing infrastructure security.

Module 1: Evolution of Hacking 

• Evolution of vulnerabilities 

• Persistent Threats 

• Malware evolution 

• Modern Attack Techniques 


Module 2: Penetration testing methodology 

• Reconnaissance 

• Enumeration 

• Exploitation 

• Privilege escalation 

• Lateral movement 

• Persistency 

• Reporting and cleanup 


Module 3: Reconnaissance and enumeration 

• Open Source Intelligence 

• Google Hacking 

• DNS enumeration 

• Network scanning 

• Service discovery 

• IPS/IDS consideration and handling 

• 802.1x bypass 


Module 4: OS Security and elevation of privileges 

• Services Security 

• Permissions and Privileges 

• Offline Attacks 

• DPAPI Attacks with custom CQURE Tools 

• Cached Logons Attacks with custom CQURE Tools 

• Exploiting a lack of access controls 

• Application whitelisting bypass 


Module 5: Identity attacks and lateral movement 

• Pass-The-Hash Attacks 

• Pass-The-Ticket Attacks 

• Kerberoasting 

• DCSync 

• DCShadow 

• Smb Relay 


Module 6: Common service attacks 

• Microsoft SQL Server attacks 

• PKI misconfiguration detection and attacks 

• Compromising Web Server 

• Active Directory Security 

• Print server security 


Module 7: Tampering with Communication 

• Wireless Protocols Security 

• NetBIOS Spoofing 

• SMB Security 

• LLMNR 

• HTTP/HTTPS 


Module 8: AV bypass and evasion techniques 

• Malicious Files Execution 

• Anti-antimalware techniques 

• Non-exe Malware 

• File-less malware techniques 

• SIEM and PAM consideration 


Module 9: Legal Issues 

• Paperwork 

• Reporting 

• Responsibility 

• White hat ethics 



Contact us for more detail about our trainings and for all other enquiries!