Masterclass: Windows Infrastructure Pen-testing Training

  • Learn via: Virtual Classroom
  • Duration: 3 Days
  • Price: Please contact for booking options
We can host this training at your preferred location. Contact us!

You will enjoy it! The course teaches strategy and advance techniques for performing internal infrastructure penetration testing in highly secure Windows infrastructure. Our course has been developed around professional penetration testing and security awareness in the business and IT fields. To make sure that all participants gain the necessary infrastructure security concepts and knowledge, our classes have an intensive hands-on labs format. 

We have gathered knowledge from top worldwide known experts and combine their skills to prepare unique content allowing you to prepare for performing penetration testing or read team exercise for your organization.

Every exercise is supported with lab instructions and multiple tools, both traditional and specialized. CQURE trainers recommend students have some knowledge of security concepts, such as operating system services and architecture. However, all required concepts will be covered throughout the course. 

Paula says: Penetration Test combines a lot of components that make a test to be a bit more professional. Starting with report templates, attitude, being legal and first steps, ending up with great tools and techniques. This course is fun but with a value! 

Pen-testers, read teamers, Windows network administrators, security professionals, systems engineers, IT professionals, security consultants and other people responsible for implementing infrastructure security.

Module 1: Evolution of Hacking 

• Evolution of vulnerabilities 

• Persistent Threats 

• Malware evolution 

• Modern Attack Techniques 

Module 2: Penetration testing methodology 

• Reconnaissance 

• Enumeration 

• Exploitation 

• Privilege escalation 

• Lateral movement 

• Persistency 

• Reporting and cleanup 

Module 3: Reconnaissance and enumeration 

• Open Source Intelligence 

• Google Hacking 

• DNS enumeration 

• Network scanning 

• Service discovery 

• IPS/IDS consideration and handling 

• 802.1x bypass 

Module 4: OS Security and elevation of privileges 

• Services Security 

• Permissions and Privileges 

• Offline Attacks 

• DPAPI Attacks with custom CQURE Tools 

• Cached Logons Attacks with custom CQURE Tools 

• Exploiting a lack of access controls 

• Application whitelisting bypass 

Module 5: Identity attacks and lateral movement 

• Pass-The-Hash Attacks 

• Pass-The-Ticket Attacks 

• Kerberoasting 

• DCSync 

• DCShadow 

• Smb Relay 

Module 6: Common service attacks 

• Microsoft SQL Server attacks 

• PKI misconfiguration detection and attacks 

• Compromising Web Server 

• Active Directory Security 

• Print server security 

Module 7: Tampering with Communication 

• Wireless Protocols Security 

• NetBIOS Spoofing 

• SMB Security 



Module 8: AV bypass and evasion techniques 

• Malicious Files Execution 

• Anti-antimalware techniques 

• Non-exe Malware 

• File-less malware techniques 

• SIEM and PAM consideration 

Module 9: Legal Issues 

• Paperwork 

• Reporting 

• Responsibility 

• White hat ethics 

Contact us for more detail about our trainings and for all other enquiries!

Upcoming Trainings

Join our public courses in our Istanbul, London and Ankara facilities. Private class trainings will be organized at the location of your preference, according to your schedule.

Classroom / Virtual Classroom
07 April 2024
Istanbul, Ankara, London
3 Days
Classroom / Virtual Classroom
19 May 2024
Istanbul, Ankara, London
3 Days
By using this website you agree to let us use cookies. For further information about our use of cookies, check out our Cookie Policy.