Windows Exploits and Forensics : Windows Environments


Overview/Description
Expected Duration
Lesson Objectives
Course Number
Expertise Level


Overview/Description

As a security operations person, you'll need to tailor your methods to suit the operating system your working with. This course covers some of the core competencies required to conduct offensive security operations against a Windows environment.

Throughout this course, you'll learn how to recognize the differences between various Windows versions. You'll examine the role of intrusion detection systems (IDS) and intrusion prevention systems (IPS) in a Windows environment. You'll then learn about the MITRE ATT&CK framework and how it relates to Windows intrusions and identify the different Windows logging mechanisms.

Next, you'll practice using event logging, basic PowerShell commands, and the Windows Registry. You'll then explore how the Windows hashing algorithm works and practice cracking an NTLM hash value. Lastly, you'll investigate different data artifacts within Windows and outline how best to work with Active Directory and Kerberos.



Expected Duration (hours)
1.5

Lesson Objectives

Windows Exploits and Forensics : Windows Environments

  • discover the key concepts covered in this course
  • recognize the standard security features and controls placed on Windows hosts
  • identify different Windows Server operating systems and their various uses within the environment
  • recognize the role of intrusion detection systems (IDS) and intrusion prevention systems (IPS) within a Windows environment
  • outline the MITRE ATT&CK framework and how it relates to Windows intrusions
  • identify the location of command Windows-based logs and the event viewer
  • view Windows event logging in action
  • name the various user and service accounts within a Windows Active Directory environment
  • use basic Windows and PowerShell commands
  • outline how NTFS and Active Directory permissions work and some of their common misconfigurations
  • describe the hashing algorithm used to store Windows passwords
  • crack an NTLM hash value using several tools
  • use the Windows Registry and recognize the different artifacts contained within
  • list and describe various artifacts created within the Windows operating system
  • outline how Kerberos works and some common Active directory misconfigurations
  • summarize the key concepts covered in this course

    • Course Number:
    it_cywexfdj_02_enus

    Expertise Level
    Beginner