Defensive Security, Offensive Security

CA403: Windows Security

  • Flexible Schedule

Course authored by:

Perparim Mjeku, Rinor Shehu, Altin Gashi

Pay now

39 Hours of Instruction

Includes lectures, guest speakers, and Q&A sessions

Hands-on
labs

18 Labs

Live Online or On-Demand Access

Join weekly synchronous sessions or access all material and recorded lectures anytime

Intermediate Level

Developing practical skills and deepening understanding of core concepts

Course Materials

Available after purchase

Course Overview

Windows security is not about using tools it is about understanding the operating system at a level where you can defend and control it under real attack conditions. Practical capability in securing Windows environments from the inside out is built across four focused sections. You will explore core architecture, including user mode and kernel mode, and how privilege separation enforces system integrity. The course examines key components such as processes, threads, services, the Registry, and file systems, alongside administrative tools like Command Prompt, PowerShell, Task Manager, and Event Viewer for hands-on analysis. Security mechanisms including access tokens, permissions, UAC, and authentication systems such as Active Directory and Kerberos are applied in realistic scenarios. You will also analyze common vulnerabilities, misconfigurations, and attack techniques like credential theft and privilege escalation. Expect technical depth and operational focus by the end, you will be able to analyze, secure, and defend Windows systems in real-world environments.

What You’ll Learn

Build practical skills to analyze, manage, and secure Windows systems

  • Understand Windows architecture (kernel mode vs user mode)
  • Work with Command Prompt and PowerShell for system administration
  • Manage processes, threads, and system resources effectively
  • Configure and secure the Windows Registry and file systems (NTFS)
  • Apply the Windows security model (tokens, permissions, integrity levels)
  • Use tools like Task Manager, Event Viewer, and Performance Monitor
  • Understand authentication with Active Directory and Kerberos
  • Detect and analyze process injection and privilege escalation techniques
  • Identify vulnerabilities, exploits, and system misconfigurations
  • Implement security controls such as UAC, BitLocker, and Defender Firewall

Business Takeaways

Translate Windows security knowledge into operational and organizational value

  • Reduce risk of system compromise through proper configuration and monitoring
  • Strengthen endpoint security across enterprise environments
  • Improve incident detection using logs, system tools, and monitoring
  • Enhance identity and access control using Active Directory
  • Prevent credential-based attacks and privilege escalation threats
  • Ensure compliance with security standards and internal policies
  • Minimize downtime caused by malware or system misconfigurations
  • Support secure IT operations in corporate and government infrastructures

Syllabus: 5 Sections to Transformation

The CA403 program takes you inside the Windows operating system, exposing how it works, how it’s managed, and how it’s attacked in real environments. You progress from core system internals to automation, security controls, and enterprise-level identity systems like Active Directory.

syllabus overview

download full syllabus

Justify Training to Your Manager

download the letter

section 1

FOUNDATIONS: WINDOWS CORE & SYSTEM BOOT

Understand how Windows is built internally and how the system initializes securely.
Focus on architecture, system interaction, and the full boot lifecycle.

TOPICS COVERED

  • Windows architecture (kernel vs user mode, hypervisor basics)
  • Windows Fundamentals
  • Command Line Interface (CLI) and system tools
    GUI and system apps overview
  • Boot process (BIOS, UEFI, Bootmgr)
  • Startup and Shutdown
  • Secure Boot and Windows Recovery Environment (WinRE)
  • Shutdown mechanisms and system states

LABS

  • Windows simple commands
  • Managing Windows permissions with CLI
  • Defragmenting Disk

section 2

SYSTEM DATA: STORAGE, FILE SYSTEM & REGISTRY

Learn how Windows stores, organizes, and protects system and user data.
Focus on file systems, encryption, and system configuration internals.

TOPICS COVERED

  • Disk types (basic, dynamic) and storage spaces
  • Storage Management
  • File handling and deletion behavior
  • Encryption methods (BitLocker, data protection)
  • NTFS file system structure and tools
  • File System
  • Windows Registry architecture and hives
  • Windows services and Service Control Manager (SCM)

LABS

  • Reset Windows Password with Utilman & Sticky Keys
  • NTFS Permissions & File Security
  • BitLocker
  • EventViewer

section 3

EXECUTION & AUTOMATION: PROCESSES, SECURITY MODEL & POWERSHELL

Understand how Windows runs programs and enforces security controls.
Develop automation skills using PowerShell and system-level scripting.

TOPICS COVERED

  • Processes, threads, and execution models
  • Processes and Threads
  • Windows security model (SID, tokens, ACLs)
  • User Account Control (UAC) and integrity levels
  • Process attacks (injection, token manipulation)
  • PowerShell fundamentals and scripting
  • PowerShell
  • Windows networking basics and firewall profiles

LABS

  • Scripting Fundamentals
  • Loops and Iterations
  • Useful Scripts
  • Windows Firewall

section 4

ENTERPRISE SECURITY: ACTIVE DIRECTORY & ATTACK TECHNIQUES

Move into enterprise-level security and identity management.
Focus on authentication systems and domain environments.

TOPICS COVERED

  • Active Directory structure (domains, OUs, groups)
  • Domain Controllers
  • Group Policy Objects (GPOs)
  • Kerberos authentication process
  • Network authentication flow basics

LABS

  • Installing Active Directory
  • Join a PC to Active Directory
  • Working with AD

section 5

ENTERPRISE SECURITY: ACTIVE DIRECTORY & ATTACK TECHNIQUES

Apply knowledge to real-world attack scenarios and security weaknesses.
Understand exploitation techniques and privilege escalation risks.

TOPICS COVERED

  • Credential attacks (Pass-the-Hash, Pass-the-Ticket)
  • Kerberos attacks (Golden/Silver tickets)
  • Exploits (EternalBlue, Mimikatz basics)
  • Vulnerabilities, Exploits and
  • Misconfigurations
  • Misconfigurations and privilege escalation risks
  • Security implications across system components

LABS

  • Windows exploits and vulnerabilities
  • Kerberos Ticket Attack
  • EternalBlue & Mimikatz
  • Windows Post Exploit

Course Schedule
& Pricing

Looking for Group Purchase Options? See below

Next Start Date

March 5, 2026

Duration

14 Weeks Intensive

Format

Live with Zoom Meeting

What's Included

  • Hands-on Cyber Range Access
  • Expert Instructor-Led Training
  • Hands-on Cyber Range Access
  • Expert Instructor-Led Training

499€

Seats Filling Fast for January 2026

Location

Start Date

Start Time

Prishtina, Kosovo

March 20, 2026

10:30 AM (CEST)

Enlist now

Prishtina, Kosovo

April 15, 2026

4:30 PM (CEST)

Enlist now

Prishtina, Kosovo

May 10, 2026

11:00 AM (CEST)

Enlist now

Next Start Date

March 5, 2026

Duration

14 Weeks Intensive

Format

Live with Zoom Meeting

What's Included

  • Hands-on Cyber Range Access
  • Expert Instructor-Led Training
  • Hands-on Cyber Range Access
  • Expert Instructor-Led Training

499€

Seats Filling Fast for January 2026

Location

Start Date

Start Time

Prishtina, Kosovo

March 20, 2026

10:30 AM (CEST)

Enlist now

Prishtina, Kosovo

April 15, 2026

4:30 PM (CEST)

Enlist now

Prishtina, Kosovo

May 10, 2026

11:00 AM (CEST)

Enlist now

Next Start Date

March 5, 2026

Duration

14 Weeks Intensive

Format

Live with Zoom Meeting

What's Included

  • Hands-on Cyber Range Access
  • Expert Instructor-Led Training
  • Hands-on Cyber Range Access
  • Expert Instructor-Led Training

499€

Seats Filling Fast for January 2026

Location

Start Date

Start Time

Prishtina, Kosovo

March 20, 2026

10:30 AM (CEST)

Enlist now

Prishtina, Kosovo

April 15, 2026

4:30 PM (CEST)

Enlist now

Prishtina, Kosovo

May 10, 2026

11:00 AM (CEST)

Enlist now

Frequently Asked Questions

Mission-critical information for prospective operatives

Why is Windows a major target for cyber attacks?

Windows is widely used across enterprise environments, government systems, and corporate networks, making it a high-value target. Attackers focus on Windows because compromising it can provide access to Active Directory, credentials, and entire network infrastructures.

This course covers critical attack techniques used in real breaches, including credential dumping with tools like Mimikatz, Pass-the-Hash and Pass-the-Ticket attacks, Kerberos abuse such as Golden Ticket and Silver Ticket, and exploiting vulnerabilities like EternalBlue.

Attackers often move from low privilege to full system control by abusing token manipulation and impersonation, process injection techniques such as DLL injection and process hollowing, misconfigured services and permissions, and weak access control lists (ACLs).

Detection relies heavily on Event Logs, especially Security logs for login attempts and privilege use, monitoring processes and system behavior, PowerShell logging and command tracking, and indicators like unusual authentication patterns or process injection.

Windows includes built-in defenses such as User Account Control (UAC) and integrity levels, Windows Defender Firewall and endpoint protections, Virtualization-Based Security (VBS) and Credential Guard, and Secure Boot and driver signing enforcement.

0
    Your Cart
    Your cart is empty