Workshop

Windows Attack, Defense & Hardening

March 16th, 17th & 18th

3 days training by Orange Cyberdefense Switzerland
This training will be given in ENGLISH

Normal price: CHF 3000.

Workshop with certification (35 credit hours)

Description

Think like an attacker. Defend like a professional.

Modern Windows environments remain a prime target for attackers — and too often, misconfigurations rather than zero-days are the real entry point. This hands-on workshop immerses participants in the mindset, techniques, and tooling used by today’s attackers, while continuously bridging the gap between offense and defense.

Designed for pentesters and system security administrators, the course walks through the full attack chain in a realistic Active Directory environment, from initial network access to full domain compromise, and systematically introduces practical, actionable hardening strategies to mitigate each attack vector.

Rather than simply listing vulnerabilities, the workshop emphasizes decision-making: how to prioritize fixes, assess operational impact, and strengthen Windows environments without breaking production systems.

Hands-on approach

This is a highly practical workshop. Each concept is demonstrated through real-world attack scenarios and immediately applied through guided labs. Participants will actively perform attacks, analyze their impact, and implement defensive measures while gaining skills they can transfer directly to their daily work.

About the trainer

This workshop is delivered by a trio of senior pentesting engineers with over 30 years of combined experience in offensive and defensive security, specializing in Windows and Active Directory environments.

Julien Oberson

Julien is an IT security professional with 13 years of experience. He began his career in 2013 as a scientific collaborator at the Fribourg Engineering College, working on critical infrastructure security projects. He joined the SCRT Pentesting team in 2015 and is now Head of the Offensive Security Division.
Julien has led numerous Red Team exercises and conducted assessments across Windows, Linux, web, mobile, and OT environments. In addition to pentesting, he is an experienced trainer for Orange Cyberdefense and a forensic analyst.

Follow the instructor

Clément Labro

Clément has 10 years of experience in IT security. After starting as a network engineer, he transitioned into security engineering and joined SCRT in 2020. His expertise lies in Windows security, vulnerability research, and exploit development.
He is the maintainer of PrivescCheck, a widely used Windows privilege escalation enumeration tool leveraged by both pentesters and system administrators, and regularly publishes research and tools on his blog and GitHub.

Follow the instructor

Mastodon

Florian Audon

Florian has 7 years of experience in IT and security. He began as a network and security engineer before moving into pentesting in 2020 and joining SCRT in 2022. His focus is on Windows internals, internal audits, and EDR evasion, with ongoing research into Windows architecture and hardening strategies to address evolving security challenges.

Follow the instructor

Course outline

Course Outline

From Network Access to Initial Compromise

Windows network protocol poisoning (LLMNR, NetBIOS, DHCPv6)
Initial network discovery and AD mapping (Nmap)

Active Directory Enumeration

AD enumeration (BloodHound, PingCastle)
Kerberos authentication fundamentals
Password extraction techniques (GPP passwords, Kerberoasting, AS-REP Roasting)

Lateral Movement & Privilege Escalation

Kerberos delegation (unconstrained, constrained, resource-based)
NTLM authentication and cross-protocol relay attacks
Machine account coercion (Printer Bug, PetitPotam, NTLMRelayX)

Credential Access & Key Asset Compromise

Windows credential storage (SAM, LSA secrets, LSASS, etc.)
From RDP access to local and domain administrator
Abusing AD CS and service impersonation privileges

Domain Compromise & Persistence

Domain credential storage
Kerberos Silver and Golden Tickets
Inter-domain privilege escalation

Hardening & Defensive Strategy

Reviewing potential side effects using event logs
Fixing common misconfigurations (broadcast protocols, relay attacks, credential exposure)
Building a realistic hardening roadmap without disrupting operations

Course requirements

Workshop level

Intermediate

Who should attend

System administrators
Security engineers
Blue team members
Pentesters looking to strengthen defensive understanding

Key takeways

After this workshop, participants will:

Understand how modern Windows and AD attacks unfold in real environments
Be able to detect, prevent, and mitigate common attack paths
Know how to prioritize remediation efforts and assess their operational impact
Walk away with practical techniques they can immediately apply in production

Prerequisites

Some experience with Windows environments (recommended)
Comfortable with the command line (recommended)

Hardware materials

A laptop with an SSH and RDP client.