Microsoft Administration and Industrial Cybersecurity

This course is divided into two parts:

Part 1: Getting to grips with Windows administration: covers the basics of managing Windows operating systems, including installation, configuration, maintenance and security of servers and workstations. It aims to provide the skills needed to effectively administer a Windows environment, with an emphasis on best practices and essential tools.

Part 2: Intrusion into the Active Directory environment: Active Directory is the most widely used IT management solution in the world today. This makes it a prime target for attackers, and its compromise a major risk for businesses. Understanding the main levers of attack on this type of environment is therefore essential, both for offensive and defensive teams.

• Understand the fundamentals of Windows systems administration.
• Learn to install and configure Windows servers and workstations.
• Master standard maintenance and repair techniques.
• Implement security measures to protect Windows systems.
• Use Windows management tools and utilities to optimize system performance and reliability.
• Basic mechanisms in the AD environment
• Anonymous intrusion
• Lateral movement and elevation of privileges
• Privileged access and post-operation

Introduction
History of Windows
Internal architecture
Key elements of Windows
Applications and the system

Practical work: Discovering binaries and DLLs. Exploiting a vulnerability to elevate privileges. Manipulating the registry. Manipulating an autostart location. Manipulate services. Generating a BSOD


Windows protection mechanisms

Practical: Updating Windows . Signing binaries and drivers. Volume encryption. Memory analysis. Uninstalling a patch


Managing local accounts

Practical: User privileges. Attacking the lsass.exe process . On-the-fly code injection. Offline modification of SAM database. Password cracking using Rainbow table
Practical: Reading an offline file. Recovering a deleted fileThe NTFS file system


Network Infrastructure
Practical: Creating an AD domain. Create an AD user. Create a file share. Integrate a workstation into the AD
Malware

Practical: Recover application passwords. Cleaning up ranconware. Process explorer and Virus Total




Part 2 introduces the Cybersecurity of industrial systems:

Definition of the different types of industrial systems.
Composition of an industrial system
PLC programming languages
Protocols and fieldbuses
Standard architecture and operating safety

This module focuses on Microsoft administration tools, and in a broader perspective, on the cybersecurity of industrial systems.