Windows Deep Dive
RCCE students will learn Windows endpoint security including OS hardening, Group Policy configuration, Windows Defender features, registry security, PowerShell security, and Windows logging architecture. RCCE students will learn to harden Windows operating systems following CIS Benchmarks and STIG guidelines, configure Group Policy for security enforcement, manage Windows Defender Antivirus, Firewall, and Exploit Guard, secure PowerShell execution environments, implement Windows event log collection for security monitoring, detect and investigate Windows-based attacks including credential theft, lateral movement, and persistence techniques, and manage Windows security updates and patch deployment. This deep-dive course provides comprehensive technical coverage that goes beyond surface-level understanding. At an expert level, RCCE students will learn to master the nuances, edge cases, and advanced configurations that separate competent practitioners from true experts. Students will engage with complex real-world scenarios and gain the depth of knowledge required to troubleshoot difficult situations, mentor junior team members, and make architectural decisions with confidence.
- Endpoint Security Engineers and EDR Analysts
- Windows and macOS Administrators managing privileges
- Identity and Access Management Engineers
- IT Security Operations Leads reducing attack surface
- Professionals implementing Windows Deep Dive
- Execute hands-on tasks for windows deep dive
- Execute hands-on tasks for hardening & configuration — covering Master CIS Benchmarks and STIG guidelines, Group Policy for enforcement.
- Execute hands-on tasks for master cis benchmarks and stig guidelines — covering Group Policy for enforcement.
- Monitor and audit privilege usage; detect escalation attempts, including Deploy Windows Defender suite fully, and event log collection.
- Execute hands-on tasks for deploy windows defender suite fully — covering event log collection.
- Execute hands-on tasks for powershell & scripting security — covering Lock down execution environments, Enable transcription and logging.
- Execute hands-on tasks for patch & update management — covering Deploy WSUS and Windows Update policies, update compliance at scale.
- Execute hands-on tasks for deploy wsus and windows update policies — covering update compliance at scale.
- Explain Windows Security Architecture Overview fundamentals
- Execute hands-on tasks for key principles — covering Defense in depth across all layers, Least privilege for every account.
- Execute hands-on tasks for windows security subsystems
- Monitor and audit privilege usage; detect escalation attempts, including LSASS process and credential, Access tokens and SIDs, and Security Event Log (4xxx IDs).
| Module 01 | Windows Deep Dive |
| Module 02 | Hardening & Configuration |
| Module 03 | Master CIS Benchmarks and STIG guidelines |
| Module 04 | Defense & Monitoring |
| Module 05 | Deploy Windows Defender suite fully |
| Module 06 | PowerShell & Scripting Security |
| Module 07 | Patch & Update Management |
| Module 08 | Deploy WSUS and Windows Update policies |
| Module 09 | Windows Security Architecture Overview |
| Module 10 | Key Principles |
| Module 11 | Windows Security Subsystems |
| Module 12 | Audit & Logging |
| Module 13 | Credential Guard with VBS |
| Module 14 | Network Security |
All hands-on labs run on Rocheston Rose X OS. Students practice windows deep dive by implementing the controls discussed in class, with a focus on real-world deployment, monitoring, and validation.
- Lab 1: Execute hands-on tasks for windows deep dive
- Lab 2: Execute hands-on tasks for hardening & configuration
- Lab 3: Execute hands-on tasks for master cis benchmarks and stig guidelines
- Lab 4: Monitor and audit privilege usage; detect escalation attempts
- Lab 5: Execute hands-on tasks for deploy windows defender suite fully
Upon successful completion of this course, students will receive an official RCCE Course Completion Certificate for Windows Deep Dive, verifiable through the Rocheston certification portal.
- Full access to all course materials and slide decks
- Hands-on lab access on Rocheston Rose X OS environment
- Access to Rocheston CyberNotes
- Access to Rocheston Zelfire — EDR/XDR SIEM platform
- Access to Rocheston Raven — online cyber range exercise platform
- Access to Rocheston Vulnerability Vines AI