Breadcrumb
  1. Education & Training
  2. Education & Training Catalog
  3. Center for Cyber Security Training LLC
  4. Windows Internal Architecture

Windows Internal Architecture

The Windows PC continues to be the primary productivity device in enterprises small and large alike. Due to its ubiquity, the Windows desktop remains the favorite target for attackers to gain initial access into an organization, move laterally, and maintain their foothold. Whether you analyze malware, perform security research, conduct forensic investigations, engage in adversary simulation or prevent it, or build security solutions for Windows, understanding how Windows works internally is critical to be effective at your task. This unique course takes you through a journey of Windows internals as it applies to user-mode execution i.e. applications and services. Everything is examined through the lens of security both from an offense and defense perspective. For each topic that is covered, components, architecture, data structures, debugger commands, and APIs are discussed with the hands-on labs helping with observing things in action and thus solidifying the understanding of the topic. This training course focuses on security-related topics and does not cover topics related to Win32 application development. Hands-on Labs In the hands-on lab exercises, students dig into the user and kernel mode components of Windows using debugger (WinDBG/KD) commands and learn how to interpret their output to understand the behind-the-scenes operations of the system. Students also run various custom tools that poke at certain security features of Windows and observe their behavior. Hands-on lab exercises are performed on pre-captured memory dumps and on a live VM running the latest version of Windows 10 64-bit.

Course Overview

Overall Proficiency Level
2 - Intermediate
Course Prerequisites

Attendees must have a solid understanding of operating system concepts and have a working knowledge of Windows. This course does not require any programming knowledge.

Training Purpose
Functional Development
Skill Development
Specific Audience
All
Delivery Method
Classroom
Online, Instructor-Led
Course Location

7000 Columbia Gateway Drive
Suite 150
Columbia, MD 21046

  • Classroom
  • Online, Instructor-Led

Learning Objectives

Understand the key principles behind the design and implementation of the Windows operating system. Understand the components in the Windows operating system and the functionality they provide. Understand the functionality provided by Windows that make applications and services tick. Understand the facilities in the system that are commonly abused by malware. Understand the security mitigations available in Windows that raise the bar against exploits and malware. Be able to investigate system data structures using the debugger and interpret the output of debugger commands. Be able to navigate between different data structures using the debugger. Be more effective at analyzing malware on Windows systems. Be more effective at forensic analysis of Windows systems.

Framework Connections

The materials within this course focus on the NICE Framework Task, Knowledge, and Skill statements identified within the indicated NICE Framework component(s):

Specialty Areas

  • Exploitation Analysis
  • Systems Architecture
  • Training, Education, and Awareness

Specialty Areas have been removed from the NICE Framework. With the recent release of the new NICE Framework data, updates to courses are underway. Until this course can be updated, this historical information is provided to give better context as to how it can help you with your cybersecurity goals.

Feedback

If you would like to provide feedback on this course, please e-mail the NICCS team at NICCS@mail.cisa.dhs.gov(link sends email). Please keep in mind that NICCS does not own this course or accept payment for course entry. If you have questions related to the details of this course, such as cost, prerequisites, how to register, etc., please contact the course training provider directly. You can find course training provider contact information by following the link that says “Visit course page for more information...” on this page.

Last Published Date:

You have been selected to participate in a brief survey about your experience today with National Initiative for Cybersecurity Careers and Studies.

Would you like to participate in our survey?

If you accept you will be leaving the National Initiative for Cybersecurity Careers and Studies website and going to a third party site.
That site may have different privacy, security and accessibility policies than the National Initiative for Cybersecurity Careers and Studies site.
National Initiative for Cybersecurity Careers and Studies does not endorse any commercial products, services, programs or content on the third party website.
Thank you for visiting our site. We hope your visit was informative and enjoyable.