• Classroom

Most security software on Windows run in kernel mode. This course starts with the basics of kernel mode software development and debugging and then progressively dives into the APIs, filtering mechanisms and advanced programming techniques required to implement kernel mode security software. Every topic in the course is accompanied by hands-on labs that involve extensive coding and debugging of kernel mode software to understand the programming model, the interfaces (APIs), their use cases and common pitfalls. This is a security focused course which does NOT cover development of drivers for hardware devices like PCI and USB, Bluetooth. This does NOT cover the Kernel Mode Driver Framework (KMDF).

Learning Objectives

  • Get a jump start into Windows kernel mode software development and debugging
  • Be able to perform common programming tasks required by kernel mode drivers
  • Understand the intricacies of kernel mode software development
  • Be able to use different filtering mechanisms provided by Windows to intercept and modify operations in the system
  • Be able to use kernel mode APIs to develop reasonably complex security functionality
  • Be able to use the debugger effectively to perform live debugging of kernel mode drivers
  • Be able to use tools other than the debugger to debug issues with kernel mode software
  • Understand how kernel mode rootkits and commercial anti-malware implement their functionality

Framework Connections

The materials within this course focus on the NICE Framework Task, Knowledge, and Skill statements identified within the indicated NICE Framework component(s):

Specialty Areas

  • Technology R&D

Specialty Areas have been removed from the NICE Framework. With the recent release of the new NICE Framework data, updates to courses are underway. Until this course can be updated, this historical information is provided to give better context as to how it can help you with your cybersecurity goals.