Windows Kernel and Filter Driver Development from CodeMachine Inc.

Windows Kernel and Filter Driver Development

Most security software on Windows run in kernel mode. This course starts with the basics of kernel mode software development and debugging and then progressively dives into the APIs, filtering mechanisms and advanced programming techniques required to implement kernel mode security software. Every topic in the course is accompanied by hands-on labs that involve extensive coding and debugging of kernel mode software to understand the programming model, the interfaces (APIs), their use cases and common pitfalls. This is a security focused course which does NOT cover development of drivers for hardware devices like PCI and USB, Bluetooth. This does NOT cover the Kernel Mode Driver Framework (KMDF).

Course Overview

Overall Proficiency Level

3 - Advanced

Course Catalog Number

WKFD-ADV

Course Prerequisites

Attendees must be proficient in C/C++ programming. In addition, attendees are expected to have good working knowledge of the windows kernel. CodeMachine’s Windows Internals for Security Researchers course provides the Windows kernel knowledge required to attend this course.

Training Purpose

Skill Development

Specific Audience

All

Delivery Method

Classroom

Course Location

PO Box 257
Merrifield, VA 22116

Course Location Map

Your Location
Providers
Courses
Course and Provider Quantity

Classroom

Learning Objectives

Get a jump start into Windows kernel mode software development and debugging
Be able to perform common programming tasks required by kernel mode drivers
Understand the intricacies of kernel mode software development
Be able to use different filtering mechanisms provided by Windows to intercept and modify operations in the system
Be able to use kernel mode APIs to develop reasonably complex security functionality
Be able to use the debugger effectively to perform live debugging of kernel mode drivers
Be able to use tools other than the debugger to debug issues with kernel mode software
Understand how kernel mode rootkits and commercial anti-malware implement their functionality

Framework Connections

Design and Development

The materials within this course focus on the NICE Framework Task, Knowledge, and Skill statements identified within the indicated NICE Framework component(s):

Specialty Areas

Technology R&D

Feedback

If you would like to provide feedback on this course, please e-mail the NICCS team at NICCS@mail.cisa.dhs.gov. Please keep in mind that NICCS does not own this course or accept payment for course entry. If you have questions related to the details of this course, such as cost, prerequisites, how to register, etc., please contact the course training provider directly. You can find course training provider contact information by following the link that says “Visit course page for more information...” on this page.