Windows Kernel Internals for Security Researchers from CodeMachine Inc.

Windows Kernel Internals for Security Researchers

This course takes a deep dive into the internals of the Windows kernel from a security perspective. Attendees learn about behind the scenes working of various components of the windows kernel with emphasis on internal algorithms, data structures and debugger usage. Every topic in this course is accompanied by hands-on labs that involve extensive use of the kernel debugger (WinDBG/KD) with emphasis on interpreting the debugger output and using this information to understand the state and health of the system. Attendees also analyze pre-captured memory dumps to identify kernel rootkits and dissect rootkit behavior.

Course Overview

Overall Proficiency Level

3 - Advanced

Course Catalog Number

WKSR-ADV

Course Prerequisites

Attendees must have a solid understanding of operating system concepts and have a working knowledge of Windows. This course does not require you to have any programming knowledge.

Training Purpose

Skill Development

Specific Audience

All

Delivery Method

Classroom

Course Location

PO Box 257
Merrifield, VA 22116

Course Location Map

Your Location
Providers
Courses
Course and Provider Quantity

Classroom

Learning Objectives

Understand the major components in the Windows Kernel and the functionality they provide
Understand the key principles behind the design and implementation of the Windows kernel
Understand the internal workings of the kernel and how to peer into it using the debugger
Be able to investigate system data structure using kernel debugger extension commands
Be able to interpret the output of debugger commands and correlate them to the state of the system
Be able to navigate between different data structures in the kernel, using debugger commands
Be able to locate indicators of compromise while hunting for kernel mode malware
Understand how kernel mode rootkits and commercial anti-malware interact with the system

Framework Connections

Design and Development

The materials within this course focus on the NICE Framework Task, Knowledge, and Skill statements identified within the indicated NICE Framework component(s):

Specialty Areas

Technology R&D

Feedback

If you would like to provide feedback on this course, please e-mail the NICCS team at NICCS@mail.cisa.dhs.gov. Please keep in mind that NICCS does not own this course or accept payment for course entry. If you have questions related to the details of this course, such as cost, prerequisites, how to register, etc., please contact the course training provider directly. You can find course training provider contact information by following the link that says “Visit course page for more information...” on this page.