1. Training
  2. Education & Training Catalog
  3. CodeMachine Inc.
  4. Windows Kernel and Filter Driver Development

Windows Kernel and Filter Driver Development

Most security software on Windows run in kernel mode. This course starts with the basics of kernel mode software development and debugging and then progressively dives into the APIs, filtering mechanisms and advanced programming techniques required to implement kernel mode security software. Every topic in the course is accompanied by hands-on labs that involve extensive coding and debugging of kernel mode software to understand the programming model, the interfaces (APIs), their use cases and common pitfalls. This is a security focused course which does NOT cover development of drivers for hardware devices like PCI and USB, Bluetooth. This does NOT cover the Kernel Mode Driver Framework (KMDF).

Course Overview

Overall Proficiency Level
3 - Advanced
Course Catalog Number
WKFD-ADV
Course Prerequisites

Attendees must be proficient in C/C++ programming. In addition, attendees are expected to have good working knowledge of the windows kernel. CodeMachine’s Windows Internals for Security Researchers course provides the Windows kernel knowledge required to attend this course.

Training Purpose
Skill Development
Specific Audience
All
Delivery Method
Classroom
Course Location

PO Box 257
Merrifield, VA 22116

Course Location Map
  • Your Location
  • Providers
  • Courses
  • Course and Provider Quantity
  • Classroom

Learning Objectives

  • Get a jump start into Windows kernel mode software development and debugging
  • Be able to perform common programming tasks required by kernel mode drivers
  • Understand the intricacies of kernel mode software development
  • Be able to use different filtering mechanisms provided by Windows to intercept and modify operations in the system
  • Be able to use kernel mode APIs to develop reasonably complex security functionality
  • Be able to use the debugger effectively to perform live debugging of kernel mode drivers
  • Be able to use tools other than the debugger to debug issues with kernel mode software
  • Understand how kernel mode rootkits and commercial anti-malware implement their functionality

Framework Connections

The materials within this course focus on the NICE Framework Task, Knowledge, and Skill statements identified within the indicated NICE Framework component(s):

Specialty Areas

  • Technology R&D

Specialty Areas have been removed from the NICE Framework. With the recent release of the new NICE Framework data, updates to courses are underway. Until this course can be updated, this historical information is provided to give better context as to how it can help you with your cybersecurity goals.

Feedback

If you would like to provide feedback on this course, please e-mail the NICCS team at NICCS@mail.cisa.dhs.gov. Please keep in mind that NICCS does not own this course or accept payment for course entry. If you have questions related to the details of this course, such as cost, prerequisites, how to register, etc., please contact the course training provider directly. You can find course training provider contact information by following the link that says “Visit course page for more information...” on this page.

Last Published Date: