1. Training
  2. Education & Training Catalog
  3. CodeMachine Inc.
  4. Windows Kernel Internals for Security Researchers

Windows Kernel Internals for Security Researchers

This course takes a deep dive into the internals of the Windows kernel from a security perspective. Attendees learn about behind the scenes working of various components of the windows kernel with emphasis on internal algorithms, data structures and debugger usage. Every topic in this course is accompanied by hands-on labs that involve extensive use of the kernel debugger (WinDBG/KD) with emphasis on interpreting the debugger output and using this information to understand the state and health of the system. Attendees also analyze pre-captured memory dumps to identify kernel rootkits and dissect rootkit behavior.

Provider Information

More courses from this provider:
http://codemachine.com(link is external)
Contact Information

CodeMachine Inc
PO Box 257
Merrifield, VA 22116

Course Overview

Overall Proficiency Level
3 - Advanced
Course Catalog Number
WKSR-ADV
Course Prerequisites

Attendees must have a solid understanding of operating system concepts and have a working knowledge of Windows. This course does not require you to have any programming knowledge.

Training Purpose
Skill Development
Specific Audience
All
Delivery Method
Classroom
Course Location

PO Box 257
Merrifield, VA 22116

  • Classroom

Learning Objectives

  • Understand the major components in the Windows Kernel and the functionality they provide
  • Understand the key principles behind the design and implementation of the Windows kernel
  • Understand the internal workings of the kernel and how to peer into it using the debugger
  • Be able to investigate system data structure using kernel debugger extension commands
  • Be able to interpret the output of debugger commands and correlate them to the state of the system
  • Be able to navigate between different data structures in the kernel, using debugger commands
  • Be able to locate indicators of compromise while hunting for kernel mode malware
  • Understand how kernel mode rootkits and commercial anti-malware interact with the system

Framework Connections

The materials within this course focus on the NICE Framework Task, Knowledge, and Skill statements identified within the indicated NICE Framework component(s):

Specialty Areas

  • Technology R&D

Specialty Areas have been removed from the NICE Framework. With the recent release of the new NICE Framework data, updates to courses are underway. Until this course can be updated, this historical information is provided to give better context as to how it can help you with your cybersecurity goals.

Feedback

If you would like to provide feedback on this course, please e-mail the NICCS team at NICCS@mail.cisa.dhs.gov(link sends email). Please keep in mind that NICCS does not own this course or accept payment for course entry. If you have questions related to the details of this course, such as cost, prerequisites, how to register, etc., please contact the course training provider directly. You can find course training provider contact information by following the link that says “Visit course page for more information...” on this page.

Last Published Date:

You have been selected to participate in a brief survey about your experience today with National Initiative for Cybersecurity Careers and Studies.

Would you like to participate in our survey?

If you accept you will be leaving the National Initiative for Cybersecurity Careers and Studies website and going to a third party site.
That site may have different privacy, security and accessibility policies than the National Initiative for Cybersecurity Careers and Studies site.
National Initiative for Cybersecurity Careers and Studies does not endorse any commercial products, services, programs or content on the third party website.
Thank you for visiting our site. We hope your visit was informative and enjoyable.