1. Training
  2. Education & Training Catalog
  3. CodeMachine Inc.
  4. Windows Kernel Internals for Security Researchers

Windows Kernel Internals for Security Researchers

This course takes a deep dive into the internals of the Windows kernel from a security perspective. Attendees learn about behind the scenes working of various components of the windows kernel with emphasis on internal algorithms, data structures and debugger usage. Every topic in this course is accompanied by hands-on labs that involve extensive use of the kernel debugger (WinDBG/KD) with emphasis on interpreting the debugger output and using this information to understand the state and health of the system. Attendees also analyze pre-captured memory dumps to identify kernel rootkits and dissect rootkit behavior.

Course Overview

Overall Proficiency Level
3 - Advanced
Course Catalog Number
WKSR-ADV
Course Prerequisites

Attendees must have a solid understanding of operating system concepts and have a working knowledge of Windows. This course does not require you to have any programming knowledge.

Training Purpose
Skill Development
Specific Audience
All
Delivery Method
Classroom
Course Location

PO Box 257
Merrifield, VA 22116

Course Location Map
  • Your Location
  • Providers
  • Courses
  • Course and Provider Quantity
  • Classroom

Learning Objectives

  • Understand the major components in the Windows Kernel and the functionality they provide
  • Understand the key principles behind the design and implementation of the Windows kernel
  • Understand the internal workings of the kernel and how to peer into it using the debugger
  • Be able to investigate system data structure using kernel debugger extension commands
  • Be able to interpret the output of debugger commands and correlate them to the state of the system
  • Be able to navigate between different data structures in the kernel, using debugger commands
  • Be able to locate indicators of compromise while hunting for kernel mode malware
  • Understand how kernel mode rootkits and commercial anti-malware interact with the system

Framework Connections

The materials within this course focus on the NICE Framework Task, Knowledge, and Skill statements identified within the indicated NICE Framework component(s):

Specialty Areas

  • Technology R&D

Specialty Areas have been removed from the NICE Framework. With the recent release of the new NICE Framework data, updates to courses are underway. Until this course can be updated, this historical information is provided to give better context as to how it can help you with your cybersecurity goals.

Feedback

If you would like to provide feedback on this course, please e-mail the NICCS team at NICCS@mail.cisa.dhs.gov. Please keep in mind that NICCS does not own this course or accept payment for course entry. If you have questions related to the details of this course, such as cost, prerequisites, how to register, etc., please contact the course training provider directly. You can find course training provider contact information by following the link that says “Visit course page for more information...” on this page.

Last Published Date: