Breadcrumb
  1. Training
  2. Education & Training Catalog
  3. OpenSecurityTraining.info
  4. Intermediate Intel x86: Architecture, Assembly, Applications, & Alliteration 

Intermediate Intel x86: Architecture, Assembly, Applications, & Alliteration 

Topics include, but are not limited to:

  • Physical and virtual memory and how a limited amount of physical memory is represented as much more virtual memory through a multilevel paging system. We will also talk about memory segmentation.
  • The hardware basis for kernel versus user space separation and how software transitions between the two. This portion answers the question of why does x86 have 4 “rings”, with ring 0 being the most privileged, and ring 3 being the least.
  • Hardware and software interrupts, and how they are the basis for debugging.
  • Input/Output instructions and how these allow the CPU to talk to peripherals.

Example applications include showing how hardware and memory mechanisms are used for software exploits, anti-debug techniques, rootkit hiding, and direct hardware access for keystroke logging.

This material includes labs on:

  • Using WinDbg to perform kernel debugging on a virtual machine (which is equally applicable for debugging a real machine).
  • Using a custom WinDbg plugin to examine the Local (memory segment) Descriptor Table (LDT), and Global (memory segment) Descriptor Table (GDT) in order to understand how Windows sets memory segment ranges and permissions for user space and kernel space.
  • Using WinDbg and the !pte command to understand how Windows organizes its paging structures which map physical memory to virtual memory.
  • Investigating where exactly the XD/NX bit is set in order to make memory as non-executable (which Microsoft calls Data Execution Prevention (DEP)), to prevent some types of exploits from succeeding.
  • Watching what does and doesn’t change when a software interrupt is used to transfer control from user space to kernel.
  • Reading the Interrupt Descriptor Table (IDT) and understanding the security implications of changes to it.
  • Understanding how RedPill uses the IDT in order to detect that a system is virtualized.

Course Overview

Overall Proficiency Level
2 - Intermediate
Course Catalog Number
OST_Intelx862
Course Prerequisites

Intro x86

Training Purpose
Skill Development
Specific Audience
All
Delivery Method
Online, Self-Paced
  • Online, Self-Paced

Learning Objectives

  • Understand that assembly is not an arcane art, but rather an API that can be learned like any other.
  • Cover more of the most frequently used hardware mechanisms.
  • Learn new assembly instructions.
  • Apply new skills to interesting examples.

Framework Connections

The materials within this course focus on the NICE Framework Task, Knowledge, and Skill statements identified within the indicated NICE Framework component(s):

Specialty Areas

  • Technology R&D

Specialty Areas have been removed from the NICE Framework. With the recent release of the new NICE Framework data, updates to courses are underway. Until this course can be updated, this historical information is provided to give better context as to how it can help you with your cybersecurity goals.

Feedback

If you would like to provide feedback on this course, please e-mail the NICCS team at NICCS@mail.cisa.dhs.gov. Please keep in mind that NICCS does not own this course or accept payment for course entry. If you have questions related to the details of this course, such as cost, prerequisites, how to register, etc., please contact the course training provider directly. You can find course training provider contact information by following the link that says “Visit course page for more information...” on this page.

Last Published Date: