Skip to main content

Architecture 2821: Windows Kernel Internals 2


About This Course

This is it! This is the class that *actually* teaches you some core concepts on the Windows operating system both in user and kernel lands. You'll learn about core kernel functionality, what you will typically encounter while exploiting kernels, and how to approach targeting any kernel, though all the internals explained apply to Windows only.

After this class, you'll have knowledge to analyze the Windows kernel.

Topics include:

• Windows APIs, objects, handles

• System calls, interrupts, exceptions, IRQL

• Executive/Kernel components

• Synchronization between threads

• Processes and threads

• Kernel memory pools

• Types of Windows kernel bugs

• Windows mitigations

• Security concepts

• Kernel payloads

At the end of the class, you'll be able to quickly approach many topics such as exploit development, malware analysis on Windows.


You must have taken OST2 Debuggers 1011: Introductory WinDbg and Debuggers 2011: Intermediate WinDbg, or have equivalent knowledge of WinDbg.

You must have taken OST2 Debuggers 3011, or have equivalent WinDbg environment configured.

Frequently Asked Questions

What learning paths is this class used in?

Operating System, Architecture, Malware Analysis, Exploits

To be or not to be?

That is the question...

Course Staff

Cedric's Twitter Pic!

Cedric Halbronn

Cedric (@saidelike and @saidelike) specialises in vulnerability research and exploit development, and while at NCC Group working in the Exploit Development Group (EDG) has published some public research related to Cisco ASA, Windows kernel, NAS devices, printers, etc.