What learning paths is this class used in?
Operating System, Architecture, Malware Analysis, Exploits
Architecture 2821: Windows Kernel Internals 2
OpenSecurityTraining2
About This Course
This is it! This is the class that *actually* teaches you some core concepts on the Windows operating system both in user and kernel lands. You'll learn about core kernel functionality, what you will typically encounter while exploiting kernels, and how to approach targeting any kernel, though all the internals explained apply to Windows only.
After this class, you'll have knowledge to analyze the Windows kernel.Topics include:
• Windows APIs, objects, handles
• System calls, interrupts, exceptions, IRQL
• Executive/Kernel components
• Synchronization between threads
• Processes and threads
• Kernel memory pools
• Types of Windows kernel bugs
• Windows mitigations
• Security concepts
• Kernel payloads
At the end of the class, you'll be able to quickly approach many topics such as exploit development, malware analysis on Windows.
Requirements
You must have taken OST2 Debuggers 1011: Introductory WinDbg and Debuggers 2011: Intermediate WinDbg, or have equivalent knowledge of WinDbg.
You must have taken OST2 Debuggers 3011, or have equivalent WinDbg environment configured.
Frequently Asked Questions
To be or not to be?
That is the question...
Course Staff
Cedric Halbronn
Cedric (@saidelike and @saidelike) specialises in vulnerability research and exploit development, and while at NCC Group working in the Exploit Development Group (EDG) has published some public research related to Cisco ASA, Windows kernel, NAS devices, printers, etc.