What learning paths is this class used in?
Debugging, Reverse Engineering, Malware Analysis, Exploits
Debuggers 3011: Advanced WinDbg
OpenSecurityTraining2
About This Course
This is it! This is the class that *actually* teaches you how to configure an advanced Windows kernel debugging environment. This class gives you all the steps to quickly and automatically build 2 VMs: a debugger VM and a target VM. You'll obtain an automated way to build an executable on a debugger VM and then automatically push that executable to a target VM so you can run it. The debugger VM is able to debug the kernel of the target VM using WinDbg as well as decompiled source code level debugging with IDA/Ghidra and ret-sync.
After this class, you'll have a very efficient way of debugging the Windows kernel.Topics include:
• Preparing the 2 VMs (automation included)
• Configuring WinDbg
• Configuring Ghidra/IDA Pro
• Configuring ret-sync
• Configuring Visual Studio and SSH
At the end of the class, you'll be able to build a "hello world" on the debugger VM and debug its kernel side effects on the target VM.
Requirements
You must have taken OST2 Architecture 1001, or have equivalent knowledge of assembly.
You must have taken OST2 Debuggers 1011: Introductory WinDbg and Debuggers 2011: Intermediate WinDbg, or have equivalent knowledge of WinDbg.
Frequently Asked Questions
To be or not to be?
That is the question...
Course Staff
Cedric Halbronn
Cedric (@saidelike and @saidelike) specialises in vulnerability research and exploit development, and while at NCC Group working in the Exploit Development Group (EDG) has published some public research related to Cisco ASA, Windows kernel, NAS devices, printers, etc.