Windows Internal Architecture (WININT)
Instructed by T. Roy
The Windows PC continues to be the primary productivity device in enterprises small and large alike. Due to its ubiquity, the Windows desktop remains the favorite target for attackers to gain initial access into an organization, move laterally, and maintain their foothold. Whether you analyze malware, perform security research, conduct forensic investigations, engage in adversary simulation or prevent it, or build security solutions for Windows, understanding how Windows works internally is critical to be effective at your task.
Classes are limited. Get registered!
This unique course takes you through a journey of Windows internals as it applies to user-mode execution i.e. applications and services. Everything is examined through the lens of security both from an offense and defense perspective.
For each topic that is covered, components, architecture, data structures, debugger commands, and APIs are discussed with the hands-on labs helping with observing things in action and thus solidifying the understanding of the topic.
This training course focuses on security-related topics and does not cover topics related to Win32 application development.
Hands-on Labs
In the hands-on lab exercises, students dig into the user and kernel mode components of Windows using debugger (WinDBG/KD) commands and learn how to interpret their output to understand the behind-the-scenes operations of the system. Students also run various custom tools that poke at certain security features of Windows and observe their behavior. Hands-on lab exercises are performed on pre-captured memory dumps and on a live VM running the latest version of Windows 10 64-bit.
Learning Objectives
Topics
Intermediate
Live-Online & In-Person
Private Basis (Live-Online)
5 days
Security researchers, malware analysts, threat hunters, incident responders, digital forensics investigators, red-teamers, blue-teamers and security software developers.
Prerequisites
Attendees must have a solid understanding of operating system concepts and have a working knowledge of Windows. This course does not require any programming knowledge.
Why choose the Center for Cyber Security Training
Interactive, classroom-based learning
Subject matter experts
Trusted by US government agencies
T.Roy
T.Roy, an author, instructor, and consultant, is the founder of CodeMachine. He has more than 20 years of experience in information security has been involved with Windows internals, development, debugging and security, since the inception of Windows NT in 1992. He has been involved in the development of some of the leading endpoint security solutions such as intrusion prevention, network firewalls, behavioral anti-malware, document security and data leak prevention systems. He has taught all over the world and has received many instructor recognition awards.
I really enjoyed the course! It was interesting to see a different perspective on penetration testing and ways of progressing from recon to initial access to escalating privilege and lateral movement.- Robert L., Washington, DC
Want more information?
Download the Windows Internal Architecture course outline now.
Upcoming Training Sessions
Private Basis (Live-Online)
Classes are limited.
Enroll Now.
Related Courses
Our classroom delivers the most in-demand content from the highest profile subject matter experts. Intense and interactive, our courses prepare students with actionable insight and proven strategies.
Windows Malware Techniques
User mode malware on Windows is ubiquitous and custom user mode implants are used regularly in red-team engagements. Knowledge of the latest malware techniques helps red teamers improve their custom tooling, malware analysts in taking apart malware, and anti-malware solution developers in designing behavioral solutions to detect malicious activity.
Exploit Development Bootcamp & Advanced
Our three-day Bootcamp will teach both basic & advanced techniques from a leading exploit developer. In our Advanced course, experienced students will learn how to write exploits that bypass modern memory protections for the Win32 platform in a fast-paced, interactive learning environment.