DURATION: 2 DAYS
CAPACITY: 20 pax
SEATS AVAILABLE: CANCELLED
PRICE: EUR1499 (early bird)
EUR1999 (normal)
Early bird registration rate ends on the 1st of March
Prepare yourself with the essential skills to understand the Windows Kernel.
This new 2-days training is a hands-on session around the Windows Kernel and designed with one goal in mind: attaining a good level in understanding the Windows kernel by practicing, using a real, concrete and direct approach with exercises and tools. Our goal is to make each of class attendant to understand kernel concepts and to be able to reproduce in their real world environment what they have learned during this course.
The focus of this training is made on Kernel internal core structures, kernel cartography, using existing tools and creating your own. Our main object of analysis will be a security product shipping with kernel components. This product will be used as a target practice for our tests but also to see its security functions, if the whole system security is lowered and if it introduces vulnerabilities: at the end of the training session, you should also be able to give an informed judgment on the true level of security provided by these kind of products.
The class features an intermediate to a somewhat advanced level of complexity and is recommended for participants who have had some prior experience in reverse engineering and debugging.
Do you want to know more about the Windows Kernel? Then this class is made for you!
Candidates for this training are engineers, developers, IT staff or simply curious people who work with Windows operating systems at a level that might require Windows Internals knowledge.
• Learn the kernel by practicing!
• Use a kernel debugger to examine the system.
• Gain a good understanding of the inner working of the Windows operating system.
• Understand the several components that make up the core of the Windows operating system and the various interactions between them.
• Learn how to tackle and reverse a third party product using kernel components.
From different practical cases we will address the following points:
Kernel:
• Kernel Cartography (various kernel and drivers entry points)
• Drivers: Reversing WDM (Windows Driver Model) and legacy drivers
• Getting to know important Windows kernel structures
• Talking with the kernel (From user-land to kernel-land; IOCTLs; Syscalls; etc.)
Tools:
• Practical cartography of kernel Land
• Debugging with Windbg and its engine (DbgEng)
• Scripting with Windbg, pyKD, IDA Pro
• Installation, kernel and process monitoring
The theoretical aspects will not necessarily be addressed in the order presented above but rather considered over the needs to clarify the practical cases.
Training attendees should be familiar with basic operating system concepts and have hands-on experience using the Windows operating system. Attendees should also be familiar with the Win32 API, C (or derived) programming language and have basic knowledge of x86/x86-64 assembly language.
Hardware:
• 64-bit machine with at least 4GB of RAM and with hardware virtualization enabled (AMD-v or Intel VT-x)
Software:
• IDA Pro with IDAPython
• Visual Studio 2013 [Visual c++ compiler chain required, e.g. “Visual express c++”]
Virtualization software:
• VMWare Player [at least version 5.0] or Workstation [at least version 9.0]
• Ability to debug a virtual machine from Host O.S or from another virtual machine with Windbg
Other tools, including a working VM, will be provided.