Mastering Windows Internals
Learn how to navigate the complex Windows kernel, understand the lifecycle of binaries, grasp the intricacies of authentication and authorization, explore various persistence techniques, and gain a deep understanding of the Windows Registry.
Get hands-on experience with a diverse toolkit that includes lesser-known open-source tools and paid software, enabling you to put your knowledge into practice effectively.
Course outline:
1.Talking to the Windows Kernel
We kick off with a highly engaging topic - BYOVD or Bring Your Own Vulnerable Driver. Rather than struggling to get into the Windows kernel, you can leverage code that already has permission to run there. You can halt what seems unstoppable, read what appears unreadable, or even crash the system due to a minor error. This module explains syscalls, IOCTLs, and FCTLs. You can anticipate a lot of C programming, but the silver lining is that it's primarily about interpreting the code already prepared for you.
2.EXEs, DLLs, and Other Binaries
Running an EXE file is simple - a double-click suffices. But what transpires thereafter? How are required binaries located, loaded, utilized, or misused? Brace yourself for a journey into processes, PE files, search orders, and PEBs. And not to forget, LOLBins.
3. Authentication and Authorization
In the realm of security, the two paramount questions are "Who are you?" and "What are you trying to do?". In this module, we delve into the mechanisms that answer these crucial questions. We concentrate on local mechanisms (no Active Directory this time), allowing us to investigate more deeply.
4. Persistence Techniques
We don't question whether you're attacking or defending Windows systems. However, irrespective of your role, you should understand how an operating system can be manipulated to execute atypical code. While we won't cover all methods, I will strive to present a systematic approach and categorization, enabling you to attack or defend Windows systems as per your requirements.
5. Windows Registry
I won't be showing you how to change the desktop wallpaper or enable SMB Signing. But if you aspire to do that someday, you'll understand how the data is recorded, where it's stored, and how the operating system uses it. You'll also comprehend why one of the most frequently used Registry keys doesn't actually exist and what transpires if the path contains more than 512 levels. And yes, we'll delve into some even more nerdy stuff.
6. The Toolkit
The course wouldn't be complete without tools. At times it's lesser-known open-source software, at others, it's appropriately configured Sysinternals utilities that you use every day, and sometimes it's reasonably priced commercial software. I will share what tools I use and, more importantly, how I use them. By the end of the course, you'll have acquired the knowledge that empowers you to continue your learning journey independently.
Learn how to navigate the complex Windows kernel, understand the lifecycle of binaries, grasp the intricacies of authentication and authorization, explore various persistence techniques, and gain a deep understanding of the Windows Registry.
Get hands-on experience with a diverse toolkit that includes lesser-known open-source tools and paid software, enabling you to put your knowledge into practice effectively.
Course outline:
1.Talking to the Windows Kernel
We kick off with a highly engaging topic - BYOVD or Bring Your Own Vulnerable Driver. Rather than struggling to get into the Windows kernel, you can leverage code that already has permission to run there. You can halt what seems unstoppable, read what appears unreadable, or even crash the system due to a minor error. This module explains syscalls, IOCTLs, and FCTLs. You can anticipate a lot of C programming, but the silver lining is that it's primarily about interpreting the code already prepared for you.
2.EXEs, DLLs, and Other Binaries
Running an EXE file is simple - a double-click suffices. But what transpires thereafter? How are required binaries located, loaded, utilized, or misused? Brace yourself for a journey into processes, PE files, search orders, and PEBs. And not to forget, LOLBins.
3. Authentication and Authorization
In the realm of security, the two paramount questions are "Who are you?" and "What are you trying to do?". In this module, we delve into the mechanisms that answer these crucial questions. We concentrate on local mechanisms (no Active Directory this time), allowing us to investigate more deeply.
4. Persistence Techniques
We don't question whether you're attacking or defending Windows systems. However, irrespective of your role, you should understand how an operating system can be manipulated to execute atypical code. While we won't cover all methods, I will strive to present a systematic approach and categorization, enabling you to attack or defend Windows systems as per your requirements.
5. Windows Registry
I won't be showing you how to change the desktop wallpaper or enable SMB Signing. But if you aspire to do that someday, you'll understand how the data is recorded, where it's stored, and how the operating system uses it. You'll also comprehend why one of the most frequently used Registry keys doesn't actually exist and what transpires if the path contains more than 512 levels. And yes, we'll delve into some even more nerdy stuff.
6. The Toolkit
The course wouldn't be complete without tools. At times it's lesser-known open-source software, at others, it's appropriately configured Sysinternals utilities that you use every day, and sometimes it's reasonably priced commercial software. I will share what tools I use and, more importantly, how I use them. By the end of the course, you'll have acquired the knowledge that empowers you to continue your learning journey independently.
Для просмотра скрытого содержимого необходимо Войти или Зарегистрироваться.