Windows Internals Specialist - Advanced
Provided by QA
Overview
This five-day advanced-level course provides in-depth knowledge and skills for professionals seeking to master Windows Internals. Focusing on system architecture, security mechanisms, debugging, and memory management, the course equips learners with the tools to solve complex issues and optimise Windows operating system performance.
+
Prerequisites
Delegates will learn how to
By the end of this course, participants will be able to:
Outline
Introduction and debugging tools
This five-day advanced-level course provides in-depth knowledge and skills for professionals seeking to master Windows Internals. Focusing on system architecture, security mechanisms, debugging, and memory management, the course equips learners with the tools to solve complex issues and optimise Windows operating system performance.
+
Prerequisites
- Strong understanding of Windows operating systems.
- Experience in system administration or development roles.
- Familiarity with debugging tools and basic internal processes of Windows is recommended.
- IT professionals specialising in system administration or software development.
- Security professionals working on Windows platform hardening.
- Developers working with Windows internals, driver development, or debugging.
Delegates will learn how to
By the end of this course, participants will be able to:
- Understand the Windows architecture, including the OS and CPU interactions.
- Use advanced Windows debugging tools to diagnose and fix issues.
- Apply system security features and mitigations effectively.
- Optimise memory and process management in Windows environments.
Outline
Introduction and debugging tools
- Introduction to Windows Internals.
- Advanced debugging tools:
- Local and network debugging.
- Debugger Data Model (NatVis, LINQ, Synthetic Variables).
- Using JavaScript extensions and scripts.
- Overview of WinDbg Preview and Time Travel Debugging.
- OS segmentation and hardware architecture.
- Hardware mitigations:
- SMEP, SMAP, NPIEP, RUM, MBEC, CET.
- Side channel mitigation techniques.
- Security enhancements in Kernel and User Mode.
- Vendor security features and tamper evidence.
- Object Manager: structure and mitigations.
- Advanced Local Procedure Call (LPC, ALPC) mechanisms.
- Notification mechanisms and registry management.
- Process isolation techniques and secure processes.
- Image Loader and process mitigations.
- In-depth exploration of silos and secure processes.
- Virtual and physical memory analysis techniques.
- Mitigations like ASLR and KASLR.
- Memory partitioning and address translation.
- Forensic techniques to trace memory management vulnerabilities.
Enquire
Start date | Location / delivery | |
---|---|---|
No fixed date | United Kingdom | Book now |
01132207150
01132207150