Training Session - Windows Internals

Mastering Windows Debugger

May 15 and 16th

Overview

This intensive and hands-on course on Windows Debugger (WinDBG) will guide you through all the concepts required to master this powerful and efficient debugger for all your Windows needs. You will learn how to perform live debugging, analyze crash dumps, automate complex tasks with the insane scripting engine, identify and trace bugs, walk through key Windows internal structures and exploit vulnerabilities. This course is perfect for forensic analysts, penetration testers, developers, reverse engineers and any security enthusiast with technical abilities that wants to add an exceptional new skillset to their Windows arsenal.

Attendees will receive a copy the slides, the lab’s step-by-step PDF document along with crash dumps, binaries, scripts and all the material used within the course as future reference.

Outline

  • Module 1: Introduction to the course material and the Windows Debugger
  • Module 2: Diving into Windows internal structures and data types
  • Module 3: User-mode debugging on 64-bit architecture
  • Module 4: Messing with WOW64 (32-bit emulator)
  • Module 5: Scripting with masm, c++ and NatVis/Linq integrated engines
  • Module 6: Analyzing memory corruption and other bugs in real-world scenarios
  • Module 7: Kernel-mode post-mortem analysis and vulnerability hunting
  • Module 8: Extending WinDBG

Class requirement

Attendees should have their own laptop with Wifi support and either Windows 10 x64 as their host operating system or as a guest virtual machine. A minimum of 30G of free space should be available on the system or guest VM. The Windows 10 platform should have the following software installed before the course:

We do recommend the attendees to be comfortable in a Windows environment and have basic reverse engineering skills on x86 and/or x64 architectures. Here is a good link to an x86 assembly primer.

Bio

Martin Lemay Ethical Hacker, CISA, CRISC, OSEE, GXPN, GREM, OSCE, OSCP, GoSecure

Martin Lemay works as a security and penetration tester consultant for GoSecure Inc. For the past years, his strong technical background in exploit development, reverse engineering, penetration testing and Windows environments has benefitted to a wide range of customers from the banking and financial industry to healthcare, telecommunications and more. He is also involved in offensive R&D security projects aiming at discovering new vulnerabilities in well-known vendors and security solutions.

Previously, he taught networking, database administration and security for a private IT college in Montreal. At that time, he developed a penetration testing courses that was given to corporate customers and led small groups of students to “Capture-the-flag” (CTF) events. Finally, throughout the years, he presented to various corporate events and schools in the province of Quebec (CEGEPs and Highschools) to educate and promote the importance of security awareness and to teach technical concepts.

Return to training sessions