Almost all of the major breaches in the past have shown that the SOC/SIEM did not do their job well and alert the client to the breach. What are SOC/SIEMs missing and why? And how do fix this problem? The search for the proverbial needle in the haystack has become a daunting task as the haystack is now phenomenally big. How can Big Data help determine security intelligence?
indows Internals Essentials is meant for security professionals and cyber security analysts who want to review their Windows internals concepts and skillsets and bolster their foundations on the same. This course also will be useful for reverse engineers and malware analysts as well since a lot of the core concepts overlap when it comes to Windows malware and its interaction with the OS. Windows Internals Essentials will focus on building a thorough grasp of the key OS mechanisms and data structures in both ring 0 and ring 3 as well as developing proficiency in Sysinternals Suite, WDK (Windows Driver Kit), Windows Debugging Tools (x86/x64) to probe the OS layers. The course participants will also analyse both user mode and kernel mode malware with a focus on using Microsoft debuggers to extract relevant information. The transparency gained in your day to day analysis will be the prime motto of this course.
Course Objectives
- Obtain a solid grasp of the tools required to get the job done with a clear understanding of the pros and cons of each and the benefit of having a well streamlined toolkit.
- Understand the Windows OS system mechanisms and OS layers with a focus on the Windows kernel.
- Build proficiency in Windbg/KD/LiveKD and tweak the debugger to get the level of detail required for your analysis. Starting from setup and configuration you will cover and extensive array of Windbg commands, categorised by type, action and goal.
- Demistify system data structures, memory management and the Object manager in Windows.
- Catalog the IOC’s or Indicators of Compromise while dealing with malicious code using Windbg/KD.
- Understand how to capture and work with memory dumps inside the debugger
Who should attend
- Reverse engineers
- Malware analysts
- Penetration testers
- Security researchers
- C/C++ developers
- Cyber Security Professionals
- Students with aptitude