Windows Internals for Security Analysts
K-12 Cybersecurity Education Calendar
Alliance for Fort Eisenhower – FortGordonAlliance.com
Windows Internals for Security Analysts
October 2 @ 9:00 am - October 3 @ 4:00 pm
$499Trainer Bios: Adam Duby has twelve years experience in cyber security across operational, research, and academic roles with specialties in digital forensics and Windows malware analysis. He led an operational malware analysis cell before serving as an assistant professor of computer science at West Point (United States Military Academy). At West Point, Adam instructed courses in digital forensics and cyber security engineering. Additionally, he acts as an adjunct professor at Norwich University, where he developed and taught the malware forensics curriculum. Adam received his Ph.D. from the University of Colorado where he researched malware classification using machine learning.
Course Description: This immersive hands-on training is a deep dive into the inner workings of Windows with an emphasis on security topics. Guided by the instructor, participants will write and compile programs using C/C++, then inspect the compiled binaries in IDA/Ghidra to examine the internals of some of the most prevalent Win32 API calls. We will examine executables and subsystem DLLs in IDA to gain insight into their functionality and trace function calls from user space into native system calls. Malware use cases are explored with emphasis on interactions with the kernel. Lab topics include DLL injection, process injection, hooking, handle tables, Heaven’s gate, and more. Some Python and PowerShell is used to examine runtime behavior and explore system artifacts. Participants will acquire enhanced proficiency in explaining host-based behaviors and software reverse engineering techniques tailored for Windows environments. Code and lab walkthroughs will be provided.
Knowledge/Experience/Prerequisites: Participants should have some basic knowledge of C or C++ programming. Some exposure to reverse engineering and x64-86 assembly would be helpful, though not required.
What attendees need to bring: Laptop w/ Windows 11, IDA (Free), and Visual Studios 2022 installed (or an equivalent Windows VM)
Price: $499
Registration Deadline: 9/28/2024