ＨｉｄｅＺｅｒｏＯｎｅ

The Windows system-level APIs provides a rich infrastructure for building Windows applications, whether client, server, and anything in between. This course guides the learner through the intricacies of the Windows API, while getting a deeper understanding of Windows mechanisms. The course deals with the most important parts of the Windows OS, such as processes, threads, memory management, I/O, services, security and more. Lab exercises help put the theoretical material into practical use.

Syllabus

Foundations

Objects and Handles

Processes

Jobs

Threads

Thread Synchronization

File and Device I/O

Memory Management

Dynamic Link Libraries

Security

Windowing

ScorpioSoftware: Windows System Programming

The Windows OS exposes many advanced services to system programmers through the Windows API, and to device driver writers through the Kernel API. The .NET framework wraps these services and runs on top of the Windows API and the Kernel. Good knowledge of what’s going on under the hood of the OS, which services are available and how to best utilize them helps in building better and more efficient software for Windows. Those working in the Cyber security space can greatly benefit from the course as it looks at all major Windows mechanisms. Lab exercises are used to reinforce the theoretical material.

Syllabus

System Architecture

Processes & Jobs

Threads

Memory Management

I/O System

Security

ScorpioSoftware: Windows Internals

Here is a brief description of the Windows Kernel Programming Class Recordings course offered by Pavel Yosifovich : The course is designed to provide an in-depth understanding of Windows kernel programming. It covers topics such as Windows Internals Overview, Device Driver Basics, Kernel Mechanisms, and Miscellaneous Techniques. The course is divided into 9 modules and is approximately 32 hours long. The course materials include PDFs, labs, and solutions to the labs. The course recordings are available for purchase at a cost of 490 USD. If you’re interested in purchasing the course, you can send an email to zodiacon@live.com with the title “Kernel Programming class recordings” ¹. Once you’ve paid, you’ll receive a link to the course recordings along with the course materials. You’ll also receive a 10% discount for the Advanced Windows Kernel Programming class in April, be added to a discord server that will host all the Alumni from my public classes, and have a live session with Pavel sometime in early April where you can ask questions about the class .

Syllabus

• Module 0: Introduction
• Module 1: Windows Internals Overview
• Module 2: The I/O System
• Module 3: Device Driver Basics
• Module 4: The I/O Request Packet
• Module 5: Kernel Mechanisms
• Module 6: Process and Thread Monitoring
• Module 7: Object and Registry Notifications
• Module 8: File System Mini-Filters Fundamentals
• Module 9: Miscellaneous Techniques

ScorpioSoftware: Windows Kernel Programming

Let’s make it short. You’re interested in Windows security, right? Otherwise you wouldn’t be here. You are either led by natural curiosity of security researcher or doing penetration testing professionally, or both. And maybe you need to get better understanding of how privilege escalation works in Microsoft environments. So here’s what’s in the course. It is indeed about escalating privileges in Windows. But it’s not only about getting SYSTEM, as there are other shades of that tactic. From the course you’ll learn about becoming another user, breaking out from Medium to High Integrity Level, or from High to System, and abusing privileges assigned to your access token to get more powers on the box. You will get access to a complete testing environment with many misconfigurations and vulnerable services plus code templates with full building toolchain. As we usually do in SEKTOR7 it’s a ready-to-use package prepared for any student who’s willing to take some time and experiment and learn new things. So if you’re still interested, get on board, relax and take a great journey through the world of Windows security. You’ll love it!

Syllabus

Intro and Setup

Credentials

Unsecured Objects

Execution Flow Hijacking

Getting SYSTEM

Assigments

RED TEAM Operator: Privilege Escalation in Windows Course

Real threat actors utilize various Tactics, Techniques and Procedures (aka TTPs). One of the tactic is Persistence – a way to survive a breached machine restart and preserve access to a target environment. There is a lot of focus on what methods adversaries use to exploit a particular vulnerability or how their C2 channels and infrastructure look like. Less often you find discussions about persistence. This course is aiming to change that. You will learn almost 30 different persistence techniques working on Windows 10. Most of them were used by nation-state threat actors, like EquationGroup, Turla, APT29, ProjectSauron or malware, including Flame or Stuxnet. As usual you will get not only full explanation of each technique with examples, but also a working code templates (written in C) and a complete development environment you can experiment with.

Syllabus

Intro and Setup

Low Privilege Persistence

Admin Level Persistence

Assignments

RED TEAM Operator: Windows Persistence Course