ＨｉｄｅＺｅｒｏＯｎｅ

This intense course covers the skills required to conduct a simulation of a sophisticated adversary, including the latest tradecraft and offensive tactics. During the training you will gain insight in to planning and conducting a red team operation including all the steps required to perform efficient opensource intelligence, design and automate the deployment of operational infrastructure, gain initial access and perform post-exploitation and lateral movement. You will learn how to bypass defensive controls including anti-virus, EDR, AMSI and application whitelisting that will leave you equipped to target even the most mature environments.

Syllabus

Introduction to red team operations

Active and passive reconnaissance

Infrastructure design concepts

Cobalt Strike and malleable profiles

Initial access techniques

Defensive evasion

Process Injection

Custom Tooling

Host triage

Persistence

Privilege escalation

Pivoting and lateral movement

Exploiting Active Directory

MacOS and Linux

MDSec: Adversary Simulation and Red Team Tactics

The cyber security industry has grown considerably in recent years, with more sophisticated attacks and consequently more defenders. To have a fighting chance against these kinds of attacks, kernel mode drivers must be employed, where nothing (at least nothing from user mode) can escape their eyes. The course provides the foundations for the most common software device drivers that are useful not just in cyber security, but also other scenarios, where monitoring and sometimes prevention of operations is required. Participants will write real device drivers with useful features that can then be modified and adapted to their particular needs.The course includes tips and techniques employed by the instructor in their own projects, based on years of experience.

Syllabus

Windows Internals quick overview

The I/O System

Device Drivers Basics

The I/O Request Packet

Kernel mechanisms

Programming Techniques

Process and thread monitoring

Object and Registry notifications

File system mini filters

Windows Filtering Platform

Programming Techniques II

Introduction to KMDF

ScorpioSoftware: Advance Windows Kernel Programming

The Windows system-level APIs provides a rich infrastructure for building Windows applications, whether client, server, and anything in between. This course guides the learner through the intricacies of the Windows API, while getting a deeper understanding of Windows mechanisms. The course deals with the most important parts of the Windows OS, such as processes, threads, memory management, I/O, services, security and more. Lab exercises help put the theoretical material into practical use.

Syllabus

Foundations

Objects and Handles

Processes

Jobs

Threads

Thread Synchronization

File and Device I/O

Memory Management

Dynamic Link Libraries

Security

Windowing

ScorpioSoftware: Windows System Programming

The Windows OS exposes many advanced services to system programmers through the Windows API, and to device driver writers through the Kernel API. The .NET framework wraps these services and runs on top of the Windows API and the Kernel. Good knowledge of what’s going on under the hood of the OS, which services are available and how to best utilize them helps in building better and more efficient software for Windows. Those working in the Cyber security space can greatly benefit from the course as it looks at all major Windows mechanisms. Lab exercises are used to reinforce the theoretical material.

Syllabus

System Architecture

Processes & Jobs

Threads

Memory Management

I/O System

Security

ScorpioSoftware: Windows Internals

Here is a brief description of the Windows Kernel Programming Class Recordings course offered by Pavel Yosifovich : The course is designed to provide an in-depth understanding of Windows kernel programming. It covers topics such as Windows Internals Overview, Device Driver Basics, Kernel Mechanisms, and Miscellaneous Techniques. The course is divided into 9 modules and is approximately 32 hours long. The course materials include PDFs, labs, and solutions to the labs. The course recordings are available for purchase at a cost of 490 USD. If you’re interested in purchasing the course, you can send an email to zodiacon@live.com with the title “Kernel Programming class recordings” ¹. Once you’ve paid, you’ll receive a link to the course recordings along with the course materials. You’ll also receive a 10% discount for the Advanced Windows Kernel Programming class in April, be added to a discord server that will host all the Alumni from my public classes, and have a live session with Pavel sometime in early April where you can ask questions about the class .

Syllabus

• Module 0: Introduction
• Module 1: Windows Internals Overview
• Module 2: The I/O System
• Module 3: Device Driver Basics
• Module 4: The I/O Request Packet
• Module 5: Kernel Mechanisms
• Module 6: Process and Thread Monitoring
• Module 7: Object and Registry Notifications
• Module 8: File System Mini-Filters Fundamentals
• Module 9: Miscellaneous Techniques

ScorpioSoftware: Windows Kernel Programming