The Windows Internals Red Team Operator [CWI-RTO] lab offered by cyberwarfare.live is a comprehensive, hands-on learning environment designed to provide real-world experience in Microsoft Windows Internals. In this lab, you will unveil common Win32/NT APIs used by malwares and understand how malwares abuse internals from a user-mode perspective. You will perform various challenges/exercises to learn Windows Internals. You will also learn different kernel data structures (EPROCES, ETHREAD, KPCR etc.) through Windbg.
Syllabus
Simulate Red Team Cycle in Endpoint
Process and thread internals