Offensive System/Kernel Development for Windows
- پیشرفته
- مسیر قرمز
- ۱۹ درس
نام دوره: Offensive System/Kernel Development for Windows
دربارهی این دوره
این دوره به چه افرادی توصیه میشود؟
- تحلیلگران و محققین امنیت سایبری
- کارشناسان ارزیابی امنیت/تست نفوذ/تیم قرمز
- افراد فعال در زمینهی Bug Bounty سیستمی
- برنامهنویسان سیستمی و توسعهدهندگان محصولات امنیتی
- مشاورین امنیت سایبری
- علاقهمندان به توسعه و تحلیل بدافزار
برای حضور در این دوره چه دانشهایی باید داشته باشم؟
- آشنایی با مفاهیم Windows Internals
- آشنایی با زبان برنامهنویسی C یا C++ در سطح متوسط
سرفصلهای دوره
-
Windows System Architecture
-
Overview
-
Tools
-
Processes
-
Virtual Memory
-
Threads
-
User Mode vs. Kernel Mode Architecture Overview
-
System Calls
-
Introduction to WinDBG
-
-
Windows API Foundation
-
Windows APIs
-
Using Visual Studio
-
Common Types and Conventions
-
Working with Strings
-
64-Bit vs. 32-Bit Development
-
-
Kernel Objects
-
What is Kernel Object?
-
A Process Kernel Object Handle Table
-
Working with Handles
-
Sharing Objects
-
Object Names
-
-
Process
-
Process Creation
-
The Main Function(s)
-
Creating Processes
-
Process Termination
-
Enumerating Processes
-
DLLs
-
-
Jobs
-
Introduction to Jobs
-
Creating Jobs
-
Nested Jobs
-
Querying Job Information
-
Setting Job Limits
-
Job Notifications
-
-
Thread
-
Thread basics
-
Creating threads
-
Thread Priorities
-
Thread Scheduling
-
Thread Stacks
-
Hooking
-
-
Windows Thread Pool
-
Scenari1: Call a Function Asynchronously
-
Scenari2: Call a Function at a Timed Interval
-
Scenari3: Call a Function When a Single Kernel Object Becomes Signaled
-
Scenari4: Call a Function When Asynchronous I/Requests Complete
-
Callback Termination Actions
-
-
Fibers
-
Overview
-
Working with Fibers
-
-
Memory
-
Process address space
-
Process memory counters
-
Reserving and Committing Memory
-
The Heap Manager
-
Memory Mapped Files
-
Summary
-
-
Dynamic-Link Libraries
-
DLL and Process Address Space
-
Building DLL Module
-
What exporting Really means?
-
Creating DLLs for use with Non-Visual C++ Tools
-
Building the Executable Module
-
-
DLL Advanced Techniques
-
The DLL’s Entry-Point Function
-
Delay-Loading a DLL
-
Function Forwarders
-
Known DLLs
-
DLL Redirection
-
Rebasing Modules
-
Binding Modules
-
-
Security
-
Introduction
-
SIDs
-
Tokens
-
Privileges
-
Access Masks
-
User Access Control
-
Integrity Levels
-
Specialized Security Mechanisms
-
-
Registry
-
The Hives
-
32-bit Specific Hives
-
Working with Keys and Values
-
Registry Notifications
-
Transactional Registry
-
Registry and Impersonation
-
Remote Registry
-
Miscellaneous Registry Functions
-
-
The I/System and Device Drivers
-
Device Drivers
-
The Windows Driver Model (WDM)
-
Driver types
-
Software drivers
-
Driver and device objects
-
I/Processing and Data Flow
-
Accessing files and devices
-
Asynchronous I/O
-
-
Kernel programming basics
-
C++ in a kernel driver
-
Creating a driver project Building and deploying The kernel API
-
Strings
-
Linked Lists
-
Kernel Memory Pools
-
The DriverEntry function
-
The Unload routine
-
Installation
-
-
Building a complete driver and Client Creating a device Object
-
Exporting a device name
-
Building a driver client
-
Driver dispatch routines
-
Introduction tI/Request Packets (IRPs) Completing IRPs
-
Accessing user space buffers
-
Handling DeviceIoControl calls
-
Testing the driver
-
Debugging the driver
-
Using WinDbg with a virtual machine
-
The driver verifier
-
-
The I/O Request Packet
-
Introduction to IRPs
-
Device Nodes
-
IRP Flow
-
IRP and I/O Stack Location
-
Viewing IRP Information
-
Dispatch Routines
-
Completing a Request
-
Accessing User Buffers
-
Buffered I/O
-
Direct I/O
-
User Buffers for IRP_MJ_DEVICE_CONTROL
-
Putting it All Together: The Zero Driver
-
Using a Precompiled Header
-
The DriverEntry Routine
-
The Create and Close Dispatch Routines
-
The Read Dispatch Routine
-
The Write Dispatch Routine
-
Test Application
-
Read/Write Statistics
-
-
Process and Thread Notifications
-
Process creation/destruction callback
-
Specifying process creation status
-
Thread creation/destruction callback
-
Notifying user mode
-
Writing a user mode client
-
User/kernel communication
-
-
Object and Registry Notifications
-
Process/thread object notifications
-
Pre and post callbacks
-
Registry notifications
-
Performance considerations
-
Reporting results to user mode
-
Summary
-
گواهینامهی دوره
