WS-7 | WORKSHOP

Windows Internals & Reverse Engineering

by Vivek Arora and Bhaskar Rastogi

WORKSHOP OBJECTIVE

Learn the internal of Windows NT kernel architecture and how various kernel components work together at the lowest level. Understand the different system mechanisms employed by the kernel, the executives and device drivers. Finally, learn how to use a debugger(WinDBG) and the ways it can be used to look at the important data structures and perform dump analysis.

COURSE CONTENT (ToC)

  • System Architecture
    • OS Model
    • Environment Subsystem & Subsystem DLLs
    • Executive / Kernel / HAL
    • Device Drivers
    • System Processes
  • Setting up WinDBG
    • Symbol Server Setup
    • Using debugger with a Virtual Machine
  • Assembly Language
    • CPU Architecture
    • Instruction Set
    • Disassembly & Reversing using debugger
  • Exploring Process Layout
    • Peeking into Process Memory
    • Stack & Heap
    • Important Data Structures and debugger extensions

PREREQUISITE

  • Basic understanding on Windows

PARTICIPANTS REQUIREMENTS

  • Laptop capable to run the provided virtual machine

DURATION (1/2 DAY)

1 day

WHO SHOULD ATTEND

Anyone who wants to learn about Windows Internals and equip themselves with the knowhow on reversing

WHAT TO EXPECT

  • A fast paced hands on workshop

WHAT NOT TO EXPECT

That you’d crack the next bounty program from Microsoft.

SPEAKERS

Vivek Arora

Escalation Engineer

Microsoft India R&D Pvt. Ltd.

Vivek works with Microsoft as an Escalation Engineer for Windows focusing on Memory Dump Analysis & Reverse Engineering & has deep insights into Windows Internals. His fields of interest include malware analysis, reverse engineering, memory forensics, rootkit analysis & APT attacks. He has been delivering trainings on these topics to Government Agencies across the world and Fortune 500 Companies. Here is a brief of skills he has acquired in his role:

  • Windows server and desktop OS kernel debugging
  • Windbg
  • Crashdump Analysis
  • Code-level trace analysis for kernel mode and user mode components
  • Memory Forensics
  • Reverse Engineering
  • Network Security

Bhaskar Rastogi

Escalation Engineer

Microsoft India R&D Pvt. Ltd.

Bhaskar is an Escalation Engineer within Enterprise Platforms Group in Microsoft. His daily job revolves around Reverse Engineering & Memory Dump Analysis. His area of interest include malware analysis, memory forensics, rootkit analysis, and deep dive into how various windows components work via code review & reverse engineering.

CONFERENCE PARTNERS

PLATINUM SPONSORS

GOLD SPONSORS

SILVER SPONSORS

BRONZE SPONSORS

SUPPORTING PARTNERS

ACADEMIA PARTNER

MEDIA PARTNERS

ONLINE MEDIA PARTNER

INTERNET PARTNER

AIRLINE PARTNER

ACCOMODATION PARTNER

TICKETING PARTNER

COMMUNITY PARTNER

OVERSEAS RESOURCE PARTNER

EVENT PARTNER

VIDEO PRODUCTION PARTNER