• Classroom

Most security software on Windows run in kernel mode. This course starts with the basics of kernel mode software development and debugging and then progressively dives into the APIs, filtering mechanisms and advanced programming techniques required to implement kernel mode security software. Every topic in the course is accompanied by hands-on labs that involve extensive coding and debugging of kernel mode software to understand the programming model, the interfaces (APIs), their use cases and common pitfalls. This is a security focused course which does NOT cover development of drivers for hardware devices like PCI and USB, Bluetooth. This does NOT cover the Kernel Mode Driver Framework (KMDF).

Learning Objectives

  • Get a jump start into Windows kernel mode software development and debugging
  • Be able to perform common programming tasks required by kernel mode drivers
  • Understand the intricacies of kernel mode software development
  • Be able to use different filtering mechanisms provided by Windows to intercept and modify operations in the system
  • Be able to use kernel mode APIs to develop reasonably complex security functionality
  • Be able to use the debugger effectively to perform live debugging of kernel mode drivers
  • Be able to use tools other than the debugger to debug issues with kernel mode software
  • Understand how kernel mode rootkits and commercial anti-malware implement their functionality

Framework Connections

The materials within this course focus on the Knowledge Skills and Abilities (KSAs) identified within the Specialty Areas listed below. Click to view Specialty Area details within the interactive National Cybersecurity Workforce Framework.

Feedback

If you would like to provide feedback for this course, please e-mail the NICCS SO at NICCS@hq.dhs.gov.