Developer’s Edition I provides an overview of technologies and techniques implemented to utilize backdoors and rootkits as the platform to introduce Windows development to the student. The course will start with basic Windows API’s and end with advanced Device Driver development.
- Creating a Simple Server in C
- Creating a Simple Client in C
- Multiplexing and Multi-threading Clients and Servers
- Developing a Command and Control Protocol
- Querying Processes Using the Windows API
- Implementing Reconnaissance techniques with Windows API Functions
- Understanding File transfers and Threading
- Using Windows API functions to Query and Alter the Windows Registry
- Writing and Understanding benign Dynamically Linked Libraries
- Exploring methods of persistence
- Understanding Droppers and Downloaders
- Creating an Application Windows Service
- Injecting and Writing a Malicious DLL
- Creating a Basic Windows Kernel Driver
- Using WinDebug to alter Windows Kernel Execution
- Loading and Unloading Drivers using the Windows API
- Implementing Driver Communication
- Hiding Processes using Direct Kernel Object Manipulation
- Hiding a Process by Hooking the System Service Dispatch Table
- Hiding a network Connection using IRP Hooking
- Implementing Direct Kernel Object manipulation on Windows 7x64
The materials within this course focus on the Knowledge Skills and Abilities (KSAs) identified within the Specialty Areas listed below. Click to view Specialty Area details within the interactive National Cybersecurity Workforce Framework.
If you would like to provide feedback for this course, please e-mail the NICCS SO at NICCS@hq.dhs.gov.