Most security software on Windows run in kernel mode. This course starts with the basics of kernel mode software development and debugging and then progressively dives into the APIs, filtering mechanisms and advanced programming techniques required to implement kernel mode security software. Every topic in the course is accompanied by hands-on labs that involve extensive coding and debugging of kernel mode software to understand the programming model, the interfaces (APIs), their use cases and common pitfalls. This is a security focused course which does NOT cover development of drivers for hardware devices like PCI and USB, Bluetooth. This does NOT cover the Kernel Mode Driver Framework (KMDF).
Get a jump start into Windows kernel mode software development and debugging
Be able to perform common programming tasks required by kernel mode drivers
Understand the intricacies of kernel mode software development
Be able to use different filtering mechanisms provided by Windows to intercept and modify operations in the system
Be able to use kernel mode APIs to develop reasonably complex security functionality
Be able to use the debugger effectively to perform live debugging of kernel mode drivers
Be able to use tools other than the debugger to debug issues with kernel mode software
Understand how kernel mode rootkits and commercial anti-malware implement their functionality
The materials within this course focus on the Knowledge Skills and Abilities (KSAs) identified within the Specialty Areas listed below. Click to view Specialty Area details within the interactive National Cybersecurity Workforce Framework.