Mastering Windows Internals

Mastering
Windows Internals

Mastering
Windows Internals

Mastering
Windows Internals

Learn how to navigate the complex Windows kernel, understand the lifecycle of binaries, grasp the intricacies of authentication and authorization, explore various persistence techniques, and gain a deep understanding of the Windows Registry.

Learn how to navigate the complex Windows kernel, understand the lifecycle of binaries, grasp the intricacies of authentication and authorization, explore various persistence techniques, and gain a deep understanding of the Windows Registry.

Get a special offer

Get access

Mastering
Windows Internals

Learn how to navigate the complex Windows kernel, understand the lifecycle of binaries, grasp the intricacies of authentication and authorization, explore various persistence techniques, and gain a deep understanding of the Windows Registry.

Get a special offer

Get access

Get hands-on experience with a diverse toolkit that includes lesser-known open-source tools and paid software, enabling you to put your knowledge into practice effectively.

deepen your comprehension
of crucial cybersecurity concepts

deepen your comprehension
of crucial cybersecurity concepts

deepen your comprehension
of crucial
cybersecurity
concepts

improve your skill set

improve your skill set

improve your
skill set

explore new
career prospects
in the cybersecurity
field

explore new career prospects
in the cybersecurity field

explore new
career prospects
in
the cybersecurity field

Get access to the course

Get access to the course


Course outline


Course outline

1.Talking to the Windows Kernel

1.Talking to the Windows Kernel

1.Talking to the Windows Kernel

We kick off with a highly engaging topic - BYOVD or Bring Your Own Vulnerable Driver. Rather than struggling to get into the Windows kernel, you can leverage code that already has permission to run there. You can halt what seems unstoppable, read what appears unreadable, or even crash the system due to a minor error. This module explains syscalls, IOCTLs, and FCTLs. You can anticipate a lot of C programming, but the silver lining is that it's primarily about interpreting the code already prepared for you.

We kick off with a highly engaging topic - BYOVD or Bring Your Own Vulnerable Driver. Rather than struggling to get into the Windows kernel, you can leverage code that already has permission to run there. You can halt what seems unstoppable, read what appears unreadable, or even crash the system due to a minor error. This module explains syscalls, IOCTLs, and FCTLs. You can anticipate a lot of C programming, but the silver lining is that it's primarily about interpreting the code already prepared for you.

2.EXEs, DLLs, and Other Binaries

2.EXEs, DLLs, and Other Binaries

2.EXEs, DLLs, and Other Binaries

Running an EXE file is simple - a double-click suffices. But what transpires thereafter? How are required binaries located, loaded, utilized, or misused? Brace yourself for a journey into processes, PE files, search orders, and PEBs. And not to forget, LOLBins.

Running an EXE file is simple - a double-click suffices. But what transpires thereafter? How are required binaries located, loaded, utilized, or misused? Brace yourself for a journey into processes, PE files, search orders, and PEBs. And not to forget, LOLBins.

3. Authentication and Authorization

3. Authentication and Authorization

3. Authentication and Authorization

In the realm of security, the two paramount questions are "Who are you?" and "What are you trying to do?". In this module, we delve into the mechanisms that answer these crucial questions. We concentrate on local mechanisms (no Active Directory this time), allowing us to investigate more deeply.

In the realm of security, the two paramount questions are "Who are you?" and "What are you trying to do?". In this module, we delve into the mechanisms that answer these crucial questions. We concentrate on local mechanisms (no Active Directory this time), allowing us to investigate more deeply.

4. Persistence Techniques

4. Persistence Techniques

4. Persistence Techniques

We don't question whether you're attacking or defending Windows systems. However, irrespective of your role, you should understand how an operating system can be manipulated to execute atypical code. While we won't cover all methods, I will strive to present a systematic approach and categorization, enabling you to attack or defend Windows systems as per your requirements.

We don't question whether you're attacking or defending Windows systems. However, irrespective of your role, you should understand how an operating system can be manipulated to execute atypical code. While we won't cover all methods, I will strive to present a systematic approach and categorization, enabling you to attack or defend Windows systems as per your requirements.

5. Windows Registry

5. Windows Registry

5. Windows Registry

I won't be showing you how to change the desktop wallpaper or enable SMB Signing. But if you aspire to do that someday, you'll understand how the data is recorded, where it's stored, and how the operating system uses it. You'll also comprehend why one of the most frequently used Registry keys doesn't actually exist and what transpires if the path contains more than 512 levels. And yes, we'll delve into some even more nerdy stuff.

I won't be showing you how to change the desktop wallpaper or enable SMB Signing. But if you aspire to do that someday, you'll understand how the data is recorded, where it's stored, and how the operating system uses it. You'll also comprehend why one of the most frequently used Registry keys doesn't actually exist and what transpires if the path contains more than 512 levels. And yes, we'll delve into some even more nerdy stuff.

6. The Toolkit

6. The Toolkit

6. The Toolkit

The course wouldn't be complete without tools. At times it's lesser-known open-source software, at others, it's appropriately configured Sysinternals utilities that you use every day, and sometimes it's reasonably priced commercial software. I will share what tools I use and, more importantly, how I use them. By the end of the course, you'll have acquired the knowledge that empowers you to continue your learning journey independently.

The course wouldn't be complete without tools. At times it's lesser-known open-source software, at others, it's appropriately configured Sysinternals utilities that you use every day, and sometimes it's reasonably priced commercial software. I will share what tools I use and, more importantly, how I use them. By the end of the course, you'll have acquired the knowledge that empowers you to continue your learning journey independently.

Mastering Windows Internals Course

Mastering
Windows Internals Course

Course Access Only


Access to course with carefully curated collection of crucial modules that will elevate your expertise in cybersecurity, specifically focusing on mastering Windows Internals.

$499 one-time payment

Access to 6 x 90-min recorded sessions
based on the Course Outline

Lifetime access to
all the recordings and future updates



Get Course Access

$499

$499 one-time payment

Course + Community Access


Access to relevant stuff that matters for those who want to be smarter about Microsoft Security, level up cybersecurity skills, and accelerate a career.

$999 one-time payment

Everything in Course Access

2 live sessions per month from
Grzegorz Tworek and external guest speakers

Recordings of all 23 x 90 min previous sessions

Lifetime access to the community
of 150+ cybersecurity professionals

Get Community Access

$999

$999 one-time payment


BONUS:
Mastering Windows Forensics courses

For those who choose Course + Community Access, as a bonus, you will also get access to the “Mastering Windows Forensics” Course (a $399 value) included in our membership platform.


Who is Mastering Windows Internals for

Who is Mastering Windows Internals for


You're ready
to delve deeper


You're ready
to delve deeper

but unsure of the most effective path to advance your knowledge.

but unsure of the most effective path to advance your knowledge.

You have extensive experience
in cybersecurity

You have extensive experience
in cybersecurity

but you feel like you've hit a plateau.

but you feel like you've hit a plateau.


You're eager to tackle more
complex challenges


You're eager to tackle more
complex challenges

but the landscape of Windows internals seems vast and overwhelming.

but the landscape of Windows internals seems vast and overwhelming.

You want to upskill

You want to upskill

but the thought of self-guided learning feels too daunting and unstructured.

but the thought of self-guided learning feels too daunting and unstructured.

You want to stand out
in your field

You want to stand out
in your field

but are unsure how to elevate your expertise beyond the norm.

but are unsure how to elevate your expertise beyond the norm.

Perhaps you're already
a seasoned professional

Perhaps you're already
a seasoned professional

but you feel like you're not progressing at the pace you anticipated.

but you feel like you're not progressing at the pace you anticipated.

Maybe you're a penetration tester, a security researcher,
or a system administrator

Maybe you're a penetration tester, a security
researcher, or a system administrator

and you're ready for the next step, but you need
the right course to guide you.

and you're ready for the next step, but you need
the right course to guide you.

Who is Mastering
Windows Internals for


You're eager
to tackle more
complex challenges

but the landscape of Windows internals seems vast and overwhelming.

You want
to upskill

but the thought of self-guided learning feels too daunting and unstructured.

You want to stand
out
in your field

but are unsure how to elevate your expertise beyond the norm.

Perhaps you're
already a seasoned
professional

but you feel like you're not progressing at the pace you anticipated.


You're ready
to delve deeper

but unsure of the most effective path to advance your knowledge.


You have extensive
experience in
cybersecurity

but you feel like
you've hit
a plateau.


Maybe you're
a penetration tester,
a security researcher,
or a system
administrator

but you feel like
you've hit
a plateau.

Mastering
Windows Internals

Course Access Only


Access to course with carefully curated collection of crucial modules that will elevate your expertise in cybersecurity, specifically focusing on mastering Windows internals.

$499

$499 one-time payment

Access to 6 x 90-min recorded sessions
based on the Course Outline

Lifetime access to
all the recordings and future updates

Get Course Access

Course + Community Access


Access to relevant stuff that matters for those who want to be smarter about Microsoft Security, level up cybersecurity skills, and accelerate a career.

Everything in Course Access

2 live sessions per month from Grzegorz
Tworek and external guest speakers

Recordings of all 23 x 90 min
previous sessions

Lifetime access to the community
of 150+ cybersecurity professionals

Get Community Access

$999

$999 one-time payment


BONUS:
Mastering Windows Forensics courses

For those who choose Course + Community Access, as a bonus, you will also get access to the “Mastering Windows Forensics” Course (a $399 value) included in our membership platform.


Curated by Grzegorz Tworek

Curated by Grzegorz Tworek

Curated by Grzegorz Tworek

Microsoft MVP, Security Fanatic, personified Windows Defender. Member of Microsoft Security Trusted Advisors and the Microsoft Springboard Technical Experts Panel.

Led the Windows Team in the NATO Cooperative Cyber Defence Centre of Excellence’s Locked Shields exercises in 2021, 2022, and 2023.

Also has a contribution to the GitHub Archive Program’s Arctic Code Vault and has been nominated as a Microsoft Most Valuable Professional for 17 consecutive years, starting from 2007.

Trusted by professionals

Trusted by professionals

Tomasz Onyszko

CTO of Predica, Microsoft
Regional Director
(ex 14 times MVP)

In its unique way, Grzegorz knows how to convey his deep knowledge in real-world use cases and scenarios. Learning with him and tapping into his way of thinking is
a one-of-a-kind learning experience.

John Hammond

Cybersecurity Researcher,
Educator

The way Greg (Grzegorz) presents topics is truly engaging and fascinating. His knowledge is of high quality and top-notch. If you want to dive deeper into Microsoft Security, learning from him is a must.

Piotr Więcek

Freelance Offensive
Security Specialist

Grzegorz is a recognized expert in the field of Windows, excelling at simplifying complex topics for easy understanding.
The materials he presented during the sessions helped me improve my skills as a penetration tester.

FAQ

FAQ

Is it a monthly payment?

Is there any guarantee?

Is it exclusively for professionals?

© 2024 gtworek.com