Sale!

Windows Internals Red Team Operator [CWI-RTO] Course

Original price was: €45.00.Current price is: €14.00.

Price: 15.00 USD | Size: 7.22 GB |   Duration : 19.48 Hours |87 Video Lessons |

BRAND:

ENGLISH | INSTANT DOWNLOAD | ⭐️⭐️⭐️⭐️⭐️4.9

Description

Price: 15.00 USD | Size: 7.22 GB |   Duration : 19.48 Hours |87 Video Lessons |

BRAND: Expert TRAINING | ENGLISH | INSTANT DOWNLOAD | ⭐️⭐️⭐️⭐️⭐️4.9

 

Windows Internals Red Team Operator [CWI-RTO]

“Advanced Windows Internals Red Team Operator Training”

  • Start your journey in Microsoft Windows Internals
  • Unveil common Win32/NT APIs used by the malwares
  • Understand malwares abusing internals from user-mode perspective
  • Perform various challenges/exercises to learn Windows Internals
  • Learn different kernel data structures (EPROCES, ETHREAD, KPCR etc.) through Windbg

Learn about Interrupts and Exception

Object Security (Token, SID, etc)

Object and handles

Simulate Red Team Cycle in Endpoint

Process and thread internals

Portable Executable Basics

System Calls

Develop Malwares & Simulate Adversaries

  • Abuse Exceptions to hijack code execution
  • Perform Direct System Calls
  • Process & Thread Internals for Process Injection
  • Perform Manual Token Manipulation
  • Code in c/c++
  • Deep Analysis of CVEs

Pre-requisites

Following are the requirements:

Target Audience

Designed specifically for intermediate & Advanced audiences having interest in:

 

01. CWI-RTO Course Introduction
1. Welcome to the CWI-RTO Course
02. Module 0 – Labsetup
1. CWI-RTO Lab Setup
03. Module 1 – Windows Architecture
1. High-Level Overview of Windows Architecture
2. User & Kernel Mode APIs
04. Module 2 – Interrupts
1. Interrupt Overview
2. Interrupt Lab-Windbg
3. Interrupt Theory
4. KTRAP_FRAME & KINTERRUPT
5. Interrupt Dispatching – IDA Analysis
05. Module 3 – Exceptions
1. Exception-Internals
2. Exception-Analysis-IDA
3. Exception-Dispatching-Windbg
4. Exercise-Exception
06. Module 4 – Objects
1. Object Manager
2. Object
3. Exercise-object & subheaders
4. Object Type
5. Excercise-Decode-TypeIndex
07. Moduel 5 – Handles
1. Handles Intro
2. Multi-level-handle-table & handle-table-entry-lookup
3. Exercise-Process Handle Table
4. Exercise-Global-Handle-Table
5. Exercise-Calculating-Process-ID
6. Exercise-Query-Handle & Object
7. Exercise-Finding-Leak-Handle-Guide
08. Module 6 – Processes
01. Intro
02. Process-Continue
03. Process-EPROCESS & KPROCESS
04. Process-EPROCESS & KPROCESS-continuation
05. EPROCESS-Userland Touch
06. Exercise NtQuerySystemInformation
07. Process Environment Block (PEB)
08. PEB-Windbg
09. PEB-Parsing Loaded Modules
10. Process Creation Brief
11. Exercise-NtCreateProcess
12. Exercise-NtCreateProcess-Continue
13. Classic Process Injection Intro
14. Classic Process Injection and brief on Process Attachment
09. Moudle 7 – Threads
01. Thread Intro
02. Thread-Priority
03. Thread-Scheduling-Basic
04. Thread-Some-Linked-List
05. Thread-Context-Swapping
06. Context-Swapping-continue
07. Thread-Context-Swapping-Continue
08. Thread-Context-Swapping-final
09. Exercise-Remote Thread Hijacking
10. Exercise-Thread-Context-Hijacking
10. Module 8 – APC
01. APC basics
02. APC Environment
03. KeInitialize Apc
04. KeInitializeApc-continue
05. KeInsert Queue APC
06. KiInsertQueueApc Continue
07. KiInsertQueueApc Addition
08. KiDeliverApc
09. KiDeliverApc-continue
10. KiDeliverApc-addition
11. KiDeliverApc-KiInitializeApc-continue
12. KiDeliverApc-UserMode-Final
13. Exercise-Early Bird Injection
11. Module 9 – Portable Executable (PE)
1. PE-Brief Intro
2. Exercise-PE-Parsing
3. Exercise-Parsing-EAT
4. Exercise-Parsing-IAT

5. IAT-Hooking-intro
6. Exercise-Iat-Hooking
12. Module 10 – Syscall
1. Syscall-Intro
2. SystemCall-Debugging
3. SystemCall-Debugging-continue
4. SyscallNo-Translation
5. Syscall-FunctionParameters
6. Direct-SysCall
7. DirectSyscall-task-spoiler
8. Vectored-syscall-handler
13. Module 11 – Security
01. SID-&Mandatory-Integrity-Level
02. Exercise-Parsing-Token
03. SecurityDescriptor-Intro
04. Experiment-On-DACL&MandatoryIntegrity
05. SecurityDescriptor-PeekInto-NtOpenProcess
06. Exercise-Parsing-ACE-Windbg-Mimiking-RtlGetAce
07. Experiment-Null-Security-Descriptor
08. Privileges-Intro
09. Privileges-NtAdjustPrivilegeToken-WRK
10. Token-Brief-Intro
11. Token-Impersonation-Windgb-Analysis-&-Tips-On-Duplicating-Handle


Discover more from Easy Learning

Subscribe to get the latest posts sent to your email.

You may also like…

Add to cart