Offensive Driver Development
Learn how to develop a Windows driver with a variety of abuse primitives.
Learn how to set up a development testing environment for writing Windows kernel-mode drivers using Hyper-V, WinDbg, and Visual Studio. Cover the basic anatomy of a driver from loading and unloading, I/O control codes, interaction from userland, and kernel debugging. Implement various abuse primitives including removing process protection, disabling kernel callback routines and driver signature enforcement.
Course Curriculum
-
1
-
What is a Driver?
FREE PREVIEW -
Configure your Development Environment
FREE PREVIEW -
Driver Entry
FREE PREVIEW -
Printing Debug Messages
FREE PREVIEW -
Loading and Running the Driver
FREE PREVIEW -
Driver Unload
FREE PREVIEW -
Dispatch Routines
FREE PREVIEW -
Client-Side Code
FREE PREVIEW -
Dispatch Device Control
FREE PREVIEW -
Sending Data to the Driver
FREE PREVIEW -
Returning Data from the Driver
FREE PREVIEW -
Kernel Debugging
FREE PREVIEW
-
-
2
-
Introduction
-
Unprotecting Processes
-
Protecting Processes
-
Windows Version Check
-
-
3
-
Introduction
-
Token Privileges Structure
-
Enabling Token Privileges
-
-
4
-
Introduction
-
PspCreateProcessNotifyRoutine Array
-
Getting Module Information
-
Returning Data to the Client
-
Removing a Callback Routine
-
Thread & Image Load Notifications
-
FAQ
-
What hardware or software is required?
A physical Windows host and another virtual Windows host running inside Hyper-V.
-
How much C++ do I need to know?
Foundational knowledge would be useful, but not absolutely essential.