Windows Internals

Presented at A New HOPE (2022), July 24, 2022, 10 a.m. (50 minutes)

Explore the structure of Windows executable files and the operating system itself to better understand programs, services, malware, and defenses. Projects include: cheating at games, building malicious DLL libraries, stealing passwords from the API, building a keylogger, and debugging a driver. Tools used include pestudio, API Monitor, Visual Studio, OllyDbg, IDA Pro, Ghidra, and WinDbg. This workshop is istructured as a CTF, so each participant can proceed at their own pace. The techniques will be briefly demonstrated, and tips will be provided along with help as needed to make sure everyone is able to solve at least some of the challenges. No previous experience with Windows internals is required.

Presenters:

• Irvin Lemus
  **Irvin Lemus** has been in the industry for more than ten years as an MSP technician, consultant, instructor, and coordinator. He is currently the cybersecurity professor at Cabrillo College in Santa Cruz, CA.
• Kaitlyn Handelman
  **Kaitlyn Handelman** is a security engineer and consultant, defending high-value networks professionally. She has extensive experience in aerospace, radio, and hardware hacking.
• Elizabeth Biddlecome
  **Elizabeth Biddlecome** is a consultant and a part-time instructor at City College San Francisco, delivering technical training and mentorship to students and professionals.
• Sam Bowne
  **Sam Bowne** has been teaching computer networking and security classes at City College San Francisco since 2000. He founded Infosec Decoded, Inc., and does corporate training and consulting for several Fortune 100 companies on topics including incident response and secure coding.

Links:

• https://scheduler.hope.net/new-hope/talk/EPVHU8/

Similar Presentations:

• A New HOPE (2022) / Threat Hunting With Splunk
• A New HOPE (2022) / Violent Python 3
• A New HOPE (2022) / Cryptography and Smart Contract Security