Windows Kernel: Vulnerability Hunting Training

€600 EUR

~~EUR~~ €600 EUR

Sale Sold out

Instructor of the training: Juan Sacco is a security researcher and exploit developer specialising in reverse engineering, exploit development, and Windows kernel exploitation. He is the founder of Exploit Pack. [LinkedIn] [GitHub]

This training provides a deep, practical introduction to Windows kernel vulnerability hunting. By the end of the course, you’ll understand the full workflow, from identifying vulnerable drivers to reversing and classifying vulnerabilities using industry-standard tools.

What You Will Learn

PE structure and Windows internals
Driver internals, architecture, and debugging
Set up a proper lab environment for driver vulnerability research
Fuzzing Windows drivers using external tools
Ghidra and IDA Pro: from zero knowledge to reversing real samples
Using plugins for enhanced decompilation and reverse engineering
Analyse samples and understand vulnerability classes and types
Exploitation fundamentals and classification

Windows 11 security protections relevant to vulnerability hunting, including:

KASLR
Shadow Stack
SEH
SMEP/SMAP
Hypervisor-based protections (VBS / HVCI)

Course Overview

You’ll learn where and how to find real-world samples, how to identify vulnerabilities in Windows drivers, and how to dissect them by classification and type. We’ll slowly walk you through reversing these issues using Ghidra and IDA Pro, supported by dedicated plugins and tooling.

Topics Covered

Using IDA Pro and Ghidra for vulnerability research
Reversing PE binaries and WDM drivers
Exploit types and classification
Windows 11 exploit mitigations
Understanding and bypassing driver-level protections
Filtering, protection, and obfuscation techniques used by software vendors, including IOCTL hiding

Hands-on Exercises & Materials

You will practice against real vulnerable drivers and examples, including: