Trainings

Winsider specializes in delivering in-depth training on a variety of topics related to operating system internals, focusing on the Windows platform, from historical design decisions to the latest developments, while comparing with, and contrasting to, Mac and Linux design.

Our training courses not only cover Windows user-mode and kernel-mode developer topics, such as ETW and the loader, or scheduling and memory management, but also architectural topics such as x64 page table translation, virtualization, FRED, and IOAPIC redirection. For security-minded organizations, our courses are tailored to include examples of past exploits at both the software and hardware level, as well as future possibilities and architectural weaknesses.

Classes include deep analysis of multiple Windows OS and Intel CPU mitigations and features, such as usage of Intel/AMD Virtualization technologies (VT-x, VT-rp), Linear Address Space Separation (LASS), Hypervisor Linear Address Translation (HLAT), Flexible Return & Event Delivery (FRED), Mode-Based Execution Controls (MBEC), Supervisor Mode Execution Prevention (SMEP)m Restricted User Mode (RUM), Isolated User Mode (IUM), Virtualization-Based Security (VBS) Enclaves, Software Guard Extensions (SGX), Non-Privileged Instruction Execution Prevention (NPIEP), User-Mode Instruction Prevention (UMIP), Control-flow Enforcement Technology (CET), Control Flow Guard (CFG) and more.

Updated once every quarter, courses always include the latest developments in OS and CPU architecture, including Windows 11 “Germanium” / 24H2, the upcoming “Selenium” / 25H2 and Server 2025, as well as advances in the upcoming Intel Panther Lake Microarchitecture.

Windows Internals (Developer/Security)

Offered in two tracks (one geared towards security experts, and one for developers), this thorough course on the Windows kernel (both from a functional and programmatic view) and its related system components, each available in a 5-day hands-on version.

Windows Internals (Advanced)

Offered exclusively as an add-on to the developer track of the Windows Internals course, this 5-day hands-on course integrates all of the concepts from the security track, adds additional security-related material, while also going deeper into developer-focused topics.

Windows Filter Driver Development

This entirely hands-on course, available in 5 days, covers the end-to-end development of a Windows filter driver and associated user-mode component, going over the main Windows filtering stack: process, thread, object, registry, file system, and network.

Windows Internals (Forensic Analysis)

Offered as a full ten day course, this course combines many of the topics in the internals and advanced course, with a twist on forensic analysis instead of development, and addresses specific needs of organizations dealing with incident response.

Windows Debugging for Security Researchers

An in-depth exploration of low-level Windows debugging using WinDbg and associated tools. It is designed for advanced users who seek to understand the intricacies of the Windows OS for security and forensic analysis, plugin development, and scripting.

“Modern” Windows Internals Update

This special 3-day course is available to organizations that completed a Windows Internals course with us in the past and who specifically require an updated “refresher” course to cover changes made in the latest versions of Windows, such as 24H2 and 25H2.

Custom Add-On Content Modules

Not an individual course, but rather a number of additional course modules available in customized offerings on a case-by-case basis with individual customers, our add-on modules cover things such as Crash Dump Analysis and Troubleshooting, Hyper-V, TCP/IP and NTFS Forensics, Low-Level Platform Security (SMM, ME, SGX), Advanced Exploitation Techniques and Counter-Mitigations & more.

Anywhere, Anytime

While Winsider offers one course to the public at conferences in the US, Canada, and Europe, most courses do not run at fixed, public locations. Instead, we come to you, (almost) anywhere in the world, and train your individual team, group, or organization in a private setting of your choosing. Thanks to various mutual NDAs and active security clearances, we can customize course delivery in unique ways.