Call Us: (1) 424 781 7156 - Mail
Training services from Alex Ionescu and Yarden Shafir

Training Services

Winsider specializes in delivering in-depth training on a variety of topics related to operating system internals, focusing on the Windows platform while comparing and contrasting to Mac and Linux design.

Our training courses not only cover Windows user-mode and kernel-mode developer topics, such as scheduling and memory management, but also architectural topics such as x64 page table translation, x86 segmentation, and I/O APIC redirection. For security-minded organizations, our courses are tailored to include examples of past exploits at both the software and hardware level, as well as future possibilities and architectural weaknesses.

Classes include deep analysis of multiple Windows OS and Intel CPU mitigations and features, such as usage of Intel VT-x/Virtualization & Mode-Based Execution Control (MBEC), Supervisor Mode Execution Prevention (SMEP) vs. Restricted User Mode (RUM), Isolated User Mode (IUM) vs. Software Guard Extensions (SGX), Non-Privileged Instruction Execution Prevention (NPIEP) vs. User-Mode Instruction Prevention (UMIP), Return Flow Guard (RFG) vs. Control-flow Enforcement Technology (CET), Control Flow Guard (CFG) and more.

Updated once every quarter, courses always include the latest developments in OS and CPU architecture, including Windows 10 “Redstone 1” / Anniversary Update, the upcoming “Redstone 2” / Creator’s Update & Intel Kaby Lake Microarchitecture, as well as the new “Redstone 3” Insider Previews.

Windows Internals (Developer/Security)

Offered in two tracks (one geared towards security experts, and one for developers), this thorough course on the Windows kernel (both from a functional and programmatic view) and its related system components is available in either a 4-day or 5-day hands-on version.

Learn More…

Windows Internals Advanced

Offered exclusively as an add-on to the developer track of the Windows Internals course, this 5-day hands-on course integrates all of the concepts from the security track, adds additional security-related material, while also going deeper into developer-focused topics.

Learn More…

Windows Filter Drivers for PSP, Endpoint & AV

This entirely hands-on course, available in 5 days, covers the end-to-end development of a Windows driver that acts as a Process, Thread, Registry, Object, File System and Network filter driver, plus a section for AV Vendors dealing with AMSI, Secure ETW, and Windows Security Center.

Learn More…

“Modern” Windows Internals Update

This special 3-day course is available to organizations that completed a Windows Internals course with us in the past (or potentially a different training organization) and who specifically require an updated “refresher” course to cover changes made in Windows 8 and Windows 8.1, as well as the four updates released for Windows 10 (“Threshold” TH1 and TH2, and “Redstone” RS1 and RS2).

Learn More…

Windows UEFI & ACPI Development

This course is a hands-on 5-day course (also available as a 3-day lecture only) on the end-to-end development and debugging of a UEFI Secure Boot Application and Runtime Driver in an UEFI OVMF Environment, including mechanisms that cover the interaction with the Windows Boot Architecture (such as chain-loading Bootmgr and/or hooking Winload) and the ACPI Standard.

Learn More…

Custom Add-On Content Modules

Not an individual course, but rather a number of additional course modules available in customized offerings on a case-by-case basis with individual customers, our add-on modules cover things such as Crash Dump Analysis and Troubleshooting, Hyper-V, TCP/IP and NTFS Forensics, Low-Level Platform Security (SMM, ME, SGX), Advanced Exploitation Techniques and Counter-Mitigations & more.

Contact us…

Expert Instructor

Alex Ionescu, which is the sole instructor for these courses, has been conducting Windows internals training for a decade, including at Microsoft itself. He is also the coauthor of the Windows Internals books. Alex is not a career teacher/trainer — he has 5 years experience developing on the iOS and macOS kernels at Apple, and worked for almost two decades in various lead kernel & system development roles.

Wide Breadth

With our instructor’s deep knowledge of NT since version 3.1, as well as Linux and OS X experience, you’re not just getting an enumeration of Windows features and behaviors — you’ll learn why Windows does certain things, how decisions changed over each release, and how other architectures and systems do the same tasks (and why sometimes they do so differently).

Incredibly Flexible

Our first two courses are a selection of our large catalog of Windows internals topics that we consider the most critical to cover in up to 5 days. Whether your interests lie in NTFS, SMM, TXT, or other kernel, microarchitecture, or platform technologies, we probably have additional material we can customize to accommodate you.

Anywhere, Anytime

Winsider does not run these courses at fixed locations in the US. Instead, we come to you, (almost) anywhere in the world, and train your individual team, group, or organization in a private setting of your choosing.

All courses require a laptop or desktop for trainees. However, no software acquisition is required — we work with trial, free, or open source software.
The advanced course can only be taken after having taken the regular course in the developer track — all other courses are open to all.
Some security-sensitive content or additional modules may require validation of your organization’s credentials and/or may be restricted due to location.
Back to Top