Hero Banner

Windows Internals Training Course

The right course for security professionals & analysts to review their Windows Internals concepts, skills and bolster foundations

We have trained over 750 organizations including:

A comprehensive course for cybersecurity professionals looking to update their Windows Internals skills

Focusses on Windows OS system mechanisms and OS layers with an emphasis on the Windows kernel

Builds proficiency in Windbg, KD, LiveKD and offers the level of detail required for a solid & productive analysis

Starting from setup and configuration, covers an extensive array of Windbg commands

The Windows Internals Essentials focuses on building a thorough foundation in the key Operating Systems mechanisms and data structures in both ring 0 and ring 3. It is also geared to develop proficiency in Sysinternals Suite, WDK (Windows Driver Kit), Windows Debugging Tools (x86/x64) to probe the OS layers.

It is the perfect course for cybersecurity professionals and analysts who want to refresh their essential Windows Internals skills and concepts. 

Benefits of the Windows Internals Course

  • Get a solid grasp of the tools required to understand Windows malware and its interaction with the OS.
  • Understand the Windows OS system mechanisms and OS layers with a focus on the Windows kernel.
  • Build proficiency in Windbg/KD/LiveKD and tweak the debugger.
  • Cover an extensive array of Windbg commands, categorised by type, action and goal.
  • Hands-on Lab practice for every topic covered.
  • Downloadable study material and self-assessments for reinforced learning  

windows (1)


Windows Internals Course Learning Objectives:

Upon completion of this course,  you will be able to: 

  • Enhance your knowledge about Windows System Architecture, understand how Windows works and behaves as it does. 
  • Improve your understanding of performance behaviour of the system and make troubleshooting much easier for yourself.
  • Better understand the relation between the operating system and applications specific to the Windows platform. This knowledge can also help you debunk problems.
  • Work with Windows Objects which provide a bulk of the functionality in Windows.
  • Articulate how handles are used to access objects in Windows. 
  • Learn how to develop your own Windows application in C.
  • Master the concepts of Windows Processes and Threads.
  • Grasp how Windows implements virtual memory and how it manages this subset of virtual memory kept in physical memory. 
  • Learn all about Windows Portable Executable format.  
  • Gain proficiency with debugging a User Mode Process.

Feedback and Testimonials for our Courses

Kevin Hayes
The playbooks training course was a good 'part-2' to the CIPR and went into greater depth in a number of areas. The day was fun and Amar kept us moving along at a good pace.
Kevin Hayes
CISO, Cyber Risk Associates
Russ Smith

Enjoyed the course. Good mix of attendees and plenty of lively conversation. Amar steered us through it all admirably.

Russ Smith
Kim Rose

Overall the course was very good. I would strongly recommend this training to anyone who is involved in Cyber Security or has control of information assets.

Kim Rose
Information Governance Officer, Wye Valley NHS Trust
Philipp Scheiwiler

It was a great workshop with a lot of interesting people and a great learning experience.

Philipp Scheiwiler
System Engineer
Andrew Lock
This was a very helpful day and opportunity to speak with a number of operational incident responders to discuss what really works in practice and not just in theory. I gained a great deal from the day, particularly around the construction of bespoke playbooks and also a variety of useful resources to inform my learning. A really good day.
Andrew Lock
Information Security Consultant

Windows Internals Training Course Modules 

Windows Internals
  • Windows System Architecture. Objects and Handles.

  • Windows Application Development.

  • Processes and Threads.

  • Memory Management.

  • Portable Executable Header.

  • User Mode Debugging. 

All trademarks, service marks, trade names, product names, service names and logos appearing on the site, or on printed or digital material are the property of their respective owners, including in Cyber Management Alliance Ltd. Any rights not expressly granted herein are reserved.

Find out more about our one day public courses or internal workshops, please complete the form below. 

  • callOr call us on:
  • +44 (0) 203 189 1422