Group Purchasing
Group Purchasing

Intro to WinDbg Part 4: Don't Panic the Kernel – A Recommendation for SEC665

  • Thu, Jul 23, 2026
  • 2:30PM - 4:30PM EDT
  • English
  • Jonathan Reiter
  • Technical Presentation
Login to register
Webcast Hero

Fear not the kernel, for it can be wielded to do your bidding. Come with us on a journey as we venture below Loki’s Lair and into the abyss of the Windows kernel. This is the realm where nothing hides and all is revealed through Heimdall’s gaze.

You will learn how to navigate your way around and enumerate filesystem minifilters that might be part of the trickery behind modern security products.

Once done, you will be able to harness the power of dx commands, along with other debugger extensions. In just two hours, you will know how to begin your journey.

This workshop continues the Intro to WinDbg series and serves as a recommended prerequisite for SEC665: Advanced Red Team Operations. Students will learn how to enumerate and inspect filesystem minifilters, explore filter communication mechanisms, and begin understanding how modern security products generate visibility within the Windows kernel.

Through practical demonstrations and guided workflows, attendees will build confidence with WinDbg, debugger extensions, and kernel structures before encountering the advanced kernel research topics covered in SEC665 Day 5. For operators looking to better understand defensive telemetry, kernel visibility, and the foundations of EDR research, this workshop provides the ideal starting point.

Who Should Attend

  • SEC665 students looking to prepare for Day 5 kernel content
  • SEC670 students interested in Windows internals and kernel debugging
  • Red Team Operators
  • Detection Engineers
  • Security Researchers
  • Windows Developers
  • Anyone interested in understanding how modern security products operate within the Windows kernel

Learning Objectives

  • Configure and navigate a WinDbg kernel debugging session
  • Enumerate and analyze filesystem minifilters
  • Understand how security products communicate with kernel components
  • Use debugger extensions and dx commands to inspect kernel structures
  • Identify telemetry and visibility mechanisms used by modern security products
  • Build a foundation for advanced kernel research topics covered in SEC665

Technical Requirements

  • Attendees should have a basic familiarity with Windows operating systems and offensive security concepts.

For the best experience, students are encouraged to watch the other sessions in the Intro to WinDbg series:

This workshop is intended to serve as a recommended prerequisite for SEC665: Advanced Red Team Operations and will help students prepare for the advanced kernel debugging and research concepts introduced in the course. To learn more, browse upcoming sessions, and access your free course preview, Click Here.

Meet Your Speaker

Jonathan Reiter
Jonathan Reiter

Jonathan Reiter

Jonathan Reiter teaches advanced red team operations and Windows implant development through hands-on labs grounded in real-world experience.

Read more about Jonathan Reiter