Lesson 1: Windows Core Components - OS Overview

• OS Definition
• Architecture Overview
• OS Structure
• OS Motivation
• Kernel Mode vs. User Mode
• Windows Structure
• Windows Boot Process

Lab 

• OS Familiarization

Lesson 2: Windows Core Components - The Registry

• Registry Overview
• Signs of File Execution
• Registry Persistence Mechanisms
• Baselining the Registry

Lab 

• Navigate Regedit.exe and reg.exe
• Add and remove keys and values
• Investigate the registry for
  potentially malicious behavior

Lesson 3: Windows Core Components - Processes

• What is a Process?
• Process Tree
• Single vs. Multiple Instances
• Threads
• Process Objects
• Process Tools
• Normal Windows Processes
• Suspicious Processes

Lab 

• Examine system information related to networking, sockets, and active connections with TCPView
• Execute a piece of malware and document the findings

Lesson 4: Windows Core Components - Dynamic Linked Libraries (DLLS)

• Libraries
• Program Linking
• What are DLLs?
• Imports and Exports
• DLL Search Order
• Code and DLL Injection
• Known Windows DLLs

Lesson 5: Windows Core Components - Memory Management and Injection

• Memory Management
• Page Protections
• Code and DLL Injection
• Reflective DLL Injection
• Hollow Process Injection

Lab 

• Identify process injection using the
  discussed tools

Lesson 6: Windows Core Components - Services

• What is a Service?
• The Services Registry
• Common Service Control Programs
• Analyzing Services

Lab

• Examine and interact with services using multiple tools
• Differentiate information types and sources

Lesson 7:  Windows Core Components - Logs and Timelines

• Logs Overview
• Event Logs
• Scheduled Task Logs
• Antivirus Logs
• PowerShell Logs
• Timelining
• Anti-analysis

Lab

• Analyze malicious behavior with EventViewer

Lesson 8: Powershell

• What Is PowerShell?
• Cmdlets and Providers
• Getting Help
• Objects, Piping, and Selection
• I/O and Formatting

Lab

• Discover language features and cmdlets, using the PowerShell help system
• Use object members to obtain more functionality from cmdlets and sort the output
• Create variables and use static members

Lesson 9: Powershill - Querying the Operating System

• Processes
• Services
• User Accounts
• Event Logs
• File System
• Registry
• Network Connections

Lab

• Demonstrate the use of PowerShell to access and display Process and Service attributes
• Query Registry Keys using PowerShell
• Access and display Registry and File System attributes with PowerShell

Lesson 10: Powershell - Scripting with Powershell

• What Is a Script?
• Branching
• Repetition
• Functions
• Script I/O
• Execution Policy

Lab

• Modify a script using PowerShell

Lesson 11: Powershell - Baselining with PowerShell

• What Is Baselining?
• Baselining Elements
• Differencing Tools

Lab

• Compose a Baseline Script with PowerShell
• PowerShell Baseline Scenario

Lesson 12: Powershell - Baselining Linux

• File System
• File Structure
• Virtual File System
• Links
• Permissions
• Accounts

Lab

• Summarize the Linux File System permissions and file integrity
• Demonstrate how Linux determines a user’s shell

Lesson 13: Powershell - Privilege Escalation

• Suid
• Sudo
• Wildcard Attacks

Lesson 14: Powershell - Linux Internals

• Processes
• Scheduled Tasks
• Networking
• Services
• Logs

Lab

• Monitor and interact with services
• Investigate processes and /proc filesystem
• Investigate concepts regarding two systems