Skip to main content

Windows CNO Programmer

An intensive, hands-on course focused on providing a programmer with the skills and knowledge needed to become an advanced CNO programmer.
 
9 Weeks (45 Days)
Hands-On Labs
CACP Certification
Tool Development Focus
 

Course Description

The Windows Computer Network Operations (CNO) Programmer course is an intensive, hands-on course focused on providing a programmer with the skills and knowledge needed to become an advanced CNO programmer. The class format combines both lecture and labs for the practical application of knowledge. Upon completion, students will be capable of assisting in the CNO tool development lifecycle. You will understand the tool objectives, environments, obstacles, and pitfalls associated with development, as well as strategies to meet those objectives.

Prerequisites


• Bachelor’s degree in Computer Science or Computer Engineering, or equivalent experience.
• Previous programming experience in C.
• Experience in Windows Programming and x86 Assembly.
• High academic achievement or operational/technical experience and an intense desire to learn.


What You Will Learn


Perform reverse engineering in support of CNO tool development and debugging using Ghidra and WinDbg.
Analyze, interpret, and construct network traffic for common link, network, transport, and application layer protocols.
Research and exploit vulnerabilities like stack/heap buffer overflows and use-after-free, and bypass modern protections like DEP and ASLR.
Develop kernel-level tools, exploit vulnerable drivers, and implement kernel keyloggers and other advanced capabilities.


Course Modules


Windows Systems Programming (4 Days)

Understand the basic principles of Windows programming, including using File and Registry APIs, building executables and DLLs in Visual Studio, and implementing networked clients and servers.

Windows Internals (4 Days)

Gain an intermediate understanding of how Windows is structured and provides its major OS functionality. Learn to parse the PEB and TEB and understand the Windows Security Model.

CNO User Mode Development (5 Days)

Become familiar with the fundamentals of CNO tool development. Learn to inject mobilized code into another process, divert execution via hooking, and perform hiding activities.

Vulnerability Research and Exploitation (5 Days)

Learn about multiple classes of vulnerability, common exploitation constructs, and modern security protection mechanisms for 64-bit Windows.

User Mode Crucible (2 Days)

Apply concepts from the User Mode module by developing a method to locate and clandestinely copy files from a target computer.

Kernel Internals (5 Days)

Become familiar with the fundamentals of the Windows kernel. Configure a workstation for kernel debugging, develop a minimal driver, and analyze kernel crash dumps.

CNO Kernel Mode Development (3 Days)

Learn to actively assist in the development of CNO kernel level tools. Exploit a vulnerable driver, implement a kernel keylogger, and inject a thread into a user mode process.