
Writing a WinDbg Extension: Streamline Your Debugging Workflow
Note: This blog post is designed to complement the accompanying
Category
Note: This blog post is designed to complement the accompanying
In this video, we dive deep into User Account Control (UAC) Virtualization—a feature introduced in Windows Vista to balance security with compatibility for legacy applications. We explore why applications written for Windows XP assumed administrative privileges and how UAC virtualization helps mitigate security risks while maintaining functionality.
You’ll see a hands-on demonstration of how UAC virtualization works, including how it redirects file writes from system directories to per-user locations.
Dive into Pavel’s latest post exploring the Windows Blue Screen of Death—what triggers it, why it’s actually a safeguard rather than a punishment, and how to investigate crashes with powerful tools like WinDbg and Driver Verifier. This guide offers invaluable insights for TrainSec students, especially those following the Windows Internals Master path, looking to sharpen their debugging skills and elevate their mastery of the Windows kernel.
We’re excited to share the recorded workshop on Remote Thread Injection and EDR-based detection that took place on January 14. In this session, Uriel and Pavel from TrainSec walked through both the attacker perspective (injecting malicious code into a running process) and the defender perspective (writing a kernel driver to detect remote thread creation).
Unlock the power of RunDLL32! Learn how to execute DLL functions, invoke control panel dialogs, and test custom DLLs with our latest guide. Packed with examples and insights, this post is part of the free TrainSec Knowledge Library—your go-to resource for mastering Windows tools.
Shell extensions are a powerful feature of the Windows shell that allow developers to extend and customize the functionality of File Explorer (formerly Windows Explorer) and any other applications utilizing the same interfaces. These extensions are implemented as COM objects and can take various forms, including context menu handlers, property sheet handlers, drag-and-drop handlers, and icon handlers. In this post, we will focus on creating an icon handler, a type of shell extension that enables dynamic customization of file icons based on specific file properties.
In this video, we dive into two powerful Windows API functions—CreateProcessAsUser and CreateProcessWithTokenW—that allow you to start a new process under a different user context. You’ll learn when to use each function, what privileges and services they depend on, and how to overcome common pitfalls. The video demonstration includes live coding examples, troubleshooting steps, and insights into managing tokens, sessions, and user profiles.
Remote Procedure Calls (RPC) are a fundamental mechanism in distributed computing, allowing functions to execute seamlessly across different systems or processes as if they were local. This post walks you through creating a basic RPC server and client using Microsoft’s RPC framework, focusing on clarity and simplicity.
Note: This blog post is designed to complement the accompanying
Introduction: Writing a Windows Service Hi, and welcome to this
Provides the necessary knowledge, understanding, and tools to be a successful Windows OS researcher.
We’ll keep you up to date with the latest trends, free content and discounts
Software developer, trainer, consultant, author, and speaker. Co-author of “Windows Internals” 7th edition (2017). Author of “Windows Kernel Programming, 2nd ed” (2023), “Windows 10 System Programming Part 1” (2020) and Part 2 (2021).
Security researcher, consultant, and the author of the Antivirus Bypass Techniques book who lives both on the offensive and defensive fronts. Passionate about malware research, and red teaming while providing real-world security solutions.
30+ years of hands-on experience, Inventor, systems & electronics engineer, expert program manager, coder, cyber security researcher and startups mentor. Expert in Hardware-firmware-software integrated systems development
@2025 TrainSec. All rights reserved. Terms of Use | Privacy Policy