Writing a WinDbg Extension: Streamline Your Debugging Workflow

March 17, 2025

Note: This blog post is designed to complement the accompanying

Dive in

Understanding UAC Virtualization: A Security Mechanism for Legacy Applications

March 17, 2025

In this video, we dive deep into User Account Control (UAC) Virtualization—a feature introduced in Windows Vista to balance security with compatibility for legacy applications. We explore why applications written for Windows XP assumed administrative privileges and how UAC virtualization helps mitigate security risks while maintaining functionality.

You’ll see a hands-on demonstration of how UAC virtualization works, including how it redirects file writes from system directories to per-user locations.

Dive in

Windows Insider Green Screen of Death showing a frowny face and crash information.

Exploring the Blue Screen of Death: A Practical Deep Dive

February 17, 2025

Dive into Pavel’s latest post exploring the Windows Blue Screen of Death—what triggers it, why it’s actually a safeguard rather than a punishment, and how to investigate crashes with powerful tools like WinDbg and Driver Verifier. This guide offers invaluable insights for TrainSec students, especially those following the Windows Internals Master path, looking to sharpen their debugging skills and elevate their mastery of the Windows kernel.

Dive in

Live Workshop: Attack and Defense: Remote Thread Injection and Detection (Recorded)

January 28, 2025

We’re excited to share the recorded workshop on Remote Thread Injection and EDR-based detection that took place on January 14. In this session, Uriel and Pavel from TrainSec walked through both the attacker perspective (injecting malicious code into a running process) and the defender perspective (writing a kernel driver to detect remote thread creation).

Dive in

Understanding RunDLL32: Leveraging Dynamic Function Invocation

January 13, 2025

Unlock the power of RunDLL32! Learn how to execute DLL functions, invoke control panel dialogs, and test custom DLLs with our latest guide. Packed with examples and insights, this post is part of the free TrainSec Knowledge Library—your go-to resource for mastering Windows tools.

Dive in

Shell Icon Handler extension

January 9, 2025

Shell extensions are a powerful feature of the Windows shell that allow developers to extend and customize the functionality of File Explorer (formerly Windows Explorer) and any other applications utilizing the same interfaces. These extensions are implemented as COM objects and can take various forms, including context menu handlers, property sheet handlers, drag-and-drop handlers, and icon handlers. In this post, we will focus on creating an icon handler, a type of shell extension that enables dynamic customization of file icons based on specific file properties.

Dive in

Understanding the Differences Between CreateProcessAsUser and CreateProcessWithTokenW in Windows

December 17, 2024

In this video, we dive into two powerful Windows API functions—CreateProcessAsUser and CreateProcessWithTokenW—that allow you to start a new process under a different user context. You’ll learn when to use each function, what privileges and services they depend on, and how to overcome common pitfalls. The video demonstration includes live coding examples, troubleshooting steps, and insights into managing tokens, sessions, and user profiles.

Dive in

Building a Simple RPC Client and Server: A Step-by-Step Guide

November 20, 2024

Remote Procedure Calls (RPC) are a fundamental mechanism in distributed computing, allowing functions to execute seamlessly across different systems or processes as if they were local. This post walks you through creating a basic RPC server and client using Microsoft’s RPC framework, focusing on clarity and simplicity.

Dive in