| Lesson 3
| Windows Networking Course Requirements
| Operating Systems compatible with this course.
Windows Networking Course Requirements
You can take this course on Windows, Macintosh, or UNIX platforms.
No software is required to take this course.
However, if you wish to purchase Windows 2000 Server, you may do so by visiting our
The course resources will be discussed in the next lesson.
Attacking the Kernel
The kernel mode interface is an obviously attractive boundary that attackers have historically sought to cross. If someone can insert code of their choosing into kernel mode, the system is utterly compromised. As you might imagine, Windows provides substantial barriers to running arbitrary code in kernel mode, and it is generally quite difficult for low-privileged entities to do so.
Of course, there are always exceptions. Two primary classes of kernel mode compromises can occur:
- Physical attacks against kernel-resident device drivers that parse raw input, such as from network connections or inserted media.
The wireless networking attacks published by Johnny Cache and others and the Sony CD-ROM rootkit incident are examples of each of these, respectively
- Logical attacks against critical operating system structures that provide access to kernel mode. These structures include certain protected kernel images (such as ntoskrnl.exe, hal.dll, and ndis.sys),
the Global Descriptor Table (GDT) and the Interrupt Descriptor Table (IDT), the System Service Descriptor Table (SSDT), certain critical processor-model-specific registers (MSRs),
and some internal routines that are used for debugging purposes by the kernel.