Skip to main content

Debuggers 3011: Advanced WinDbg


Even thought you can click enroll, you will not actually see the class contents until you are manually admitted to the beta

About This Course

This is it! This is the class that *actually* teaches you how to configure an advanced Windows kernel debugging environment. This class gives you all the steps to quickly and automatically build 2 VMs: a debugger VM and a target VM. You'll obtain an automated way to build an executable on a debugger VM and then automatically push that executable to a target Windows kernel VM so you can run it. The debugger VM is able to debug the target VM using WinDbg as well as decompiled source code level debugging with IDA/Ghidra and ret-sync.

After this class, you'll have a very efficient way of debugging the Windows kernel.

Topics include:
• Preparing the 2 VMs (automation included)
• Configuring WinDbg
• Configuring Ghidra/IDA Pro
• Configuring ret-sync
• Configuring Visual Studio and SSH

At the end of the class, you'll be able to build a "hello world" on the debugger VM and debug its kernel side effects on the target VM.


You must have taken OST2 Architecture 1001, or have equivalent knowledge of assembly.

You must have taken OST2 Debuggers 2011, or have equivalent knowledge of WinDbg.

Frequently Asked Questions

What learning paths is this class used in?

Debugging, Reverse Engineering, Malware Analysis, Exploits

To be or not to be?

That is the question...

Course Staff

Cedric's Twitter Pic!

Cedric Halbronn

Cedric (@saidelike) specialises in vulnerability research and exploit development, and while at NCC Group working in the Exploit Development Group (EDG) has published some public research related to Cisco ASA, Windows kernel, NAS devices, printers, etc.