06-28, 14:00–15:00 (US/Eastern), Soprano B
When it comes to debugging on Windows, there are many existing tools (OllyDbg, Immunity Debugger, x64dbg) but none come close to the functionalities offered by WinDbg. Often seen as harder tool, we'll use this workshop to focus on the latest version of WinDbg (previously known as WinDbgX or WinDbg Preview) to share some (lesser known) insights and useful techniques, for both user and kernel mode debugging during this hands-on workshop.
This workshop is designed to be interactive and hands-on, providing attendees with practical experience and knowledge that can be immediately applied to their debugging tasks. Whether you’re looking to refine your existing skills or learn new techniques, this workshop will offer valuable insights for all levels of experience.
1. LINQ and DDM Integration: Dive deep into how LINQ (Language Integrated Query) can be used in conjunction with the Debugger Data Model (DDM) to completely change how to query, filter and sort information from a debugging session.
1. JavaScript Scripting: quickly build JS snippets, and explore its tight integration with the DDM
1. Workspaces: WinDbg allows very fine tuning through workspaces.
1. Galleries: automatically load a group of extensions via galleries
1. Time Travel Debugging (TTD): Navigate through time using TTD
1. And more (time permitting)
Attendants should bring their own laptop with
- A Windows host/VM with a code editor (for instance, VScode)
- A Windows (10 or 11) VM (no matter which) in debug mode, reachable (preferably) via KDnet
Chris is a security researcher currently working in Vancouver, Canada, who brings his reversing and exploitation expertise to enhance EDR features by day, and hacks his own tools at night. He is passionate about everything low-level, and cultivates an addiction around debuggers.