Home > IT-Pro Speaker Training > Sami Laiho > Blackbelt - Advanced Troubleshooting the Windows OS

Course information

Blackbelt - Advanced Troubleshooting the Windows OS

LocationDateDaysPrice
Culemborg (NL) or RemoteMonday 7 October 20194€ 2.799,00Register now
Culemborg (NL) or RemoteMonday 27 January 20204€ 2.799,00Register now

Blackbelt - Advanced Troubleshooting the Windows OS by Sami Laiho 

Also possible to join this class remote

Sami offers two courses for troubleshooting of anything that related or runs on the Windows OS. If you’re thinking about which course to take first, take the other one. If you are totally familiar with the stuff on the other course you are very welcome to join this one as well.

It’s Sami's professional opinion that the best troubleshooters can be taught by taking these two courses and it’s better to take the more Tools-oriented BlackBelt Troubleshooting course first and the join this Content-oriented Advanced Troubleshooting course next.

  • Have you ever wondered if Windows Pagefile settings should be changed or how they actually work?

  • Have you ever wondered what the values in Task Manager actually mean – like Paged Pool, Working Set, Free memory etc?

  • Do you know how a file actually gets cached and finally written to the disk or how threads communicate with each other?

  • Have you ever wondered what Mutexes or Semaphores in Process Explorer really mean?

If you don’t know the answers, come and join this course as it will provide you with the answers and a lot more! 

Level 400+ class. (also known as: "Windows Internals" Windows Internals book included) 

Sami Laiho is one of the world’s leading professionals in the Windows OS and Security. Sami has been working with and teaching OS troubleshooting, management, and security since 1996.

At Ignite 2018, Sami’s “Behind the Scenes: How to build a conference winning session” and “Sami Laiho: 45 Life Hacks of Windows OS in 45 minutes” sessions were ranked as #1 and #2 out of 1708 sessions!! This was the first time in the history of the conference that anyone has been able to do this.

Before that, at Ignite 2017, the world’s biggest Microsoft event, Sami was evaluated as the Best External Speaker! Also, Sami’s sessions were evaluated as the Best session in TechEd North America, Europe and Australia in 2014, and Nordic Infrastructure Conference in 2016, 2017 and 2019.

This training is organized only a few times a year in this region.

 

For who

This Windows Internals training is meant for all administrators who want to deepen their knowledge about Windows. It is also suitable for people who think (with all respect!) they know everything about the Windows OS…  
It’s a very deep dive course and surely in no way suitable for beginners but seasoned administrators. 

Pre knowledge requirements
you should be comfortable with the following:

  • Experience with Windows Administration
  • Experience with Active Directory
  • Experience with networking infrastructure

What you learn

This 4-day course teaches you how the operating system actually works under the hood. Windows Internals was previously taught globally by two of the best known teachers David Solomon and Mark Russinovich.

David is now retired from training and Mark is working for Microsoft as the CTO AZURE. This training is based on their Windows Internals book which is considered mandatory knowledge for all top Microsoft professionals including Microsoft’s own PFE’s (Premier Field Engineer). 

That book might be a bit too deep for most so this is an easy way to learn the important parts of the book in an effective pace. You will, among other things, learn about:

• Concepts and Tools

• System Architecture

• System Mechanisms

• Management Mechanisms

• Processes, Threads and Jobs

• Security

• Networking

• I/O System

• Storage Management

• Memory Management

• Cache Manager

• File Systems

• Startup and Shutdown

• Crash Dump Analysis

Instructor Sami Laiho

Program

Day 1

Concepts and Tools

  • Windows Operating System Versions
  • Foundation Concepts and Terms
  • Digging into Windows Internals
  • Sysinternals Tools

System Architecture

  • Requirements and Design Goals
  • Operating System Model
  • Architecture Overview
  • Key System Components

System Mechanisms

  • Trap dispatching
  • Object Manager
  • Synchronization
  • System Worker Threads
  • Global Flags
  • ALPC
  • Kernel Event Tracing
  • Wow64
  • User Mode Debugging
  • Image Loader
  • Kernel patching
  • Code integrity

Day 2

Management Mechanisms

  • The Registry
  • Services
  • UBPM
  • WMI
  • Windows Diagnostics Service

Processes, Threads and Jobs

  • Process Internals
  • Protected Processes
  • CreateProcess function
  • Thread Internals
  • Thread scheduling
  • Jobs

Security

  • Security Ratings
  • Security System Components
  • Protecting Objects
  • AuthZ API
  • Account rights and privileges
  • Access tokens
  • Auditing
  • Logon
  • UAC
  • AppID Service
  • AppLocker

 Day 3

Networking

  • Windows Networking Architecture
  • Networking API’s
  • Multiple Redirector Support
  • DFS and DFS-R
  • Offline Files
  • BranchCache
  • Name Resolution
  • Location and topology
  • NDIS

I/O System

  • I/O System Components
  • Device Drivers
  • I/O Processing
  • Kernel-Mode Driver Framework (KMDF)
  • User-Mode Driver Framework (UMDF)
  • The Plug and Play (PnP) Manager
  • The Power Manager 

Storage Management

  • Storage Terminology
  • Disk Drivers
  • Volume Management
  • BitLocker Drive Encryption
  • Volume Shadow Copy Service

Memory Management

  • Introduction to the Memory Manager
  • Services the Memory Manager Provides
  • Kernel-Mode Heaps (System Memory Pools)
  • Heap Manager
  • Virtual Address Space Layouts
  • Address Translation
  • Page Fault Handling
  • Stacks
  • Virtual Address Descriptors
  • NUMA
  • Section Objects
  • Driver Verifier
  • Page Frame Number Database
  • Physical Memory Limits
  • Working Sets
  • Proactive Memory Management (SuperFetch)

Day 4

Cache Manager

  • Key Features of the Cache Manager
  • Cache Virtual Memory Management
  • Cache Size
  • Cache Data Structures
  • File System Interfaces
  • Fast I/O
  • Read Ahead and Write Behind

File Systems

  • Windows File System Formats
  • File System Driver Architecture
  • Troubleshooting File System Problems
  • Common Log File System
  • NTFS Design Goals and Features
  • NTFS File System Driver
  • NTFS On-Disk Structure
  • NTFS Recovery Support
  • EFS

Startup and Shutdown

  • Boot Process
  • Troubleshooting Boot and Startup Problems
  • Shutdown

Crash Dump Analysis

  • Why Does Windows Crash?
  • The Blue Screen
  • Troubleshooting Crashes
  • Crash Dump Files
  • Windows Error Reporting
  • Online Crash Analysis
  • Basic Crash Dump Analysis
  • Using Crash Troubleshooting Tools
  • Advanced Crash Dump Analysis

 

Some student quotes and recommendations:

"Great training, excellent trainer with real indepth knowledge brought to me in real "eatable" way. (I ment usable)"

“Technical side: Sami’s trainings include The True Stuff from the “start” to the “end”. In other words, the whole Windows’ “saga” is covered from top to down, or the other way around, absolutely NO bullshit included.

“If you are ready for a deep dive into the Windows kernel and willing and wanting to learn how Windows really works, then you need to take Sami’s BlackBelt course. Sami’s high energy, enthusiastic and engaging approach to teaching, will captivate you and keep your attention for the entire duration. When it is all over, you will begging for more.” 

“It’s a very interesting course. You learn so much about actions you didn’t know they existed.” 

“Excellent trainer, by far the most “hands on” with REAL LIFE scenarios testing, ABSOLUTE needed for an IT Pro in an enterprise” 

“You think you know Windows, but you dont.” 

Publications & Recordings:

Avecto article

Videos on Ch9 

AppManagEvent:

AppManagEvent 2018 session Hacking the bank 

AppManagEvent 2018 session: White is the new Black

AppManagEvent2017_Let’s keep everyone Admin when deploying Win10:not

AppManagEvent 2015 Windows 10 - The REALLY important stuff for system administrators

AppManagEvent 2014 Applying Proactive security in Windows

Technet Article - Three things you have to learn to stay in the IT Pro business

My Youtube channel 

 

 

 

LocationDateDaysPrice
Culemborg (NL) or RemoteMonday 7 October 20194€ 2.799,00Register now
Culemborg (NL) or RemoteMonday 27 January 20204€ 2.799,00Register now