Windows Low Level Security Fundamentals

VIRTUAL 16 CPE HOURS TRAINING: AUGUST 2022 * WEEK 2: AUG 18-20

Pavel Yosifovich

Class Abstract

Understanding the fundamental Windows security mechanisms is essential for any low-level security work in Windows. The course teaches all the fundamental security aspects in Windows, from security descriptors and access tokens, to privileges and integrity levels. The course also touches on other, more recent security foundations including Virtualization Based Security (VBS), Control Flow Guard (CFG), the Windows boot process, and more.

SUPPLEMENTARY READING MATERIAL AUTHORED/CO-AUTHORED BY THE INSTRUCTOR:

Buy a copy!

Buy a copy!

Buy a copy!

Buy a copy!

Duration:

16 hours

Target Audience:

Developers, Security Researchers, anyone interested in understanding Windows security

Objectives:

  • Understand Windows System Architecture
  • Dig Into the Standard Windows Security Model
  • Leverage Tools and Code to Investigate Security Mechanisms
  • Understand Modern Windows Security Mechanisms

Syllabus:

Module 1: Windows System Architecture Overview

  • Tools
  • Processes
  • Virtual Memory
  • Threads
  • User mode vs. Kernel mode
  • Architecture Overview
  • Objects and Handles
  • System Calls
  • Protected Processes
  • Protected Process Light (PPL)
  • Minimal Processes
  • Pico Processes

Module 2: Basic Windows Security

  • Security Components
  • Logging into Windows
  • Credential Providers
  • UserInit and the Shell
  • User Account Control
  • UAC virtualization
  • Elevation
  • SIDs
  • Access Tokens
  • Privileges
  • Security Descriptors
  • Access Checks
  • Integrity Levels
  • User Interface Privilege Isolation (UIPI)

Module 3: Virtualization Based Security

  • Virtual Trust Levels
  • SLAT
  • I/O MMU
  • The Secure world
  • Trustlets
  • Code Integrity
  • Credential Guard
  • Device Guard
  • Other VBS-related security features

Module 4: Miscellaneous Topics

  • Windows Boot Process
  • Bios and UEFI
  • Kernel Initialization
  • User Mode initialization
  • Control Flow Guard (CFG)
  • Other security features

Pre Requisites:

  • Basic acquaintance of Windows concepts and architecture
  • Power-user level working with Windows
  • Experience writing C code (basic C++ knowledge is recommended but not required)

Hardware setup:

  • Windows 10 or 11 ×64 (any SKU)
  • Windows 11 SDK (at least the Debugging tools for Windows)
  • The Sysinternals suite (from www.sysinternals.com)
  • PDF reader
  • (Optional) Visual Studio 2019 or 2022 + latest updates (must include the C++ workload)
  • (Optional) WinDbg Preview (from the Microsoft Store)