Class Abstract
Understanding the fundamental Windows security mechanisms is essential for any low-level security work in Windows. The course teaches all the fundamental security aspects in Windows, from security descriptors and access tokens, to privileges and integrity levels. The course also touches on other, more recent security foundations including Virtualization Based Security (VBS), Control Flow Guard (CFG), the Windows boot process, and more.
SUPPLEMENTARY READING MATERIAL AUTHORED/CO-AUTHORED BY THE INSTRUCTOR:
Duration:
16 hours
Target Audience:
Developers, Security Researchers, anyone interested in understanding Windows security
Objectives:
- Understand Windows System Architecture
- Dig Into the Standard Windows Security Model
- Leverage Tools and Code to Investigate Security Mechanisms
- Understand Modern Windows Security Mechanisms
Syllabus:
Module 1: Windows System Architecture Overview
- Tools
- Processes
- Virtual Memory
- Threads
- User mode vs. Kernel mode
- Architecture Overview
- Objects and Handles
- System Calls
- Protected Processes
- Protected Process Light (PPL)
- Minimal Processes
- Pico Processes
Module 2: Basic Windows Security
- Security Components
- Logging into Windows
- Credential Providers
- UserInit and the Shell
- User Account Control
- UAC virtualization
- Elevation
- SIDs
- Access Tokens
- Privileges
- Security Descriptors
- Access Checks
- Integrity Levels
- User Interface Privilege Isolation (UIPI)
Module 3: Virtualization Based Security
- Virtual Trust Levels
- SLAT
- I/O MMU
- The Secure world
- Trustlets
- Code Integrity
- Credential Guard
- Device Guard
- Other VBS-related security features
Module 4: Miscellaneous Topics
- Windows Boot Process
- Bios and UEFI
- Kernel Initialization
- User Mode initialization
- Control Flow Guard (CFG)
- Other security features
Pre Requisites:
- Basic acquaintance of Windows concepts and architecture
- Power-user level working with Windows
- Experience writing C code (basic C++ knowledge is recommended but not required)
Hardware setup:
- Windows 10 or 11 ×64 (any SKU)
- Windows 11 SDK (at least the Debugging tools for Windows)
- The Sysinternals suite (from www.sysinternals.com)
- PDF reader
- (Optional) Visual Studio 2019 or 2022 + latest updates (must include the C++ workload)
- (Optional) WinDbg Preview (from the Microsoft Store)