Windows Security Internals

Power up your Windows security skills with expert guidance, in-depth technical insights, and dozens of real-world vulnerability examples from Google Project Zero’s most renowned researcher!

Learn core components of the system in greater depth than ever before, and gain hands-on experience probing advanced Microsoft security systems with the added benefit of PowerShell scripts.

Learn the core components and features of the Microsoft Windows threat-mitigation system from one of the world’s foremost Windows security experts—and Microsoft’s top bug hunter—James Forshaw. In this hands-on guidebook, Forshaw distills his more than 20 years of knowledge and practical experience working with Windows security, describing the system in greater depth than any ever before. In-depth technical discussions are rounded out with l real-world examples that not only demonstrate how to use PowerShell in security work, but let you explore Windows security features for yourself as you follow along in the text.

Early chapters cover the basics, including best practices for setting up a PowerShell environment, understanding the Windows kernel interface, and working within the security reference monitor. As you progress to more advanced topics, Forshaw walks you through highly relevant case studies, as well as the implementation of complex processes like access checking and network authentication. In addition, there are example scripts using the PowerShell scripting language throughout, which can be used to test the behavior of Windows systems and, in turn, enable you to explore their security without needing a compiler or other development tools.

Essential for anyone who works with Windows security, this book dives deeper into core components of the system than even Microsoftʼs own documentation.