Название: Windows Security Internals: A Deep Dive into Windows Authentication, Authorization, and Auditing Автор: James Forshaw Издательство: No Starch Press Год: 2024 Страниц: 611 Язык: английский Формат: True/Retail (PDF EPUB MOBI) Размер: 45.6 MB
Windows Security Internals is a must-have for anyone needing to understand the Windows operating system's low-level implementations, whether to discover new vulnerabilities or protect against known ones. Developers, devops, and security researchers will all find unparalleled insight into the operating system's key elements and weaknesses, surpassing even Microsoft's official documentation.
Author James Forshaw teaches through meticulously crafted PowerShell examples that can be experimented with and modified, covering everything from basic resource security analysis to advanced techniques like using network authentication. The examples will help you actively test and manipulate system behaviors, learn how Windows secures files and the registry, re-create from scratch how the system grants access to a resource, learn how Windows implements authentication both locally and over a network, and much more.
You'll also explore a wide range of topics, such as:
Windows security architecture, including both the kernel and user-mode applications The Windows Security Reference Monitor (SRM), including access tokens, querying and setting a resource's security descriptor, and access checking and auditing Interactive Windows authentication and credential storage in the Security Account Manager (SAM) and Active Directory Mechanisms of network authentication protocols, including NTLM and Kerberos In an era of sophisticated cyberattacks on Windows networks, mastering the operating system's complex security mechanisms is more crucial than ever. Whether you're defending against the latest cyber threats or delving into the intricacies of Windows security architecture, you'll find Windows Security Internals indispensable in your efforts to navigate the complexities of today's cybersecurity landscape.
Who Is This Book For? I wrote this book for people who work with Windows security. Perhaps you’re a developer of Windows software and want to ensure that your product is secure. Or maybe you’re a system administrator tasked with securing Windows across an enterprise and don’t fully understand how various security features combine to protect the platform. Or you might want to poke holes in the operating system to find security vulnerabilities as a researcher. This book assumes reasonable familiarity with the Windows user interface and its basic operations, such as manipulating files. That said, you don’t need to be a low-level Windows expert: for those who need a little more grounding, Chapters 2 and 3 provide an overview of the operating system and how it’s put together.
I rely heavily on the use of PowerShell scripting, so you’ll find it helpful to have some experience with the language, as well as with the .NET framework on which it’s based. To get you up to speed, Chapter 1 gives a very quick overview of some of PowerShell’s features. Elsewhere, I’ll do my best to avoid using esoteric features of the language, to keep the code accessible to readers with knowledge of other scripting languages or shell environments (such as bash).
Contents:
Introduction Part I: An Overview of the Windows Operating System Part II: The Windows Security Reference Monitor Part III: The Local Security Authority and Authentication A: Building a Windows Domain Network for Testing B: SDDL SID Alias Mapping Index
Скачать Windows Security Internals: A Deep Dive into Windows Authentication, Authorization, and Auditing
|