## Class Abstract
Understanding the fundamental Windows security mechanisms is essential for any low-level security work in Windows. The course teaches all the fundamental security aspects in Windows, from security descriptors and access tokens, to privileges and integrity levels. The course also touches on other, more recent security foundations including Virtualization Based Security (VBS), Control Flow Guard (CFG), the Windows boot process, and more.
Supplementary Reading Material authored/co-authored by the instructor:
## Duration:
16 hours
## Target Audience:
Developers, Security Researchers, anyone interested in understanding Windows security
## Objectives:
* Understand Windows System Architecture
* Dig Into the Standard Windows Security Model
* Leverage Tools and Code to Investigate Security Mechanisms
* Understand Modern Windows Security Mechanisms
## Syllabus:
#### Module 1: Windows System Architecture Overview
* Tools
* Processes
* Virtual Memory
* Threads
* User mode vs. Kernel mode
* Architecture Overview
* Objects and Handles
* System Calls
* Protected Processes
* Protected Process Light (PPL)
* Minimal Processes
* Pico Processes
#### Module 2: Basic Windows Security
* Security Components
* Logging into Windows
* Credential Providers
* UserInit and the Shell
* User Account Control
* UAC virtualization
* Elevation
* SIDs
* Access Tokens
* Privileges
* Security Descriptors
* Access Checks
* Integrity Levels
* User Interface Privilege Isolation (UIPI)
#### Module 3: Virtualization Based Security
* Virtual Trust Levels
* SLAT
* I/O MMU
* The Secure world
* Trustlets
* Code Integrity
* Credential Guard
* Device Guard
* Other VBS-related security features
#### Module 4: Miscellaneous Topics
* Windows Boot Process
* Bios and UEFI
* Kernel Initialization
* User Mode initialization
* Control Flow Guard (CFG)
* Other security features
## Pre Requisites:
* Basic acquaintance of Windows concepts and architecture
* Power-user level working with Windows
* Experience writing C code (basic C++ knowledge is recommended but not required)
## Hardware setup:
* Windows 10 or 11 x64 (any SKU)
* Windows 11 SDK (at least the Debugging tools for Windows)
* The Sysinternals suite (from www.sysinternals.com)
* PDF reader
* (Optional) Visual Studio 2019 or 2022 + latest updates (must include the C++ workload)
* (Optional) WinDbg Preview (from the Microsoft Store)
Pavel is a developer, trainer, author and speaker. He has written several books dealing with the inner workings of Windows, such as [Windows Internals 7th edition part 1](https://www.amazon.com/Windows-Internals-Part-architecture-management/dp/0735684189) (co-author), [Windows Kernel Programming](https://www.amazon.com/Windows-Kernel-Programming-Pavel-Yosifovich/dp/B08WZHBQYC), and [Windows 10 System programming, part 1](https://www.amazon.com/Windows-10-System-Programming-Part/dp/B086Y6M7LH) and [part 2](https://www.amazon.com/Windows-10-System-Programming-Part/dp/B09GJKKBZP).
Pavel is the author of many open-source tools that show detailed information about Windows, which can be found in his Github repos. Pavel also provides training for developers and researching on Windows-related topics, as well as more general software development using C/C++, C# and Rust.
#### TRAINING SCHEDULE
| | |
|------------------|-------------------|
| AUG 18 Thursday | Live Lecture (3h) |
| AUG 19 Friday | Live Lecture (3h) |
| AUG 20 Saturday | Live Lecture (4h) |
##### 3h Live Lecture Timings
| | |
|---------------|-----------------|
| 8 am - 11 am | US Pacific Time |
| 11 am - 2 pm | US Eastern Time |
| 4 pm - 7 pm | UK |
| 5 pm - 8 pm | CET |
##### 4h Live Lecture Timings
| | |
|---------------|-----------------|
| 8 am - 12 pm | US Pacific Time |
| 11 am - 3 pm | US Eastern Time |
| 4 pm - 8 pm | UK |
| 5 pm - 9 pm | CET |
#### TRAINING SCHEDULE
This training shall be conducted during
**EXACT LECTURE DATES SHALL BE ANNOUNCED SOON.**
Lecture Recordings
Recordings shall be made available
after each lecture, throughout the duration
of the course. ONLY FOR REGISTERED STUDENTS.
