Author: Andrea Allievi
Publisher: Microsoft Press
ISBN: 0135462444
Category : Computers
Languages : en
Pages : 1272
Book Description
Drill down into Windows architecture and internals, discover how core Windows components work behind the scenes, and master information you can continually apply to improve architecture, development, system administration, and support. Led by three renowned Windows internals experts, this classic guide is now fully updated for Windows 10 and 8.x. As always, it combines unparalleled insider perspectives on how Windows behaves “under the hood” with hands-on experiments that let you experience these hidden behaviors firsthand. Part 2 examines these and other key Windows 10 OS components and capabilities: Startup and shutdown The Windows Registry Windows management mechanisms WMI System mechanisms ALPC ETW Cache Manager Windows file systems The hypervisor and virtualization UWP Activation Revised throughout, this edition also contains three entirely new chapters: Virtualization technologies Management diagnostics and tracing Caching and file system support
Windows Internals, Part 2
Author: Andrea Allievi
Publisher: Microsoft Press
ISBN: 0135462444
Category : Computers
Languages : en
Pages : 1272
Book Description
Drill down into Windows architecture and internals, discover how core Windows components work behind the scenes, and master information you can continually apply to improve architecture, development, system administration, and support. Led by three renowned Windows internals experts, this classic guide is now fully updated for Windows 10 and 8.x. As always, it combines unparalleled insider perspectives on how Windows behaves “under the hood” with hands-on experiments that let you experience these hidden behaviors firsthand. Part 2 examines these and other key Windows 10 OS components and capabilities: Startup and shutdown The Windows Registry Windows management mechanisms WMI System mechanisms ALPC ETW Cache Manager Windows file systems The hypervisor and virtualization UWP Activation Revised throughout, this edition also contains three entirely new chapters: Virtualization technologies Management diagnostics and tracing Caching and file system support
Publisher: Microsoft Press
ISBN: 0135462444
Category : Computers
Languages : en
Pages : 1272
Book Description
Drill down into Windows architecture and internals, discover how core Windows components work behind the scenes, and master information you can continually apply to improve architecture, development, system administration, and support. Led by three renowned Windows internals experts, this classic guide is now fully updated for Windows 10 and 8.x. As always, it combines unparalleled insider perspectives on how Windows behaves “under the hood” with hands-on experiments that let you experience these hidden behaviors firsthand. Part 2 examines these and other key Windows 10 OS components and capabilities: Startup and shutdown The Windows Registry Windows management mechanisms WMI System mechanisms ALPC ETW Cache Manager Windows file systems The hypervisor and virtualization UWP Activation Revised throughout, this edition also contains three entirely new chapters: Virtualization technologies Management diagnostics and tracing Caching and file system support
Windows Internals
Author: Pavel Yosifovich
Publisher: Microsoft Press
ISBN: 0133986462
Category : Computers
Languages : en
Pages : 1473
Book Description
The definitive guide–fully updated for Windows 10 and Windows Server 2016 Delve inside Windows architecture and internals, and see how core components work behind the scenes. Led by a team of internals experts, this classic guide has been fully updated for Windows 10 and Windows Server 2016. Whether you are a developer or an IT professional, you’ll get critical, insider perspectives on how Windows operates. And through hands-on experiments, you’ll experience its internal behavior firsthand–knowledge you can apply to improve application design, debugging, system performance, and support. This book will help you: · Understand the Window system architecture and its most important entities, such as processes and threads · Examine how processes manage resources and threads scheduled for execution inside processes · Observe how Windows manages virtual and physical memory · Dig into the Windows I/O system and see how device drivers work and integrate with the rest of the system · Go inside the Windows security model to see how it manages access, auditing, and authorization, and learn about the new mechanisms in Windows 10 and Server 2016
Publisher: Microsoft Press
ISBN: 0133986462
Category : Computers
Languages : en
Pages : 1473
Book Description
The definitive guide–fully updated for Windows 10 and Windows Server 2016 Delve inside Windows architecture and internals, and see how core components work behind the scenes. Led by a team of internals experts, this classic guide has been fully updated for Windows 10 and Windows Server 2016. Whether you are a developer or an IT professional, you’ll get critical, insider perspectives on how Windows operates. And through hands-on experiments, you’ll experience its internal behavior firsthand–knowledge you can apply to improve application design, debugging, system performance, and support. This book will help you: · Understand the Window system architecture and its most important entities, such as processes and threads · Examine how processes manage resources and threads scheduled for execution inside processes · Observe how Windows manages virtual and physical memory · Dig into the Windows I/O system and see how device drivers work and integrate with the rest of the system · Go inside the Windows security model to see how it manages access, auditing, and authorization, and learn about the new mechanisms in Windows 10 and Server 2016
Windows Security Internals
Author: James Forshaw
Publisher: No Starch Press
ISBN: 1718501994
Category : Computers
Languages : en
Pages : 610
Book Description
Power up your Windows security skills with expert guidance, in-depth technical insights, and dozens of real-world vulnerability examples from Google Project Zero’s most renowned researcher! Learn core components of the system in greater depth than ever before, and gain hands-on experience probing advanced Microsoft security systems with the added benefit of PowerShell scripts. Windows Security Internals is a must-have for anyone needing to understand the Windows operating system’s low-level implementations, whether to discover new vulnerabilities or protect against known ones. Developers, devops, and security researchers will all find unparalleled insight into the operating system’s key elements and weaknesses, surpassing even Microsoft’s official documentation. Author James Forshaw teaches through meticulously crafted PowerShell examples that can be experimented with and modified, covering everything from basic resource security analysis to advanced techniques like using network authentication. The examples will help you actively test and manipulate system behaviors, learn how Windows secures files and the registry, re-create from scratch how the system grants access to a resource, learn how Windows implements authentication both locally and over a network, and much more. You’ll also explore a wide range of topics, such as: Windows security architecture, including both the kernel and user-mode applications The Windows Security Reference Monitor (SRM), including access tokens, querying and setting a resource’s security descriptor, and access checking and auditing Interactive Windows authentication and credential storage in the Security Account Manager (SAM) and Active Directory Mechanisms of network authentication protocols, including NTLM and Kerberos In an era of sophisticated cyberattacks on Windows networks, mastering the operating system’s complex security mechanisms is more crucial than ever. Whether you’re defending against the latest cyber threats or delving into the intricacies of Windows security architecture, you’ll find Windows Security Internals indispensable in your efforts to navigate the complexities of today’s cybersecurity landscape.
Publisher: No Starch Press
ISBN: 1718501994
Category : Computers
Languages : en
Pages : 610
Book Description
Power up your Windows security skills with expert guidance, in-depth technical insights, and dozens of real-world vulnerability examples from Google Project Zero’s most renowned researcher! Learn core components of the system in greater depth than ever before, and gain hands-on experience probing advanced Microsoft security systems with the added benefit of PowerShell scripts. Windows Security Internals is a must-have for anyone needing to understand the Windows operating system’s low-level implementations, whether to discover new vulnerabilities or protect against known ones. Developers, devops, and security researchers will all find unparalleled insight into the operating system’s key elements and weaknesses, surpassing even Microsoft’s official documentation. Author James Forshaw teaches through meticulously crafted PowerShell examples that can be experimented with and modified, covering everything from basic resource security analysis to advanced techniques like using network authentication. The examples will help you actively test and manipulate system behaviors, learn how Windows secures files and the registry, re-create from scratch how the system grants access to a resource, learn how Windows implements authentication both locally and over a network, and much more. You’ll also explore a wide range of topics, such as: Windows security architecture, including both the kernel and user-mode applications The Windows Security Reference Monitor (SRM), including access tokens, querying and setting a resource’s security descriptor, and access checking and auditing Interactive Windows authentication and credential storage in the Security Account Manager (SAM) and Active Directory Mechanisms of network authentication protocols, including NTLM and Kerberos In an era of sophisticated cyberattacks on Windows networks, mastering the operating system’s complex security mechanisms is more crucial than ever. Whether you’re defending against the latest cyber threats or delving into the intricacies of Windows security architecture, you’ll find Windows Security Internals indispensable in your efforts to navigate the complexities of today’s cybersecurity landscape.
Rootkit Arsenal
Author: Bill Blunden
Publisher: Jones & Bartlett Publishers
ISBN: 144962636X
Category : Business & Economics
Languages : en
Pages : 816
Book Description
While forensic analysis has proven to be a valuable investigative tool in the field of computer security, utilizing anti-forensic technology makes it possible to maintain a covert operational foothold for extended periods, even in a high-security environment. Adopting an approach that favors full disclosure, the updated Second Edition of The Rootkit Arsenal presents the most accessible, timely, and complete coverage of forensic countermeasures. This book covers more topics, in greater depth, than any other currently available. In doing so the author forges through the murky back alleys of the Internet, shedding light on material that has traditionally been poorly documented, partially documented, or intentionally undocumented. The range of topics presented includes how to: -Evade post-mortem analysis -Frustrate attempts to reverse engineer your command & control modules -Defeat live incident response -Undermine the process of memory analysis -Modify subsystem internals to feed misinformation to the outside -Entrench your code in fortified regions of execution -Design and implement covert channels -Unearth new avenues of attack
Publisher: Jones & Bartlett Publishers
ISBN: 144962636X
Category : Business & Economics
Languages : en
Pages : 816
Book Description
While forensic analysis has proven to be a valuable investigative tool in the field of computer security, utilizing anti-forensic technology makes it possible to maintain a covert operational foothold for extended periods, even in a high-security environment. Adopting an approach that favors full disclosure, the updated Second Edition of The Rootkit Arsenal presents the most accessible, timely, and complete coverage of forensic countermeasures. This book covers more topics, in greater depth, than any other currently available. In doing so the author forges through the murky back alleys of the Internet, shedding light on material that has traditionally been poorly documented, partially documented, or intentionally undocumented. The range of topics presented includes how to: -Evade post-mortem analysis -Frustrate attempts to reverse engineer your command & control modules -Defeat live incident response -Undermine the process of memory analysis -Modify subsystem internals to feed misinformation to the outside -Entrench your code in fortified regions of execution -Design and implement covert channels -Unearth new avenues of attack
Windows Internals, Part 1
Author: Mark E. Russinovich
Publisher: Pearson Education
ISBN: 0735671303
Category : Computers
Languages : en
Pages : 1223
Book Description
Delve inside Windows architecture and internals—and see how core components work behind the scenes. Led by three renowned internals experts, this classic guide is fully updated for Windows 7 and Windows Server 2008 R2—and now presents its coverage in two volumes. As always, you get critical insider perspectives on how Windows operates. And through hands-on experiments, you’ll experience its internal behavior firsthand—knowledge you can apply to improve application design, debugging, system performance, and support. In Part 1, you will: Understand how core system and management mechanisms work—including the object manager, synchronization, Wow64, Hyper-V, and the registry Examine the data structures and activities behind processes, threads, and jobs Go inside the Windows security model to see how it manages access, auditing, and authorization Explore the Windows networking stack from top to bottom—including APIs, BranchCache, protocol and NDIS drivers, and layered services Dig into internals hands-on using the kernel debugger, performance monitor, and other tools
Publisher: Pearson Education
ISBN: 0735671303
Category : Computers
Languages : en
Pages : 1223
Book Description
Delve inside Windows architecture and internals—and see how core components work behind the scenes. Led by three renowned internals experts, this classic guide is fully updated for Windows 7 and Windows Server 2008 R2—and now presents its coverage in two volumes. As always, you get critical insider perspectives on how Windows operates. And through hands-on experiments, you’ll experience its internal behavior firsthand—knowledge you can apply to improve application design, debugging, system performance, and support. In Part 1, you will: Understand how core system and management mechanisms work—including the object manager, synchronization, Wow64, Hyper-V, and the registry Examine the data structures and activities behind processes, threads, and jobs Go inside the Windows security model to see how it manages access, auditing, and authorization Explore the Windows networking stack from top to bottom—including APIs, BranchCache, protocol and NDIS drivers, and layered services Dig into internals hands-on using the kernel debugger, performance monitor, and other tools
Windows Internals
Author: David A. Solomon
Publisher: Microsoft Press
ISBN: 0735637962
Category : Computers
Languages : en
Pages : 1932
Book Description
See how the core components of the Windows operating system work behind the scenes—guided by a team of internationally renowned internals experts. Fully updated for Windows Server(R) 2008 and Windows Vista(R), this classic guide delivers key architectural insights on system design, debugging, performance, and support—along with hands-on experiments to experience Windows internal behavior firsthand. Delve inside Windows architecture and internals: Understand how the core system and management mechanisms work—from the object manager to services to the registry Explore internal system data structures using tools like the kernel debugger Grasp the scheduler's priority and CPU placement algorithms Go inside the Windows security model to see how it authorizes access to data Understand how Windows manages physical and virtual memory Tour the Windows networking stack from top to bottom—including APIs, protocol drivers, and network adapter drivers Troubleshoot file-system access problems and system boot problems Learn how to analyze crashes
Publisher: Microsoft Press
ISBN: 0735637962
Category : Computers
Languages : en
Pages : 1932
Book Description
See how the core components of the Windows operating system work behind the scenes—guided by a team of internationally renowned internals experts. Fully updated for Windows Server(R) 2008 and Windows Vista(R), this classic guide delivers key architectural insights on system design, debugging, performance, and support—along with hands-on experiments to experience Windows internal behavior firsthand. Delve inside Windows architecture and internals: Understand how the core system and management mechanisms work—from the object manager to services to the registry Explore internal system data structures using tools like the kernel debugger Grasp the scheduler's priority and CPU placement algorithms Go inside the Windows security model to see how it authorizes access to data Understand how Windows manages physical and virtual memory Tour the Windows networking stack from top to bottom—including APIs, protocol drivers, and network adapter drivers Troubleshoot file-system access problems and system boot problems Learn how to analyze crashes
Programming Windows Security
Author: Keith Brown
Publisher: Addison-Wesley Professional
ISBN: 9780201604429
Category : Computers
Languages : en
Pages : 612
Book Description
Windows 2000 and NT offer programmers powerful security tools that few developers use to the fullest -- and many are completely unaware of. In Programming Windows Security, a top Windows security expert shows exactly how to apply them in enterprise applications. Keith Brown starts with a complete roadmap to the Windows 2000 security architecture, describing every component and how they all fit together. He reviews the "actors" in a secure system, including principals, authorities, authentication, domains, and the local security authority; and the role of trust in secure Windows 2000 applications. Developers will understand the security implications of the broader Windows 2000 environment, including logon sessions, tokens, and window stations. Next, Brown introduces Windows 2000 authorization and access control, including groups, aliases, roles, privileges, security descriptors, DACLs and SACLs - showing how to choose the best access strategy for any application. In Part II, he walks developers through using each of Windows 2000's security tools, presenting techniques for building more secure setup programs, using privileges at runtime, working with window stations and user profiles, and using Windows 2000's dramatically changed ACLs. Finally, Brown provides techniques and sample code for network authentication, working with the file system redirector, using RPC security, and making the most of COM/COM+ security.
Publisher: Addison-Wesley Professional
ISBN: 9780201604429
Category : Computers
Languages : en
Pages : 612
Book Description
Windows 2000 and NT offer programmers powerful security tools that few developers use to the fullest -- and many are completely unaware of. In Programming Windows Security, a top Windows security expert shows exactly how to apply them in enterprise applications. Keith Brown starts with a complete roadmap to the Windows 2000 security architecture, describing every component and how they all fit together. He reviews the "actors" in a secure system, including principals, authorities, authentication, domains, and the local security authority; and the role of trust in secure Windows 2000 applications. Developers will understand the security implications of the broader Windows 2000 environment, including logon sessions, tokens, and window stations. Next, Brown introduces Windows 2000 authorization and access control, including groups, aliases, roles, privileges, security descriptors, DACLs and SACLs - showing how to choose the best access strategy for any application. In Part II, he walks developers through using each of Windows 2000's security tools, presenting techniques for building more secure setup programs, using privileges at runtime, working with window stations and user profiles, and using Windows 2000's dramatically changed ACLs. Finally, Brown provides techniques and sample code for network authentication, working with the file system redirector, using RPC security, and making the most of COM/COM+ security.
Troubleshooting with the Windows Sysinternals Tools
Author: Mark E. Russinovich
Publisher: Microsoft Press
ISBN: 0133986519
Category : Computers
Languages : en
Pages : 1332
Book Description
Optimize Windows system reliability and performance with Sysinternals IT pros and power users consider the free Windows Sysinternals tools indispensable for diagnosing, troubleshooting, and deeply understanding the Windows platform. In this extensively updated guide, Sysinternals creator Mark Russinovich and Windows expert Aaron Margosis help you use these powerful tools to optimize any Windows system’s reliability, efficiency, performance, and security. The authors first explain Sysinternals’ capabilities and help you get started fast. Next, they offer in-depth coverage of each major tool, from Process Explorer and Process Monitor to Sysinternals’ security and file utilities. Then, building on this knowledge, they show the tools being used to solve real-world cases involving error messages, hangs, sluggishness, malware infections, and much more. Windows Sysinternals creator Mark Russinovich and Aaron Margosis show you how to: Use Process Explorer to display detailed process and system information Use Process Monitor to capture low-level system events, and quickly filter the output to narrow down root causes List, categorize, and manage software that starts when you start or sign in to your computer, or when you run Microsoft Office or Internet Explorer Verify digital signatures of files, of running programs, and of the modules loaded in those programs Use Autoruns, Process Explorer, Sigcheck, and Process Monitor features that can identify and clean malware infestations Inspect permissions on files, keys, services, shares, and other objects Use Sysmon to monitor security-relevant events across your network Generate memory dumps when a process meets specified criteria Execute processes remotely, and close files that were opened remotely Manage Active Directory objects and trace LDAP API calls Capture detailed data about processors, memory, and clocks Troubleshoot unbootable devices, file-in-use errors, unexplained communication, and many other problems Understand Windows core concepts that aren’t well-documented elsewhere
Publisher: Microsoft Press
ISBN: 0133986519
Category : Computers
Languages : en
Pages : 1332
Book Description
Optimize Windows system reliability and performance with Sysinternals IT pros and power users consider the free Windows Sysinternals tools indispensable for diagnosing, troubleshooting, and deeply understanding the Windows platform. In this extensively updated guide, Sysinternals creator Mark Russinovich and Windows expert Aaron Margosis help you use these powerful tools to optimize any Windows system’s reliability, efficiency, performance, and security. The authors first explain Sysinternals’ capabilities and help you get started fast. Next, they offer in-depth coverage of each major tool, from Process Explorer and Process Monitor to Sysinternals’ security and file utilities. Then, building on this knowledge, they show the tools being used to solve real-world cases involving error messages, hangs, sluggishness, malware infections, and much more. Windows Sysinternals creator Mark Russinovich and Aaron Margosis show you how to: Use Process Explorer to display detailed process and system information Use Process Monitor to capture low-level system events, and quickly filter the output to narrow down root causes List, categorize, and manage software that starts when you start or sign in to your computer, or when you run Microsoft Office or Internet Explorer Verify digital signatures of files, of running programs, and of the modules loaded in those programs Use Autoruns, Process Explorer, Sigcheck, and Process Monitor features that can identify and clean malware infestations Inspect permissions on files, keys, services, shares, and other objects Use Sysmon to monitor security-relevant events across your network Generate memory dumps when a process meets specified criteria Execute processes remotely, and close files that were opened remotely Manage Active Directory objects and trace LDAP API calls Capture detailed data about processors, memory, and clocks Troubleshoot unbootable devices, file-in-use errors, unexplained communication, and many other problems Understand Windows core concepts that aren’t well-documented elsewhere
Android Security Internals
Author: Nikolay Elenkov
Publisher: No Starch Press
ISBN: 1593275811
Category : Computers
Languages : en
Pages : 434
Book Description
There are more than one billion Android devices in use today, each one a potential target. Unfortunately, many fundamental Android security features have been little more than a black box to all but the most elite security professionals—until now. In Android Security Internals, top Android security expert Nikolay Elenkov takes us under the hood of the Android security system. Elenkov describes Android security architecture from the bottom up, delving into the implementation of major security-related components and subsystems, like Binder IPC, permissions, cryptographic providers, and device administration. You’ll learn: –How Android permissions are declared, used, and enforced –How Android manages application packages and employs code signing to verify their authenticity –How Android implements the Java Cryptography Architecture (JCA) and Java Secure Socket Extension (JSSE) frameworks –About Android’s credential storage system and APIs, which let applications store cryptographic keys securely –About the online account management framework and how Google accounts integrate with Android –About the implementation of verified boot, disk encryption, lockscreen, and other device security features –How Android’s bootloader and recovery OS are used to perform full system updates, and how to obtain root access With its unprecedented level of depth and detail, Android Security Internals is a must-have for any security-minded Android developer.
Publisher: No Starch Press
ISBN: 1593275811
Category : Computers
Languages : en
Pages : 434
Book Description
There are more than one billion Android devices in use today, each one a potential target. Unfortunately, many fundamental Android security features have been little more than a black box to all but the most elite security professionals—until now. In Android Security Internals, top Android security expert Nikolay Elenkov takes us under the hood of the Android security system. Elenkov describes Android security architecture from the bottom up, delving into the implementation of major security-related components and subsystems, like Binder IPC, permissions, cryptographic providers, and device administration. You’ll learn: –How Android permissions are declared, used, and enforced –How Android manages application packages and employs code signing to verify their authenticity –How Android implements the Java Cryptography Architecture (JCA) and Java Secure Socket Extension (JSSE) frameworks –About Android’s credential storage system and APIs, which let applications store cryptographic keys securely –About the online account management framework and how Google accounts integrate with Android –About the implementation of verified boot, disk encryption, lockscreen, and other device security features –How Android’s bootloader and recovery OS are used to perform full system updates, and how to obtain root access With its unprecedented level of depth and detail, Android Security Internals is a must-have for any security-minded Android developer.
Windows Sysinternals Administrator's Reference
Author: Aaron Margosis
Publisher: Pearson Education
ISBN: 0735663602
Category : Computers
Languages : en
Pages : 741
Book Description
Get in-depth guidance—and inside insights—for using the Windows Sysinternals tools available from Microsoft TechNet. Guided by Sysinternals creator Mark Russinovich and Windows expert Aaron Margosis, you’ll drill into the features and functions of dozens of free file, disk, process, security, and Windows management tools. And you’ll learn how to apply the book’s best practices to help resolve your own technical issues the way the experts do. Diagnose. Troubleshoot. Optimize. Analyze CPU spikes, memory leaks, and other system problems Get a comprehensive view of file, disk, registry, process/thread, and network activity Diagnose and troubleshoot issues with Active Directory Easily scan, disable, and remove autostart applications and components Monitor application debug output Generate trigger-based memory dumps for application troubleshooting Audit and analyze file digital signatures, permissions, and other security information Execute Sysinternals management tools on one or more remote computers Master Process Explorer, Process Monitor, and Autoruns
Publisher: Pearson Education
ISBN: 0735663602
Category : Computers
Languages : en
Pages : 741
Book Description
Get in-depth guidance—and inside insights—for using the Windows Sysinternals tools available from Microsoft TechNet. Guided by Sysinternals creator Mark Russinovich and Windows expert Aaron Margosis, you’ll drill into the features and functions of dozens of free file, disk, process, security, and Windows management tools. And you’ll learn how to apply the book’s best practices to help resolve your own technical issues the way the experts do. Diagnose. Troubleshoot. Optimize. Analyze CPU spikes, memory leaks, and other system problems Get a comprehensive view of file, disk, registry, process/thread, and network activity Diagnose and troubleshoot issues with Active Directory Easily scan, disable, and remove autostart applications and components Monitor application debug output Generate trigger-based memory dumps for application troubleshooting Audit and analyze file digital signatures, permissions, and other security information Execute Sysinternals management tools on one or more remote computers Master Process Explorer, Process Monitor, and Autoruns