Windows Security Internals: A Deep Dive Into Windows Authentication, Authorization, and Auditing

Forshaw, James

  • 出版商: No Starch Press
  • 出版日期: 2024-04-30
  • 售價: $2,160
  • 貴賓價: 9.5$2,052
  • 語言: 英文
  • 頁數: 608
  • 裝訂: Quality Paper - also called trade paper
  • ISBN: 1718501986
  • ISBN-13: 9781718501980
  • 相關分類: 資訊安全
  • 立即出貨 (庫存 < 4)



Power up your Windows security skills with expert guidance, in-depth technical insights, and dozens of real-world vulnerability examples from Google Project Zero's most renowned researcher!

Learn core components of the system in greater depth than ever before, and gain hands-on experience probing advanced Microsoft security systems with the added benefit of PowerShell scripts.

Windows Security Internals is a must-have for anyone needing to understand the Windows operating system's low-level implementations, whether to discover new vulnerabilities or protect against known ones. Developers, devops, and security researchers will all find unparalleled insight into the operating system's key elements and weaknesses, surpassing even Microsoft's official documentation.

Author James Forshaw teaches through meticulously crafted PowerShell examples that can be experimented with and modified, covering everything from basic resource security analysis to advanced techniques like using network authentication. The examples will help you actively test and manipulate system behaviors, learn how Windows secures files and the registry, re-create from scratch how the system grants access to a resource, learn how Windows implements authentication both locally and over a network, and much more.

You'll also explore a wide range of topics, such as:

  • Windows security architecture, including both the kernel and user-mode applications
  • The Windows Security Reference Monitor (SRM), including access tokens, querying and setting a resource's security descriptor, and access checking and auditing
  • Interactive Windows authentication and credential storage in the Security Account Manager (SAM) and Active Directory
  • Mechanisms of network authentication protocols, including NTLM and Kerberos

In an era of sophisticated cyberattacks on Windows networks, mastering the operating system's complex security mechanisms is more crucial than ever. Whether you're defending against the latest cyber threats or delving into the intricacies of Windows security architecture, you'll find Windows Security Internals indispensable in your efforts to navigate the complexities of today's cybersecurity landscape.


提升您的Windows安全技能,獲得專家指導、深入的技術見解,以及Google Project Zero最著名的研究人員提供的數十個真實漏洞案例!比以往更深入地了解系統的核心組件,並通過PowerShell腳本獲得實踐經驗,探索高級Microsoft安全系統。


作者James Forshaw通過精心製作的PowerShell示例進行教學,這些示例可以進行實驗和修改,涵蓋從基本資源安全分析到使用網絡身份驗證等高級技術。這些示例將幫助您主動測試和操縱系統行為,了解Windows如何保護文件和註冊表,從頭開始重新創建系統如何授予對資源的訪問權限,了解Windows如何在本地和網絡上實現身份驗證等等。

- Windows安全架構,包括內核和用戶模式應用程序
- Windows安全參考監視器(SRM),包括訪問令牌、查詢和設置資源的安全描述符,以及訪問檢查和審計
- 交互式Windows身份驗證和安全帳戶管理器(SAM)和Active Directory中的憑據存儲
- 網絡身份驗證協議的機制,包括NTLM和Kerberos



James Forshaw is a renowned computer security expert on Google's Project Zero team. In his more than 20 years of experience analyzing and exploiting security issues in Microsoft Windows and other products, he has discovered hundreds of publicly disclosed vulnerabilities in Microsoft platforms. Others frequently cite his research, which he presents in blogs, on the world stage, or through novel tooling, and he has inspired numerous researchers in the industry. When not breaking the security of other products, James works as a defender, advising teams on their security design and improving the Chromium Windows sandbox to secure billions of users worldwide. He's also the author of Attacking Network Protocols (No Starch Press)


James Forshaw 是 Google 的 Project Zero 團隊中一位著名的電腦安全專家。在他超過 20 年的經驗中,他分析並利用了 Microsoft Windows 和其他產品中的安全問題,並發現了數百個公開披露的 Microsoft 平台漏洞。其他人經常引用他的研究成果,他通過博客、在世界舞台上的演講或通過新穎的工具來呈現。他的研究成果激勵了業界中許多研究人員。當他不在破解其他產品的安全性時,James 作為一名防禦者,為團隊提供安全設計建議,並改進 Chromium Windows 沙盒以保護全球數十億用戶的安全。他還是《Attacking Network Protocols》(No Starch Press)的作者。