Windows Security Internals with PowerShell

by James Forshaw
February 2024, 600 pp.
Use coupon code PREORDER to get 25% off!

Download Chapter 5: Security Descriptors

Learn the core components and features of the Microsoft Windows threat-mitigation system from one of the world’s foremost Windows security experts—and Microsoft’s top bug hunter—James Forshaw. In this hands-on guidebook, Forshaw distills his more than 20 years of knowledge and practical experience working with Windows security, describing the system in greater depth than any ever before.In-depth technical discussions are rounded out with l real-world examples that not only demonstrate how to use PowerShell in security work, but let you explore Windows security features for yourself as you follow along in the text.

Early chapters cover the basics, including best practices for setting up a PowerShell environment, understanding the Windows kernel interface, and working within the security reference monitor. As you progress to more advanced topics, Forshaw walks you through highly relevant case studies, as well as the implementation of complex processes like access checking and network authentication. In addition, there  are example scripts using the PowerShell scripting language throughout, which can be used to test the behavior of Windows systems and, in turn, enable you to explore their security without needing a compiler or other development tools. 

Essential for anyone who works with Windows security, this book dives deeper into core components of the system than even Microsoftʼs own documentation.


Author Bio 

James Forshaw is a renowned computer security researcher at Google Project Zero, with over twenty years of experience in researching and developing secure systems on various platforms, but especially Microsoft Windows. This experience earned him the top bug bounty of $100,000. He’s reporting 100s of security vulnerabilities to Microsoft which gained him the #1 researcher position on Microsoft Security Response Center’s (MSRC) published list. He’s been invited to present his novel security research at global security conferences such as Black Hat, CanSecWest and Chaos Computer Congress. He’s also the author of Attacking Network Protocols (No Starch Press).


Table of contents 

Chapter 1. Setting Up a PowerShell Testing Environment
Part 1: An Overview of the Windows Operating System
Chapter 2. The Windows Kernel
Chapter 3. User-Mode Applications
Part 2: The Windows Security Reference Monitor
Chapter 4. Security Access Tokens
Chapter 5. Security Descriptors
Chapter 6. Reading and Assigning Security Descriptors
Chapter 7. Access Checking
Chapter 8. Other Access Checking Use Cases
Chapter 9. Security Auditing

Part 3: The Local Security Authority and Authentication
Chapter 10. Local Authentication
Chapter 11. Active Directory
Chapter 12. Interactive Authentication
Chapter 13. Network Authentication
Chapter 14. Kerberos Authentication
Chapter 15. Negotiate Authentication and Other Security Packages
Appendix A: Building a Windows Domain Network for Testing
Appendix B: SDDL SID Constants

The chapters in red are included in this Early Access PDF.