Windows System Security Foundations

Whether you're a student, a career changer, or an early-career professional, this book offers a practical, hands-on introduction to Windows security fundamentals from both offensive and defensive perspectives. With over 100 exercises designed to reinforce key concepts, readers will gain real-world experience in securing domain-joined and stand-alone Windows systems.

The journey begins with PowerShell—an essential tool for both administrators and attackers. You'll learn how PowerShell history is recorded, how credentials are managed, and how scripts can be obfuscated or monitored. From there, the book explores Windows users and groups, the logon process, access tokens, and User Account Control (UAC), providing a clear understanding of how Windows manages identity and privilege.

Readers will dive into password hash storage and cracking techniques using tools like John the Ripper, and explore how rights and privileges are assigned through group memberships. The book also covers the Windows file system in depth, including symbolic links, alternate data streams, and the Mark of the Web, along with techniques for managing file permissions and discretionary access control lists (DACLs).

You'll gain insight into Windows processes and services, learn how to view and manage them effectively, and understand key boot processes and process integrity. Each chapter builds practical skills that prepare you to think like both an attacker and a defender—essential for anyone entering the cybersecurity field.

WHAT YOU WILL LEARN

• Hands-on experience with the security of domain-joined and stand-alone Windows systems.
• Create and manage local and domain users on a Windows system, will understand how and where their password hashes are stored, and be able to crack Windows passwords with John the Ripper.
• How Windows assigns privileges and rights to users and groups, including how access tokens are assigned and how they are used in User Account Control (UAC).
• How the Windows file system is organized, including shortcuts, symbolic links, junctions, alternate data streams, and the Mark of the Web; the reader will be able to view and manage file permissions and discretionary access control lists (DACLs).
• How to view and manage processes and services in Windows.

WHO THIS BOOK IS FOR:

Ideal for computer science students, early-career professionals, and career changers looking to build a strong foundation in Windows security. Whether used in the classroom or for self-study, this book equips readers with the hands-on experience needed to succeed in cybersecurity.