Windows 10 Internals - Threads, Memory and Security

Course Overview
Hi everyone. My name is Pavel Yosifovich, and welcome to my course, Windows 10 Internals - Threads, Memory, and Security. I'm a developer and trainer working quite a bit with the internals of Windows. In this course, we're going to learn about various internal features and enhancements in the recent versions of Windows. The major topics that we will cover are threads and scheduling, memory management, and security. By the end of this course, you'll gain a deeper understanding of internal mechanisms in recent versions of Windows, which you'll be able to use in development or research. Before beginning this course, you should be familiar with the basics of Windows internals such as processes, threads, DLLs, and virtual memory. I hope you'll join me on this journey to learn Windows internals with the Windows 10 Internals - Threads, Memory, and Security course, at Pluralsight.

Memory Management: Fundamentals
Hi, and welcome to the second module, which is about memory management, the fundamentals. In this module, we'll take a look at the basics of memory management, which is mostly a review from previous Windows Internals courses. We'll start by looking at memory management as a whole and then look at how memory is laid out in processes in the system. We'll look at page states and see what kind of state a page can be in. Then we'll discuss some memory terminology and see those in various tools, and then we'll summarize what we've learned. So let's begin.

Memory Management: Advanced Features
Hi, and welcome to the Memory Management: Advanced Features module. In this module, we're going to continue exploration of the memory manager. Specifically, we'll look at reserve memory, and more importantly, the cost of reserve memory. How much does it cost really to reserve a large chunk of reserve memory? Then we'll look at ASLR, which is a security feature that has some side benefits. Then we'll look at physical pages lists and see how they're managed. And this will lead us to memory compression. We'll see how memory compression works to allow us to save physical memory. And finally, we'll look at memory enclaves, which is a new feature allowing us to protect, processes, or process memory, from kernel-based attacks. And finally, we'll summarize what we've learned. Let's begin with reserved memory.

Security: Fundamentals
Hi, and welcome to the Security: Fundamentals module. In this module, we'll take a look at the basic security features in Windows. We'll look at the various security components that comprise the system. We'll take a look at how the user logs in, what components are involved. Then we'll look at various terms that are related to security such as SIDs, access tokens, and privileges. And finally, we'll look at access checks and how they're being done by combining all the terms previously introduced. And so let's begin.

Security: Advanced Features
Hi, and welcome to the Security: Advanced Features module on Pluralsight. And so in this module, We'll continue our exploration of security-related features on Windows. We'll start with Virtualization-based Security, which allows us to have a hypervisor controlling vital parts of the system. Then we'll look at User Access Control, which allows users some control over which processes run with elevated permissions. We'll look at Integrity Levels, which is another way of separating processes running under the same user account. We'll discuss AppContainers, which are the secure sandbox under which UWP processes are running. Control Flow Guard is a mechanism to make sure malicious code does not override indirect calls. And finally we'll look at Process Mitigations that allow some settings on the process by process basis related to security. So, let's begin.