Shlomi Boutnaru, Ph.D.The Windows Security Journey — LSA Protection (Local Security Authority Protection)“LSA Protection” (Local Security Authority Protection) is a security feature of the Windows operating system which is used to disallow…9h ago9h ago
Shlomi Boutnaru, Ph.D.The Windows Security Journey — PPL (Protected Processes Light)PPL (Protected Processes Light) was introduced as a security feature in Windows 8.1. We can think about them as an extension to the…1d ago1d ago
Shlomi Boutnaru, Ph.D.The Windows Security Journey — Protected Processes“Protected Processes” is a security feature introduced as part of Windows Vista in order to enhance support for DRM (Digital Right…2d ago2d ago
Shlomi Boutnaru, Ph.D.The Windows Security Journey — WDigest (Windows Digest)WDigest is an authentication protocol which was introduced as part of Windows XP. It is designed for HTTP (Hypertext Transfer Protocol)…3d ago3d ago
Shlomi Boutnaru, Ph.D.The Windows Security Journey — Differences between “AppLocker” and “SRP”In general, both SRP (https://medium.com/@boutnaru/the-windows-security-journey-srp-software-restriction-policies-9f658a4ed648) and…4d ago4d ago
Shlomi Boutnaru, Ph.D.The Windows Security Journey — WDAC (Windows Defender Application Control)WDAC (Windows Defender Application Control) is a security feature which was introduced as part of Windows 10. We can use WDAC for…4d ago4d ago
Shlomi Boutnaru, Ph.D.The Windows Concept Journey — “Power Manager”The “Power Manager” is one of the “Executive”…4d ago4d ago
Shlomi Boutnaru, Ph.D.The Windows Concept Journey — “PnP Manager” (Plug and Play Manager)The “PnP Manager” (Plug and Play Manager) is used to provide the Windows operating system the following capabilities: installing new…6d ago6d ago
Shlomi Boutnaru, Ph.D.The Windows Process Journey — “slui.exe” (Windows Activation Client)“slui.exe” (Windows Activation Client) is a PE binary located at “%windir%\System32\slui.exe”. On 64-bit systems there is one 32-bit…Sep 12Sep 12
Shlomi Boutnaru, Ph.D.The Windows Process Journey — “icacls.exe” (Integrity Control ACLs Program)“icacls.exe” is a PE binary located at “%windir%\System32\icacls.exe”. The binary is digitally signed by Microsoft. On 64-bit versions of…Sep 111Sep 111