When it comes to hacking, Windows Services are priceless due to couple of factors: They natively work over the network — the entire Services API was designed with remote servers in mind, They start automatically when the system boots up, They may have extremely high privileges in the OS, They…

NTFS is the main filesystem used within Windows OS to store your files and folders. As every single filesystem, NTFS not only stores your data, but also some additional data about your data, usually called metadata. It may be not the most important thing for you, but it is priceless…

GPO Forensics GPO (Group Policy Object) is one of the most useful features of the Windows ecosystem. Simply saying, GPO allows an admin to create a set of rules to be applied on domain-joined computers, making him no longer care about “how”, but rather “what”. …

To keep important things clear: BitLocker is a Windows-based full volume encryption solution. It encrypts every single sector of the volume, acting on the lowest possible layer — encrypting the data just before being written to the hardware and decrypting freshly it immediately after reading. BitLocker is considered relatively secure…

Let’s start from the beginning, trying to keep it as simple as possible: objects (in this case folders and files) may have their Access Control Lists (ACL) to determine who has an access to the data. …

Let’s assume you know what the “process” means in Windows OS. If not sure, I would definitely recommend the sample chapter from Windows Internals book, named “Processes, Threads, and Jobs”. …