Category

Windows Internals

blue depth
blue depth

Understanding UAC Virtualization: A Security Mechanism for Legacy Applications

In this video, we dive deep into User Account Control (UAC) Virtualization—a feature introduced in Windows Vista to balance security with compatibility for legacy applications. We explore why applications written for Windows XP assumed administrative privileges and how UAC virtualization helps mitigate security risks while maintaining functionality.

You’ll see a hands-on demonstration of how UAC virtualization works, including how it redirects file writes from system directories to per-user locations.

Dive in
Windows Insider Green Screen of Death showing a frowny face and crash information.

Exploring the Blue Screen of Death: A Practical Deep Dive

Dive into Pavel’s latest post exploring the Windows Blue Screen of Death—what triggers it, why it’s actually a safeguard rather than a punishment, and how to investigate crashes with powerful tools like WinDbg and Driver Verifier. This guide offers invaluable insights for TrainSec students, especially those following the Windows Internals Master path, looking to sharpen their debugging skills and elevate their mastery of the Windows kernel.

Dive in
RunDll32

Understanding RunDLL32: Leveraging Dynamic Function Invocation

Unlock the power of RunDLL32! Learn how to execute DLL functions, invoke control panel dialogs, and test custom DLLs with our latest guide. Packed with examples and insights, this post is part of the free TrainSec Knowledge Library—your go-to resource for mastering Windows tools.

Dive in
Shell Icon Handler extension

Shell Icon Handler extension

Shell extensions are a powerful feature of the Windows shell that allow developers to extend and customize the functionality of File Explorer (formerly Windows Explorer) and any other applications utilizing the same interfaces. These extensions are implemented as COM objects and can take various forms, including context menu handlers, property sheet handlers, drag-and-drop handlers, and icon handlers. In this post, we will focus on creating an icon handler, a type of shell extension that enables dynamic customization of file icons based on specific file properties.

Dive in

Understanding the Differences Between CreateProcessAsUser and CreateProcessWithTokenW in Windows

In this video, we dive into two powerful Windows API functions—CreateProcessAsUser and CreateProcessWithTokenW—that allow you to start a new process under a different user context. You’ll learn when to use each function, what privileges and services they depend on, and how to overcome common pitfalls. The video demonstration includes live coding examples, troubleshooting steps, and insights into managing tokens, sessions, and user profiles.

Dive in
simple rpc client

Building a Simple RPC Client and Server: A Step-by-Step Guide

Remote Procedure Calls (RPC) are a fundamental mechanism in distributed computing, allowing functions to execute seamlessly across different systems or processes as if they were local. This post walks you through creating a basic RPC server and client using Microsoft’s RPC framework, focusing on clarity and simplicity.

Dive in

You can learn for free

We’ll keep you up to date with the latest trends, free content and discounts

Pavel Yosifovich

Software developer, trainer, consultant, author, and speaker. Co-author of “Windows Internals” 7th edition (2017). Author of “Windows Kernel Programming, 2nd ed” (2023), “Windows 10 System Programming Part 1” (2020) and Part 2 (2021).

@zodiacon

Uriel kosayev

Uriel Kosayev

Security researcher, consultant, and the author of the Antivirus Bypass Techniques book who lives both on the offensive and defensive fronts. Passionate about malware research, and red teaming while providing real-world security solutions. 

@MalFuzzer

Amichai Yifrach

Amichai Yifrach

30+ years of hands-on experience, Inventor, systems & electronics engineer, expert program manager, coder, cyber security researcher and startups mentor. Expert in Hardware-firmware-software integrated systems development

@The_H1tchH1ker