[{"content":"","date":"6 May 2026","externalUrl":null,"permalink":"/series/","section":"Series","summary":"","title":"Series","type":"series"},{"content":"","date":"6 May 2026","externalUrl":null,"permalink":"/blogs/","section":"Research \u0026 Techical Notes","summary":"","title":"Research \u0026 Techical Notes","type":"blogs"},{"content":" 1. Windows Editions # Why do we have to learn about Windows Fundamentals? Because it is the most popular operating system in both home and enterprise networks nowadays. So, Windows is a top target of hackers and malware writers.\nWindows Desktop development process:\nWindows XP: The most popular OS in the past. Windows Vista \u0026amp; 8.x: They had many issues and were short-lived OSs. Windows 7 \u0026amp; 10: The successful OSs. Windows 10 has not been supported since October 14, 2025. Windows 11: The current Windows OS, released on October 5, 2021. It has 2 flavors, Home and Pro. Windows Server:\nThe current version is Windows Server 2025. The VM in this room is Windows Server 2019 Standard. 2. Introduction to Windows # The Windows operating system is a complicated OS with many system files, utilities, settings, features, etc. Before going deep into this module, we have to start the VM and use Remote Desktop to make a remote connection with credentials: Machine IP: Machine_IP User: administrator Pass: letmein123! 3. The File System # 1. File Systems: # NTFS (New Technology File System): It is the standard format in modern Windows desktops and servers. The strongest feature is its Journaling mechanism, which uses log files to recover folders/files when an incident occurs. FAT16/FAT32: The older format, it is just commonly used in some external storage devices such as USB devices, MicroSD cards, etc. NTFS is better than FAT because it supports files larger than 4GB, specific folder and file permissions, compression, and the Encrypting File System (EFS). 2. NTFS Permissions: # There are 6 basic permission modes:\nFull Control. Modify. Read \u0026amp; Execute. List folder contents. Read. Write. 3. Alternate Data Streams (ADS): # This is a file attribute specific to Windows NTFS. It allows attaching many data streams to a file: By default, the main data stream of an NTFS file is saved in an unnamed stream - format: $DATA. The ADS feature supports attaching the named streams to the Master File Table (MFT) in a file. Syntax: [Origin_File_Name].[ext]:[Hidden_Stream_Name].[ext]. E.g., picture1.png:malware.exe. It is a hidden attribute, so Windows Explorer cannot display ADS streams. To investigate these streams, we must use PowerShell or tools such as Streams.exe in Sysinternals Suite. Not all its uses are malicious 4. The Windows\\System32 Folder: # The Windows OS is usually stored in C:\\Windows, but not always. Environment Variables: Store information about the operating system environment. E.g., %windir% points to the Windows installation directory. System32 Folder: Contains the core files for the operating system. Any misconfiguration can render the Windows OS inoperable 5. User Accounts, Profiles, and Permissions: # 1. Account types: # There are 2 types: Administrator: This account type can fully control the system, change system-level settings, add/delete users, set permissions and install software. Standard User: This account type can only interact with personal files/folders. They cannot perform any system-level actions. 2. User Profiles: # Location: C:\\Users\\[Username] A user profile is automatically generated upon the first logon. It contains the default folders: Desktop, Documents, Downloads, Music, etc. 3. Management Tools and Groups: # Only an administrator can \u0026lsquo;Add someone else to this PC\u0026rsquo; in \u0026lsquo;Other users\u0026rsquo; in the Start Menu. Each group has permissions set to it. When a user is assigned to a group, the user inherits the permissions of that group. The relationship between groups and users is many-to-many. 6. User Account Control # 1. What is User Account Control (UAC)? # Problem: Most home users use an Administrator account for every activity such as surfing the internet, working on a Word document, etc. This is very dangerous because if the system is infected with malware, that malware also runs with the highest privilege to control the entire system. Solution: The UAC was first introduced with the short-lived Windows Vista. It helps reduce this risk by controlling privilege elevation. 2. UAC mechanism: # Runs with standard privileges (Any Administrator account or Standard account). Verifies user\u0026rsquo;s permissions if the user runs an operation requiring higher-level privilege. Any programs requiring administrative permissions have a shield icon over their default icons. 3. Reaction of UAC with specific account types: # Standard User: Asks for an Administrator password. Administrator User: UAC will prompt Yes/No verification. Exception: Built-in local Administrator Account is not controlled by UAC. 7. Settings and Control Panel: # The primary tools used to change and manage configurations in the Windows system. Control Panel: The traditional management tool that controls advanced and complex system configurations. Check/Uninstall Programs: Control Panel -\u0026gt; Programs -\u0026gt; Programs and Features Settings: Introduced with Windows 8 and has become the main UI for basic users in newer versions. 8. Task Manager # Main feature: Monitors processes and programs currently running on the system, along with hardware performance stats. Press Ctrl+Shift+Esc to access. Display interface: Opens in \u0026ldquo;Simple View\u0026rdquo; by default. Click \u0026ldquo;More details\u0026rdquo; to access the advanced monitoring view. 9. System Configuration and Advanced System Settings # 1. System Configuration - msconfig # MSConfig is for advanced troubleshooting, and its main purpose is to help diagnose startup issues. Specifically, it focuses on the booting process of Windows (Required Local Administrator permissions).\nKey configuration tabs:\nGeneral: Select the booting mode: Normal, Diagnostic, Selective. Boot: Settings related to the OS booting. Services: List of background services on the system (running and stopped). Startup: Manage the programs that start with Windows. Within Windows Server, this feature is disabled on MSConfig and Task Manager. To check startup programs, press Win + R -\u0026gt; type shell:startup. Tools: Contains a list of other system management tools with related CMD to launch or type in Command Prompt. 2. Advanced System Settings # Gives some additional configuration settings, which we can use to control performance behavior and system recovery. To access, search for View advanced system settings. 1. Page file (Virtual Memory) # How: When the physical RAM is full, Windows takes a part of the hard disk (Page File) as an extra virtual memory space. This helps to prevent slowdowns or application crashes when the system runs out of memory. Configure: Advanced -\u0026gt; Performance -\u0026gt; Settings. We can configure the size of the page file (MB), the storage disk, and whether Windows manages the size automatically. 2. Startup and Recovery (Crash Dump) # How: When the system encounters a critical incident (e.g., BSOD), Windows will automatically save the state into a Crash Dump file. The sysadmins/analysts can analyze the incident. Types: Windows supports different dump types: Automatic, Kernel, Small memory dump (256 KB), Complete memory dump, None. Configure: Advanced -\u0026gt; Startup and Recovery -\u0026gt; Settings. 10. Change UAC Setting # The UAC settings can be changed or even turned off entirely. There are 4 security levels: Always notify: Highest security, Windows notifies whenever any changes are made. Notify for Apps: Notifies only when apps try to make changes, but not when Windows settings are changed. Notify without dimming: Same as \u0026lsquo;Notify for Apps\u0026rsquo;, but the screen does not dim. Never notify: Notifications are turned off. 11. Computer Management # 1. System Tools # a. Task Scheduler\nFeatures: Running tasks (scripts, programs, etc) automatically on a specific schedule or at a specific condition. Components: In Task Scheduler Library, we can see all the scheduled tasks of the system. It shows the command that will run, the triggered condition, and the triggered time. To create a basic task, click on Create Basic Task under Actions. b. Event viewer\nFeatures: Event Viewer records the events that have occurred on the system to help diagnose problems and investigate actions executed on the system. Interface: Event Viewer has 3 panes: The left pane displays the hierarchical tree listing of the event log providers. The middle pane contains the general overview and summary of the events. The right pane is the actions pane. Types: There are five types of events that are recorded in \u0026lsquo;Windows Logs\u0026rsquo; such as Application, Security, System, etc. Below is a table from docs.microsoft.com providing a brief description for 5 types of events\nBelow is a table from docs.microsoft.com providing a brief description for standard logs and custom logs\nc. Shared Folder\nFeatures: Shared Folder manages the shared resources in the network. Components: Shares: List of shared directories (including default Windows share like C$, ADMIN$). Sessions: List of users currently connecting to a shared folder. Open files: List of specific files/folders currently opened by other users. d. Local Users and Groups: manages local accounts and permissions.\ne. Performance:\nTools: Performance Monitor (perfmon). Features: Shows performance data either in real-time or from a log file. It is used to investigate reasons causing slowness and lag on the system. f. Device Manager: Views, updates, configures drivers or disables the connected hardware.\n2. Storage # Disk Management is a system utility in Windows that enables us to perform advanced storage tasks. We can use it to: Set up a new drive. Extend a partition. Shrink a partition. Assign or change a drive letter. 3. Services and Applications # Services: Shows all the services on the system, and their states (running, stopped). Properties: A service has the properties: Display name, Service name, the path to its executable, its startup type, etc. Startup Types: Automatic: Starts every time the system boots. Manual: Only starts when triggered. Disabled: Does not run at all. Windows Management Instrumentation (WMI) Control controls WMI Service. It allows scripting languages (VBScript or PowerShell) to manage Microsoft Windows personal computers and servers, both locally and remotely. Note: The WMIC tool was deprecated in Windows 10, version 21H1. Windows PowerShell supersedes this tool for WMI. 12. System information - msinfo32 # What is the System Information tool (msinfo32.exe)? This is an integrated Windows tool that gathers information about the computer and displays a comprehensive view of its hardware, system components, and software environment, which you can use to diagnose computer issues. Sections: The System Summary will display general technical specifications for the computer, such as processor brand and model. Hardware Resources: The information in this section includes very advanced technical specifications. Components: Contains specific information about hardware devices installed on the computer. Software Environment: Contains information about software baked into the operating system and the software we have installed. Other details are \u0026lsquo;Network Connections\u0026rsquo;, \u0026lsquo;Environment Variables\u0026rsquo;, \u0026lsquo;Running Tasks\u0026rsquo;, etc. Environment Variables: Stores information about the operating system environment. The data in environment variables is used by the operating system and other programs. There are two ways to access Environment Variables: Control Panel -\u0026gt; System and Security -\u0026gt; System -\u0026gt; Advanced system settings -\u0026gt; Environment Variables. Settings -\u0026gt; System -\u0026gt; About -\u0026gt; system info -\u0026gt; Advanced system settings -\u0026gt; Environment Variables. 13. Resource Monitor - resmon # What is Resource Monitor (resmon)? It is a system tool that displays detailed per-process and aggregate CPU, memory, disk, and network usage information. It is geared primarily toward advanced users for troubleshooting. Key Features: Monitoring: Shows which processes are using individual file handles and modules. Advanced Filtering: Isolates data related to specific processes. Actionable Controls: Start, stop, pause, resume services, and close unresponsive applications. Process Analysis: Identifies deadlocked processes and file-locking conflicts to help users resolve issues without losing data. Interface: Overview Tab: A summary of CPU, Disk, Network, and Memory usage. Specific Tabs: Deep dive into CPU, Memory, Disk, and Network with specific detailed metrics. Graphical Pane: Located on the far right, it shows real-time resource usage graphs. 14. Command Prompt - cmd # What is it? The Command Prompt is the command-line interface (CLI) for Windows. Before graphical user interfaces (GUIs) were introduced, it was the sole way to interact with the OS. It remains a powerful tool for advanced management and troubleshooting. System Information Commands: hostname: Outputs the name of the computer. whoami: Outputs the name of the currently logged-in user. Network and Troubleshooting Commands: ipconfig: Shows the network address settings for the computer. netstat: Displays protocol statistics and current TCP/IP network connections. It can be appended with parameters (e.g., -a, -b, -e) to change or filter the output. Network Resource Management: net: Primarily used to manage network resources. This root command relies on sub-commands to function properly. Common sub-commands include: net user, net localgroup, net share, net use, and net session. Help and Utility Commands: /?: Retrieves the help manual and expected syntax for most commands (e.g., ipconfig /?). net help: The /? parameter does not work for the net command. To view help information for its sub-commands, you must use this specific syntax (e.g., net help user). cls: Clears the Command Prompt screen. 15. Windows Registry - regedit # What is it? A central hierarchical database used to store essential configuration settings for the OS, hardware, users, and applications. Information Stored: User profiles and hardware configurations. Installed applications and file associations. Folder settings and application icons. Registry Editor (regedit/regedt32): The primary tool for viewing and modifying registry entries. !!! Warning: Modifying the registry is strictly for advanced users. Incorrect changes can lead to critical system failures or render the OS inoperable. ","date":"6 May 2026","externalUrl":null,"permalink":"/blogs/thm-windows-ad/windows-fundamentals/","section":"Research \u0026 Techical Notes","summary":"","title":"Windows Fundamentals","type":"blogs"},{"content":"Welcome to the Windows and AD Fundamentals series!\nThis is where i compile the knowledge and content I have learned from the TryHackMe. The series is designed as a collection of technical notes, focusing on core concept:\nWindows File System architecture and Registry. UAC operation mechanisms and enumeration techniques. Active Directory fundamentals and how it operates within an enterprise environment. The goal of this series is to build a solid foundation for Privilege Escalation techniques and enterprise network attacks.\n","date":"6 May 2026","externalUrl":null,"permalink":"/series/windows-and-ad-fundamentals/","section":"Series","summary":"","title":"Windows and AD Fundamentals","type":"series"},{"content":"","date":"5 May 2026","externalUrl":null,"permalink":"/projects/","section":"Projects","summary":"","title":"Projects","type":"projects"},{"content":"","date":"5 May 2026","externalUrl":null,"permalink":"/","section":"","summary":"","title":"","type":"page"},{"content":"","externalUrl":null,"permalink":"/authors/","section":"Authors","summary":"","title":"Authors","type":"authors"},{"content":"","externalUrl":null,"permalink":"/categories/","section":"Categories","summary":"","title":"Categories","type":"categories"},{"content":"","externalUrl":null,"permalink":"/tags/","section":"Tags","summary":"","title":"Tags","type":"tags"}]