OSF - Operating System Fundamentals

Description

Have you ever wondered what's under the hood of a modern operating system? How does it work? How can I make it better? What components are vulnerable to attacks? All of these questions and more can be answered in our O/S Fundamentals class. This class gives you a firm understanding of the latest Operating Systems used worldwide as well as advanced information that will help you immensely in our Malware and Exploitation courses.

Starting with the Microsoft O/S we teach registry management, memory management, process management, API usage, dynamically linked libraries and much more. All week long we compare and contrast these components to alternative operating systems such as: Solaris, Unix, Linux, and Mac OS. After attending this course students will be fully equipped with the fundamentals of Operating System elements and how they are all interconnected.

Course Details:

70% Labs, 30% Lecture using real-world network attack captures
Laptops are provided during the class
Students receive USB Flash drives of all student labs

Objectives

Attending students will learn:

User and Group Credentials and Light Security Topics
File Management, Memory Management, Process Management
Networking Management
Command Shell Tools and Techniques
Processor Fundamentals and Sharing
Windows API, Windows Registry, and Dynamically Linked Libraries
Unix / Linux Shared Objects

Prerequisites

You should possess knowledge of the following:

Attending students should have a thorough understanding of Microsoft Windows
Experience with VMWare software although not required would be beneficial

Who Should Attend

CNO Analyst who have just started a CNO career
Exploitation Analysts needing operating system knowledge before attending exploitation courses
Novice Malware Analysts requiring a thorough understanding of how operating systems work

Outline

Operating Systems Overview

Definition
Roles and Objectives
- Layers of Computer Systems
- OS Services
- User Interface
- Resource Management
Basic Concepts
- Interrupts
- Input and Output
  - Synchronous
  - Asynchronous
- Storage Mediums
- Caching
Evolution
- Serial Processing
- Simple Batch Systems
- Multi-programmed Batch Systems
- Time-Sharing Systems
Kernel Designs
- Kernel Definition and Responsibilities
- Monolithic Design
- Microkernel Design
- Mode Bit (User vs. Kernel Mode)
- Context Switching
Achievements
- Memory Management Schemes
- Execution Contexts
- Information Protection and Security
- Scheduling and Resource Management
- Modular Structures
Modern O/Ss
- Multi-threading
- Symmetric Multi-Processing
- Distributed OS
- Object Oriented Designs
- Windows OS
- Architecture
- Layout
- Unix OS
- Architecture
- Layout

Processes and Threads

Process Creation and Termination Events
Process Models and States
- Two State, Five State, Seven State Models
- Blocked and Ready Queues
- Suspended Processes
Processes and Resources
- Process Image
- Process Control Block
Context Switching
Process Control
OS Execution
Process versus Thread
Threading Benefits
Thread Operations
- User Level Threads
- Kernel Level Threads
Thread Implementation

Processor Scheduling

Reasons for Processor Scheduling
- Response Time
- Throughput
- Processor Efficiency
Types of Scheduling
- Short Term Scheduling
- Medium Term Scheduling
- Long Term Scheduling
Scheduling Models
- Preemptive
- Non-Preemptive
Scheduling Algorithms
- FCFS First Come First Served
- Round Robin
- Shortest Process Next
- Shortest Remaining Time
- Highest Response Ratio Next
- Feedback
- Fair Share Scheduling
Traditional Windows Scheduling
Traditional Unix Scheduling
Multiprocessor Scheduling

Processor Deadlock

Deadlock Definition
- Consumable versus Reusable Resources
Conditions for Deadlock
- Mutual Exclusion
- Hold and Wait
- No Preemption
- Circular Wait
Deadlock Prevention
- Indirect Method
- Direct Method
Deadlock Avoidance
- Process Initiation Denial
- Resource Allocation Denial
Deadlock Detection

Input / Output

I/O Devices
- Human Readable
- Machine Readable
- Communication
I/O Techniques
- Programmed IO (PIO)
- Interrupt Driven IO
- Direct Memory Access (DMA)
OS Design Issues for I/O
I/O Buffering
- Block Oriented versus Stream Oriented
- Buffer Types
Disk Scheduling
- First-In-First-Out
- Shortest-Service-Time-First
- SCAN, C-SCAN policies
RAID
- Raid 0, 1, 2,3,4,5,6,10, 50, and 0+1
Disk Cache

Memory Management

Memory Management Overview
- Real versus Virtual Memory
- Why do Memory Management
- Memory Management Requirements
  - Relocation
  - Protection
  - Sharing
  - Logical Organization
  - Physical Organization
- Address Binding
- MMU
- Relocation Register
- Dynamic Loading
- Dynamic Linking
- Overlays
- Memory Fragmentation
Memory Management Techniques
- Fixed Partitioning
- Dynamic Partitioning
- Buddy System
- Simple Paging
- Simple Segmentation
- Virtual Memory
Swapping
Replacement Policies
- Optimal
- Least Recently Used
- FIFO
- Clock Policy
Translation Look-Aside Buffer
Page Size Theory
Page Cleaning Policies
Unix Memory Management
- Linux Page Directory
- Clock Policy
- 2 Handed Clock Policy
Windows Memory Management
- Paging
- Available
- Reserved
- Committed

File Management Systems

File Types and Hierarchy (Record, Field, Data, Text)
File Operations
- Copy, Move, List, Print, Load, Store, etc
File Directories
Logical View versus Physical View
File Access Methods
- Sequential versus Random Access
- Indexed Access
Physical File Storage
- Contiguous
- Non-contiguous
  - Linked
  - Indexed
- Microsoft Dos FAT 12, 16, 32
- Microsoft NTFS
- Unix I-Nodes
Free Space Management
- Bit Map Method
- Linked List Method
Secondary Storage
- Tape
- CD-Rom and DVD-Rom
Tree Structures
- Acyclic Directory Structures
- Cycles
Hard Links versus Soft Links in Unix
Network File Access
- FTP
- NetBios / SMB
- CIFS, SAMBA
- NFS
Unix file protection bits
- Owner, Group, Everyone protection bit masks

Security and Protection

Password Protection
- Unix Shadow File
- Windows SAM File
Threats to the OS
- Trojan Horse, Back Doors, Worms, Viruses, Buffer Overflows, Boot Sector Viruses, Worms
Cryptography add-ons
Unix Security
- Inet-D
- NIS
- NIS+
- PAMs
Windows XP Security
- User Accounts
- Security Tokens
- Executive Security Reference Monitor
- Networking Domains
Windows Vista Security
- Services Hardening
- Windows Defender
- IE 7, 8
- Vista Firewall
- Network Access Protection
- Consent Prompting
- Trusted Computing Module Support
- Bit-Locker

Student Practical Demonstration:

Students are given 47 tasks to complete using the knowledge, skills, and abilities taught from the 4 days of class.

Process and Thread Management
Input / Output statistics
Memory Management observation and research
File and Directory Operations using the Command Shell
Reviewing Disk Allocation
User and Group Administration

Lab Outline

Day 1
- Observing the User Mode / Kernel Mode Switch
- VMWare and Operating System Familiarization
- Observing Threads in Microsoft Word
- Viewing and Modifying Processes and Threads in Windows, Linux, Solaris and Mac OS
Day 2
- Processor Scheduling Worksheet
- Visualizing Process Starvation
- Adjusting Process Priorities in Windows and Linux
- Observing Processor Deadlock
- Simulating Processor Deadlock and Manual Intervention
- Windows System Information Tool
- Input / Output Worksheet
Day 3
- Visually Observing Windows Memory Mapping
- Windows Pre-Fetch Lab
- Windows and Linux Page Fault Monitoring
- Watching Windows Memory Management in Action
- Watching Linux Memory Management in Action
Day 4
- File and Directory Operations through the Command Shell (Windows and Unix)
- Windows Alternate Data Streams
- Dumping the Windows NTFS Master File Table
- Observing and Navigating Windows Hard Disk Clusters
- Linux I-Nodes
- Windows and Unix User / Group Administration
Day 5 Student Practical Demonstration: