Description
Have you ever wondered what's under the hood of a modern operating system? How does it work? How can I make it better? What components are vulnerable to attacks? All of these questions and more can be answered in our O/S Fundamentals class. This class gives you a firm understanding of the latest Operating Systems used worldwide as well as advanced information that will help you immensely in our Malware and Exploitation courses.
Starting with the Microsoft O/S we teach registry management, memory management, process management, API usage, dynamically linked libraries and much more. All week long we compare and contrast these components to alternative operating systems such as: Solaris, Unix, Linux, and Mac OS. After attending this course students will be fully equipped with the fundamentals of Operating System elements and how they are all interconnected.
Course Details:
- 70% Labs, 30% Lecture using real-world network attack captures
- Laptops are provided during the class
- Students receive USB Flash drives of all student labs
Objectives
Attending students will learn:
- User and Group Credentials and Light Security Topics
- File Management, Memory Management, Process Management
- Networking Management
- Command Shell Tools and Techniques
- Processor Fundamentals and Sharing
- Windows API, Windows Registry, and Dynamically Linked Libraries
- Unix / Linux Shared Objects
Prerequisites
You should possess knowledge of the following:
- Attending students should have a thorough understanding of Microsoft Windows
- Experience with VMWare software although not required would be beneficial
Who Should Attend
- CNO Analyst who have just started a CNO career
- Exploitation Analysts needing operating system knowledge before attending exploitation courses
- Novice Malware Analysts requiring a thorough understanding of how operating systems work
Outline
Operating Systems Overview
- Definition
- Roles and Objectives
- Layers of Computer Systems
- OS Services
- User Interface
- Resource Management
- Basic Concepts
- Interrupts
- Input and Output
- Synchronous
- Asynchronous
- Storage Mediums
- Caching
- Evolution
- Serial Processing
- Simple Batch Systems
- Multi-programmed Batch Systems
- Time-Sharing Systems
- Kernel Designs
- Kernel Definition and Responsibilities
- Monolithic Design
- Microkernel Design
- Mode Bit (User vs. Kernel Mode)
- Context Switching
- Achievements
- Memory Management Schemes
- Execution Contexts
- Information Protection and Security
- Scheduling and Resource Management
- Modular Structures
- Modern O/Ss
- Multi-threading
- Symmetric Multi-Processing
- Distributed OS
- Object Oriented Designs
- Windows OS
- Architecture
- Layout
- Unix OS
- Architecture
- Layout
Processes and Threads
- Process Creation and Termination Events
- Process Models and States
- Two State, Five State, Seven State Models
- Blocked and Ready Queues
- Suspended Processes
- Processes and Resources
- Process Image
- Process Control Block
- Context Switching
- Process Control
- OS Execution
- Process versus Thread
- Threading Benefits
- Thread Operations
- User Level Threads
- Kernel Level Threads
- Thread Implementation
Processor Scheduling
- Reasons for Processor Scheduling
- Response Time
- Throughput
- Processor Efficiency
- Types of Scheduling
- Short Term Scheduling
- Medium Term Scheduling
- Long Term Scheduling
- Scheduling Models
- Preemptive
- Non-Preemptive
- Scheduling Algorithms
- FCFS First Come First Served
- Round Robin
- Shortest Process Next
- Shortest Remaining Time
- Highest Response Ratio Next
- Feedback
- Fair Share Scheduling
- Traditional Windows Scheduling
- Traditional Unix Scheduling
- Multiprocessor Scheduling
Processor Deadlock
- Deadlock Definition
- Consumable versus Reusable Resources
- Conditions for Deadlock
- Mutual Exclusion
- Hold and Wait
- No Preemption
- Circular Wait
- Deadlock Prevention
- Indirect Method
- Direct Method
- Deadlock Avoidance
- Process Initiation Denial
- Resource Allocation Denial
- Deadlock Detection
Input / Output
- I/O Devices
- Human Readable
- Machine Readable
- Communication
- I/O Techniques
- Programmed IO (PIO)
- Interrupt Driven IO
- Direct Memory Access (DMA)
- OS Design Issues for I/O
- I/O Buffering
- Block Oriented versus Stream Oriented
- Buffer Types
- Disk Scheduling
- First-In-First-Out
- Shortest-Service-Time-First
- SCAN, C-SCAN policies
- RAID
- Raid 0, 1, 2,3,4,5,6,10, 50, and 0+1
- Disk Cache
Memory Management
- Memory Management Overview
- Real versus Virtual Memory
- Why do Memory Management
- Memory Management Requirements
- Relocation
- Protection
- Sharing
- Logical Organization
- Physical Organization
- Address Binding
- MMU
- Relocation Register
- Dynamic Loading
- Dynamic Linking
- Overlays
- Memory Fragmentation
- Memory Management Techniques
- Fixed Partitioning
- Dynamic Partitioning
- Buddy System
- Simple Paging
- Simple Segmentation
- Virtual Memory
- Swapping
- Replacement Policies
- Optimal
- Least Recently Used
- FIFO
- Clock Policy
- Translation Look-Aside Buffer
- Page Size Theory
- Page Cleaning Policies
- Unix Memory Management
- Linux Page Directory
- Clock Policy
- 2 Handed Clock Policy
- Windows Memory Management
- Paging
- Available
- Reserved
- Committed
File Management Systems
- File Types and Hierarchy (Record, Field, Data, Text)
- File Operations
- Copy, Move, List, Print, Load, Store, etc
- File Directories
- Logical View versus Physical View
- File Access Methods
- Sequential versus Random Access
- Indexed Access
- Physical File Storage
- Contiguous
- Non-contiguous
- Linked
- Indexed
- Microsoft Dos FAT 12, 16, 32
- Microsoft NTFS
- Unix I-Nodes
- Free Space Management
- Bit Map Method
- Linked List Method
- Secondary Storage
- Tape
- CD-Rom and DVD-Rom
- Tree Structures
- Acyclic Directory Structures
- Cycles
- Hard Links versus Soft Links in Unix
- Network File Access
- FTP
- NetBios / SMB
- CIFS, SAMBA
- NFS
- Unix file protection bits
- Owner, Group, Everyone protection bit masks
Security and Protection
- Password Protection
- Unix Shadow File
- Windows SAM File
- Threats to the OS
- Trojan Horse, Back Doors, Worms, Viruses, Buffer Overflows, Boot Sector Viruses, Worms
- Cryptography add-ons
- Unix Security
- Inet-D
- NIS
- NIS+
- PAMs
- Windows XP Security
- User Accounts
- Security Tokens
- Executive Security Reference Monitor
- Networking Domains
- Windows Vista Security
- Services Hardening
- Windows Defender
- IE 7, 8
- Vista Firewall
- Network Access Protection
- Consent Prompting
- Trusted Computing Module Support
- Bit-Locker
Student Practical Demonstration:
- Students are given 47 tasks to complete using the knowledge, skills, and abilities taught from the 4 days of class.
- Areas challenged in Windows, Linux, Unix, and MAC include:
- Process and Thread Management
- Input / Output statistics
- Memory Management observation and research
- File and Directory Operations using the Command Shell
- Reviewing Disk Allocation
- User and Group Administration
Lab Outline
- Day 1
- Observing the User Mode / Kernel Mode Switch
- VMWare and Operating System Familiarization
- Observing Threads in Microsoft Word
- Viewing and Modifying Processes and Threads in Windows, Linux, Solaris and Mac OS
- Day 2
- Processor Scheduling Worksheet
- Visualizing Process Starvation
- Adjusting Process Priorities in Windows and Linux
- Observing Processor Deadlock
- Simulating Processor Deadlock and Manual Intervention
- Windows System Information Tool
- Input / Output Worksheet
- Day 3
- Visually Observing Windows Memory Mapping
- Windows Pre-Fetch Lab
- Windows and Linux Page Fault Monitoring
- Watching Windows Memory Management in Action
- Watching Linux Memory Management in Action
- Day 4
- File and Directory Operations through the Command Shell (Windows and Unix)
- Windows Alternate Data Streams
- Dumping the Windows NTFS Master File Table
- Observing and Navigating Windows Hard Disk Clusters
- Linux I-Nodes
- Windows and Unix User / Group Administration
- Students are given 47 tasks to complete using the knowledge, skills, and abilities taught from the 4 days of class.
- Areas challenged in Windows, Linux, Unix, and MAC include:
- Process and Thread Management
- Input / Output statistics
- Memory Management observation and research
- File and Directory Operations using the Command Shell
- Reviewing Disk Allocation
- User and Group Administration