TryHackMe: Pre Security

The File System

NTFS stands for the “New Technology File System”. Very old versions of Windows NT (before FAT32) used HPFS (the “High Performance File System”).

NTFS actually natively supports file-level encryption via EFS (“Encryption File System”).

NTFS is actually a forking file system like HFS. Microsoft calls these forks “alternate data streams” (ADS), and there is always at least one stream (called $DATA) that holds the actual file contents. (ADS is, for example, used to store the “mark of the web”.) While the File Explorer doesn’t display ADS stream information, it can be accessed from Powershell.

Windows permissions for folders:

Windows permissions for files:

Windows access is default-deny.

The Windows/System32 Folder

Variable that stores the path to the (“central”) Windows installation directory: %WINDIR%.

User Accounts, Profiles, and Permissions

“Profiles” are the Windows equivalent of UNIX home directories. Profile directories aren’t created on Windows until a user’s first login.

Windows users and groups can be more directly manipulated through the “Local User and Group Management” snap-in, lusrmgr.msc.

User Account Control

a.k.a “UAC”

Task Manager

Task Manager shortcut: Ctrl+Shift+Esc