Cyber Shelf

// What to read next

What to read after Windows Security Internals

Where to go after Windows Security Internals, picked from our catalog. The next step up from advanced level, weighted toward the topics this book covers.

Windows InternalsOffensiveVulnerability Research

  1. 01 · 2017

    Windows Internals, Part 1

    The canonical Microsoft Press reference on Windows internals: how processes, threads, memory and system services are actually implemented in the modern Windows kernel. User-mode focus in this volume.

    Advanced
    5/5Pavel Yosifovich, Alex Ionescu, Mark Russinovich, David Solomon

  2. 02 · 2017

    Attacking Network Protocols

    James Forshaw, Project Zero veteran, on how to capture, parse, and break protocols from the wire up to the application layer, with a strong focus on building reusable analysis tooling.

    Advanced
    5/5James Forshaw

  3. 03 · 2006

    The Art of Software Security Assessment

    The 1200-page reference on auditing C/C++ codebases for security: parsing complex memory and integer interactions, language pitfalls, and how vulnerabilities arise from interactions between layers.

    Advanced
    5/5Mark Dowd, John McDonald, Justin Schuh

  4. 04 · 2024

    Evading EDR

    A component-by-component teardown of how modern EDR sensors actually collect telemetry, and where each data source can be starved, blinded, or bypassed.

    Advanced
    4/5Matt Hand

  5. 05 · 2014

    Practical Reverse Engineering

    A working reverser's textbook from three Microsoft / Quarkslab veterans, covering the architectures and toolchain you'll actually meet on real targets, including the Windows kernel and modern obfuscation patterns.

    Advanced
    4/5Bruce Dang, Alexandre Gazet, Elias Bachaalany

  6. 06 · 2019

    Rootkits and Bootkits

    Matrosov, Rodionov and Bratus on persistent, deeply-embedded malware: kernel rootkits, MBR/UEFI bootkits, and the forensic techniques that surface them. Strongly Windows-internals oriented.

    Advanced
    4/5Alex Matrosov, Eugene Rodionov, Sergey Bratus

  7. 07 · 2007

    The Shellcoder's Handbook

    A foundational text on memory-corruption exploitation across Linux, Windows, Solaris and embedded targets. Pre-modern-mitigations in spirit but still the canonical introduction to the techniques the modern toolchain is built to defeat.

    Advanced
    4/5Chris Anley, John Heasman, Felix Lindner, Gerardo Richarte

  8. 08 · 2017

    Advanced Penetration Testing

    A red-teamer's tour of getting into high-security targets without Metasploit, leaning on custom C2, social engineering, and tradecraft. Strong ideas, uneven execution.

    Advanced
    3/5Wil Allsopp
Back to Windows Security InternalsAlternatives to Windows Security Internals