Ethical Hacking Academy · Lesson

Windows Architecture

Processes and services.

Why Windows Internals

Most enterprise environments run Windows. Understanding how it works inside - processes, services, and privilege boundaries - is essential for attacking and defending it.

This lesson covers the core architecture you will reason about during an engagement.

User Mode vs Kernel Mode

Windows splits execution into two rings:

User mode - applications run here with limited access.
Kernel mode - the OS core and drivers run with full hardware access.

Exploits that reach kernel mode (for example via a vulnerable driver) give total control.

All lessons in this course

Windows Architecture
The Registry
Windows Authentication
PowerShell for Attackers

← Back to Ethical Hacking Academy