Cybersecurity Talk with Sami Laiho: Why Windows Internals are useful in OS security?

We’re really excited to start a new video series — Cybersecurity Talk — where we’ll be interviewing some of the best experts in our industry. Our first guest is amazing Sami Laiho.

Sami Laiho is one of the world’s leading experts in the Windows operating system, also being engaged in troubleshooting security, being a top speaker at world-famous conferences like TechEd North America, TechEd Europe and Australia, where he was rated the Best Speaker, and also you were the Best Speaker at Nordic Infrastructure Conference 2016.

Sami runs a pretty cool blog, and a twitter as well, so hopefully you guys are going to also follow Sami Laiho on his social media.

Tools in Windows that everybody should know are…

Paula:

The first question’s going to be very techy, that’s about tools that are in Windows. What are your suggestions for the less-known tools in Windows that everybody should know about but they’re not so popular?

Sami:

In the Windows operating system there’s a tool that’s been there since Windows XP, but has gotten a lot of new features and has great reports is called “powercfg.exe”. So, I’ll definitely, especially look at those energy reports they’ll reveal a crazy amount of detail on how the OS works and what’s taking and eating your battery life and stuff like that.

Paula:

Some tools from the outside of Windows?

Sami:

Yeah, absolutely. Now that we’re, kind of like, in a mode currently looking at memory all the time, from the perspective of virtual memory I would recommend, “VMMap” from Sysinternals, and if you’re looking at physical memory contents then is “RAMMap” from Sysinternals have features that people have no idea how they work.

>>Download the VMMap<<

>>Download the RAMMap<<

I’m actually producing a new video series for Pluralsight which will cover all of these, so, that’s also why I’m very into them right now.

Paula:

Okay, cool. Since we’ve talked about Windows internals, do you think that people that have something to do with security should know them? Are they useful in your opinion?

Sami:

Security weaknesses that I’ve found are just based on the core knowledge and base knowledge of the operating system, so what I believe people are missing is actually the core knowledge. Everyone learns about new products and everyone learns about what’s new in Windows 10, but people totally forget to learn the basics, which would show them how to find those issues.

Paula:

I’m sure that you also see the situations that someone says that they’ve got years of experience in IT, but they miss basics, yes?

Sami:

Absolutely.

Microsoft wouldn’t like us to talk about it…

Paula:

Last one hot question, what will be the subjects that Microsoft wouldn’t like us to talk about?

Sami:

Currently, that would be the fact that all the operating systems that enterprises are using have basically been open for a DMA attack for the past decade if people followed the enterprise security guidance from Microsoft. So that is something that was just announced yesterday, so they really don’t like us talking about it.

Paula:

So let’s don’t do it, yeah?

Sami:

Let’s not.

Paula:

Last two questions for, as a matter of some advice for the guys out there who are watching our videos. What would be the recommendation for someone that just starts their adventure in IT security? What would you say that it would be good to do to become an expert later?

Sami:

Well, first of all, you have to learn Windows Internals. Take Windows internals training. That’s the core that you will then build on by maybe getting good security training from some other companies. So there’s a good base. Build on the base, learn the basics, just totally my advice. Remember it still takes 100 people at Microsoft to know everything about Windows, so if you believe you know everything, forget that misbelief and just learn more.

Paula:

So, what if someone is an expert already, like they have already a lot of experience, also in security, what would be your advice for those guys?  What they should know, what they should learn, what kind of approach they should have to become better?

Sami:

I always tell people with this question, I say that there are three things you have to learn, and one thing you have to accept:

  • PKI
  • IPv6
  • Powershell
  • and you have to accept the cloud.

Paula:

Oh, that’s a good suggestion, yeah. Especially the PKI I think I would say. We really see it configured well at the customer sites.

Sami:

Same for me, I do troubleshooting for customers so when I go on the site, mostly PKI is installed next, next, next, next, next, finish. So, trust me, it’s the base of most of my troubles as well.

Paula:

And it will come back to you later.  You will have problems. So that’s I think. Thanks so much for the time.

Sami:

Thank you for having me.

Summarizing the interview with Sami Laiho…

Just for summarizing a couple of things within this interview we have talked about:

  • Different tools that you guys definitely should know. That they’re worth having a look according to Sami within the operating system, but they’re not very popular, and they’re good at the same time.
  • Stuff that we shouldn’t talk about, which is a DMA issue in the Windows Operating System.
  • A little piece of advice at how to become better in IT security, and why Windows internals are so important.

If you guys have some questions, make sure that you’re going to ask them in the comments section below. Sami Laiho will be there, I’ll be there and we’re happy to help you with your concerns.

Looking forward to seeing you again on some other videos.

 

Comments