Index

A

  • Access token — Ch. 22, Ch. 23, Ch. 24, Ch. 27
  • ACL / DACL — Ch. 22, Ch. 23
  • ALPC — Ch. 7, Ch. 15
  • AMSI — Ch. 25
  • App Control / WDAC — Ch. 8, Ch. 12, Ch. 13
  • AppContainer — Ch. 7, Ch. 14, Ch. 22, Ch. 23, Ch. 24
  • AS-REP Roasting — Ch. 15, Ch. 17
  • Attestation — Ch. 2, Ch. 4, Ch. 5, Ch. 6, Ch. 21, Ch. 28
  • Authenticode — Ch. 12, Ch. 14

B

  • BitLocker — Ch. 1, Ch. 2, Ch. 4
  • Bitpixie — Ch. 1, Ch. 4
  • BlackLotus — Ch. 1, Ch. 4
  • Boot Guard (Intel) — Ch. 1, Ch. 4
  • BootHole — Ch. 1
  • Bootkit — Ch. 1
  • BYOVD (vulnerable drivers) — Ch. 8, Ch. 13, Ch. 25, Ch. 26

C

  • Catalog file (.cat) — Ch. 12
  • cloudap — Ch. 19
  • Code integrity (CI) — Ch. 8, Ch. 10, Ch. 11, Ch. 12, Ch. 13
  • Conditional Access — Ch. 26, Ch. 27
  • Confidential VM / computing — Ch. 5, Ch. 6, Ch. 7, Ch. 28, Ch. 29
  • Continuous Access Evaluation (CAE) — Ch. 26, Ch. 27
  • Credential Guard — Ch. 6, Ch. 7, Ch. 10, Ch. 14, Ch. 15, Ch. 19

D

  • dbx (revocation) — Ch. 1, Ch. 4
  • DCSync — Ch. 18
  • Delegation (Kerberos) — Ch. 17
  • Device join (dsregcmd) — Ch. 19
  • DPAPI — Ch. 2, Ch. 15
  • DRTM / Secure Launch — Ch. 1, Ch. 4, Ch. 9

E

  • EKU (signing) — Ch. 7, Ch. 10, Ch. 15
  • ELAM — Ch. 1, Ch. 4, Ch. 10, Ch. 14, Ch. 25
  • Entra ID — Ch. 19, Ch. 26, Ch. 27
  • ETW (Event Tracing) — Ch. 25

F

  • FIDO2 / passkey — Ch. 5, Ch. 20, Ch. 21

G

  • Golden Ticket — Ch. 14, Ch. 18

H

  • Hello for Business — Ch. 20, Ch. 21
  • HVCI / Memory Integrity — Ch. 6, Ch. 8, Ch. 12, Ch. 13
  • Hypervisor — Ch. 7, Ch. 9

I

  • Integrity level (MIC) — Ch. 16, Ch. 22, Ch. 23

J

  • JWT / token — Ch. 27, Ch. 28, Ch. 29

K

  • KDC — Ch. 16, Ch. 17, Ch. 18
  • KEK — Ch. 1
  • Kerberoasting — Ch. 15, Ch. 17
  • Kerberos — Ch. 16, Ch. 17, Ch. 18, Ch. 19
  • KRBTGT — Ch. 18

L

  • LogoFAIL — Ch. 1
  • LsaIso / trustlet — Ch. 7, Ch. 10, Ch. 15, Ch. 22
  • LSASS — Ch. 10, Ch. 14, Ch. 15, Ch. 19

M

  • MBEC — Ch. 6, Ch. 8
  • Measured boot — Ch. 1, Ch. 2, Ch. 4, Ch. 6, Ch. 14
  • Mimikatz — Ch. 10, Ch. 14, Ch. 15, Ch. 17, Ch. 19, Ch. 22

N

  • NTLM — Ch. 16, Ch. 17, Ch. 24
  • NTOWF / NT hash — Ch. 14, Ch. 15, Ch. 19

O

  • OpenHCL / paravisor — Ch. 28

P

  • PAC (privilege attribute) — Ch. 17, Ch. 18
  • Pass-the-Challenge — Ch. 6, Ch. 7, Ch. 15
  • Pass-the-Hash — Ch. 14, Ch. 16, Ch. 19
  • Pass-the-PRT — Ch. 19
  • Pass-the-Ticket — Ch. 14, Ch. 19
  • PCR — Ch. 1, Ch. 4
  • Platform Key (PK) — Ch. 1
  • Pluton — Ch. 1, Ch. 2, Ch. 3, Ch. 26
  • Potato (privesc family) — Ch. 24
  • PPL / RunAsPPL — Ch. 7, Ch. 10, Ch. 14, Ch. 15, Ch. 25
  • Primary Refresh Token (PRT) — Ch. 19, Ch. 26, Ch. 27
  • Process mitigation policy — Ch. 11
  • Protected Users — Ch. 15, Ch. 17, Ch. 19

R

  • RBCD — Ch. 15, Ch. 17
  • RC4 / etype — Ch. 17
  • Root of trust — Ch. 2, Ch. 3, Ch. 4

S

  • Sealing (TPM) — Ch. 2, Ch. 4
  • Secure Boot — Ch. 1, Ch. 4, Ch. 6, Ch. 7
  • Secure Kernel — Ch. 1, Ch. 6, Ch. 7, Ch. 8, Ch. 9, Ch. 25
  • Security boundary — Ch. 7, Ch. 9, Ch. 10, Ch. 13, Ch. 23, Ch. 24
  • SeImpersonate — Ch. 15, Ch. 22, Ch. 24
  • Setup Mode (UEFI) — Ch. 1
  • SID — Ch. 18, Ch. 22, Ch. 23, Ch. 24
  • Silver Ticket — Ch. 18
  • SLAT — Ch. 6, Ch. 9
  • SSP (Security Support Provider) — Ch. 15
  • Storm-0558 — Ch. 29

T

  • TCB — Foundations, Ch. 28
  • TGT (ticket-granting ticket) — Ch. 17, Ch. 18, Ch. 19
  • TPM — Ch. 1, Ch. 2, Ch. 3, Ch. 4, Ch. 5, Ch. 20
  • Trust chain — Foundations, Ch. 6, Ch. 16, Ch. 20, Ch. 29
  • Trusted Boot — Ch. 1

U

  • UEFI — Ch. 1, Ch. 4, Ch. 14, Ch. 15
  • UIPI — Ch. 23

V

  • VBS — Ch. 6, Ch. 7, Ch. 9, Ch. 10, Ch. 20, Ch. 28
  • VSM master key — Ch. 15
  • VTL0 / VTL1 — Ch. 6, Ch. 7, Ch. 8, Ch. 9, Ch. 14

W

  • WebAuthn — Ch. 21

Z

  • Zero Trust — Ch. 26, Ch. 27

Bold locator marks the chapter where the term is defined or treated in most depth.