UPDATED:1/25/2026
This directory contains Windows-specific material focused on understanding, reducing, and controlling the default behavior of a Windows system.
The scope is intentionally narrow:
- Single-user systems
- Local execution only
- No enterprise assumptions
- No managed or domain environments
The material here treats Windows as hostile by default and assumes that visibility must come before hardening.
The goal of _win_ is to make Windows behavior observable and predictable
before any attempt is made to secure it.
This includes:
- Identifying what the system exposes by default
- Identifying background execution and persistence mechanisms
- Identifying network behavior at rest
- Understanding where user data actually resides
Hardening without this understanding is considered incomplete.
- Local-first: everything runs on the machine itself
- Explicit execution: nothing is hidden or automatic
- Minimal dependencies: native Windows functionality only
- Operator awareness over automation
This directory is meant to be used as:
- A pre-hardening inspection reference
- A validation reference after configuration changes
- A learning aid for understanding Windows internals
It is not intended to:
- Provide convenience tooling
- Act as a turnkey security solution
- Replace disciplined system operation
- The user is technically competent
- The user is willing to trade convenience for control
- The system is not trusted until proven otherwise
The output of this work is a system that does nothing silently and changes state only through deliberate user action.
