Testlab
Windows core
Windows sysinternals
Windows event logs
Sysmon
Osquery basics
“WinObj is a 32-bit Windows NT program that uses the native Windows NT API (provided by NTDLL.DLL) to access and display information on the NT Object Manager’s name space.” (official definition)