Log In
Or create an account ->
Imperial Library
Home
About
News
Upload
Forum
Help
Login/SignUp
Index
Cover
Praise for Hacking Exposed Windows
Title
Copyright
About the Authors
At a Glance
Contents
Foreword
Acknowledgments
Introduction
1 Information Security Basics
A Framework for Operational Security
Plan
Prevent
Detect
Respond
Rinse and Repeat
Basic Security Principles
Summary
References and Further Reading
2 The Windows Security Architecture from the Hacker’s Perspective
Overview
Attacking the Kernel
Attacking User Mode
Access Control Overview
Security Principals
SIDs
Users
Groups
Computers (Machine Accounts)
User Rights
Putting It All Together: Access Control
The Token
Network Authentication
The SAM and Active Directory
Forests, Trees, and Domains
Scope: Local, Global, and Universal
Trusts
Administrative Boundaries: Forest or Domain?
Auditing
Cryptography
The .NET Framework
Summary
References and Further Reading
3 Footprinting and Scanning
Footprinting
Scanning
A Final Word on Footprinting and Scanning
Summary
References and Further Reading
4 Enumeration
Prelude: Reviewing Scan Results
NetBIOS Names vs. IPAddresses
NetBIOS Name Service Enumeration
RPC Enumeration
SMB Enumeration
Windows DNS Enumeration
SNMP Enumeration
Active Directory Enumeration
All-in-One Enumeration Tools
Summary
References and Further Reading
5 Hacking Windows-Specific Services
Guessing Passwords
Close Existing SMB Sessions to Target
Review Enumeration Results
Avoid Account Lockout
The Importance of Administrator and Service Accounts
Eavesdropping on Windows Authentication
Subverting Windows Authentication
Exploiting Windows-Specific Services
Summary
References and Further Reading
6 Discovering and Exploiting Windows Vulnerabilities
Security Vulnerabilities
Finding Security Vulnerabilities
Prep Work
Exploiting ANI
Summary
References and Further Reading
7 Post-Exploit Pillaging
Transferring Attacker’s Toolkit for Further Domination
Remote Interactive Control
Password Extraction
Introduction to Application Credential Usage and the DPAPI
Password Cracking
Cracking LM Hashes
Cracking NT Hashes
Rinse and Repeat
Summary
References and Further Reading
8 Achieving Stealth and Maintaining Presence
The Rise of the Rootkit
Windows Rootkits
The Changing Threat Environment
Achieving Stealth: Modern Techniques
Windows Internals
DKOM
Shadow Walker
Antivirus Software vs. Rootkits
Windows Vista vs. Rootkits
Kernel Patch Protection (KPP): Patchguard
UAC: You’re About to Get 0wn3d, Cancel or Allow?
Secure Startup
Other Security Enhancements
Summary of Vista vs. Rootkits
Rootkit Detection Tools and Techniques
Rise of the Rootkit Detection Tool
Cross-View-Based Rootkit Detection
Ad Hoc Rootkit Detection Techniques
The Future of Rootkits
Are Rootkits Really Even Necessary?
Summary
References and Further Reading
9 Hacking SQL Server
Case Study: Penetration of a SQL Server
SQL Server Security Concepts
Network Libraries
Security Modes
Logins
Users
Roles
Logging
SQL Server 2005 Changes
Hacking SQL Server
SQL Server Information Gathering
SQL Server Hacking Tools and Techniques
Critical Defensive Strategies
Additional SQL Server Security Best Practices
Summary
References and Further Reading
10 Hacking Microsoft Client Apps
Exploits
Trickery
General Countermeasures
IE Security Zones
Low-privilege Browsing
Summary
References and Further Reading
11 Physical Attacks
Offline Attacks
Implications for EFS
Online Attacks
Device/Media/Wireless Attacks
Summary
References and Further Reading
12 Windows Security Features and Tools
BitLocker Drive Encryption
BitLocker Configurations
BitLocker with TPM
Windows Integrity Control
Managing Integrity Levels
User Account Control
Tokens and Processes
UnAdmin
Windows Service Hardening
Service Resource Isolation
Least Privilege Services
Service Refactoring
Restricted Network Access
Session 0 Isolation
Your Compiler Can Save You
An Overview of Overflows
GS Cookies
SafeSEH
Stack Changes
Address Space Layout Randomization
Windows Resource Protection
Summary
References and Further Reading
Appendix A: Windows Security Checklist
Caveat Emptor: Roles and Responsibilities
Preinstallation Considerations
Basic Windows Hardening
Non-Template Recommendations
Security Templates Recommendations
Windows Firewall and IPSec
Group Policy
Miscellaneous Configurations
Web Application Security Considerations
SQL Server Security Considerations
Terminal Server Security Considerations
Denial of Service Considerations
Internet Client Security
Audit Yourself!
Appendix B: About the Companion Website
Index
← Prev
Back
Next →
← Prev
Back
Next →