|
Size: 1865
Comment:
|
← Revision 5 as of 2010-03-08 18:22:25 ⇥
Size: 1893
Comment:
|
| Deletions are marked like this. | Additions are marked like this. |
| Line 8: | Line 8: |
| ===Authentication spoofing=== | === Authentication spoofing === |
| Line 10: | Line 10: |
| ===Network services=== | === Network services === |
| Line 12: | Line 12: |
| ===Client vulnerabilities=== | === Client vulnerabilities === |
| Line 14: | Line 14: |
| ===Device drivers=== | === Device drivers === |
| Line 16: | Line 16: |
| == Authentication spoofing == | === Authentication spoofing === |
| Line 24: | Line 24: |
| == Remote Unauthenticated Exploits == | === Remote Unauthenticated Exploits === |
| Line 32: | Line 32: |
| == Authenticated Attacks == | === Authenticated Attacks === |
| Line 36: | Line 36: |
| == Extracting and Cracking passwords == | === Extracting and Cracking passwords === |
| Line 44: | Line 44: |
| == Remote Control and Back doors == | === Remote Control and Back doors === |
| Line 48: | Line 48: |
| == Covering Tracks == | === Covering Tracks === |
| Line 55: | Line 55: |
| == General countermeasures == | === General countermeasures === |
| Line 61: | Line 61: |
| == Windows Security Features == | === Windows Security Features === |
| Line 68: | Line 68: |
| == Windows Resource Protection == | === Windows Resource Protection === |
| Line 72: | Line 72: |
| == Service Hardening == | === Service Hardening === |
Back to Cptr427Winter2010
Hacking Exposed Chapter 4: Hacking Windows
Unauthenticated Attacks
Authentication spoofing
Network services
Client vulnerabilities
Device drivers
Authentication spoofing
- Remote password guessing
- Countermeasures
- Eavesdropping on network password exchange
- Countermeasures
- Man-in-the-middle attacks
- Countermeasures
Remote Unauthenticated Exploits
- Network Service Exploits
- Countermeasures
- End-User Application Exploits
- Countermeasures
- Device Driver Exploits
- Countermeasures
Authenticated Attacks
- Privilege Escalation
- Countermeasures
Extracting and Cracking passwords
- Grabbing the Password Hashes (with pwdump)
- Countermeasures
- Cracking passwords
- Countermeasures
- Dumping cached Passwords
- Countermeasures
Remote Control and Back doors
- Command-line Remote control tools
- Graphical Remote control
Covering Tracks
- Disable Auditing
- Clear event log
- Hiding files
- Alternative Data Streams (ADS)
- Countermeasures
General countermeasures
- Filenames: Look for suspicious filenames left over
- Registry Entries: Hunt down any rogue registry entries
- Processes: Look for unnecessary processes running
- Ports: Look for rogue connections
Windows Security Features
- Firewall
- Automated updates
- Security center
- Security policy and group policy
- Bitlocker and the Encrypted File System (EFS)
Windows Resource Protection
- Integrity Levels, UAC, and LoRIE
- Data Execution Prevention (DEP)
Service Hardening
- Service Resource Isolation
- Least Privilege Services
- Service Refactoring