#acl SecurityClass2010Group:read,write,admin All:read

Back to Cptr427Winter2010

= Hacking Exposed Chapter 4: Hacking Windows =

== Unauthenticated Attacks ==
=== Authentication spoofing ===

=== Network services ===

=== Client vulnerabilities ===

=== Device drivers ===

=== Authentication spoofing ===
 * Remote password guessing
    * Countermeasures
 * Eavesdropping on network password exchange
    * Countermeasures
 * Man-in-the-middle attacks
    * Countermeasures

=== Remote Unauthenticated Exploits ===
 * Network Service Exploits
    * Countermeasures
 * End-User Application Exploits
    * Countermeasures
 * Device Driver Exploits
    * Countermeasures

=== Authenticated Attacks ===
 * Privilege Escalation
    * Countermeasures

=== Extracting and Cracking passwords ===
 * Grabbing the Password Hashes (with pwdump)
    * Countermeasures
 * Cracking passwords
    * Countermeasures
 * Dumping cached Passwords
    * Countermeasures

=== Remote Control and Back doors ===
 * Command-line Remote control tools
 * Graphical Remote control

=== Covering Tracks ===
 * Disable Auditing
 * Clear event log
 * Hiding files
    * Alternative Data Streams (ADS)
    * Countermeasures

=== General countermeasures ===
 * Filenames: Look for suspicious filenames left over
 * Registry Entries: Hunt down any rogue registry entries
 * Processes: Look for unnecessary processes running
 * Ports: Look for rogue connections

=== Windows Security Features ===
 * Firewall
 * Automated updates
 * Security center
 * Security policy and group policy
 * Bitlocker and the Encrypted File System (EFS)

=== Windows Resource Protection ===
 * Integrity Levels, UAC, and LoRIE
 * Data Execution Prevention (DEP)

=== Service Hardening ===
 * Service Resource Isolation
 * Least Privilege Services
 * Service Refactoring