Differences between revisions 1 and 2
Revision 1 as of 2010-02-02 18:20:47
Size: 84
Editor: anderson-camtasia
Comment:
Revision 2 as of 2010-03-08 15:34:36
Size: 1859
Editor: host-216-229-236-29
Comment:
Deletions are marked like this. Additions are marked like this.
Line 4: Line 4:

= Hacking Exposed Chapter 4: Hacking Windows =

== Unauthenticated Attacks ==
===Authentication spoofing===
===Network services===
===Client vulnerabilities===
===Device drivers===

== Authentication spoofing ==
 * Remote password guessing
    * Countermeasures
 * Eavesdropping on network password exchange
    * Countermeasures
 * Man-in-the-middle attacks
    * Countermeasures

== Remote Unauthenticated Exploits ==
 * Network Service Exploits
    * Countermeasures
 * End-User Application Exploits
    * Countermeasures
 * Device Driver Exploits
    * Countermeasures

== Authenticated Attacks ==
 * Privilege Escalation
    * Countermeasures

== Extracting and Cracking passwords ==
 * Grabbing the Password Hashes (with pwdump)
    * Countermeasures
 * Cracking passwords
    * Countermeasures
 * Dumping cached Passwords
    * Countermeasures

== Remote Control and Back doors ==
 * Command-line Remote control tools
 * Graphical Remote control

== Covering Tracks ==
 * Disable Auditing
 * Clear event log
 * Hiding files
    * Alternative Data Streams (ADS)
    * Countermeasures

== General countermeasures ==
 * Filenames: Look for suspicious filenames left over
 * Registry Entries: Hunt down any rogue registry entries
 * Processes: Look for unnecessary processes running
 * Ports: Look for rogue connections

== Windows Security Features ==
 * Firewall
 * Automated updates
 * Security center
 * Security policy and group policy
 * Bitlocker and the Encrypted File System (EFS)

== Windows Resource Protection ==
 * Integrity Levels, UAC, and LoRIE
 * Data Execution Prevention (DEP)

== Service Hardening ==
 * Service Resource Isolation
 * Least Privilege Services
 * Service Refactoring

Back to Cptr427Winter2010

Hacking Exposed Chapter 4: Hacking Windows

Unauthenticated Attacks

===Authentication spoofing=== ===Network services=== ===Client vulnerabilities=== ===Device drivers===

Authentication spoofing

  • Remote password guessing
    • Countermeasures
  • Eavesdropping on network password exchange
    • Countermeasures
  • Man-in-the-middle attacks
    • Countermeasures

Remote Unauthenticated Exploits

  • Network Service Exploits
    • Countermeasures
  • End-User Application Exploits
    • Countermeasures
  • Device Driver Exploits
    • Countermeasures

Authenticated Attacks

  • Privilege Escalation
    • Countermeasures

Extracting and Cracking passwords

  • Grabbing the Password Hashes (with pwdump)
    • Countermeasures
  • Cracking passwords
    • Countermeasures
  • Dumping cached Passwords
    • Countermeasures

Remote Control and Back doors

  • Command-line Remote control tools
  • Graphical Remote control

Covering Tracks

  • Disable Auditing
  • Clear event log
  • Hiding files
    • Alternative Data Streams (ADS)
    • Countermeasures

General countermeasures

  • Filenames: Look for suspicious filenames left over
  • Registry Entries: Hunt down any rogue registry entries
  • Processes: Look for unnecessary processes running
  • Ports: Look for rogue connections

Windows Security Features

  • Firewall
  • Automated updates
  • Security center
  • Security policy and group policy
  • Bitlocker and the Encrypted File System (EFS)

Windows Resource Protection

  • Integrity Levels, UAC, and LoRIE
  • Data Execution Prevention (DEP)

Service Hardening

  • Service Resource Isolation
  • Least Privilege Services
  • Service Refactoring

HackingExposedChapter04 (last edited 2010-03-08 18:22:25 by host-216-229-236-29)