Security Basics mailing list archives
Re: hacking win2kPro out of the box
From: H Carvey <keydet89 () yahoo com>
Date: 6 Dec 2004 11:40:15 -0000
In-Reply-To: <285472c90412030724661edaf9 () mail gmail com>
Does anyone have any information on common attacks for local priviledge escalation, and ways to secure against these?
Google is your friend: http://www.google.com/search?hl=en&q=%22Windows+2000%22+OR+%22Win2K%22+AND+%22privilege+escalation%22 Also, Google for "ntpasswd".
The sort of thing I'm looking for is a detail of an attack, followed by the procedure(s) I would use to: a) recover from it if neccessary b) thwart future attacks of it's type.
The answer for "b" is easy...secure local access, in particular, physical access to the system. Also, follow the configuration steps put forth over the ages: 1. Minimalization - if you don't need it, don't run it. 2. Principle of Least Privilege - If you have to run, run it as securely as possible. 3. Patch. 4. Monitor.
I basically want to swap roles between hacker and sysadmin so I can learn more about the best of both worlds.
Again, start w/ Google. H. Carvey "Windows Forensics and Incident Recovery" http://www.windows-ir.com
Current thread:
- hacking win2kPro out of the box q q (Dec 03)
- RE: hacking win2kPro out of the box Philip Wagenaar (Dec 06)
- Re: hacking win2kPro out of the box xyberpix (Dec 06)
- <Possible follow-ups>
- Re: hacking win2kPro out of the box H Carvey (Dec 06)
- Re: hacking win2kPro out of the box miguel . dilaj (Dec 06)
- Re: hacking win2kPro out of the box H Carvey (Dec 07)