Stronghold to Strengthen: Advanced Windows Server Hardening
1.
2.
3. Planning, Deploying and Managing
Microsoft Forefront Threat
Management Gateway 2010
Available for online purchase:
http://www.mvp-press.com
Follow us on:
http://facebook.com/MVPpress
http://twitter.com/MVPpress
Dzięki hakerom developerzy starają się bardziej. Używam dwóch pojec, które są zbliżone, but zależy mi żeby umieli rozróżniać, bo im to pomoże. Habits są w głowie techniques są w palcach. Habit: hasło dłuższe niż. Technique: accountenumeration.TCP/IP zaprijektowane, kiedy komputerów na świecie było kilkanaście – a potem przyszli goście, którzy powiedzieli: a co będzie kiedy podmienię numery sekwencyjne pakietów. Balancebetweenusage and Security comfort. It isbuild in the humannature. Teardrop (changes to the sequentialnumber). 2Hackers have been assigned a fundamental role in software development. Morality and being against the law are not effective deterrents. Many systems are built with immature and insecure technology making them susceptible to a wide range of attacks.NT Security.nu
SIR
mbsa
mbsa
mbsa
Useful not only for bad admins
What was changed in a file? When vulnerability is unknown and the details (after the patch is released) are unclear it is worth checking what was changed in the operating system by looking into the patch.Najpóźniej patchowanesaklastry.OBAMAwusa <update> /extact:C:\\MSU
mbsa
Hakerzy uzywają dlatego, że nie mają żadnego dostępu do systemu. Administratorzy zapomnieli o tej możliwości.Nie dajcie się zwiesć temu, że jak macie prawa admina to macie wszystko – uczmy się dobrych rzeczy od tych, którzy jego nie mają. Istnieja sytuacje, w których system sie tak broni, że nawet admin nie ma dostępu – bluescreen jak wstaje system.Openfiles: pagefile.sysWatchdogs:Csrss.exe (whenyoukillyoureceivethebluescreen)Picturesource: junius.blogspot.com
For more information please see the demo.
SERVICES!
mbsa
mbsa
mbsa
PowershellBackReadWriteBarta DLL
mbsa
mbsa
Administrators do not need to know what is inside their programs. Blue screen always causes the big grin on Administrators’ faces, but in fact only couple of them know what is the blue screen and what is the reason it appeared. With Windows Debugger it is possible to analyze the real reason of such operating system behavior. 1. coś się stało, wiemy co. 2. coś się stało - zauwazyliśmy to w naszym systemie monitorowaniaDwa typy crashdumpów:
16:00Time: 10 minutes3. Alt+7 offset: Poi(@$peb+0x8)+36FA4. ==>MOV BYTE PTR [EAX], 8Ah. 5. eb poi(@$peb+8)+36FA C6 00 8A Summary: Demo is about the possibility of the „blue screen” debugging, just to know that „blue screen” can be valuable information what is actually going wrong in the operating system. Windows Debugger and Process Explorer are being used. In Process Explorer there will be shown example how to use symbols and why they are useful.Action: In Windows Debugger there will be shown 2 or 3 crash dumps related to the „blue screens”, analyze the reason of such O.S. behavior. Then in PE I will connect the debugger library.Ifyou want to „cause” bluescreenkillthecsrss.exeprocess. Bluescreen will appear Minidump file (*.DMP) will appearin C:\\Windows\\Minidump\\.In the PE replacethedebugginglibrarywiththelibrarydbghelpfromthe Windows Debugger folder. Enter alsothepath for theSymbols, for example: srv*c:\\mysymbols*http://msdl.microsoft.com/download/symbolsTo checkifsymbolsin PE are OK., opencmd and type: dir /s. Go to Processin PE Properties\\Threads\\, openStack and checkifthereisWalkTree action inthethread.
mbsa
mbsa
Thebestmandatorysourse of knowlegeis Microsoft Securitybuiletin. Trulyitis! Microsoft Security team doesitsjobperfectly – theyreleasehotfixesveryquickly, they CARE and supportusersin security issues.
If we could learn from the hackers we were faster then some of them – start today preparing yourself for the greater maturity of your network, be aware of the threats, do the demos !Do youthinkthathackersarebetterthenyou? I don’tthink so!
GPDisable – by Russinovich – nowunavailable – to bypass software restrictionpolicies.Znikają narzędzia. Montowanie toolkita. Guideline – excludeitfromthe list anty-virus. Zbierając powinni zachować ostrożność i zbierac i używać tylko te do których sa 100% pewni co robią.In every hacker's tool bag are a variety of free system probing and fingerprinting tools, the purpose of which is to identify specifics about your hardware and software configurations. Some of these tools will undoubtedly check for open ports on routers and firewalls and identify what system services are available for exploitation. To get an idea of what a hacker would see, download and run some of these tools against your own network. Be sure to let your staff know when these tools are being run, in case there are performance issues when certain scans are launched, and always test them against a few non-critical machines first.