PARTS:
Part 1
Part 2
Part 3
Part 4
Part 5
Part 6
Part 7
Part 8
Part 9
Part 10
Part 11
Part 12
Part 13
Part 14
Part 15
Part 16
Part 17
Part 18
Part 19
Part 20
SEARCH
0-9 A B C D E F G H I J K L M N O P Q R S T U V W X Y Z
Prev | Current Page 30 | Next

Shon Harris, Allen Harper, Chris Eagle, and Jonathan Ness

"Gray Hat Hacking, Second Edition"

. . . 387
Why Access Control Is Interesting to a Hacker . . . . . . . . . . . . . . . . . . . . . 387
Most People Don??™t Understand Access Control . . . . . . . . . . . . . . . 387
Vulnerabilities You Find Are Easy to Exploit . . . . . . . . . . . . . . . . . . 388
You??™ll Find Tons of Security Vulnerabilities . . . . . . . . . . . . . . . . . . 388
How Windows Access Control Works . . . . . . . . . . . . . . . . . . . . . . . . . . . . 388
Security Identifier (SID) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 389
Access Token . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 390
Security Descriptor (SD) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 394
The Access Check . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 397
Tools for Analyzing Access Control Configurations . . . . . . . . . . . . . . . . . 400
Dumping the Process Token . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 401
Dumping the Security Descriptor . . . . . . . . . . . . . . . . . . . . . . . . . . 403
Special SIDs, Special Access, and ???Access Denied??? . . . . . . . . . . . . . . . . . . 406
Special SIDs . . . . .


Pages:
18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42
The Art of Agile Development (page 69) Absalom's Hair (page 163) Absolute Surrender and Other Addresses (page 6)