Exploiting access control vulnerabilities is more about elegantly probing,
investigating, and then exploiting the single bit in the entire system that was coded
incorrectly and then compromising the whole system because of that one tiny mistake.
It usually leaves no trace that anything happened and can sometimes even be done without
shellcode or even a compiler. It??™s the type of hacking James Bond would do if he
were a hacker. It??™s cool for lots of reasons, some of which are discussed next.
Most People Don??™t Understand Access Control
Lots of people understand buffer overruns and SQL injection and integer overflows. It??™s
rare, however, to find a security professional who deeply understands Windows Access
387
Control and the types of exploitable conditions that exist in this space. After you read this
chapter, try asking your security buddies if they remember when Microsoft granted DC to
AUon upnphost and howeasy thatwas to exploit??”expect them to give you funny looks.
This ignorance of access control basics extends also to software professionals writing
code for big, important products. Windows does a good job by default with access control,
but many software developers (Microsoft included) override the defaults and introduce
security vulnerabilities along the way.
Pages:
676
677
678
679
680
681
682
683
684
685
686
687
688
689
690
691
692
693
694
695
696
697
698
699
700