Maintaining Order Using Privilege Modes

We mentioned that an attacker would need to have privileged control of the victim system in order to perform a DLL injection or to modify the Import Address Table. The reason why special permissions are needed is that by default Windows maintains a great deal of separation between different processes. Controlling access to resources and ensuring that each process has access to only the appropriate resources is a large part of what the operating system is responsible for doing. By examining how this role is accomplished, you will gain a better understanding of how attackers might seek to exceed the scope of their permissions. In addition, you will learn how hackers can exploit these facilities to hide the ...

Get Mastering Windows Network Forensics and Investigation, 2nd Edition now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.

Start your free trial

Mastering Windows Network Forensics and Investigation, 2nd Edition by

Maintaining Order Using Privilege Modes

Don’t leave empty-handed

It’s yours, free.

Check it out now on O’Reilly