Rating:
Author: Joel Scambray
ISBN : B0010SGQQI
New from $35.48
Format: PDF
You can download Free Hacking Exposed Windows: Microsoft Windows Security Secrets and Solutions, Third Edition from mediafire, rapishare, and mirror link
The latest Windows security attack and defense strategies
"Securing Windows begins with reading this book." --James Costello (CISSP) IT Security Specialist, Honeywell
Meet the challenges of Windows security with the exclusive Hacking Exposed "attack-countermeasure" approach. Learn how real-world malicious hackers conduct reconnaissance of targets and then exploit common misconfigurations and software flaws on both clients and servers. See leading-edge exploitation techniques demonstrated, and learn how the latest countermeasures in Windows XP, Vista, and Server 2003/2008 can mitigate these attacks. Get practical advice based on the authors' and contributors' many years as security professionals hired to break into the world's largest IT infrastructures. Dramatically improve the security of Microsoft technology deployments of all sizes when you learn to:
Direct download links available for Free Hacking Exposed Windows: Microsoft Windows Security Secrets and Solutions, Third Edition [Kindle Edition]
- File Size: 9623 KB
- Print Length: 451 pages
- Simultaneous Device Usage: Up to 4 simultaneous devices, per publisher limits
- Publisher: McGraw-Hill; 3 edition (December 4, 2007)
- Sold by: Amazon Digital Services, Inc.
- Language: English
- ASIN: B0010SGQQI
- Text-to-Speech: Enabled
X-Ray:
- Lending: Not Enabled
- Amazon Best Sellers Rank: #688,470 Paid in Kindle Store (See Top 100 Paid in Kindle Store)
Free Hacking Exposed Windows: Microsoft Windows Security Secrets and Solutions, Third Edition
Disclaimer: I received a review copy of HE:Windows.
The latest HE:Windows takes us toe to toe with Vista and Server 2008 and gives us a recap of some Win2k3 and Win2k knowledge. I was torn between whether to give this book three or four stars. I ended up giving it a four because it was well written, hit the majority objectives it laid out, and would be useful for someone that didn't have the two previous iterations, if you have the other two keep in mind there is a fair amount of content reuse and if you do this for a living, it may come up short of expectations.
The book covers a lot of ground but at the end I was left feeling like the authors were saying that if I was pentesting a Vista host or Server 2008 host/domain I should just call it quits. Going back and rereading a bit of the HE: Windows Server 2003 book I felt they said the same thing in that book as well. This obviously ended up being not the case, and I don't think will be the case with Vista and Server 2008 either. Its also not a viable option for any penetration tester.
Some examples of what I am talking about can be seen in Chapter 4 where the SMB enumeration examples only work against Windows 2000 and maybe Windows XP SP1. No mention of how to actually start pulling that information out from current environments. The Active Directory section reused the old content and made no discussion of any current tools or changes in 2003 environments and 2008 environments which have pretty much eliminated anonymous binds to extract information. Chapter 5, Hacking Windows Specific Services reused a lot of content which was disappointing, especially disappointing was the reuse of the smbrelay content, especially with tools that work much better like the smbrelay module in the metasploit framework.
I've been reading and reviewing Hacking Exposed (HE) books since 1999, and I reviewed the two previous Windows books. Hacking Exposed: Windows, 3rd Ed (HEW3E) is an excellent addition to the HE series. I agree with Chris Gates' review, but I'd like to add a few of my own points. The bottom line is that if you need a solid book on Windows technologies and how to attack and defend them, HEW3E is the right resource.
It has been fashionable for the last six or seven years for supposedly "elite" security people to laugh at HE books. Sure, the books don't teach you how to find zero-day vulnerabilities or write new exploits. The strength of the HE series is in its approach. HE books teach you about core Windows security technologies in a manner that you usually can't find elsewhere. Then the authors explain how to attack those technologies, as a penetration tester might. Finally they conclude with recommended countermeasures, as available. You can't ask for more in a security book: how it works, how to break it, how to fix it. There's something for everyone -- admin, red team, blue team.
My personal favorite sections included Ch 5: Hacking Windows-Specific Services, Ch 7: Post-Exploit Pillaging, and Ch 8: Achieving Stealth and Maintaining Presence. I didn't think Ch 6: Discovering and Exploiting Windows Vulnerabilities was very strong. I was disappointed by Ch 10: Hacking Microsoft Client Apps. Client-side attacks have been the dominant security problem for enterprise security teams for the last five years. You could probably write a whole book titled Hacking Exposed: Client-Side or similar! If/when the authors decide to write a 4th Ed, I'd like to see more coverage of client-side apps, like Adobe Acrobat, Microsoft Office, and the like.