Example Hack

Now that you have a good understanding of how Microsoft networks are structured, we’ll take a detailed look at how an attacker might exploit this structure to increase his control over the network. We will demonstrate how a hacker can use an exploit to break into a Windows 2008 Server, create a local user account on that server, and add that account to the Administrators group on that server. In this way, even if the administrator patches the vulnerability that the hacker used to compromise the box, the hacker will still have an account with administrator privileges on the server to gain access to the server at a later date.

The first problem that the hacker must address is how to initially compromise the system. In the real world, ...

Get Mastering Windows Network Forensics and Investigation, 2nd Edition now with O’Reilly online learning.

O’Reilly members experience live online training, plus books, videos, and digital content from 200+ publishers.