Maintaining Order Using Privilege Modes
We mentioned that an attacker would need to have privileged control of the victim system in order to perform a DLL injection or to modify the Import Address Table. The reason why special permissions are needed is that by default Windows maintains a great deal of separation between different processes. Controlling access to resources and ensuring that each process has access to only the appropriate resources is a large part of what the operating system is responsible for doing. By examining how this role is accomplished, you will gain a better understanding of how attackers might seek to exceed the scope of their permissions. In addition, you will learn how hackers can exploit these facilities to hide the ...
Get Mastering Windows Network Forensics and Investigation, 2nd Edition now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.