Chapter 2. How Hackers Attack

It is crucial that Windows security defenders understand how malicious hackers can attack and exploit their systems. Only when attacks are thoroughly understood can sufficient defenses be designed and implemented. Thus, this chapter focuses on the major methods of malicious exploitation.

Malicious Exploitation

Microsoft Windows is the most attacked PC desktop OS in the world, coming under attack from both dedicated hackers and automated malicious software. Regardless of whether the attack is occurring as a results of skilled human hands or pre-programmed malware, both methods use one of eight techniques to exploit a computer.

Eight Exploitation Techniques

The eight exploitation techniques are:

  • Logon credential guessing/cracking

  • Buffer overflow

  • OS or application vulnerability

  • OS or application misconfiguration

  • Eavesdropping/man-in-the-middle attack

  • Denial of service attack

  • Client-side attack

  • Social engineering

There are many different types of attacks, but these are the major ones. The next section of the chapter covers each of the techniques in more detail.

Logon Credential Guessing/Cracking

Logon credential password guessing and cracking are among a hacker's (or worm's) favorite attacks. Many sources call this technique "password cracking," but that name is an oversimplification of the subject. First, users don't always use passwords in their logon sequence. They can use passphrases, biometrics, smart cards, fingerprint scanning, digital certificate, or some other ...

Get WINDOWS VISTA™ SECURITY: Securing Vista Against Malicious Attacks now with O’Reilly online learning.

O’Reilly members experience live online training, plus books, videos, and digital content from 200+ publishers.