You are here: silicon.com > Resources > White Papers > Security > Security Administration > Security Management

Security Management White Papers

Security Implications of Windows Access Tokens - A Penetration Tester

Tags:
security management

Overview This whitepaper discusses the security exposures that can occur due to the manner in which access tokens are implemented in the Microsoft Windows Operating System. A brief overview of the intended function, design and implementation of Windows access tokens is given, followed by a discussion of the relevant security consequences of their design. More specific technical details are then given on how the features of Windows access tokens can be used to perform powerful post-exploitation functions during penetration testing, along with a basic methodology for including an assessment of the vulnerabilities exposed through tokens in a standard penetration test.

Further White Paper Details
Publisher	MWR InfoSecurity	File Format	PDF
Date Published	April 2008
Format	White Papers
Topics	Security Management

Did you find this white paper useful?

Balancing Security Against Productivity

What makes for great security? Is it about keeping the bad guys out or letting the good guys in? About defending attacks or preventing them? When IDG Research Services queried...

Publisher:
Novell

Activate Today!Realize ROI with IntelÂ® vPro Technology and Microsoft System Configuration Manager

Join the team from the Intel vPro Expert Center for an informative Webcast on the ROI savings and activation process for PCs with Intel® vPro™ technology and Microsoft System Configuration...

Publisher:
Intel

Tags:
portable computers

Animated Demo of vPro Systems

This animated demo shows how vPro offers security and manageability on the chip.

Publisher:
Intel

Tube Lines reaps rewards of upgrading to IntelÂ®CoreÂ™2 processor with vProÂ™technology

Tube Lines has a 30-year Public Private Partnership (PPP) contract with London Underground. It is responsible for the maintenance and upgrade of the infrastructure on the Jubilee, Northern and Piccadilly...

Publisher:
Intel

Tags:
portable computers

Video Case Study: Verizon UK

This video case study looks at how Chris Maylor, head of architecture services at Verizon UK, went about implementing vPro.

Publisher:
Intel

Mitnick on Mitnick: Why I'm going legit

Mitnick: It's the same issue with full disclosure around security vulnerabilities. I am a proponent of exposing the vulnerabilities rather than keeping them secret. We will do penetration testing to look at the network from outside and the inside...

Channel:
Security Strategy

HP to hack its customers

As new threats are reported, the team will conduct a risk assessment and investigate the most serious vulnerabilities. Each of the clients will be given a range of IP addresses to scan, and will move through the range scanning for particular...

The dos and don'ts of VoIP security

They need to have a rigorous patching regime as new vulnerabilities are found in VoIP systems every few days. Ken Munro, managing director of penetration testing company SecureTest, says: "Enterprises need to make sure that all of the firmware of...

iPhone 'data-stealing' hack claimed

In response to news of the hack, Apple said: "Apple takes security very seriously and has a great track record of addressing potential vulnerabilities before they can affect users. Security researchers from penetration testing company Independent...

Channel:
PDAs
Tags:
exploit,
hack,
apple,
iphone

Why you should hack your own systems

Therefore the best practice is to take a multi-tiered approach to testing software applications for security flaws, by using static code and dynamic program analysis along with vulnerability assessment and scanning tools, and penetration testing.

'Hack your own Oracle database' tool unveiled next week

Over the years there have been tons of Oracle exploits, SQL injection vulnerabilities, and post exploitation tricks and tools that had no order, methodology, or standardisation, mainly just random .sql files.

Featured White Papers

Harnessing the Power of Location Intelligence in the Public Sector

Throughout the world, public services today are under pressure. The current economic climate, where taxreceipts are naturally suppressed, provides very seriousfunding challenges. Moreover, in good times and bad, increasing regulation at the regional and national level is imposing additional duties and responsibilities on the public services without additional resources to carry them out. Store closures are changing the urban landscape. Demographic and/or economic change isincreasing demand for health and social services.Demand for decreased crime rates is focusing minds in law enforcement. And the threat of internationalterrorism is forcing greater contingency duties on the emergency services. The net result is a need to do more with lessÂ—quite a challenge.

Publisher:
Pitney Bowes

Buyers' Guide - How to ease the shift to mobile working

With momentum building behind mobile working, are higher costs inevitable when moving staff to laptops? Not necessarily. In fact it's possible to emerge with lower management overheads - and tighter security. Read on to find out more.

Publisher:
Intel

IBM Virtualization Services

Virtualization is a powerful technology and can have profound effects on the datacenter; however, it should be viewed as a component of an overall IT strategy that will be able to support the enterprise's needs. IDC recommends that enterprises look at theentire architecture and determine how to best deploy virtualization