- Buy this product and stream 90 days of Amazon Music Unlimited for free. E-mail after purchase. Conditions apply. Learn more
Hacking Exposed Windows: Microsoft Windows Security Secrets And Solutions, Third Edition Paperback – 4 Dec 2007
|New from||Used from|
- Choose from over 13,000 locations across the UK
- Prime members get unlimited deliveries at no additional cost
- Find your preferred location and add it to your address book
- Dispatch to this address when you check out
Special offers and product promotions
Customers who viewed this item also viewed
Customers who bought this item also bought
Enter your mobile number or email address below and we'll send you a link to download the free Kindle App. Then you can start reading Kindle books on your smartphone, tablet, or computer - no Kindle device required.
To get the free app, enter your mobile phone number.
Would you like to tell us about a lower price?
If you are a seller for this product, would you like to suggest updates through seller support?
This is a completely updated strategies for thwarting all kinds of Windows attacks. New to the internationally bestselling "Hacking Exposed" series comes this fully revised and expanded volume detailing the latest Windows hacks and attacks. You will learn, by looking through the eyes of the hacker, how devastating attacks are executed and how to protect your Windows systems and networks from them. "Hacking Exposed Windows, Third Edition" covers all versions of Windows - including Windows Vista and Windows XP - as well as and Windows Server 2000, 2003, and 2007. Security expert Joel Scambray provides cutting-edge coverage of new targeting and exploitation techniques, Microsoft security holes, and hacking techniques alongside detailed, real-world countermeasures. Case studies and personal experiences are interspersed throughout each chapter to reinforce the relevance and severity of specific vulnerabilities.
About the Author
Joel Scambray, CISSP, is Chief Strategy Officer at Leviathan Security Group (leviathansecurity.com). His nearly 15 years of information security experience encompasses roles as a corporate leader (senior management positions at Microsoft and Ernst & Young), entrepreneur (co-founder of Foundstone), successful technical consultant for Fortune 500 firms, and internationally recognized speaker and author of multiple security books, including all five editions of Hacking Exposed: Network Security Secrets & Solutions.
Stuart McClure, CISSP, an independent computer security consultant, is one of today's leading authorities on information security. He was SVP of Global Threats and Research for McAfee where he led an elite global security team fighting the most vicious cyber attacks ever seen. Stuart is the coauthor of multiple security books, including all five editions of Hacking Exposed: Network Security Secrets & Solutions.
There was a problem filtering reviews right now. Please try again later.
This a must for any windows System administrator. The description of the tools available, and their walkthroughs, will not only able you to penetration your windows network and servers, but will also enable to learn all about your servers and network.
A compelling and interesting read but could do with an update although there is a section in Hacking exposed 7: so just 4 stars
Most helpful customer reviews on Amazon.com
The latest HE:Windows takes us toe to toe with Vista and Server 2008 and gives us a recap of some Win2k3 and Win2k knowledge. I was torn between whether to give this book three or four stars. I ended up giving it a four because it was well written, hit the majority objectives it laid out, and would be useful for someone that didn't have the two previous iterations, if you have the other two keep in mind there is a fair amount of content reuse and if you do this for a living, it may come up short of expectations.
The book covers a lot of ground but at the end I was left feeling like the authors were saying that if I was pentesting a Vista host or Server 2008 host/domain I should just call it quits. Going back and rereading a bit of the HE: Windows Server 2003 book I felt they said the same thing in that book as well. This obviously ended up being not the case, and I don't think will be the case with Vista and Server 2008 either. Its also not a viable option for any penetration tester.
Some examples of what I am talking about can be seen in Chapter 4 where the SMB enumeration examples only work against Windows 2000 and maybe Windows XP SP1. No mention of how to actually start pulling that information out from current environments. The Active Directory section reused the old content and made no discussion of any current tools or changes in 2003 environments and 2008 environments which have pretty much eliminated anonymous binds to extract information. Chapter 5, Hacking Windows Specific Services reused a lot of content which was disappointing, especially disappointing was the reuse of the smbrelay content, especially with tools that work much better like the smbrelay module in the metasploit framework.
The rootkit chapter is pretty good and talks about a rootkit I had never heard of (Unreal rootkit)..
Client side attacks has a decent update to it covering phishing, ActiveX, office and pdf exploits and a bit of cross site scripting, but refers you to the HE Web Applications book for more detail, which is fair.
Physical Attacks section is mostly the same with some updates on wireless, keyloggers and bootkits but mostly just overviews not followable steps.
Ch12 windows security features and tools is probably what pushed the book from a 3 to a 4. It covered bitlocker, Vista Windows integrity control, server hardening, stack protections, and others information.
It has been fashionable for the last six or seven years for supposedly "elite" security people to laugh at HE books. Sure, the books don't teach you how to find zero-day vulnerabilities or write new exploits. The strength of the HE series is in its approach. HE books teach you about core Windows security technologies in a manner that you usually can't find elsewhere. Then the authors explain how to attack those technologies, as a penetration tester might. Finally they conclude with recommended countermeasures, as available. You can't ask for more in a security book: how it works, how to break it, how to fix it. There's something for everyone -- admin, red team, blue team.
My personal favorite sections included Ch 5: Hacking Windows-Specific Services, Ch 7: Post-Exploit Pillaging, and Ch 8: Achieving Stealth and Maintaining Presence. I didn't think Ch 6: Discovering and Exploiting Windows Vulnerabilities was very strong. I was disappointed by Ch 10: Hacking Microsoft Client Apps. Client-side attacks have been the dominant security problem for enterprise security teams for the last five years. You could probably write a whole book titled Hacking Exposed: Client-Side or similar! If/when the authors decide to write a 4th Ed, I'd like to see more coverage of client-side apps, like Adobe Acrobat, Microsoft Office, and the like.
Overall I strongly recommend reading HEW3E. It's not a five star book but you will learn a lot reading it. The target audience includes security-conscious admins, those who try to attack Windows systems, and those who defend them.