just-in-time (JIT) compilation, 127

Limited User Account (LUA), 14

linked tokens, 20, 21

linkers.

See also individual linkers

/DynamicBase, 3, 11

/NXCompat, 3, 11, 129

/SafeSEH, 3, 11

links, forward and backward, checking, 57

Linux

services, 97

symlink security bugs , 45

Lipner, Steve, 1

Litchfield, David, 67, 68, 71

little-endian format, 6

LoadLibrary, 51, 52

local namespaces, 110–111

local service accounts, 99, 100

local system service account, 99

local user service accounts, 99

localization, 8

logoffs, forced, 165–166

logon desktop, 158

LogonUser, 106

logons , and console sharing, 110–11

long-lived pointers, 163, 172

“Longhorn” server, Windows, and OCSP, 146

LookupAccountName, 102

low fragmentation heap (LFH), enabling, 59

low-integrity objects

NX, 60

Web browser attacks, 121

manifest file, 22

requestedExecutionLevel options, 23

manifest tool (mt.exe), 22

Marcelais, Mike, 55

Margosis, Aaron, 43

masks, integrity, 40

MD4/MD5 hash algorithms, 9, 136

m_data pointer, 173

m_dest pointer, 173

medium-integrity objects

determining, 39–40

labeling, 37–39

medium-integrity processes, 32–34

memory, shared, 112

memory quotas, adjusting, 107

merchants , online, and Information Card, 152

message boxes, simple, 112

metadata randomization, blocking, 57

Metasploit project, 60

Microsoft Application Compatibility Toolkit 5.0, debugging Protected Mode, 126

Microsoft Kernel Mode Cryptographic Module, 136

Microsoft Management Console (MMC), 23–24

Microsoft Open Specification Policy, 151, 156

Microsoft Research, 49

Microsoft SQL Server 2005 Express, 126

Microsoft Windows Internals (Russinovich), 17

Miller, Matt (aka Skape), 60

MIME handlers, 121

mklink command, 45

Teredo, 78–80

National Institute of Standards and Technology (NIST), 136, 142

National Security Agency (NSA), 143

NCrypt* functions, 136

.NET Framework 1.1, and Protected Mode, 126

.NET Framework 2.0, and Protected Mode, 126

.NET Framework 3.0, and Information Cards, 151, 156–157

.NET Framework Cryptography, 135–136

.NET language, and credential/ consent prompts, 25

Netcraft Toolbar, phishing defenses and, 154

NetFwMgr, 108

NetFwPolicy2, 85, 93

NetFwRule, 88, 91

network access, controlling, 107–110

network address translation (NAT). See NAT (network address translation)

network connections, determining, 81

Network Diagnostics Framework, 75

Network List Manager (NLM), 75, 81–82

network service accounts, 99, 100

networking defenses, 75–76

IPv6, 76–78

Network List Manager (NLM), 81–82

RSS platform, 82–83

Teredo, 78–80

Windows firewall, advanced security, 85–94

Winsock Secure Socket Extensions, 83–85

networks, and security, 81–82

NIST (National Institute of Standards and Technology), 136, 142

NLM (Network List Manager), 75, 81–82

No Execute (NX). See NX (No-execute up)

No-Write up (NW) mask, 38, 40, 41

NOP (no-op) instructions, 51

and heap defenses, 55

normal user accounts, 13–14, 18

“Not Yet Classified” lists, 169

novirtualization shim, 31

NR (No-Read up) setting, 38

NSA (National Security Agency), 143

NtSetInformationProcess, and NX disabling, 60

ntstatus.h, 140

NULL, 6, 7

null pointers, 56–57, 174–175

NW (No-Write up) mask, 38, 40, 41

NX (No-Execute up), 38, 40

buffer overrun defense, 55, 59–64

bypassing, 60