Summary

This chapter discussed the major exploitation techniques and malware types. Hackers and malware generally use one of eight techniques for malicious exploitation: credential guessing/cracking, buffer overflows, OS or application vulnerability, OS or application misconfiguration, network eavesdropping, denial of service attack, client-side attack, or social engineering.

Dedicated attackers often use a step-by-step methodology to their malicious exploits. Typically, it begins by finding an active TCP/IP address; scanning for active, listening TCP and UDP ports; and then enumerating the particular services. The hacker then uses one of the eight penetration methods listed previously to break into the host. Then they copy the rest of their hacker tools, hide their presence, and make sure they can always get back in. Then they pillage and plunder looking information that can lead to additional compromises.

The major types of automated malware are: virus, worm, Trojan, bot, spyware, and adware. Most malware and hackers are now focused on crime, stealing identities, confidential information, and other types of professional maliciousness.

Chapter 3 covers Windows infrastructure, both on a host level and at a network and Active Directory level. It will show the reader how Windows really works, and identify the changes in those infrastructure technologies between Windows XP and Windows Vista.