IIS 4.0 Security Checklist v1.2 - This document provides a series of recommendations for securing Internet Information Server version 4 on Windows NT. Designed to be used with WinNTConfig.txt.
8eee3d7152ac8e0f97867508e4d267b7Graded Risk Based Security Configuration for Windows NT - How to secure a Windows NT machine, based upon the agreed security risk profile of the target system. Includes Initial Installation, System Accounts, User Accounts and Rights, File and Registry Access Control, Network Access Control, Subsystems, Malicious Code, and Event Logging.
02b2acbc4cb845109818031df2346802IIS and NTS 4.0 Hardening Guide v1.1 - Detailed instructions on tightening down the security on an IIS 4.0 web server. Includes install and setup details, server configuration, hardening, registry edits, securing permissions, firewall ACL's, and SSHD. This hardening procedure should NOT be used on general-purpose NT servers on an internal LAN as it removes several of the services that NT uses for default functionality.
60f5012d0eae4de8b74a697b38969202Windows NT/2000 Event Log Management and Intrusion Detection - This powerpoint presentation focuses on how Windows NT/2000 administrators can get a handle on multiple event logs on many boxes, how to interface with the UNIX syslog facility, how to build a real-time monitoring system for a heterogeneous environment using inexpensive tools, and what event log messages to look for in regards to host-based intrusion detection.
7cf2f2635e5569aecb894d8bfe9520c0NT Blackhat paper is a beginner's document about NT-security. This document describes pretty well what malicious hackers exactly do when they attempt to hack your NT servers. Although it was meant for beginners, it is still suitable for novices, and maybe even experts who wants to read and maybe learn something that they didn't know.
2867800b1ee7110efa967e627ad864deModifying Windows NT Logon Credentials - A common attack against Windows NT consists in obtaining usernames and LM/NT password hashes using tools such as L0phtCrack, or tcpdump-smb. These are then used to gain unauthorized access to file and printer shares on the attacked server. To be able to use this username/hashes pairs instead of the commonly used username/password pairs, the attacker must use some kind of modified SMB client. SAMBA, a Unix implementation of the SMB/CIFS protocol, is normally used by attackers due to the availability of its source code, what makes its modification to conform to their needs extremely simple.
ed288864627e0d1ba051fbd7b5474d32NTsec.doc is a Microsoft Word document concerning Remote NT-security, contains information about SMB, NetBIOS, NT-TCP/IP, and major IIS vulnerabilities. The current version is 1.0, updates are coming very soon.
73adb12a9547bc4e066441e626577bb8Information on how to exploit the IIS 4.0 / MDAC 1.5 RDS bug to its full potential.
8b6642597a4269be475910fd7bff481dWindows NT Buffer Overflows From Start to Finish. Includes lots of demonstration code.
41141436421022cc75b9fd500ce2b9c7Paper detailing a successful attack against a NT server running the avirt mail service. In powerpoint, html, and text format.
61a925ecb37fa72c1c76aac9c3717f76Antidote for RFPoison (Followup to RFP9906) Recently I released RFP9906: NT denial of service in services.exe (RFPoison). I included a limited sample exploit that would demonstrate the problem. Since then, I've worked with a few individuals and confirmed some configurations what will protect your system.
21ba37765c5f231ee9672896229f8907Advisory RFP9907 - You, your servers, RDS, and thousands of script kiddies. .gov, .mil, and even microsoft.com haven fallen lately to the hands of website defacers. Turns out, it's all been because of RDS. This paper is the straight story on fixing the RDS hole.
4d0f9583ce01d3e57f18fd11bd55b8e6Adding new services to the Windows NT kernel (Native API) on intel X86 processors. Version 0.81.
1187954d5ff261ed6572cb4c5878fef1Updated paper on Intrusion Detection under Windows NT. This should make things a bit clearer. Microsoft Powerpoint presentation.
a6b974d58cccac1795f348a9b20fca96Intrusion Auditing Under Windows NT. Microsoft PowerPoint presentation.
23c6e8f8800427ce328732b27ccbf496Spanish paper on NT Security. Rather comprehensive. Word97 format.
471022c65eacf52aa4253c1ed41b9b11
© 2012 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed