Network Programming for Microsoft Windows 2Ed.Pdf
Total Page:16
File Type:pdf, Size:1020Kb
Load more
Recommended publications
-
Softwindows™ 95 for UNIX Administrator's Guide (Version 5 of Softwindows
SoftWindows™ 95 for UNIX Administrator’s Guide (Version 5 of SoftWindows 95) Document Number 007-3221-006 CONTRIBUTORS Edited by Karin Borda and Douglas B. O’Morain Production by Carlos Miqueo © 1998, Silicon Graphics, Inc.— All Rights Reserved The contents of this document may not be copied or duplicated in any form, in whole or in part, without the prior written permission of Silicon Graphics, Inc. RESTRICTED RIGHTS LEGEND Use, duplication, or disclosure of the technical data contained in this document by the Government is subject to restrictions as set forth in subdivision (c) (1) (ii) of the Rights in Technical Data and Computer Software clause at DFARS 52.227-7013 and/or in similar or successor clauses in the FAR, or in the DOD or NASA FAR Supplement. Unpublished rights reserved under the Copyright Laws of the United States. Contractor/manufacturer is Silicon Graphics, Inc., 2011 N. Shoreline Blvd., Mountain View, CA 94043-1389. TurboStart and SoftNode are registered trademarks of Insignia Solutions. SoftWindows is a trademark used under license. Silicon Graphics, the Silicon Graphics logo and IRIX are registered trademarks, and Indy, O2, and IRIS InSight are trademarks of Silicon Graphics, Inc. R5000 and R10000 are registered trademarks of MIPS Technologies, Inc. Apple and Macintosh are registered trademarks of Apple Computer, Inc. DEC is a trademark of Digital Equipment Corporation. WinPost is a trademark of Eastern Mountain Software. FLEXlm is a trademark of Globetrotter Software Inc. IBM is a registered trademark and IBM PC and IBM PC/AT are trademarks of International Business Machines Corp. Intel and Pentium are registered trademarks of Intel Corporation. -
Attacker Antics Illustrations of Ingenuity
ATTACKER ANTICS ILLUSTRATIONS OF INGENUITY Bart Inglot and Vincent Wong FIRST CONFERENCE 2018 2 Bart Inglot ◆ Principal Consultant at Mandiant ◆ Incident Responder ◆ Rock Climber ◆ Globetrotter ▶ From Poland but live in Singapore ▶ Spent 1 year in Brazil and 8 years in the UK ▶ Learning French… poor effort! ◆ Twitter: @bartinglot ©2018 FireEye | Private & Confidential 3 Vincent Wong ◆ Principal Consultant at Mandiant ◆ Incident Responder ◆ Baby Sitter ◆ 3 years in Singapore ◆ Grew up in Australia ©2018 FireEye | Private & Confidential 4 Disclosure Statement “ Case studies and examples are drawn from our experiences and activities working for a variety of customers, and do not represent our work for any one customer or set of customers. In many cases, facts have been changed to obscure the identity of our customers and individuals associated with our customers. ” ©2018 FireEye | Private & Confidential 5 Today’s Tales 1. AV Server Gone Bad 2. Stealing Secrets From An Air-Gapped Network 3. A Backdoor That Uses DNS for C2 4. Hidden Comment That Can Haunt You 5. A Little Known Persistence Technique 6. Securing Corporate Email is Tricky 7. Hiding in Plain Sight 8. Rewriting Import Table 9. Dastardly Diabolical Evil (aka DDE) ©2018 FireEye | Private & Confidential 6 AV SERVER GONE BAD Cobalt Strike, PowerShell & McAfee ePO (1/9) 7 AV Server Gone Bad – Background ◆ Attackers used Cobalt Strike (along with other malware) ◆ Easily recognisable IOCs when recorded by Windows Event Logs ▶ Random service name – also seen with Metasploit ▶ Base64-encoded script, “%COMSPEC%” and “powershell.exe” ▶ Decoding the script yields additional PowerShell script with a base64-encoded GZIP stream that in turn contained a base64-encoded Cobalt Strike “Beacon” payload. -
A Definitive Guide to Windows 10 Management: a Vmware Whitepaper
A Definitive Guide to Windows 10 Management: A VMware Whitepaper November 2015 Table of Contents Executive Summary.................................................................................................................3 Challenges with Windows Management..........................................................................5 How Windows 10 Differs........................................................................................................7 Windows 10 Management Features....................................................................................9 New Methods of Updates......................................................................................................10 New Methods of Enrollment and Device Provisioning................................................11 Unified Application Experiences.........................................................................................13 Domain Joined Management................................................................................................16 Application Delivery.............................................................................................................17 Universal Applications.........................................................................................................17 Classic Windows Applications.........................................................................................17 Cloud-based Applications.................................................................................................17 -
Microsoft Patches Were Evaluated up to and Including CVE-2020-1587
Honeywell Commercial Security 2700 Blankenbaker Pkwy, Suite 150 Louisville, KY 40299 Phone: 1-502-297-5700 Phone: 1-800-323-4576 Fax: 1-502-666-7021 https://www.security.honeywell.com The purpose of this document is to identify the patches that have been delivered by Microsoft® which have been tested against Pro-Watch. All the below listed patches have been tested against the current shipping version of Pro-Watch with no adverse effects being observed. Microsoft Patches were evaluated up to and including CVE-2020-1587. Patches not listed below are not applicable to a Pro-Watch system. 2020 – Microsoft® Patches Tested with Pro-Watch CVE-2020-1587 Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability CVE-2020-1584 Windows dnsrslvr.dll Elevation of Privilege Vulnerability CVE-2020-1579 Windows Function Discovery SSDP Provider Elevation of Privilege Vulnerability CVE-2020-1578 Windows Kernel Information Disclosure Vulnerability CVE-2020-1577 DirectWrite Information Disclosure Vulnerability CVE-2020-1570 Scripting Engine Memory Corruption Vulnerability CVE-2020-1569 Microsoft Edge Memory Corruption Vulnerability CVE-2020-1568 Microsoft Edge PDF Remote Code Execution Vulnerability CVE-2020-1567 MSHTML Engine Remote Code Execution Vulnerability CVE-2020-1566 Windows Kernel Elevation of Privilege Vulnerability CVE-2020-1565 Windows Elevation of Privilege Vulnerability CVE-2020-1564 Jet Database Engine Remote Code Execution Vulnerability CVE-2020-1562 Microsoft Graphics Components Remote Code Execution Vulnerability -
Hard Configurator - Manual Version 4.1.1.1 (July 2019)
Hard_Configurator - Manual Version 4.1.1.1 (July 2019) Copyright: Andrzej Pluta, @Andy Ful Developer Web Page: https://github.com/AndyFul/Hard_Configurator/ @askalan website about Hard_Configurator: https://hard-configurator.com/ Malwaretips forum thread: https://malwaretips.com/threads/hard_configurator-windows-hardening-con- figurator.66416/ Distribution This software may be freely distributed as long as no modification is made to it. Disclaimer of Warranty THIS SOFTWARE IS DISTRIBUTED "AS IS". NO WARRANTY OF ANY KIND IS EXPRESSED OR IMPLIED. YOU USE IT AT YOUR OWN RISK. THE AUTHOR WILL NOT BE LIABLE FOR DATA LOSS, DAMAGES, LOSS OF PROFITS OR ANY OTHER KIND OF LOSS WHILE USING THIS SOFTWARE. TABLE OF CONTENTS INTRODUCTION ...................................................................... 3 INSTALLATION / DEINSTALLATION ................................... 6 SOFTWARE RESTRICTION POLICIES (SRP) ..................... 8 HOW SRP CAN CONTROL FILE EXECUTION/OPENING.. 10 WHITELISTING BY HASH ................................................... 15 WHITELISTING BY PATH .................................................... 16 WHITELIST PROFILES .......................................................... 17 DESIGNATED FILE TYPES .................................................... 19 DEFAULT SECURITY LEVELS ............................................ 20 ENFORCEMENT ...................................................................... 21 BLOCKING SPONSORS ......................................................... 23 PROTECTING ‘WINDOWS’ FOLDER ................................ -
United States Patent (19) 11 Patent Number: 5,987,611 Freund (45) Date of Patent: Nov
USOO5987611A United States Patent (19) 11 Patent Number: 5,987,611 Freund (45) Date of Patent: Nov. 16, 1999 54 SYSTEM AND METHODOLOGY FOR Postel, J., “RFC 821-Simple Mail Transfer Protocol.” MANAGING INTERNET ACCESS ON A PER Information Science Institute, University of Southern Cali APPLICATION BASIS FOR CLIENT fornia, Aug. 1982, pp. 1-68. COMPUTERS CONNECTED TO THE INTERNET (List continued on next page.) 75 Inventor: Gregor Freund, San Francisco, Calif. Primary Examiner Robert W. BeauSoliel, Jr. Assistant Examiner Stephen C. Elmore 73 Assignee: Zone Labs, Inc., San Francisco, Calif. Attorney, Agent, or Firm John A. Smart 21 Appl. No.: 08/851,777 57 ABSTRACT 22 Filed: May 6, 1997 A computing environment with methods for monitoring access to an open network, Such as a WAN or the Internet, Related U.S. Application Data is described. The System includes one or more clients, each 60 Provisional application No. 60/033,975, Dec. 31, 1996. operating applications or processes (e.g., Netscape Naviga torTM or Microsoft Internet ExplorerTM browser software) (51) Int. Cl." ...................................................... G06F 13/00 requiring Internet (or other open network) access (e.g., an 52 U.S. Cl. .............................................................. 713/201 Internet connection to one or more Web servers). Client 58 Field of Search ............................... 395/18701, 186; based monitoring and filtering of access is provided in 364/222.5, 286.4, 286.5; 711/163; 707/9, conjunction with a centralized enforcement Supervisor. The 10, 203; 713/200, 201 Supervisor maintains access rules for the client-based filter ing and verifies the existence and proper operation of the 56) References Cited client-based filter application. -
Flare-On 5: Challenge 7 Solution – Worldofwarcraft.Exe
Flare-On 5: Challenge 7 Solution – WorldOfWarcraft.exe Challenge Author: Ryan Warns Summary This challenge implements a 32-bit Windows binary meant to run in a Windows on Windows (WOW) environment. Analysis I often start my analysis of samples by quickly skimming the output of static analysis tools and looking through IDA. Performing basic static analysis on the binary we see that WorldOfWarcraft.exe is a simple 32-bit DLL. Running strings.exe on this binary shows us several strings that look like they might be related to the key. USER32 WS2_32 %[email protected] Cannot read payload! n1ght_4lve$_R_c00L.bin A_l1ttl3_P1C_0f_h3aV3n RSDS R:\objchk_win7_x86\i386\WorldOfWarcraft.pdb Figure 1 - strings in WorldOfWarcraft.exe Opening the binary in IDA we can see that the binary doesn’t appear to implement much in the way of functionality, with the main function only calling 3 subroutines. The subroutine at address 0x1001A60 contains references to our strings of interest. FireEye, Inc., 1440 McCarthy Blvd., Milpitas, CA 95035 | +1 408.321.6300 | +1 877.FIREEYE (347.3393) | [email protected] | www.FireEye.com 1 Figure 2 - Decompilation of function using interesting strings I’ve cleaned up the decompilation in the screenshot above to be slightly more accurate. Quickly skimming sub_1001910 reveals that this function grabs the contents of a file, so it looks like sub_0x1001A60 will read the file n1ght_4lve$_R_c00L.bin and XOR the contents against the string A_l1ttl3_P1C_0f_h3aV3n. The result of this operation is compared to a static array on the stack, and if the two match the sample will print our key. -
Command-Line IP Utilities This Document Lists Windows Command-Line Utilities That You Can Use to Obtain TCP/IP Configuration Information and Test IP Connectivity
Guide to TCP/IP: IPv6 and IPv4, 5th Edition, ISBN 978-13059-4695-8 Command-Line IP Utilities This document lists Windows command-line utilities that you can use to obtain TCP/IP configuration information and test IP connectivity. Command parameters and uses are listed for the following utilities in Tables 1 through 9: ■ Arp ■ Ipconfig ■ Netsh ■ Netstat ■ Pathping ■ Ping ■ Route ■ Tracert ARP The Arp utility reads and manipulates local ARP tables (data link address-to-IP address tables). Syntax arp -s inet_addr eth_addr [if_addr] arp -d inet_addr [if_addr] arp -a [inet_address] [-N if_addr] [-v] Table 1 ARP command parameters and uses Parameter Description -a or -g Displays current entries in the ARP cache. If inet_addr is specified, the IP and data link address of the specified computer appear. If more than one network interface uses ARP, entries for each ARP table appear. inet_addr Specifies an Internet address. -N if_addr Displays the ARP entries for the network interface specified by if_addr. -v Displays the ARP entries in verbose mode. -d Deletes the host specified by inet_addr. -s Adds the host and associates the Internet address inet_addr with the data link address eth_addr. The physical address is given as six hexadecimal bytes separated by hyphens. The entry is permanent. eth_addr Specifies physical address. if_addr If present, this specifies the Internet address of the interface whose address translation table should be modified. If not present, the first applicable interface will be used. Pyles, Carrell, and Tittel 1 Guide to TCP/IP: IPv6 and IPv4, 5th Edition, ISBN 978-13059-4695-8 IPCONFIG The Ipconfig utility displays and modifies IP address configuration information. -
Copyrighted Material
Index Numerics Address Resolution Protocol (ARP), 1052–1053 admin password, SOHO network, 16-bit Windows applications, 771–776, 985, 1011–1012 900, 902 Administrative Tools window, 1081–1083, 32-bit (x86) architecture, 124, 562, 769 1175–1176 64-bit (x64) architecture, 124, 562, 770–771 administrative tools, Windows, 610 administrator account, 1169–1170 A Administrators group, 1171 ADSL (Asynchronous Digital Subscriber Absolute Software LoJack feature, 206 Line), 1120 AC (alternating current), 40 Advanced Attributes window, NTFS AC adapters, 311–312, 461, 468–469 partitions, 692 Accelerated Graphics Port (AGP), 58 Advanced Computing Environment (ACE) accelerated video cards (graphics initiative, 724 accelerator cards), 388 Advanced Confi guration and Power access points, wireless, 996, 1121 Interface (ACPI) standard, 465 access time, hard drive, 226 Advanced Graphics Port (AGP) card, access tokens, 1146–1147 391–392 Account Operators group, 1172 Advanced Graphics Port (AGP) port, 105 ACE (Advanced Computing Environment) Advanced Host Controller Interface (AHCI), initiative, 724 212–213 ACPI (Advanced Confi guration and Power Advanced Micro Devices (AMD), 141–144 Interface) standard, 465 Advanced Packaging Tool (APT), 572 Action Center, 1191–1192 Advanced Power Management (APM) Active Directory Database, 1145–1146, 1183 standard, 465 active heat sink, 150 Advanced Programmable Interrupt active matrix display, LCD (thin-fi lm Controller (APIC), 374 transistor (TFT) display), 470 Advanced RISC Computing Specifi cation active partition, 267, -
Download Deploying Windows 7, Essential Guidance
FROM THE Windows® 7 Resource Kit Mitch Tulloch, Tony Northrup, Jerry Honeycutt, Ed Wilson, and the Windows 7 Team at Microsoft I Chapter 3 Deployment Platform .............................................. 85 I Chapter 4 Planning Deployment ............................................ 113 I Chapter 5 Testing Application Compatability ........................... 139 I Chapter 6 Developing Disk Images ......................................... 179 I Chapter 7 Migrating User State Data ...................................... 223 I Chapter 8 Deploying Applications .......................................... 247 I Chapter 9 Preparing Windows PE ........................................... 273 I Chapter 10 Confi guring Windows Deployment Services .............. 293 I Chapter 11 Using Volume Activation ........................................ 335 I Chapter 12 Deploying with Microsoft Deployment Toolkit ........... 355 DEPLOYING WINDOWS 7 83 Chapter 3 Deployment Platform n Tools Introduction 85 n Windows 7 Deployment Terminology 87 n Platform Components 89 n Deployment Scenarios 99 n Understanding Setup 101 n Basic Deployment Process 105 n Microsoft Deployment Toolkit Process 107 n Summary 110 n Additional Resources 111 uilding on technology that the Windows Vista operating system introduced, Windows 7 Bdeployment technology has evolved significantly since Windows XP Professional . For example, it supports file-based disk imaging to make high-volume deployments quicker, more efficient, and more cost effective . The Windows 7 operating system also provides -
Winsock Is a Standard Application Programming Interface (API)
www.installsetupconfig.com An Intro to Windows Socket (Winsock2) Programming & C Language What do we have in this session? Winsock Headers and Libraries Initializing Winsock Error Checking and Handling Addressing a Protocol Addressing IPv4 Internet Addresses Some Note inet_ntoa() Function InetNtop() Function InetPton() Function Byte Ordering Creating a Socket Connection-Oriented Communication Server API Functions Binding, bind() Listening, listen() Accepting Connections, accept() Client API Functions TCP States connect() Data Transmission send() and WSASend() WSASendDisconnect() Out-of-Band Data recv() and WSARecv() WSARecvDisconnect() Stream Protocols Scatter-Gather I/O Breaking the Connection shutdown() closesocket() TCP Receiver/Server With select() Example TCP Sender/client Program Example Testing the TCP Client and Server Programs Testing the TCP Client and Server Programs in Private Network Connectionless Communication Receiver Sender Running Both the UDP Receiver/Server and UDP Sender/Client Testing the UDP Client and select Server Programs in Private Network Message-Based Protocols Releasing Socket Resources 1 www.installsetupconfig.com Miscellaneous APIs getpeername() getsockname() WSADuplicateSocket() Windows CE Conclusion The following figure shows the TCP/IP stack for computer communication. Starting with the Open System Interconnection (OSI) seven layers and the TCP/IP stack. The Winsock is a library used for network communication programming for Windows. 7 Application e.g. HTTP, SMTP, SNMP, FTP, Telnet, SSH and Scp, NFS, RTSP etc. 6 Presentation e.g. XDR, ASN.1, SMB, AFP etc. 5 Session e.g. TLS, SSH, ISO 8327 / CCITT X.225, RPC, NetBIOS, ASP etc. 4 Transport e.g. TCP, UDP, RTP, SCTP, SPX, ATP etc. e.g. IP/IPv6, ICMP, IGMP, X.25, CLNP, ARP, RARP, BGP, OSPF, RIP, IPX, 3 Network DDP etc. -
(CMS) Open Database Connectivity
Avaya™ Call Management System (CMS) Open Database Connectivity 585-780-701 Issue 1.0 May 2002 COMPAS ID 89705 © 2002, Avaya Inc. All Rights Reserved Notice Trademarks Every effort was made to ensure that the information in this document was complete and accurate at the time of printing. However, information The following trademarks are mentioned in this document: is subject to change. • MultiVantage and DEFINITY are registered trademarks of Avaya Inc. Preventing Toll Fraud • Enterprise, Solaris, SPARCserver, Network Terminal Server, “Toll fraud” is the unauthorized use of your telecommunications system Sun, SunSwift, Solstice, DiskSuite, and Ultra are trademarks by an unauthorized party (for example, a person who is not a corporate or registered trademarks of Sun Microsystems, Inc. employee, agent, subcontractor, or working on your company's behalf). • INFORMIX is a registered trademark of Informix Software, Be aware that there may be a risk of toll fraud associated with your Inc. system and that, if toll fraud occurs, it can result in substantial additional • Multiport is a registered trademark of Aurora Technologies, charges for your telecommunications services. Inc. • Windows is a registered trademark of Microsoft, Inc. Avaya Fraud Intervention All other product names mentioned herein are the trademarks of their If you suspect that you are being victimized by toll fraud and you need respective owners. technical assistance or support, call Technical Service Center Toll Fraud Intervention Hotline at +1 800 643 2353 for the United States and Ordering Information Canada. For additional support telephone numbers, see the Avaya web Call: Avaya Publications Center site: Voice +1 800 457 1235 http://www.avaya.com Fax +1 800 457 1764 Select Support, then select Escalation Lists US and International.