- http://resources.infosecinstitute.com/hardening-iis-security/#gref
- https://technet.microsoft.com/en-us/library/jj635855(v=ws.11).aspx
- https://msdn.microsoft.com/en-us/library/dd163542.aspx
Friday, May 12, 2017
IIS Security
If you are setting up an IIS server or installing an app that will enable IIS, take a look at these links on how to harden IIS:
Weak Service Permissions
Now Exploiting Windows!
Weak Service Permissions
Making press recently is the not quite new but always exciting ability to exploit a remote PC by gaining access to replace a file on the PC that is started up when the computer boots.
This happens because a third party service application is running in a location on the PC where anyone who connects to the PC (aka a regular user) can modify the files in that folder.
A good write up on this can be found here: http://travisaltman.com/windows-privilege-escalation-via-weak-service-permissions/
That same article links to several other great articles on privilege escalation and other security blogs.
Subscribe to:
Posts (Atom)