Executable types and Malware

Discussion in 'other software & services' started by aigle, Jun 7, 2007.

Thread Status:
Not open for further replies.
  1. aigle

    aigle Registered Member

    Joined:
    Dec 14, 2005
    Posts:
    11,047
    Location:
    Saudi Arabia/ Pakistan
    I have basically two Qs in mind.

    1- Is there a complete list of executables of windows available?( Anti-Executable claims to protect against more than 80 types of executables).

    2- What type of executables are mostly used by malware? .exe is commonest of course, what after that?

    Thanks
     
  2. GlobalForce

    GlobalForce Regular Poster

    Joined:
    Jun 30, 2004
    Posts:
    3,581
    Location:
    Garden State, USA
    Hi aigle,

    I don't think anyone's going to forward an "absolute" list per say. As I understand it executable code can be hidden, then triggered any number of way's with any sort of instruction, for purposes good or bad. It's fair to say as program's are added, so too are extension's that can be executed.

    This might make more sense - http://msdn.microsoft.com/msdnmag/issues/03/05/VirusHunting/

    Googling (Scroogling) around for *executable file extension's* will yield several site's with additional information. Though he hasn't been here in some time, I would love to hear one of Alec's well spoken explanation's, delivered in nothing short of pure layman's term's (which I myself would favor).


    Steve
     
  3. flinchlock

    flinchlock Registered Member

    Joined:
    Jan 30, 2005
    Posts:
    554
    Location:
    Michigan
    Again, my favorite "GUI"... DOS or "Command Prompt"!

    The "assoc" program will tell you what file extension is associated with what program. It just takes a little bit of registry hunting.

    For example, ".exe=exefile", says, a file with the .exe extension, will use/run whatever is associated with "exefile". So, fire up 'regedit.exe' and look in the HKEY_CLASSES_ROOT key and scroll down to 'exefile'. You will see under "shell > open > command" = "%1" %*. That just says to execute the first parameter (in this case, the program name) and pass all the remaining parameters to the program.

    Another example, ".WSF=WSFFile". That says %SystemRoot%\System32\WScript.exe "%1" %*

    So, each PC has a different list.

    Something else to be paranoid about... if you install a music player program, how do you know EXACTLY what file associations have been added/deleted/changed? I know, do you? ;)

    Mike

    Code:
    C:\TEMP>assoc
    .323=h323file
    .386=vxdfile
    .669=Winamp.File
    .7z=7-Zip.7z
    .AAC=Winamp.File
    .aca=Agent.Character.2
    .acf=Agent.Character.2
    .acl=ACLFile
    .acs=Agent.Character2.2
    .acw=acwfile
    .ai=
    .aif=AIFFFile
    .aifc=AIFFFile
    .aiff=AIFFFile
    .amf=Winamp.File
    .ani=anifile
    .api=AcroExch.Plugin
    .APL=Winamp.File
    .aps=
    .arj=7-Zip.arj
    .asa=aspfile
    .ascx=
    .asf=Winamp.File
    .asm=
    .asmx=
    .asp=aspfile
    .aspx=
    .asx=Winamp.PlayList
    .au=AUFile
    .AudioCD=
    .avi=avifile
    .aw=AWFile
    .B4S=Winamp.PlayList
    .bat=batfile
    .bcf=Belarc.Content.Filter
    .bci=Belarc.Computer.Inventory
    .bfc=Briefcase
    .bin=
    .bkf=msbackupfile
    .blg=PerfFile
    .bmp=PaintShopProPhotoXI.Image
    .bsc=
    .bz2=7-Zip.bz2
    .c=
    .cab=CLSID\{0CD7A5C0-9F37-11CE-AE65-08002B2E1262}
    .cat=CATFile
    .cda=Winamp.File
    .cdc=NeroCDCoverType
    .cdf=ChannelFile
    .cdx=aspfile
    .cer=CERFile
    .cgm=
    .chk=chkfile
    .chm=chm.file
    .clp=clpfile
    .cmd=cmdfile
    .cnf=ConferenceLink
    .com=comfile
    .cpio=7-Zip.cpio
    .cpl=cplfile
    .cpp=
    .crl=CRLFile
    .crt=CERFile
    .css=CSSfile
    .csv=Excel.CSV
    .CTT=MessengerContactList
    .cur=curfile
    .cxx=
    .dat=
    .db=dbfile
    .dbg=
    .dcs=dcsfile
    .dct=
    .deb=7-Zip.deb
    .def=
    .der=CERFile
    .DeskLink=CLSID\{9E56BE61-C50F-11CF-9A2C-00A0C90A90CE}
    .dib=Paint.Picture
    .dic=txtfile
    .dif=Excel.DIF
    .diz=
    .dll=dllfile
    .dl_=
    .dmt=DeLorme Transfer File
    .doc=Word.Document.8
    .dochtml=wordhtmlfile
    .docm=Word.DocumentMacroEnabled.12
    .docmhtml=wordmhtmlfile
    .docx=Word.Document.12
    .docxml=wordxmlfile
    .dos=
    .dot=Word.Template.8
    .dothtml=wordhtmltemplate
    .dqy=dqyfile
    .drv=drvfile
    .dsn=MSDASQL
    .dun=dunfile
    .dvd=
    .dvr-ms=WMP.DVR-MSFile
    .ecs=ecsfile
    .edn=EDNActivation
    .elm=ELMFile
    .emf=emffile
    .eml=emffile
    .eps=
    .etd=EBXTransfer
    .exc=txtfile
    .exe=exefile
    .exp=
    .ex_=
    .eyb=
    .far=Winamp.File
    .fcs=fcsfile
    .fdf=AcroExch.FDFDoc
    .ffa=FFAFile
    .ffl=FFLFile
    .fft=FFTFile
    .ffx=FFXFile
    .fif=
    .FLA=Winamp.File
    .FLAC=Winamp.File
    .fnd=fndfile
    .fnt=
    .Folder=
    .fon=fonfile
    .gdb=GarminGpsDatabase
    .ghi=
    .gho=Ghost
    .ghs=GhostSpan
    .gif=PaintShopProPhotoXI.Image
    .grp=MSProgramGroup
    .gz=7-Zip.gz
    .h=
    .hhc=
    .hlp=hlpfile
    .hpp=
    .hqx=
    .ht=htfile
    .hta=htafile
    .htc=
    .htm=FirefoxHTML
    .html=FirefoxHTML
    .htt=HTTfile
    .htw=
    .htx=
    .hxx=
    .icc=icmfile
    .icm=icmfile
    .ico=IconEdit32.Document
    .idb=
    .idl=
    .idq=
    .iii=iiifile
    .ilk=
    .imc=
    .inc=
    .inf=inffile
    .ini=inifile
    .ins=x-internet-signup
    .inv=
    .inx=
    .in_=
    .iqy=iqyfile
    .iso=7-Zip.iso
    .isp=x-internet-signup
    .it=Winamp.File
    .its=ITS File
    .itz=Winamp.File
    .ivf=IVFfile
    .jar=jarfile
    .java=
    .jbf=PaintShopProPhotoXI.BrowserCacheFile
    .jfif=pjpegfile
    .jnlp=JNLPFile
    .job=JobObject
    .jod=Microsoft.Jet.OLEDB.4.0
    .jpe=jpegfile
    .jpeg=jpegfile
    .jpg=jpegfile
    .js=JSFile
    .JSE=JSEFile
    .kdb=kdbfile
    .key=regfile
    .klnx=CLSID\{9E56BE60-C50F-11CF-9A2C-FD146FCA}
    .latex=
    .lex=LEXFile
    .lib=
    .LiveReg=LiveReg.SessionFile
    .LiveSubscribe=LiveReg.UserProfile
    .liveupdate=LiveupdateFile
    .lnk=lnkfile
    .local=
    .log=txtfile
    .lwv=LWVFile
    .lzh=7-Zip.lzh
    .m14=
    .m1v=mpegfile
    .M2V=Winamp.File
    .m3u=Winamp.PlayList
    .M3U8=Winamp.PlayList
    .M4A=Winamp.File
    .man=
    .manifest=
    .MAPIMail=CLSID\{9E56BE60-C50F-11CF-9A2C-00A0C90A90CE}
    .MAX=
    .mbsa=MBSA.Report.Viewer
    .mdb=
    .mdi=MSPaper.Document
    .mdz=Winamp.File
    .mgc=MediaCatalogMGC
    .mht=mhtmlfile
    .mhtml=mhtmlfile
    .mid=midfile
    .midi=midfile
    .mmf=
    .mml=MediaCatalogMML
    .mmm=MPlayer
    .mmw=MediaCatalogMMW
    .mod=Winamp.File
    .mov=
    .movie=
    .MP1=Winamp.File
    .mp2=Winamp.File
    .mp2v=mpegfile
    .mp3=Winamp.File
    .MP4=Winamp.File
    .mpa=mpegfile
    .mpe=mpegfile
    .mpeg=Winamp.File
    .mpf=MediaPackageFile
    .mpg=Winamp.File
    .mpv2=mpegfile
    .msc=MSCFile
    .msg=
    .msi=Msi.Package
    .msp=Msi.Patch
    .MsRcIncident=MsRcIncident
    .msstyles=msstylesfile
    .MSWMM=Windows.Movie.Maker
    .mtm=Winamp.File
    .mv=
    .mydocs=CLSID\{ECF03A32-103D-11d2-854D-006008059367}
    .nbi=NBBACKUPType
    .ncb=
    .ncd=Nero Cover Designer.Document
    .nco=NBCOMPRESSType
    .ncs=ncsfile
    .nct=Nero Cover Designer.Template
    .nfo=MSInfo.Document
    .nhf=NeroHFSType
    .nhv=NeroHDBVideoType
    .nji=NBJOBType
    .nls=
    .nmd=NerominiDVDType
    .NMW=T126_Whiteboard
    .nr3=NeroMP3Type
    .nr4=NeroAACType
    .nra=NeroAudioType
    .nrb=NeroCDROMBootType
    .nrc=NeroUDFISOType
    .nrd=NeroDVDVideoType
    .nre=NeroCDExtraType
    .nrg=NeroImageType
    .nrh=NeroCDROMHybridType
    .nri=NeroCDROMType
    .nrm=NeroMixedModeType
    .nrs=NeroCDROMEFIBootType
    .nru=NeroUDFType
    .nrv=NeroVideoType
    .nrw=NeroWMAType
    .NSA=Winamp.File
    .nsc=
    .nsd=NeroSuperVideoType
    .nst=Winamp.File
    .NSV=Winamp.File
    .nvr=
    .nws=Microsoft Internet News Message
    .obj=
    .ocx=ocxfile
    .oc_=
    .odc=odcfile
    .odccubefile=odccubefile
    .odcdatabasefile=odcdatabasefile
    .odcnewfile=odcnewfile
    .odctablefile=odctablefile
    .OGG=Winamp.File
    .okt=Winamp.File
    .opc=OPCFile
    .oqy=oqyfile
    .otf=otffile
    .p10=P10File
    .p12=PFXFile
    .p7b=SPCFile
    .p7c=certificate_wab_auto_file
    .p7m=P7MFile
    .p7r=SPCFile
    .p7s=P7SFile
    .p951=CLSID\{9E56BE60-C50F-11CF-9A2C-E97BA5CA}
    .pbk=pbkfile
    .pcb=PCBFile
    .pch=
    .pdb=
    .pdf=AcroExch.Document
    .pds=
    .pdx=PDXFileType
    .pfm=pfmfile
    .pfx=PFXFile
    .php3=
    .pic=
    .pif=piffile
    .pip=PIPFile
    .pko=PKOFile
    .pl=
    .plg=
    .pls=Winamp.PlayList
    .pma=PerfFile
    .pmc=PerfFile
    .pml=PerfFile
    .pmr=PerfFile
    .pmw=PerfFile
    .pnf=pnffile
    .png=PaintShopProPhotoXI.Image
    .pot=PowerPoint.Template.8
    .pothtml=powerpointhtmltemplate
    .potm=PowerPoint.TemplateMacroEnabled.12
    .potx=PowerPoint.Template.12
    .ppa=PowerPoint.Addin.8
    .pps=PowerPoint.SlideShow.8
    .ppsm=PowerPoint.SlideShowMacroEnabled.12
    .ppsx=PowerPoint.SlideShow.12
    .ppt=PowerPoint.Show.8
    .ppthtml=powerpointhtmlfile
    .pptm=PowerPoint.ShowMacroEnabled.12
    .pptmhtml=powerpointmhtmlfile
    .pptx=PowerPoint.Show.12
    .prf=prffile
    .ps=
    .psd=
    .Psp=
    .PspAutosave=PaintShopProPhotoXI.AutosaveFile
    .PspBrush=PaintShopProPhotoXI.Brush
    .PspBumpMap=PaintShopProPhotoXI.BumpMap
    .PspCache=PaintShopProPhotoXI.Cache
    .PspCMYKProfile=PaintShopProPhotoXI.CMYKProfile
    .PspDeformationMap=PaintShopProPhotoXI.DeformationMap
    .PspEnvironmentMap=PaintShopProPhotoXI.EnvironmentMap
    .PspFrame=PaintShopProPhotoXI.Frame
    .PspGradient=PaintShopProPhotoXI.Gradient
    .PspImage=PaintShopProPhotoXI.Image
    .PspMask=PaintShopProPhotoXI.Mask
    .PspPalette=PaintShopProPhotoXI.Palette
    .PspScript=PaintShopProPhotoXI.Script
    .PspSelection=PaintShopProPhotoXI.Selection
    .PspShape=PaintShopProPhotoXI.Shape
    .PspStyledLine=PaintShopProPhotoXI.StyledLine
    .PspTube=PaintShopProPhotoXI.PictureTube
    .PspWorkspace=PaintShopProPhotoXI.WorkspaceFile
    .psw=PSWFile
    .ptm=Winamp.File
    .pwz=PowerPoint.Wizard.8
    .qds=SavedDsQuery
    .rar=7-Zip.rar
    .rat=ratfile
    .rc=
    .RDP=RDP.File
    .reg=regfile
    .res=
    .rle=
    .rmf=AcroExch.RMFFile
    .rmi=midfile
    .rnk=rnkfile
    .rpc=
    .rpm=7-Zip.rpm
    .rqy=rqyfile
    .rsp=
    .rtf=Word.RTF.8
    .s3m=Winamp.File
    .s3z=Winamp.File
    .sam=
    .saz=Fiddler.ArchiveZip
    .sbr=
    .sbw=SBWizard.Document
    .sc2=
    .scf=SHCmdFile
    .scp=txtfile
    .scr=scrfile
    .sct=scriptletfile
    .sdb=appfixfile
    .secstore=AcroExch.SecStore
    .sed=
    .shb=DocShortcut
    .shs=ShellScrap
    .shtml=FirefoxHTML
    .shw=
    .sit=
    .skype=Skype.Content
    .slk=Excel.SLK
    .sna=Snapshot-File
    .snd=AUFile
    .spc=SPCFile
    .spl=ShockwaveFlash.ShockwaveFlash
    .sql=
    .sr_=
    .sst=CertificateStoreFile
    .stf=STFFile
    .stl=STLFile
    .stm=Winamp.File
    .stz=Winamp.File
    .swf=ShockwaveFlash.ShockwaveFlash
    .sym=
    .sys=sysfile
    .sy_=
    .t101=CLSID\{9E56BE60-C50F-11CF-9A2C-FD146FCA}
    .tar=7-Zip.tar
    .tcs=tcsfile
    .text=
    .theme=themefile
    .tif=MSPaper.Document
    .tiff=MSPaper.Document
    .tlb=
    .tpx=Topo USA 5.0 Project File
    .tsp=
    .tsv=
    .ttc=ttcfile
    .ttf=ttffile
    .Tub=
    .tvp=nView.Profile
    .txt=txtfile
    .UDL=MSDASC
    .uls=ulsfile
    .ult=Winamp.File
    .url=InternetShortcut
    .UserProfile=LiveReg.UserProfile
    .uxdc=UXDCFILE
    .VBE=VBEFile
    .vbs=VBSFile
    .vbx=
    .vcf=vcard_wab_auto_file
    .VcPref=LiveAdvisor.PreferencesFile
    .VLB=Winamp.File
    .vxd=vxdfile
    .wab=wab_auto_file
    .wal=Winamp.SkinZip
    .wav=soundrec
    .wax=WAXFile
    .wb2=
    .wbk=Word.Backup.8
    .wcs=wcsfile
    .webpnp=webpnpFile
    .whs=WHSFile
    .WHT=Whiteboard
    .whx=WHXFile
    .WinMerge=WinMerge.Project.File
    .wiz=Word.Wizard.8
    .wk4=
    .wll=Word.Addin.8
    .wlt=
    .wm=ASFFile
    .wma=WMAFile
    .wmd=WMDFile
    .wmdb=WMP.WMDBFile
    .wmf=wmffile
    .wmp=
    .wms=WMSFile
    .wmv=Winamp.File
    .wmx=ASXFile
    .wmz=WMZFile
    .wpd=
    .wpg=
    .wpl=Winamp.PlayList
    .wri=wrifile
    .wsc=scriptletfile
    .WSF=WSFFile
    .WSH=WSHFile
    .wsz=Winamp.SkinZip
    .wtx=txtfile
    .wvx=WVXFile
    .x=
    .xbm=
    .xdp=AcroExch.XDPDoc
    .xevgenxml=XEV.GenericApp
    .xfdf=AcroExch.XFDFDoc
    .xht=FirefoxHTML
    .xhtml=FirefoxHTML
    .xix=
    .xla=Excel.Addin
    .xlam=Excel.Addin
    .xlb=Excel.Sheet.8
    .xlc=Excel.Chart.8
    .xld=Excel.Dialog
    .xlk=Excel.Backup
    .xll=Excel.XLL
    .xlm=Excel.Macrosheet
    .xls=Excel.Sheet.8
    .xlsb=Excel.SheetBinaryMacroEnabled.12
    .xlshtml=Excelhtmlfile
    .xlsm=Excel.SheetMacroEnabled.12
    .xlsmhtml=excelmhtmlfile
    .xlsx=Excel.Sheet.12
    .xlt=Excel.Template
    .xlthtml=Excelhtmltemplate
    .xltm=Excel.Template
    .xltx=Excel.Template
    .xlv=Excel.VBAModule
    .xlw=Excel.Workspace
    .xlxml=Excelxmlss
    .xm=Winamp.File
    .xml=xmlfile
    .xmz=Winamp.File
    .xsl=xslfile
    .z=7-Zip.z
    .z96=
    .zap=zapfile
    .ZFSendToTarget=CLSID\{888DCA60-FC0A-11CF-8F0F-00C04FD7D062}
    .zip=CompressedFolder
     
    Last edited: Jun 8, 2007
  4. aigle

    aigle Registered Member

    Joined:
    Dec 14, 2005
    Posts:
    11,047
    Location:
    Saudi Arabia/ Pakistan
    It seems a long list.:rolleyes:
     
    Last edited: Jun 8, 2007
  5. Rmus

    Rmus Exploit Analyst

    Joined:
    Mar 16, 2005
    Posts:
    3,943
    Location:
    California
    This presents a big problem, for it used to be easy to watch for excecutables trying to sneak in.

    This makes the user's job easier, for AE denies by default any attempt to surreptitiously download|install an executable.

    Some recent examples of catching executable code hidden in supposedly non-executable file types:

    .gif
    gif-block.gif

    .css
    css-extract.gif

    .rtf
    dataRTF.gif
    ___________________________________________________

    Another surreptitious means of executing a file relies on the fact that a program can read
    the file header information, regardless of the file extension. Microsoft Word is a good example.

    If I rename Visioneer.doc to Visioneer.tmp, windows should see the .tmp file extension and pass the command
    to the Unknown|OpenAs Key in the Registry which will bring up the "Open With" dialog box when you d-click on the file.

    But because of the file header information, Windows calls MSWord to happily run (open) the file.
    The File Properties reveal that it is a Word Document:

    doc-tmp.gif
    ____________________________________________________

    In years past this was a sneaky way of embedding a macro virus, and evidently many people
    clicked on this type of file in an email attachment.

    Since it is easy to disguise a Word document as almost anything, it's just wise to realize that a file
    may be something different from what it appears to be.

    From a write-up about a MSWord exploit:

    http://www.eweek.com/article2/0,1895,2072969,00.asp
    This may also apply to other programs.


    regards,

    -rich

    ________________________________________________________________
    "Talking About Security Can Lead To Anxiety, Panic, And Dread...
    Or Cool Assessments, Common Sense And Practical Planning..."
    --Bruce Schneier​
     
  6. aigle

    aigle Registered Member

    Joined:
    Dec 14, 2005
    Posts:
    11,047
    Location:
    Saudi Arabia/ Pakistan
    Hi Rmus, AE was the only software that was able to detect the spoofed .gif file( in first snapshot).
    I wonder does AE allows u to download beningn .gif images?
     
  7. lucas1985

    lucas1985 Retired Moderator

    Joined:
    Nov 9, 2006
    Posts:
    4,047
    Location:
    France, May 1968
    Is there a tool (more sofisticated that File Properties) that say what content a file has, regardless of its extension?
     
  8. Rmus

    Rmus Exploit Analyst

    Joined:
    Mar 16, 2005
    Posts:
    3,943
    Location:
    California
    Sorry I was late getting to your PM. Yes, the .gif file downloaded|cached and displayed in the browser as a screenshot of a desktop.


    -rich
     
  9. Mrkvonic

    Mrkvonic Linux Systems Expert

    Joined:
    May 9, 2005
    Posts:
    8,698
    Hello,
    lucas & for those wondering, the best way to check a file real type is to view it in a Linux system.
    Mrk
     
  10. lucas1985

    lucas1985 Retired Moderator

    Joined:
    Nov 9, 2006
    Posts:
    4,047
    Location:
    France, May 1968
    Hello Mrk,
    Do you mean executing it in a Linux environment? I already do that, but I wonder if there's a handy Windows tool which gives lots of info about a file.
     
  11. aigle

    aigle Registered Member

    Joined:
    Dec 14, 2005
    Posts:
    11,047
    Location:
    Saudi Arabia/ Pakistan
    Did u tried to save it on PC? I wanted to check that.
     
  12. flinchlock

    flinchlock Registered Member

    Joined:
    Jan 30, 2005
    Posts:
    554
    Location:
    Michigan
    I am guessing Mrk is talking about the 'file' Linux command. For example...
    The 'file' command is looking at the first few bytes of my Word doc file, it then looks in another file called 'magic' to display what it knows about the file. It told us OldBaldMikey.doc is a 'Microsoft Office Document'.

    The 'magic' file on my SuSe Linux PC is 11589 lines long!

    If you open CMD.EXE in your favorite TEXT editor, you will see the first two characters are MZ... most Windows programs (.exe) start with MZ. (FYI: MZ is the initial of Mark Zbikowski, one of the developers of MS-DOS.)

    If I rename CMD.EXE to CMD.TXT, the Linux 'file' command will still display it as an M$ exe program.

    Linux does not really use file extensions, it looks in the magic file to figure what the file is. :thumb: :thumb:

    Mike
     

    Attached Files:

    • CMD.png
      CMD.png
      File size:
      186.7 KB
      Views:
      1,635
  13. lucas1985

    lucas1985 Retired Moderator

    Joined:
    Nov 9, 2006
    Posts:
    4,047
    Location:
    France, May 1968
    Thanks flinchlock :)
    However, I've read that not all files have the MZ header at the beginning. So, it's a matter of looking for the MZ string.
    BTW, FileAlyzer is close to the "handy tool" which I was looking for.
    This thread is highly valuable :thumb:
     
  14. Mrkvonic

    Mrkvonic Linux Systems Expert

    Joined:
    May 9, 2005
    Posts:
    8,698
    Hello,
    I meant even something much simpler for non-CLI people. Any file explorer in Linux will dsplay information about files, including their real type. But many more cool things are possible.
    Mrk
     
  15. lucas1985

    lucas1985 Retired Moderator

    Joined:
    Nov 9, 2006
    Posts:
    4,047
    Location:
    France, May 1968
    You're correct Mrkvonic :oops:
    So simple. I wonder why there's not anything like this for Windows.
    I have to play more with Linux.
     
  16. Mrkvonic

    Mrkvonic Linux Systems Expert

    Joined:
    May 9, 2005
    Posts:
    8,698
    Hello,

    It certainly goes to the DOS architecture and 8-bit address shortages that MS people did not know how to deal with.

    Think about it. Solaris had their 64-bit servers already in 1992. Even today, Microsoft struggle with 64-bit... It's been 15 years since.

    Mrk
     
  17. flinchlock

    flinchlock Registered Member

    Joined:
    Jan 30, 2005
    Posts:
    554
    Location:
    Michigan
    I said most, not all, but a sheet load. ;)

    Maybe better wording is "magic string" or "magic bytes".

    Yup.

    Also, System Information for Windows has a "File Associations" tab that is MUCH better than using regedit.exe to look at all that stuff. :thumb: :thumb:

    SIW is also on Ultimate Boot CD for Windows.

    Mike
     
  18. lucas1985

    lucas1985 Retired Moderator

    Joined:
    Nov 9, 2006
    Posts:
    4,047
    Location:
    France, May 1968
    Thanks guys :)
     
  19. diginsight

    diginsight Security Expert

    Joined:
    Feb 9, 2002
    Posts:
    225
    Location:
    Netherlands
    I just started reading Windows Desktop and Server Hardening by Roger Grimes. He was joking to name this book "Everyone Else's Windows Security Book Sucks". Owning three other books on windows security I tend to agree :D

    On the accompanying website he has published some excellent material. It can be found by clicking on [download code].

     
Loading...
Thread Status:
Not open for further replies.