Hacking Windows Security Principal
From: Rene (nospam_at_nospam.com)
Date: Tue, 25 Jan 2005 23:30:46 -0600
According to my research, it looks like I can use the Windows Security
Principal to verify that a user is authenticated or to see if they belong to
a certain group etc.
The thing that bothers me is that this object resides in the client computer
memory and everybody knows that this makes this object more vulnerable to
My question is, how difficult would be for a hacker to go directly to memory
and flip the IsAuthenticated bit from 0 to 1? or go directly through memory
and change a group name from "ZeroControl" to "FullControl"? Once those
changes are made, the attacker would be able to easily bypass my roll base
security and I will be... Oh my, I don't even what to think about that.
This is just a silly example but I hope it gets the point across, thank you
for any information.