• List Price: CDN$ 65.95
  • You Save: CDN$ 7.85 (12%)
In Stock.
Ships from and sold by Amazon.ca. Gift-wrap available.
Hacking Exposed Windows: ... has been added to your Cart
+ CDN$ 6.49 shipping
Used: Good | Details
Condition: Used: Good
Comment: Buy with confidence. Excellent Customer Service & Return policy.Ships from USA. Please give between 2-5 week for delivery.
Have one to sell?
Flip to back Flip to front
Listen Playing... Paused   You're listening to a sample of the Audible audio edition.
Learn more
See all 3 images

Hacking Exposed Windows: Microsoft Windows Security Secrets and Solutions, Third Edition Paperback – Dec 25 2007

See all 2 formats and editions Hide other formats and editions
Amazon Price
New from Used from
Kindle Edition
"Please retry"
"Please retry"
CDN$ 58.10
CDN$ 41.36 CDN$ 31.00

Harry Potter and the Cursed Child
click to open popover

No Kindle device required. Download one of the Free Kindle apps to start reading Kindle books on your smartphone, tablet, and computer.
Getting the download link through email is temporarily not available. Please check back later.

  • Apple
  • Android
  • Windows Phone
  • Android

To get the free app, enter your mobile phone number.

Product Details

  • Paperback: 451 pages
  • Publisher: McGraw-Hill Education; 3 edition (Dec 25 2007)
  • Language: English
  • ISBN-10: 007149426X
  • ISBN-13: 978-0071494267
  • Product Dimensions: 18.5 x 2.4 x 22.9 cm
  • Shipping Weight: 975 g
  • Average Customer Review: Be the first to review this item
  • Amazon Bestsellers Rank: #754,966 in Books (See Top 100 in Books)
  •  Would you like to update product info, give feedback on images, or tell us about a lower price?

  • See Complete Table of Contents

Product Description

About the Author

Joel Scambray, CISSP, is Managing Principal with Citigal as well as Co-Founder of Consciere LLC. He was previously chief strategy officer for Leviathan Security Group. He has assisted companies ranging from newly minted startups to members of the Fortune 50 in addressing information security challenges and opportunities for over a dozen years. Joel's background includes roles as an executive, technical consultant, and entrepreneur. He was a senior director at Microsoft Corporation, where he led Microsoft's online services security efforts for three years before joining the Windows platform and services division to focus on security technology architecture. Joel also co-founded security software and services startup Foundstone, Inc. He has also held positions as a Manager for Ernst & Young, Chief Strategy Officer for Leviathan, security columnist for Microsoft TechNet, Editor at Large for InfoWorld Magazine, and director of IT for a major commercial real estate firm. Joel has spoken widely on information security at forums including Black Hat, I-4, and The Asia Europe Meeting (ASEM), as well as organizations including CERT, CSI, ISSA, ISACA, SANS, private corporations, and government agencies such as the Korean Information Security Agency (KISA), FBI, and the RCMP. Joel Scambray is the co-author of all 6 editions of Hacking Exposed. He is also the lead author of Hacking Exposed Windows and Hacking Exposed Web Applications.

Customer Reviews

There are no customer reviews yet on Amazon.ca
5 star
4 star
3 star
2 star
1 star

Most Helpful Customer Reviews on Amazon.com (beta)

Amazon.com: HASH(0xb3864498) out of 5 stars 9 reviews
12 of 12 people found the following review helpful
HASH(0xb3c691f8) out of 5 stars Not bad for the 3rd iteration Feb. 22 2008
By Chris Gates - Published on Amazon.com
Format: Paperback
Disclaimer: I received a review copy of HE:Windows.

The latest HE:Windows takes us toe to toe with Vista and Server 2008 and gives us a recap of some Win2k3 and Win2k knowledge. I was torn between whether to give this book three or four stars. I ended up giving it a four because it was well written, hit the majority objectives it laid out, and would be useful for someone that didn't have the two previous iterations, if you have the other two keep in mind there is a fair amount of content reuse and if you do this for a living, it may come up short of expectations.

The book covers a lot of ground but at the end I was left feeling like the authors were saying that if I was pentesting a Vista host or Server 2008 host/domain I should just call it quits. Going back and rereading a bit of the HE: Windows Server 2003 book I felt they said the same thing in that book as well. This obviously ended up being not the case, and I don't think will be the case with Vista and Server 2008 either. Its also not a viable option for any penetration tester.

Some examples of what I am talking about can be seen in Chapter 4 where the SMB enumeration examples only work against Windows 2000 and maybe Windows XP SP1. No mention of how to actually start pulling that information out from current environments. The Active Directory section reused the old content and made no discussion of any current tools or changes in 2003 environments and 2008 environments which have pretty much eliminated anonymous binds to extract information. Chapter 5, Hacking Windows Specific Services reused a lot of content which was disappointing, especially disappointing was the reuse of the smbrelay content, especially with tools that work much better like the smbrelay module in the metasploit framework.

The rootkit chapter is pretty good and talks about a rootkit I had never heard of (Unreal rootkit)..

Client side attacks has a decent update to it covering phishing, ActiveX, office and pdf exploits and a bit of cross site scripting, but refers you to the HE Web Applications book for more detail, which is fair.

Physical Attacks section is mostly the same with some updates on wireless, keyloggers and bootkits but mostly just overviews not followable steps.

Ch12 windows security features and tools is probably what pushed the book from a 3 to a 4. It covered bitlocker, Vista Windows integrity control, server hardening, stack protections, and others information.
2 of 2 people found the following review helpful
HASH(0xb3cc0894) out of 5 stars Worth the upgrade from Hacking Exposed: Windows Server 2003 July 2 2009
By Richard Bejtlich - Published on Amazon.com
Format: Paperback
I've been reading and reviewing Hacking Exposed (HE) books since 1999, and I reviewed the two previous Windows books. Hacking Exposed: Windows, 3rd Ed (HEW3E) is an excellent addition to the HE series. I agree with Chris Gates' review, but I'd like to add a few of my own points. The bottom line is that if you need a solid book on Windows technologies and how to attack and defend them, HEW3E is the right resource.

It has been fashionable for the last six or seven years for supposedly "elite" security people to laugh at HE books. Sure, the books don't teach you how to find zero-day vulnerabilities or write new exploits. The strength of the HE series is in its approach. HE books teach you about core Windows security technologies in a manner that you usually can't find elsewhere. Then the authors explain how to attack those technologies, as a penetration tester might. Finally they conclude with recommended countermeasures, as available. You can't ask for more in a security book: how it works, how to break it, how to fix it. There's something for everyone -- admin, red team, blue team.

My personal favorite sections included Ch 5: Hacking Windows-Specific Services, Ch 7: Post-Exploit Pillaging, and Ch 8: Achieving Stealth and Maintaining Presence. I didn't think Ch 6: Discovering and Exploiting Windows Vulnerabilities was very strong. I was disappointed by Ch 10: Hacking Microsoft Client Apps. Client-side attacks have been the dominant security problem for enterprise security teams for the last five years. You could probably write a whole book titled Hacking Exposed: Client-Side or similar! If/when the authors decide to write a 4th Ed, I'd like to see more coverage of client-side apps, like Adobe Acrobat, Microsoft Office, and the like.

Overall I strongly recommend reading HEW3E. It's not a five star book but you will learn a lot reading it. The target audience includes security-conscious admins, those who try to attack Windows systems, and those who defend them.
4 of 5 people found the following review helpful
HASH(0xb3c911e0) out of 5 stars avoid this (and other such) nonsense June 14 2014
By Bruce D. Wilner - Published on Amazon.com
Format: Paperback
This book and its ilk offer precious little of any value. Of course, the book is very fat, but much of that volume can be attributed to (a) reviewing background material that has precious little to do with "hacking," whatever that might mean in the authors' stultified world view; and (b) the fact that, wherever two lines of code would suffice to illustrate a point, the authors instead to choose page-filling screen shots of nonsensical Windows tools that, ultimately, and I do mean ULTIMATELY, offer those two lines--if you succeed in hunting them down.

I earned my CISSP thirteen years ago, when it actually meant something, although the exam was--to be blunt--TRIVIAL compared to a challenging exam such as the CCP. This was before the Department of Defense legislated away the Orange Book and its associated core of intellectually vital output from leading researchers, choosing instead to buckle to the pressure of Microsoft and such (hey, they are, after all, in bed with them: one sees Microsoft Windows on even the OJCS's desktops).

Yes, modern security practitioners know a whole lot about computer and network security. That's why, almost weekly, we hear on the news about how the latest retail chain was hacked and N hundred thousand or K million credit card numbers were compromised. Your latest coterie of "CISSPs" will rush to babble about encryption, although encryption was never more than a Band-Aid approach, and the ease of stealing the keys is never mentioned. These keys live--guess where--in disk files that are no safer than the disk-file-resident ciphertext with which they are associated, but your Johnny-come-lately CISSPs, who have no experience with professional operating systems, have zero understanding of the underlying mechanisms and architectural strictures that make SECURE systems secure.

It makes one incredibly angry. Do you remember when some Russian group commandeered iPhones from afar? Yes, the iPhone comes out of the box with no identification and authentication mechanism, so Joe Anybody from across the globe enjoys the same privileges as the physical owner of the box. But, of course, security is "of vital importance" to Apple and Google and their ilk. S-U-U-U-U-R-E it is . . . I remember when I interviewed at Microsoft many years ago, before the genie was out of the bottle. Although nearly everyone enjoyed the freedom of a luxurious office, their current "security guru" was some clown in a cubicle who had the UNIX file permission algorithm PDL (yes, all six lines of it) displayed on his wall as if it were gospel--and as if a rhesus monkey couldn't memorize it.

Given the academic and experiential basis from which the authors proceed, one can almost feel pity for them rather than revulsion. But I did say ALMOST. The book is garbage because the material is nonsense. One can find any number of textbooks about, say, UNIX, offering spellbindingly accurate, broad, and deep coverage of this and that. But, look for "the Bible" on Windows security, and all you will EVER succeed in finding is a few vague mentions here and there, along with statements that the mechanisms are "in flux" or "difficult to understand," or other excuses that might fool a grade-schooler. Christ, they can't even get the terminology correct: an audit "profile" (as one might reasonably term it) attached to a file system object is called the "system access control list" or other such nonsense.

Even more pathetic than the content is the packaging--"Hacking Exposed," as if they're offering the keys to the kingdom. They're offering vague, quasi-applicable, extremely intermediate-level nonsense.
HASH(0xb3cc72b8) out of 5 stars Must have book! Feb. 23 2008
By Amazon Customer - Published on Amazon.com
Format: Paperback
This is a must-have book for anyone who works with Windows clients or servers as a part of their job. It gives a lot of detail, both on what security issues Windows security administrators face, as well as guidance on how to mitigate risks regarding Windows security. The checklists in the back of the book alone are worth keeping as a baseline lockdown policy.
HASH(0xb3cc7468) out of 5 stars Great book! Got exactly what I requested and delivery ... April 4 2016
By Honey Bee - Published on Amazon.com
Format: Paperback Verified Purchase
Great book! Got exactly what I requested and delivery was very timely!!! Awesome!!!