May 23rd, 2004, 10:04 PM
I was recently at a hands-on security lab presented by microsoft. The labs focused mainly on Server 2003 and it's security features.
The course was a bit over my head in many areas, but I was able to follow along and learn some from the experience.
One of the labs we did was "Implementing Security by Using Software Restrictions" exercise 1 in the lab involved setting a rule in Software Restriction Policies that Disallowed the hash of %windir%\System32\calc.exe. The next exercise showed how you would change the hash of calc.exe by replacing all the * with a space....worked great on their demo version, but I'm left with a couple of questions in the real world.
1) how much change must be made to change a hash, is it simply one character or space?
2)-how would you go about changing the hash of a program like telnet or cmd? typing notepad c:program/address/tochange.exe opens the program on notepad....but If I try doing so much as adding an extra blank line somewhere the result is a program that won't run at all.
thanks for helping me to clear these questions up.
If you want to make God laugh....make plans.