Kenneth AJ G. Quilantang
James Andrei C. Rivera
ABSTRACT
Many businesses ranging from small to large organizations use Windows 7 as their primary operating systems on their devices. A large portion of home desktops also use the operating system as well. This is a major risk due to the fact that Microsoft has discontinued support for Windows 7. With this vulnerability, hackers and cybercriminals utilize this to attack devices that use the outdated platform. The research focuses on the different attacks on Windows 7 ranging from listener exploits to system crash exploits. The penetration testing environment was done in a safe laboratory with the use of a virtual machine. The researchers then used different pen testing tools such as Metasploit, EternalBlue, NMAP, and other resources in order to penetrate the Windows 7 testing device. This study aims to provide recommendations to prevent such attacks from happening.
- Statscounter. 2020. Operating System Market Share Worldwide. (September 2020). Retrieved from https://gs.statcounter.com/osmarket-shareGoogle Scholar
- Tom Warren. 2019. Windows 10 is now more popular than Windows 7. (January 2019). Retrieved from https://www.theverge.com/2019/1/2/18164916/microsoftwindows-10-market-share-passes-windows-7-statisticsGoogle Scholar
- Lamont, J., 2021. Android had the most technical vulnerabilities in 2019: report. MobileSyrup. Retrieved October 22, 2020 from https://mobilesyrup.com/2020/03/07/android-most-vulnerabilities-2019-last-20-years/Google Scholar
- Arrif Bacchus. 2020. Windows 10 vs. Windows 7. (August 2020). Retrieved October 22, 2020 from https://www.digitaltrends.com/computing/windows-10-vs-windows-7/Google Scholar
- David Gewirtz. 2019. Windows, Mac, or Linux? We compare the pros and cons of these computing platforms. (April 2019). Retrieved October 22, 2020 from https://www.zdnet.com/article/windows-mac-or-linux-we-compare-the-pros-and-cons-of-these-computing-platforms/Google Scholar
- Ryan Fahey. 2020. Pentesting History. (2020). Retrieved October 22, 2020 from https://resources.infosecinstitute.com/topic/the-history-of-penetration-testing/Google Scholar
- Zuehlke, A.K. 2017. An Analysis Of Tools, Techniques, And Mathematics Involved In A Penetration Test. Retrieved from: https://libres.uncg.edu/ir/asu/f/Zuehlke,%20Andrew%20Spring%202017.pdfGoogle Scholar
- Michael Moore. 2017. Penetration testing and Metasploit. (April 2017). Retrieved October 22, 2020 from https://www.researchgate.net/publication/318710609_Penetration_Testing_and_MetasploitGoogle Scholar
- Ron Bowes. 2009. Scanning Windows Deeper With the Nmap Scanning Engine. (June 2009). Retrieved October 22, 2020 from https://www.sans.org/reading-room/whitepapers/testing/scanningwindows-deeper-nmap-scanning-engine-33138Google Scholar
- Offensive Security. 2020. About the Metasploit Meterpreter. (2020). Retrieved October 22, 2020 from https://www.offensive-security.com/metasploit-unleashed/about-meterpreter/Google Scholar
- Himanshu Sharma. 2019. Kali Linux An Ethical Hacker's Cookbook. (March 2019). Retrieved October 22, 2020 from https://books.google.com.ph/books?hl=en&lr=&id=j8-PDwAAQBAJ&oi=fnd&pg=PP1&dq=msfvenom%20using%20kali%20linux&ots=7QuIwsxq8W&sig=OJG5RhpQyA094UiNZZut75-qUq0&redir_esc=y#v=onepage&q=msfvenom&f=falseGoogle Scholar
- IT Pro. 2019. The Windows 7 vulnerabilities businesses must address.(April 2019). Retrieved October 22, 2020 from https://www.itpro.co.uk/software/33511/the-windows-7-vulnerabilities-businesses-must-addressGoogle Scholar
- Rajesh, D., Ahmed, A., Hussan, M., & Bollapalli, V. (2019). Malwares Creation and Avoidance. International Journal Of Computer Sciences And Engineering, 7(4), 179-183. https://doi.org/10.26438/ijcse/v7i4.179183Google Scholar
Recommendations
Penetration Testing on Virtual Environments
ICINS '16: Proceedings of the 4th International Conference on Information and Network SecuritySince the beginning, computer systems have faced the challenge of protecting the information with which they work, and with the technological development, computational security techniques have become more complex to face the potentials attacks. ...
A Review on 0-day Vulnerability Testing in Web Application
ICTCS '16: Proceedings of the Second International Conference on Information and Communication Technology for Competitive StrategiesIn recent year a lot of web applications have been released in the world. At the same time, Zero-Day attacks against web application vulnerabilities have also increased. In such a scenario, it is necessary to make web applications more secure. However ...
Pinpointing Vulnerabilities
ASIA CCS '17: Proceedings of the 2017 ACM on Asia Conference on Computer and Communications SecurityMemory-based vulnerabilities are a major source of attack vectors. They allow attackers to gain unauthorized access to computers and their data. Previous research has made significant progress in detecting attacks. However, developers still need to ...
Comments