Ebook: Seven Deadliest Microsoft Attacks

Do you need to keep up with the latest hacks, attacks, and exploits effecting Microsoft products? Then you need Seven Deadliest Microsoft Attacks. This book pinpoints the most dangerous hacks and exploits specific to Microsoft applications, laying out the anatomy of these attacks including how to make your system more secure. You will discover the best ways to defend against these vicious hacks with step-by-step instruction and learn techniques to make your computer and network impenetrable. Windows Operating System-Password AttacksActive Directory-Escalation of PrivilegeSQL Server-Stored Procedure AttacksExchange Server-Mail Service AttacksOffice-Macros and ActiveXInternet Information Serives(IIS)-Web Serive AttacksSharePoint-Multi-tier Attacks;Front Cover; Half Title Page; Series Title Page; Title Page; Copyright Page; Table of Contents; Acknowledgments; About the Authors; Introduction; Chapter 1. Windows Operating System -- Password Attacks; Windows Passwords Overview; Security Accounts Manager; System Key (SYSKEY); LAN Manager Hash; NT Hash; LSA Secrets; Password and Lockout Policies; How Windows Password Attacks Work; Dangers with Windows Password Attacks; Scenario 1: Obtaining Password Hashes; Scenario 2: Pass the Hash; Scenario 3: Timed Attacks to Circumvent Lockouts; Scenario 4: LSA Secrets; Future of Windows Password Attacks.;Defenses against Escalation of Privilege AttacksFirst Defensive Layer: Stop the Enemy at the Gate; Second Defensive Layer: Privileges Must Be Earned; Third Defensive Layer: Set the Rules for the Playground; Fourth Defensive Layer: You'll Need That Secret Decoder Ring; Summary; Endnotes; Chapter 3. SQL Server -- Stored Procedure Attacks; How Stored Procedure Attacks Work; Initiating Access; Accessing Stored Procedures; Dangers Associated with a Stored Procedure Attack; Understanding Stored Procedure Vulnerabilities; Scenario 1: Adding a Local Administrator.;Mail Flow ArchitectureAttack Points; Dangers Associated with Mail Service Attacks; Scenario 1: Directory Harvest Attacks; Scenario 2: SMTP Auth Attacks; Scenario 3: Mail Relay Attacks; The Future of Mail Service Attacks; Defenses against Mail Service Attacks; Defense in the Perimeter Network; Defense on the Internal Network; Supporting Services; Summary; Chapter 5. Office -- Macros and ActiveX; Macro and Client-Side Attack Anatomy; Macro Attacks; ActiveX Attacks; Dangers Associated with Macros and ActiveX; Scenario 1: Metasploit Reverse TCP Connection.;Defenses against Windows Password AttacksDefense-in-Depth Approach; Microsoft and Third-Party Software Patching; Logical Access Controls; Logging Security Events; Implementing Password and Lockout Policies; Disable LM Hash Storage for Domain and Local Systems; SYSKEY Considerations; Summary; Chapter 2. Active Directory -- Escalation of Privilege; Escalation of Privileges Attack Anatomy; Dangers with Privilege Escalation Attacks; Scenario 1: Escalation through Batch Scripts; Scenario 2: Attacking Customer Confidence; Scenario 3: Horizontal Escalation; Future of Privilege Escalation Attacks.;Scenario 2: Keeping Sysadmin-Level AccessScenario 3: Attacking with SQL Injection; The Future of Stored Procedure Attacks; Defenses against Stored Procedure Attacks; First Defensive Layer: Eliminating First-Layer Attacks; Second Defensive Layer: Reduce the First-Layer Attack Surface; Third Defensive Layer: Reducing Second-Layer Attacks; Fourth Defensive Layer: Logging, Monitoring, and Alerting; Identifying Vital Attack Events; Fifth Defensive Layer: Limiting the Impacts of Attacks; Summary; Endnotes; Chapter 4. Exchange Server -- Mail Service Attacks; How Mail Service Attacks Work.;Do you need to keep up with the latest hacks, attacks, and exploits effecting Microsoft products? Then you need Seven Deadliest Microsoft Attacks. This book pinpoints the most dangerous hacks and exploits specific to Microsoft applications, laying out the anatomy of these attacks including how to make your system more secure. You will discover the best ways to defend against these vicious hacks with step-by-step instruction and learn techniques to make your computer and network impenetrable. Attacks detailed in this book include: Windows Operating System - Password Attacks Active Directory - Escalation of Privilege SQL Server - Stored Procedure Attacks Exchange Server - Mail Service Attacks Office - Macros and ActiveX Internet Information Services (IIS) - Web Service Attacks SharePoint - Multi-Tier Attacks Knowledge is power, find out about the most dominant attacks currently waging war on computers and networks globally Discover the best ways to defend against these vicious attacks; step-by-step instruction shows you how Institute countermeasures, don't be caught defenseless again, learn techniques to make your computer and network impenetrable