Seven Deadliest Microsoft Attacks

Seven Deadliest Microsoft Attacks

1st Edition - March 1, 2010

Write a review

  • Authors: Rob Kraus, Brian Barber, Mike Borkin, Naomi Alpern
  • eBook ISBN: 9781597495523

Purchase options

Purchase options
DRM-free (Mobi, EPub, PDF)
Sales tax will be calculated at check-out

Institutional Subscription

Free Global Shipping
No minimum order


Seven Deadliest Microsoft Attacks explores some of the deadliest attacks made against Microsoft software and networks and how these attacks can impact the confidentiality, integrity, and availability of the most closely guarded company secrets. If you need to keep up with the latest hacks, attacks, and exploits effecting Microsoft products, this book is for you. It pinpoints the most dangerous hacks and exploits specific to Microsoft applications, laying out the anatomy of these attacks including how to make your system more secure. You will discover the best ways to defend against these vicious hacks with step-by-step instruction and learn techniques to make your computer and network impenetrable. The book consists of seven chapters that cover the seven deadliest attacks against Microsoft software and networks: attacks against Windows passwords; escalation attacks; stored procedure attacks; mail service attacks; client-side ActiveX and macro attacks; Web service attacks; and multi-tier attacks. Each chapter provides an overview of a single Microsoft software product, how it is used, and some of the core functionality behind the software. Furthermore, each chapter explores the anatomy of attacks against the software, the dangers of an attack, and possible defenses to help prevent the attacks described in the scenarios. This book will be a valuable resource for those responsible for oversight of network security for either small or large organizations. It will also benefit those interested in learning the details behind attacks against Microsoft infrastructure, products, and services; and how to defend against them. Network administrators and integrators will find value in learning how attacks can be executed, and transfer knowledge gained from this book into improving existing deployment and integration practices.

Key Features

  1. Windows Operating System-Password Attacks
  2. Active Directory-Escalation of Privilege
  3. SQL Server-Stored Procedure Attacks
  4. Exchange Server-Mail Service Attacks
  5. Office-Macros and ActiveX
  6. Internet Information Serives(IIS)-Web Serive Attacks
  7. SharePoint-Multi-tier Attacks


Information security professionals of all levels; Micosoft admins; recreational hackers

Table of Contents

  • Acknowledgments

    About the Authors


    Chapter 1 Windows Operating System – Password Attacks

        Windows Passwords Overview

             Security Accounts Manager

             System Key (SYSKEY)

             LAN Manager Hash

             NT Hash

             LSA Secrets

             Password and Lockout Policies

        How Windows Password Attacks Work

        Dangers with Windows Password Attacks

             Scenario 1: Obtaining Password Hashes

             Scenario 2: Pass the Hash

             Scenario 3: Timed Attacks to Circumvent Lockouts

             Scenario 4: LSA Secrets

        Future of Windows Password Attacks

        Defenses against Windows Password Attacks

             Defense-in-Depth Approach

             Microsoft and Third-Party Software Patching

             Logical Access Controls

             Logging Security Events

             Implementing Password and Lockout Policies

             Disable LM Hash Storage for Domain and Local Systems

             SYSKEY Considerations


    Chapter 2 Active Directory – Escalation of Privilege

        Escalation of Privileges Attack Anatomy

        Dangers with Privilege Escalation Attacks

             Scenario 1: Escalation through Batch Scripts

             Scenario 2: Attacking Customer Confidence

             Scenario 3: Horizontal Escalation

        Future of Privilege Escalation Attacks

        Defenses against Escalation of Privilege Attacks

             First Defensive Layer: Stop the Enemy at the Gate

             Second Defensive Layer: Privileges Must Be Earned

             Third Defensive Layer: Set the Rules for the Playground

             Fourth Defensive Layer: You’ll Need That Secret Decoder Ring



    Chapter 3 SQL Server – Stored Procedure Attacks

        How Stored Procedure Attacks Work

             Initiating Access

             Accessing Stored Procedures

        Dangers Associated with a Stored Procedure Attack

             Understanding Stored Procedure Vulnerabilities

             Scenario 1: Adding a Local Administrator

             Scenario 2: Keeping Sysadmin-Level Access

             Scenario 3: Attacking with SQL Injection

        The Future of Stored Procedure Attacks

        Defenses against Stored Procedure Attacks

             First Defensive Layer: Eliminating First-Layer Attacks

             Second Defensive Layer: Reduce the First-Layer Attack Surface

             Third Defensive Layer: Reducing Second-Layer Attacks

             Fourth Defensive Layer: Logging, Monitoring, and Alerting

             Identifying Vital Attack Events

             Fifth Defensive Layer: Limiting the Impacts of Attacks



    Chapter 4 Exchange Server – Mail Service Attacks

        How Mail Service Attacks Work

             Mail Flow Architecture

             Attack Points

        Dangers Associated with Mail Service Attacks

             Scenario 1: Directory Harvest Attacks

             Scenario 2: SMTP Auth Attacks

             Scenario 3: Mail Relay Attacks

        The Future of Mail Service Attacks

        Defenses against Mail Service Attacks

             Defense in the Perimeter Network

             Defense on the Internal Network

             Supporting Services


    Chapter 5 Office – Macros and ActiveX

        Macro and Client-Side Attack Anatomy

             Macro Attacks

             ActiveX Attacks

        Dangers Associated with Macros and ActiveX

             Scenario 1: Metasploit Reverse TCP Connection

             Scenario 2: ActiveX Attack via Malicious Website

        Future of Macro and ActiveX Attacks

        Macro and ActiveX Defenses

             Deploy Network Edge Strategies

             Using Antivirus and Antimalware

             Update Frequently

             Using Office Security Settings

             Working Smart



    Chapter 6 Internet Information Services – Web Service Attacks

        Microsoft IIS Overview

             File Transfer Protocol Publishing Service

             WebDAV Extension


        How IIS Attacks Work

        Dangers with IIS Attacks

             Scenario 1: Dangerous HTTP Methods

             Scenario 2: FTP Anonymous Access

             Scenario 3: Directory Browsing

        Future of IIS Attacks

        Defenses Against IIS Attacks

             Disable Unused Services

             Default Configurations

             Account Security

             Patch Management


             Segregate IIS

             Penetration Testing


             IIS Lockdown


    Chapter 7 SharePoint – Multi-tier Attacks

        How Multi-tier Attacks Work

        Multi-tier Attack Anatomy

        Dangers with Multi-tier Attacks

             Scenario 1: Leveraging Operating System Vulnerabilities

             Scenario 2: Indirect Attacks

        How Multi-tier Attacks Will Be Used in the Future

        Defenses against Multi-tier Attacks

             First Defensive Layer: Failure to Plan = Plan to Fail

             Second Defensive Layer: Leave No Hole Unpatched

             Third Defensive Layer: Form the Protective Circle




Product details

  • No. of pages: 192
  • Language: English
  • Copyright: © Syngress 2010
  • Published: March 1, 2010
  • Imprint: Syngress
  • eBook ISBN: 9781597495523

About the Authors

Rob Kraus

Rob Kraus (CISSP, C|EH, MCSE) is a Senior Security Consultant for Solutionary, Inc. Rob is responsible for organizing customer requirements, on-site project management and client support while ensuring quality and timeliness of Solutionary's products and services.

Rob was previously a Remote Security Services Supervisor with Digital Defense, Inc. He performed offensive-based security assessments consisting of penetration testing, vulnerability assessment, social engineering, wireless and VoIP penetration testing, web application penetration tests and vulnerability research. As a supervisor, Rob was also responsible for leading and managing a team of penetration testers who performed assessment services for Digital Defense's customers.

Rob's background also includes contracting as a security analyst for AT&T during the early stages of the AT&T U-verse service as well as provisioning, optimizing, and testing OC-192 fiber-optic networks while employed with Nortel Networks.

Rob also speaks at information security conferences and universities in an effort to keep the information security community informed of current security trends and attack methodologies.

Affiliations and Expertise

CISSP, C|EH, MCSE; Senior Security Consultant for Solutionary, Inc.

Brian Barber

Brian Barber (Linux+, MCSE, MCSA, MCP+I, CNE, CNA-GW) works for the Canada Deposit Insurance Corporation (CDIC) as a project manager and architect for CDIC's IT service management program. He first started using Linux at home with Red Hat 5.1 and since then he has been a staunch advocate of open source software, belonging to the Ottawa Canada Linux User Group (OCLUG) since 2001 and the Ottawa Python Authors Group. His primary areas of interest are operating systems, infrastructure design, multiplatform integration, directory services, and enterprise messaging. In the past he has held the positions of Principal Consultant with Sierra Systems Group Inc., Senior Technical Coordinator at the LGS Group Inc. (now a part of IBM Global Services) and Senior Technical Analyst at MetLife Canada.

Affiliations and Expertise


Mike Borkin

Mike Borkin (MCSE, GSEC Gold) is an internationally recognized author and speaker in the area of IT security where he focuses mostly on data protection strategies, Microsoft security, and security architecture/engineering best practices. In addition to contributing articles related to security to magazines and speaking engagements for groups such as SANS and The Open Group in both the US and Europe, Mike is also the Co-Author of Vista Security for Dummies.

Affiliations and Expertise


Naomi Alpern

Naomi Alpern currently works for Microsoft as a consultant specializing in unified communications. She holds many Microsoft certifications, including an MCSE and MCT, as well as additional industry certifications such as Citrix Certified Enterprise Administrator, Security+, Network+, and A+. Since the start of her technical career she has worked in many facets of the technology world, including IT administration, technical training, and most recently, full-time consulting.

Affiliations and Expertise

Consultant, Unified Communications, Microsoft, USA, Citrix Certified Enterprise Administrator, Security+, Network+, A+, MCSE, MCT

Ratings and Reviews

Write a review

There are currently no reviews for "Seven Deadliest Microsoft Attacks"