Table of Contents

Copyright

Acknowledgments

About the Authors

Introduction

Chapter 1. Windows Operating System – Password Attacks

Windows Passwords Overview

Security Accounts Manager

System Key (SYSKEY)

LAN Manager Hash

NT Hash

LSA Secrets

Password and Lockout Policies

How Windows Password Attacks Work

Dangers with Windows Password Attacks

Scenario 1: Obtaining Password Hashes

Scenario 2: Pass the Hash

Scenario 3: Timed Attacks to Circumvent Lockouts

Scenario 4: LSA Secrets

Future of Windows Password Attacks

Defenses Against Windows Password Attacks

Defense-in-Depth Approach

Microsoft and Third-Party Software Patching

Logical Access Controls

Logging Security Events

Implementing Password and Lockout Policies

Disable LM Hash Storage for Domain and Local Systems

SYSKEY Considerations

Summary

Chapter 2. Active Directory – Escalation of Privilege

Escalation of Privileges Attack Anatomy

Dangers with Privilege Escalation Attacks

Scenario 1: Escalation through Batch Scripts

Scenario 2: Attacking Customer Confidence

Scenario 3: Horizontal Escalation

Future of Privilege Escalation Attacks

Defenses Against Escalation of Privilege Attacks

First Defensive Layer: Stop the Enemy at the Gate

Second Defensive Layer: Privileges Must Be Earned

Third Defensive Layer: Set the Rules for the Playground

Fourth Defensive Layer: You'll Need That Secret Decoder Ring

Summary

Endnotes

Chapter 3. SQL Server – Stored Procedure Attacks

How Stored Procedure Attacks Work

Initiating Access

Accessing Stored Procedures

Dangers Associated with a Stored Procedure Attack

Understanding Stored Procedure Vulnerabilities

Scenario 1: Adding a Local Administrator

Scenario 2: Keeping Sysadmin-Level Access

Scenario 3: Attacking with SQL Injection

The Future of Stored Procedure Attacks

Defenses Against Stored Procedure Attacks

First Defensive Layer: Eliminating First-Layer Attacks

Second Defensive Layer: Reduce the First-Layer Attack Surface

Third Defensive Layer: Reducing Second-Layer Attacks

Fourth Defensive Layer: Logging, Monitoring, and Alerting

Identifying Vital Attack Events

Fifth Defensive Layer: Limiting the Impacts of Attacks

Summary

Endnotes

Chapter 4. Exchange Server – Mail Service Attacks

How Mail Service Attacks Work

Mail Flow Architecture

Attack Points

Dangers Associated with Mail Service Attacks

Scenario 1: Directory Harvest Attacks

Scenario 2: SMTP Auth Attacks

Scenario 3: Mail Relay Attacks

The Future of Mail Service Attacks

Defenses Against Mail Service Attacks

Defense in the Perimeter Network

Defense on the Internal Network

Supporting Services

Summary

Chapter 5. Office – Macros and ActiveX

Macro and Client-Side Attack Anatomy

Macro Attacks

ActiveX Attacks

Dangers Associated with Macros and ActiveX

Scenario 1: Metasploit Reverse TCP Connection

Scenario 2: ActiveX Attack via Malicious Website

Future of Macro and ActiveX Attacks

Macro and ActiveX Defenses

Deploy Network Edge Strategies

Using Antivirus and Antimalware

Update Frequently

Using Office Security Settings

Working Smart

Summary

Endnote

Chapter 6. Internet Information Services – Web Service Attacks

Microsoft IIS Overview

File Transfer Protocol Publishing Service

WebDAV Extension

ISAPI

How IIS Attacks Work

Dangers with IIS Attacks

Scenario 1: Dangerous HTTP Methods

Scenario 2: FTP Anonymous Access

Scenario 3: Directory Browsing

Future of IIS Attacks

Defenses Against IIS Attacks

Disable Unused Services

Default Configurations

Account Security

Patch Management

Logging

Segregate IIS

Penetration Testing

URLScan

IIS Lockdown

Summary

Chapter 7. SharePoint – Multi-tier Attacks

How Multi-tier Attacks Work

Multi-tier Attack Anatomy

Dangers with Multi-tier Attacks

Scenario 1: Leveraging Operating System Vulnerabilities

Scenario 2: Indirect Attacks

How Multi-tier Attacks Will Be Used in the Future

Defenses Against Multi-tier Attacks

First Defensive Layer: Failure to Plan = Plan to Fail

Second Defensive Layer: Leave No Hole Unpatched

Third Defensive Layer: Form the Protective Circle

Summary

Endnotes