How this Book is Organized

This book is divided into a total of seven chapters with each chapter focusing on specific Microsoft software products. Each chapter provides an overview of a single Microsoft software product, how it is used, and some of the core functionality behind the software. Additionally, each chapter explores the anatomy of attacks against the software and describes what some of the dangers may be if an attacker is successful during an attack. Some of the common attacks that may be used against Microsoft software are outlined in scenarios found in each chapter. Finally, at the end of each chapter you will be able to explore possible defenses that can be implemented to help prevent the attacks described in the scenarios.

The Microsoft products selected and the scenarios described during the creation of this book were due to the widespread deployment of the products and the relevance of the associated attacks. The attacks explained and demonstrated are very well known and well documented. One could argue there may be more dangerous attacks and plenty of additional Microsoft products to attack, however, during the development of this book, the products and attacks described are some of the most relevant to Microsoft networks over time. Some of the attack techniques described may not only apply to Microsoft products or even the specific product discussed in a particular chapter. Several of the attacks described can be used in a variety of situations and may not be limited to just the attack scenarios we describe in each chapter.

Due to the nature and focus of the types of attacks found in this book, it is not necessary to begin with Chapter 1. Each chapter focuses on a single Microsoft software product and does not require knowledge from earlier chapters, which allows you to choose where you wish to start your reading in this book. The following descriptions will provide you with an overview of the information found in each chapter and some of the rationale behind why the Microsoft product was selected as one of the top seven.

Chapter 1: Windows Operating System – Password Attacks

In this first chapter, you will explore how Microsoft Windows operating systems handle password storage, policies, and different types of attacks that can be performed against Windows passwords. Some of the subject matter includes NT and LM hashes, SAM, SYSKEY, LSA secrets, password policies, lockout policies, and defense-in-depth. This chapter also provides a critical overview of what is sometimes the last or only line of defense for many organizations and thus deserves a deep discussion on the subject matter. Several attack scenarios are provided to demonstrate the importance of why the deployment of a well designed password and lockout policy can be crucial to an organization's security program. Recommendations are presented to help organizations focus on a solid defensive posture.

Chapter 2: Active Directory – Escalation of Privilege

Chapter 2 focuses on the concept of escalating privileges within a Microsoft network through misconfigured services and maintenance interfaces. The chapter focuses on how escalation attacks can allow attackers to further penetrate a network by leveraging access gained through accounts with limited privileges and using implementation flaws to gain additional privileges within the Microsoft network. Several types of escalation are discussed, including vertical, horizontal, and descalation. At the end of the chapter, you will learn about defensive strategies that can help reduce the likelihood of these types of attacks.

Chapter 3: SQL Server – Stored Procedure Attacks

SQL Server is an important component of many organization's data storage architecture. In this chapter, you will take a deep look into how SQL Server uses stored procedures, and some of the dangers associated with weak implementations of SQL Server. This chapter illustrates several types of authenticated and unauthenticated attacks to clearly demonstrate some of the potential risks with a poorly designed deployment. Understanding how poorly implemented stored procedures can allow attackers to gain access to and manipulate data is an important part of knowing how to defend against such attacks. Various defensive considerations are explored to help you prevent attacks that can severely impact your organization's data.

Chapter 4: Exchange Server – Mail Service Attacks

Communication is vital to the success of any organization. This chapter provides coverage of the Microsoft Exchange product and some of the deadliest attacks against its framework. Attacking an organization's communication infrastructure can cause massive disruption and loss of customer confidence. In this chapter, you will learn about several common attacks and the defenses that can help prevent them from being successful.

Chapter 5: Office – Macros and ActiveX

Attacks against Microsoft Office products have been successful for many years. In this chapter, you will take a look into some of the deadliest ways attackers can gain a foothold in your network by leveraging client-side ActiveX and macro attacks. Several scenarios demonstrate how effective the attacks are and demonstrate why these types of attacks should still be considered deadly. Several different defensive measures that can help protect your organization from falling prey to these types of attacks are explained.

Chapter 6: Internet Information Services – Web Service Attacks

One of the most popular applications from Microsoft is also one of the top choices for hosting Web content on the Internet. Internet Information Services (IIS) provides customers, employee, and partners with the information they need to interact with your organization. Due to this application's direct exposure to the Internet, it becomes a prime target for attackers while attempting to gain access to your organization's data. In this chapter, you will explore various components of Microsoft IIS and some of the attacks that can cause a significant impact to your organization. Plenty of defensive considerations are presented to help protect your organization's implementation of IIS.

Chapter 7: SharePoint – Multi-tier Attacks

SharePoint is often the primary repository for documentation and a focal point for collaboration while working in team environments. Its robust features and ease of setup allow teams and administrators to provide a series of services that can help facilitate information transfer while working on projects of all sizes. This chapter focuses on how multi-tier attacks can allow attackers to gain access to resources stored within SharePoint by leveraging vulnerabilities that may or may not be the direct result of a SharePoint implementation flaw.

Conclusion

Writing this book has been a great experience and hopefully you will enjoy reading it. Innovation and persistence are the staples of researching and discovering new attacks against Microsoft software, and it is likely new attacks will continue to evolve over time. This book will provide you with the knowledge of what some of the most popular and deadly attack scenarios look like today, so you can prepare to defend your network against the threats of tomorrow.