Seven deadliest Microsoft attacks
Do you need to keep up with the latest hacks, attacks, and exploits effecting Microsoft products? Then you need Seven Deadliest Microsoft Attacks. This book pinpoints the most dangerous hacks and exploits specific to Microsoft applications, laying out the anatomy of these attacks including how to m...
| Otros Autores: | |
|---|---|
| Formato: | Libro electrónico |
| Idioma: | Inglés |
| Publicado: |
Amsterdam ; Boston :
Syngress/Elsevier
c2010.
|
| Edición: | 1st edition |
| Colección: | Syngress seven deadliest attacks series.
|
| Materias: | |
| Ver en Biblioteca Universitat Ramon Llull: | https://discovery.url.edu/permalink/34CSUC_URL/1im36ta/alma991009628309206719 |
Tabla de Contenidos:
- Front Cover; Half Title Page; Series Title Page; Title Page; Copyright Page; Table of Contents; Acknowledgments; About the Authors; Introduction; Chapter 1. Windows Operating System - Password Attacks; Windows Passwords Overview; Security Accounts Manager; System Key (SYSKEY); LAN Manager Hash; NT Hash; LSA Secrets; Password and Lockout Policies; How Windows Password Attacks Work; Dangers with Windows Password Attacks; Scenario 1: Obtaining Password Hashes; Scenario 2: Pass the Hash; Scenario 3: Timed Attacks to Circumvent Lockouts; Scenario 4: LSA Secrets; Future of Windows Password Attacks
- Defenses against Windows Password AttacksDefense-in-Depth Approach; Microsoft and Third-Party Software Patching; Logical Access Controls; Logging Security Events; Implementing Password and Lockout Policies; Disable LM Hash Storage for Domain and Local Systems; SYSKEY Considerations; Summary; Chapter 2. Active Directory - Escalation of Privilege; Escalation of Privileges Attack Anatomy; Dangers with Privilege Escalation Attacks; Scenario 1: Escalation through Batch Scripts; Scenario 2: Attacking Customer Confidence; Scenario 3: Horizontal Escalation; Future of Privilege Escalation Attacks
- Defenses against Escalation of Privilege AttacksFirst Defensive Layer: Stop the Enemy at the Gate; Second Defensive Layer: Privileges Must Be Earned; Third Defensive Layer: Set the Rules for the Playground; Fourth Defensive Layer: You'll Need That Secret Decoder Ring; Summary; Endnotes; Chapter 3. SQL Server - Stored Procedure Attacks; How Stored Procedure Attacks Work; Initiating Access; Accessing Stored Procedures; Dangers Associated with a Stored Procedure Attack; Understanding Stored Procedure Vulnerabilities; Scenario 1: Adding a Local Administrator
- Scenario 2: Keeping Sysadmin-Level AccessScenario 3: Attacking with SQL Injection; The Future of Stored Procedure Attacks; Defenses against Stored Procedure Attacks; First Defensive Layer: Eliminating First-Layer Attacks; Second Defensive Layer: Reduce the First-Layer Attack Surface; Third Defensive Layer: Reducing Second-Layer Attacks; Fourth Defensive Layer: Logging, Monitoring, and Alerting; Identifying Vital Attack Events; Fifth Defensive Layer: Limiting the Impacts of Attacks; Summary; Endnotes; Chapter 4. Exchange Server - Mail Service Attacks; How Mail Service Attacks Work
- Mail Flow ArchitectureAttack Points; Dangers Associated with Mail Service Attacks; Scenario 1: Directory Harvest Attacks; Scenario 2: SMTP Auth Attacks; Scenario 3: Mail Relay Attacks; The Future of Mail Service Attacks; Defenses against Mail Service Attacks; Defense in the Perimeter Network; Defense on the Internal Network; Supporting Services; Summary; Chapter 5. Office - Macros and ActiveX; Macro and Client-Side Attack Anatomy; Macro Attacks; ActiveX Attacks; Dangers Associated with Macros and ActiveX; Scenario 1: Metasploit Reverse TCP Connection
- Scenario 2: ActiveX Attack via Malicious Website
