⌘Ctrlk

LLMNR Poisoning

used to identify hosts when DNS fails to do so
previous name NBT-NS
Key flaw is that services utilize a user's username and NTLMv2 hash when appropriately responded to

Attacks

Responder

$ sudo responder -I eth0 -dP

Defense

Group Policy

Administrative Templates
- Network
  - DNS Client
    Turn off Multicast Name Resolution

Require Network Access Control

Restrict by MAC address, etc.
Require strong user passwords

PreviousActive Directory NextSMB Relay Attacks

Last updated 2 months ago