The Cyber Threat Perspective Episode 123: Insecure Active Directory Protocols
Feb 7, 2025
Dive into the world of insecure Active Directory protocols and discover how they can be exploited by attackers for privilege escalation and lateral movement. Learn about essential tools like Pincastle and Purple Knight for identifying security issues. Explore the risks of legacy protocols such as LMNR and NBNS, including potential attacks. Understand the evolving challenges in internal penetration testing and the vulnerabilities of the Windows web client service, emphasizing the importance of updating security practices.
AI Snips
Chapters
Transcript
Episode notes
Disable LMNR and NBNS Protocols
- Disable LMNR and NBNS protocols to prevent poisoning and relaying attacks.
- Use group policies to easily disable these legacy protocols and reduce internal attack surface.
Responder Use in Pen Testing
- Responder was once the fundamental tool for network-based internal pen testing.
- Tyler Roberts no longer runs it if group policies disable LMNR/NBNS, reflecting improved defensive measures.
Disable Spooler Service on DCs
- Disable the Print Spooler service on domain controllers to block coercion attacks.
- Use group policies to automate disabling and regularly audit for running services.