Stories
Slash Boxes
Comments

SoylentNews is people

SoylentNews is powered by your submissions, so send in your scoop. Only 16 submissions in the queue.

Net Cease: Microsoft Researchers Unveil Anti-Reconnaissance Tool

posted by cmn32480 on Wednesday October 19 2016, @05:52PM   Printer-friendly
from the who's-watching? dept.

MrPlow writes:

Submitted via IRC for TheMightyBuzzard

Microsoft researchers Itay Grady and Tal Be'ery have released Net Cease, a PowerShell script that prevents attackers who have already compromised an endpoint from getting information about other targets within the same corporate network.

The idea behind the script is to make attackers' lateral movement on the network more difficult.

[...] Net Cease works by changing the default permissions for the NetSessionEnum method to limit the number of domain users who are able to execute the method remotely.

"The NetCease script hardens the access to the NetSessionEnum method by removing the execute permission for Authenticated Users group and adding permissions for interactive, service and batch logon sessions," the creators explained.

This one's for all you admin types out there who have no choice but to have large numbers of Windows devices on your network.

Source: https://www.helpnetsecurity.com/2016/10/18/net-cease-network-anti-reconnaissance-tool/

Original Submission

 
This discussion has been archived. No new comments can be posted.
Net Cease: Microsoft Researchers Unveil Anti-Reconnaissance Tool | Log In/Create an Account | Top | 12 comments | Search Discussion
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.

  • (Score: 4, Funny) by aristarchus on Wednesday October 19 2016, @07:00PM

    by aristarchus (2645) on Wednesday October 19 2016, @07:00PM (#416289) Journal

    Actually, this is probably meant to take attention off the Wikileak of Clinton's emails, wherein Bill OR Melinda Gates were suggested for the VP slot on the Clinton ticket.

    Starting Score:    1  point
    Moderation   +2  
       Funny=2, Total=2
    Extra 'Funny' Modifier   0  
    Karma-Bonus Modifier   +1  
    Total Score:   4  

  • (Score: 3, Insightful) by frojack on Wednesday October 19 2016, @07:31PM

    by frojack (1554) on Wednesday October 19 2016, @07:31PM (#416302) Journal

    Well I don't actually see an election tie in, and if there was something to suppress it would be the Lolita Express [washingtontimes.com] story, rather than VP choices that were never real, and never going to fly in the first place.

    The fact that a beachhead in any single windows domain member usually gives you total lateral access across multiple domains, isn't news.
    And the idea that some cheasy script is going to stop that seems laughable.

    I can't imagine why Microsoft would release this as an optional script rather than a real patch, unless of course it cripples much of the windows domain functionality that users have come to expect and rely on (knowing full well it was insecure).

    --
    No, you are mistaken. I've always had this sig.