Europe Confirms Record €4.1B Penalty Against Google for Android Practices|U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|Europe Confirms Record €4.1B Penalty Against Google for Android Practices|U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|
Advertisement

Ad Placeholder

Full Width × 90

Breaking News

Security experts released an anti-reconnaissance tool dubbed NetCease

A Microsoft security duo released a new tool dubbed NetCease designed to make hard for attackers to conduct reconnaissance. Microsoft experts have released a tool dubbed NetCease that was designed to make hard reconnaissance activities of hackers. The NetCease tool was developed by two researchers of the Microsoft Advanced Threat Analytics (ATA) research team, Itai Grady and Tal Be’ery. The […]

Security experts released an anti-reconnaissance tool dubbed NetCease

A Microsoft security duo released a new tool dubbed NetCease designed to make hard for attackers to conduct reconnaissance.

Microsoft experts have released a tool dubbed NetCease that was designed to make hard reconnaissance activities of hackers.

The NetCease tool was developed by two researchers of the Microsoft Advanced Threat Analytics (ATA) research team, Itai Grady and Tal Be’ery.

The security experts will present the tool at the Black Hat Europe where they will explore the concept of “offensive cyber defense” methods.

The application is not classified as an official Microsoft tool, but it has been made available on Microsoft’s TechNet Gallery under the default license terms for “Software on Documentation Portals.”

The reconnaissance is a critical phase of an attack, attackers gather information of the potential targets identified target machines, potential bridge components for lateral movements and privileged users.

Once the attacker has identified the targets, he can use the NetSessionEnum function to retrieve information about sessions established on domain controllers (DC) or other servers in the network.

A NetSessionEnum could allow attackers to discover device name, IP address, the username that established a session, and the duration of each session.

This data are essential for attackers to move laterally within their victim’s network.

Any domain user has the permission by default to execute the NetSessionEnum method remotely. Anyway, it is possible to harden the access to the NetSessionEnum method by manually editing a registry key. The NetCease is a PowerShell script that modifies this registry key modify to forbid the execution of the NetSessionEnum.

“Net Cease” tool is a short PowerShell (PS) script which alters Net Session Enumeration (NetSessionEnum) default permissions. This hardening process prevents attackers from easily getting some valuable recon information to move laterally within their victim’s network.” reads the NetCease description.

“The NetCease script hardens the access to the NetSessionEnum method by removing the execute permission for Authenticated Users group and adding permissions for interactive, service and batch logon sessions,” the experts explained. “This will allow any administrator, system operator and power user to remotely call this method, and any interactive/service/batch logon session to call it locally.”

netcease-tool

NetCease is simple to use, administrators have to run the PowerShell script as administrator on the machine they need to harden (i.e. a Domain Controller), then restart it.

[adrotate banner=”9″]

Pierluigi Paganini

(Security Affairs – NetCease tool, hacking)