Harden your #network against attackers with #Microsoft script Net Cease #security

Net Cease - Hardening Net Session Enumeration

Microsoft has released a PowerShell script called Net Cease that will harden machines against reconnaissance which is a key stage within the Advanced Attackers kill chain. According to details of the release on Microsoft TechNet, “once attackers have breached a single end-point, they need to discover their next targets within the victim’s corporate network, most notably privileged users.” Typically administrators will target Domain Controllers (DCs) to run the script.

“The NetCease script hardens the access to the NetSessionEnum method by removing the execute permission for Authenticated Users group and adding permissions for interactive, service and batch logon sessions. This will allow any administrator, system operator and power user to remotely call this method, and any interactive/service/batch logon session to call it locally.”

By default, NetSessionEnum method can be executed by any authenticated user, including network connected users, which effectively means that any domain user is able to execute it remotely.

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s