Blue Teaming - Defending Against Responder.py
Oh no, we at it again
Isn’t it just nice that when you plug in your PC to the network, it can start discovering your local printers, shares and even other workstations? Yea, your red team thinks so, too.
During a pentest engagement, one easy thing to have running in the background is Responder. Formally maintained by SpiderLabs, now by lgandx, Responder is a project based off python to poison LLMNR, NBT-NS and MDNS requests within a network.
What makes Responder so effective, and so dangerous, is when a user either types in a server name incorrectly, or more commonly does a Google search straight from the URL bar of their web browser (come on, we all do it). Your PC will first check its local DNS server for an address, and if nothing was found it’ll then do a local LLMNR and NetBIOS Server Name Broadcast, which an attacker’s PC will be listening for via Responder. When a...
Continue reading →