Attacker Simon targeted the communication network of an organization and disabled the security controls of NetNTLMv1 by modifying the values of LMCompatibilityLevel, NTLMMinClientSec, and RestrictSendingNTLMTraffic. He then extracted all the non-network logon tokens from all the active processes to masquerade as a legitimate user to launch further attacks.
What is the type of attack performed by Simon?
The attack described involves disabling security controls of NetNTLMv1 and extracting non-network logon tokens from active processes to masquerade as a legitimate user, which aligns with the characteristics of an internal monologue attack. This type of attack enables the attacker to retrieve NTLM hashes from the system without direct interaction with the LSASS process, thereby allowing unauthorized access while bypassing standard security measures.
D. Internal monologue attack CEH v12 book Module 06 Page 414 "The attacker disables the security controls of NetNTLMv1 by modifying the values of LMCompatibilityLevel, NTLMMinClientSec, and RestrictSendingNTLMTraffic."
D. Internal monologue attack Explanation: In this scenario, Simon performed an internal monologue attack, also known as a pass-the-hash attack. He disabled the security controls of NetNTLMv1 and extracted all the non-network logon tokens from active processes, which he then used to masquerade as a legitimate user to launch further attacks. This attack is particularly dangerous because it allows the attacker to bypass password authentication and gain access to sensitive information or systems.
D. Internal monologue attack Like Sausageman but on my books CEH V12 Module 06 P615
D. Internal monologue attack
D. Internal monologue attack
D. Internal monologue attack This is a technique that allows an attacker to retrieve NTLM hashes from a system without touching the LSASS process, which is usually protected by security solutions
correct is D