A. LLMNR is a multicast protocol conected to the DNS protocol,it Sends both ip

1. A. LLMNR is a multicast protocol conected to the DNS protocol,
2. it Sends both ipv4 and ipv6 simultaneous
3. NBNS is a service that register the NetBIOS name's of every PC uppon connectiong to the network
4.  
5. LLMNR poisoning
6.  
7. yes, you can disable the LLMNR and NetBios. and limit Pre User privilege tho it wont stop the attack only limit the attacker preuser he control
8.  
9. SMB Relay
10.  
11.  
12. LLMNR poisoning is happening on the network
13.  
14. WPAD
15.  
16. just a proxy list automaited tool
17. located the proxy from the list, test it and connect to the WAN
18. the attackers can connect to the network and "spoof" itself as a proxy server
19. then the attacker relay all traffic throw him and can monitor the domain network
20. the mitigation:
21. witelist mac address
22. disable WPAD ofc...
23.  
24.  
25.  
26. Multi-Relay & Responder
27. A. Explain the Responder & Multi-Relay integrated attack process. Does an admin user need to be attacked?
28. B. You did a Multi-Relay attack but forgot to disable the SMB in Responder, what will happen, and why should you do it?
29. C. Can a response affect the corporate network? explain.
30.  
31.  
32. responder is just a fake service provider.
33. its can spoof a lot of fake and heavily modded packets
34.  
35.  
36. attacker enum the DC
37. fines a user
38. gain access by attack by DLL or somthing
39. get to share folder
40. create file with the responder script