Microsoft research team member Itai Grady and Tal Be’ery have released another tool to help admins harden their environment against reconnaissance attacks: SAMRi10 (pronounced “Samaritan”).
each the net end device they released in October and samri10 are simple powershell scripts and are geared toward stopping attackers which can be already internal a corporate community from mapping it out and find their next goal (computer, server, and many others.) the previous does so by using altering internet consultation enumeration (netsessionenum) default permissions, the latter via altering faraway SAM access default permissions.
“querying the home windows security account supervisor (SAM) remotely via the SAM-far off (SAMR) protocol towards their victim’s domain machines, allows the attackers to get all domain and neighborhood users with their organization club and map possible routes within the victim’s community,” the researchers referred to, adding that some assault frameworks have already automatic that mapping procedure.
“previous to home windows 10 and home windows server/dc 2016 the choice to restrict far flung access to SAM did not exist. with windows 10 anniversary edition, the samri10 will restriction the far flung access to nearby administrators/domain admins and any member of ‘far off SAMusers’ (admin or non-admin),” grady defined to me in an e mail.
“hardening windows 10 workstations and home windows server 2016 will limit the get admission to to their nearby bills and businesses info over faraway SAM. hardening area controller 2016 (promoted windows server 2016) will restriction the access to the domain debts and agencies information over far off SAM.” the tool is meant best for home windows 10 versions and home windows server 2016, because older windows versions don’t examine the registry placing used to configure the remote get admission to to SAM. “so although the script will add it to their registry, the SAM server will ignore it,” he mentioned.
SAMRi10 may be downloaded from here. instructions for set up and use are protected within the zip file.