halil deniz1d ago

Responder Tool for Network Credential Capture in Active Directory

In this article, I cover how Responder works, common credential capture techniques, and practical mitigation strategies for defending Active Directory environments.

https://denizhalil.com/2026/05/18/responder-tool-active-directory-credential-capture/

#CyberSecurity #ActiveDirectory #Responder #LLMNR #NTLM #CredentialCapture #RedTeam #BlueTeam #Pentesting #WindowsSecurity #InfoSec #EthicalHacking #DenizHalil

Comunitatea Linux RomâniaJun 4, 2025

Cum să eliberați portul 53 folosit de systemd-resolved

Ubuntu are systemd-resolved care ascultă în mod implicit pe portul 53. În cazul în care doriți să vă rulați propriul server DNS, nu puteți, deoarece portul 53 este deja utilizat, astfel încât veți primi un mesaj de eroare similar cu acesta: listen tcp 0.0.0.0.0:53 bind: address already in use Acest articol explică cum să opriți systemd-rezolved de la utilizarea portului 53 pe Ubuntu. Instrucțiunile au fost testate pe Ubuntu 20.04, dar ar trebui să funcționeze și pe […]

https://comunitatealinux.ro/cum-sa-eliberati-portul-53-in-ubuntu-folosit-de-systemd-resolved/

Child of darknessMar 28, 2025
#TIL: There is a protocol called #llmnr and it can resolve local hostnames.
I have a pure #debian #bookworm installation as #qemu on my #proxmox #server. My #fedora #desktop is able to resolve the hostname 'test-002' into an ip   
systemd-resolve says LLMNR as source but I'm wondering how the debian test machine publish that information out of the box..??
Show thread𝙽𝙴𝚃𝚁𝙴𝚂𝙴𝙲Jan 29, 2025

Here's a #Wireshark display filter that detects this type of #LLMNR (multicast name resolution) spoofing:

dns.​count.​answers > 0 and lower(dns.​qry.​name) != lower(dns.​resp.​name)

Uncle hadsnOct 1, 2024
#Windows のドメイン (ActiveDirectory) が解らん。ドメインに参加していると \\NetBIOS名 (例: \\FileServer) で名前解決ができるのに、ドメインに参加していない場合は名前解決ができないのはなぜ? ダイレクトホスティング #SMB こと #CIFS だから #WINS は関係がないはずだし、サブネットも違うから #LLMNR も使えないのは理解している。もしかしてドメインに参加していない場合、FQDNで指定 (例: \\FileServer.ad.example.com) しないといけない?
Petr Menšík Jul 5, 2023
Found Microsoft has deprecated #llmnr protocol in favor of #mdns. Found Windows 10 machine at home no longer resolves just bare name. Pushed change to #systemd. Lennart was already there saying let's not hurry. I say we should. Because resolved had that support broken anyway. And even Fedora Server 38 has it enabled.
Damien HullDec 1, 2022

Currently watching - SANS Workshop – NTLM Relaying 101: How Internal Pentesters Compromise Domains - The presenter is giving really good explanations of how things work. https://www.sans.org/webcasts/sans-workshop-ntlm-relaying-101-how-internal-pentesters-compromise-domains/

#SANS #NTLM #LLMNR #Windows #hacking

SANS Workshop – NTLM Relaying 101: How Internal Pentesters Compromise Domains | SANS Institute

In this workshop, SANS certified instructor Jean-François Maes will walk you through some of the most used NTLM relay attack paths pentesters use to compromise the domain.

Lobst3r (TWF1cm8gTS4=)Nov 4, 2022

Saper esprimere un concetto, sopratutto se complesso, in parole semplici non è facile. E non è banalizzazione, ma semplificazione.
A breve un nuovo post su #llmnr #spoofing (stavolta con cotanto di immagini di una poc reale).

Come sempre, spero possa venir utile.

zundaSep 24, 2018

設定ファイルは編集したが反映のさせかたが不明

$ cd /etc/systemd
$ sudo mv resolved.conf{,.orig}
$ sudo cp resolved.conf{.orig,}
$ diff -u resolved.conf{,.orig}
--- resolved.conf 2018-09-23 17:00:38.891952317 -1000
+++ resolved.conf.orig 2018-07-20 07:13:58.000000000 -1000
@@ -12,9 +12,9 @@
# See resolved.conf(5) for details

[Resolve]
-DNS=8.8.8.8
-FallbackDNS=1.1.1.1
-Domains=zunda.ninja
+#DNS=
+#FallbackDNS=
+#Domains=
#LLMNR=no
#MulticastDNS=no
#DNSSEC=no

Show threadTuxicomanJun 13, 2017

@aeris

Et dans systemd aussi :

$ cat /etc/systemd/resolved.conf
[Resolve]
#DNS=
#FallbackDNS=8.8.8.8 8.8.4.4 2001:4860:4860::8888 2001:4860:4860::8844
#Domains=
#LLMNR=yes
#DNSSEC=no
#Cache=yes
#DNSStubListener=udp