Capturing NetNTLM Hashes with Office [DOT] XML Documents

随机文章
原文链接:bohops.com

使用 Office 的 XML 格式文档泄露账户 NetNTLM Hash

作者在文章后面给出的几条建议,粘贴上来参考一下:

  • Strong Password Policies – Minimize the attackers chance of cracking collected hashes with strong and unique passwords.
  • File Associations – Unless there is a viable business need, consider changing the default association for XML files to a test editor. This Microsoft Docs article provides guidance for using GPO/GPP to configure a “file type preference.”
  • Egress Rules – Outbound traffic, especially SMB (TCP 139/445) is dangerous for any organization (or home). Enforce egress firewall rules and open only what is needed.
  • (Remote) Users – Remote users that leverage webmail or VPNs that do not tunnel all traffic through it may be at risk for such an attack (and others like it). Try to tighten up remote access controls and tunnel traffic through the VPN if possible. Above all, train uses to be as diligent as possible about opening attachments.