Hi,
Does InsightVM have the ability to perform LLMNR / NBT-NS detection?
We have identified a few customers having issues with https://attack.mitre.org/techniques/T1557/001/ and utilizing LLMNR / NBT-NS in particular to obtain NTLMv2 hashes in a pentest, though the standard Insight Agent and Network Scan (Exhaustive-template) didn’t mark those as potential issues.
I see that tenable might have something for this:
https://www.tenable.com/plugins/nessus/53513
https://www.tenable.com/plugins/nessus/54629
In the exhaustive scan-template with the default well-known ports, looking at the “<installation_directory>/plugins/java/1/NetworkScanners/1/default-services.properties” file I see port 137 listed, but not 5355 - but adding that does not seem to catch it either.
Or is it because the scan template is not wide enough? Would the “Penetration test” be a better fit here to try catch those?
Have any of you worked with this in relation to InsightVM scans before?