ExamTopics Logo
Mail Us[email protected]
Menu
Eccouncil Discussions
exam questions

Exam 312-50v11 All Questions

View all questions & answers for the 312-50v11 exam
Go to Exam

Exam 312-50v11 topic 1 question 348 discussion

Actual exam question from ECCouncil's 312-50v11
Question #: 348
Topic #: 1
[All 312-50v11 Questions]

Attacker Simon targeted the communication network of an organization and disabled the security controls of NetNTLMv1 by modifying the values of
LMCompatibilityLevel, NTLMMinClientSec, and RestrictSendingNTLMTraffic. He then extracted all the non-network logon tokens from all the active processes to masquerade as a legitimate user to launch further attacks.
What is the type of attack performed by Simon?

  • A. Combinator attack
  • B. Dictionary attack
  • C. Rainbow table attack
  • D. Internal monologue attack
Show Suggested Answer Hide Answer
Suggested Answer: D 🗳️
by Scryptic at Sept. 28, 2021, 2:07 a.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
Scryptic
Highly Voted 2 years, 3 months ago
Internal Monologue Attack: Retrieving NTLM Hashes without Touching LSASS Introduction Mimikatz, developed by Benjamin Delpy (@gentilkiwi), is a well-regarded post-exploitation tool, which allows adversaries to extract plain text passwords, NTLM hashes and Kerberos tickets from memory, as well as perform attacks such as pass-the-hash, pass-the-ticket or build a golden ticket. Arguably, the primary use of Mimikatz is retrieving user credentials from LSASS process memory for use in post exploitation lateral movement.
upvoted 6 times
...
Cokamaniako
Most Recent 11 months, 2 weeks ago
Steps to perform an internal monologue attack: 1. The attacker disables the security controls of NetNTLMv1 by modifying the values of LMCompatibilityLevel, NTLMMinClientSec, and RestrictSendingNTLMTraffic.
upvoted 1 times
...
Daniel8660
1 year, 3 months ago
Selected Answer: D
Types of Password Attacks - Active Online Attacks: Internal Monologue Attack Attackers perform an internal monologue(獨自) attack using SSPI (Security Support Provider Interface) from a user-mode application, where a local procedure call to the NTLM authentication package is invoked to calculate the NetNTLM response in the context of the logged-on user.Attacker disables the security controls of NetNTLMv1, extracts all the non-network logon tokens from all the active processes to masquerade as legitimate users. (P.594/578)
upvoted 2 times
...
EngnSu
1 year, 7 months ago
Steps of Attacker: 1. Disable the security controls of NetNTLMv1 2. Extract all the non-network logon tokens from all the active processes 3. Interact with NTLM SSP locally to obtain NetNTLMv1 response 4. Restore the security controls of NetNTLMv1 5.Crack the NTLM hash using rainbow tables Attacker 6. Use the cracked hashes to gain system-level access
upvoted 4 times
...
KumaraRashu
1 year, 11 months ago
Correct Ans:CEH v11 module 6
upvoted 4 times
...
jinjection
2 years, 3 months ago
Correct D
upvoted 2 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel