Security researchers at Microsoft have released a PowerShell script that aims at stopping attackers from pulling off reconnaissance in a compromised network.
The tool, Net Case, was released late last week and modifies Net Session Enumeration (NetSessionEnum) default permissions so that if an attacker enters a network from a specific end point, they won’t be able to jump to a new target in that same network to gather intel. If unprotected, those who have breached a network can gather personal information, including name of specific PCs and IP addresses, session active and idle information, and names of those who have opened a specific session through the NetSessionEnum. Net Case looks to block the access points to the information that could easily be accessible through the use of tools like the widely available NetSess tool.