Regarding requests and responses that may occur during the assessment

  • 23 October 2023
  • 1 reply

Userlevel 1

Our customer would like to have advance knowledge about the potential impacts of the assessment scan. They specifically request detailed information on which ports and types of communication and behavior occur during the endpoint assessment's Worm scenario and Hopper's LLMNR/NBT-NS Poisoning and relay tests.


On the Knowledge Base, I found information stating that for Worm scenario test, communication occur through SMB (port 445) and RPC (port 135), for Hopper's LLMNR/NBT-NS poisoning and relay is tested through LLMNR - UDP (port 5355) and NBT-NS - UDP (port 137).


However, there is a lack of information regarding the specific communication and behavior that takes place through these ports. Therefore, I kindly request further information on the exact nature of communication and behavior that occurs via these ports.


Best answer by moshe_elias 23 October 2023, 14:19

View original

1 reply

Userlevel 2
Badge +3

Hello Hrseo, we provide the requested information post assessment so that our customers can identify the stages that were successful, or not. Providing, where relevant, evidence (hashes, targets credentials etc.) in addition to analysis, detection and mitigation guidance at each stage.