How to compromise internal network infrastructure through the default settings of Windows OS

Abstract

Number of cyber-attacks grows every singleday. In fact, in 2020, the Microsoft reported about 64% increment of the number of reported vulnerabilities in the last 5 years. In this article, we present and demonstrate some recent cyber-attacks and security threats that can compromise the whole domain network in many current enterprises. These attacks use only default Windows OS services, settings and protocols. We show how easily can the network be compromised by using vulnerabilities of widely used protocols such as NetBIOS, Domain Name System (DNS), Link-Local Multicast Name Reslution(LLMNR)  and  Web  Proxy  Auto-Discovery  (WPAD). Finally, we describe countermeasures used to mitigate these attacks.