Skip to content

Horizon3.ai Docs

LLMNR Poisoning Possible

Horizon3.ai Docs

Welcome
Getting Started
Getting Started
- Register an Account
  Register an Account
- Run an External Pentest
  Run an External Pentest
- Setup NodeZero Host
  Setup NodeZero Host
- (Optional) Manual Proxy Setup
  (Optional) Manual Proxy Setup
- Run an Internal Pentest
  Run an Internal Pentest
- Run an AD Password Audit
  Run an AD Password Audit
- Run 1-click Verify
  Run 1-click Verify
- NodeZero Portal Access Control
  NodeZero Portal Access Control
  - User Personas
  - User Management
  - Single Sign-On (SSO)
  - Identity Provider Guides
    Identity Provider Guides
    
    Azure
    
    Okta
Reference
Reference
- API
  API
  - CLI Tool
    
    CLI Tool
    
    Getting Started
    
    Guides
    Guides
    
    Automate NodeZero Deployment
    
    Scheduling from CLI
    
    Monitor Pentests
    
    Paginate Results
  - API Reference
    
    API Reference
    
    Authenticate
    
    Getting Started
    
    GraphQL API
- Automate Scheduling
  Automate Scheduling
- Attack Configuration
  Attack Configuration
  - Remote Access Tool
- BloodHound
  BloodHound
- Co-Branding
  Co-Branding
- Glossary
  Glossary
- Horizon 3 Weaknesses
  Horizon 3 Weaknesses
- Sensitive Data Exposure
  Sensitive Data Exposure
- Injecting Credentials
  Injecting Credentials
  - Injecting an AWS Role
- Phishing Impact Test
  Phishing Impact Test
  - The NodeZero Phishing Script
- NodeZero Modules
  NodeZero Modules
  - Cyanide
    
    Cyanide
- Notifications
  Notifications
- Media
  Media
- Templates
  Templates
- Release Notes
  Release Notes
  - 2024.06
  - 2024.05
  - 2024.04
  - 2024.03
  - 2024.02
  - 2024.01
Downloads
Downloads

LLMNR Poisoning Possible

Table of Contents

Option 1: Disable via Group Policy
Option 2: Disable on Selected Hosts

Option 1: Disable via Group Policy.

Open the "Local Group Policy Editor" on the Domain Controller.
Navigate to Computer Configuration > Administrative Templates > Network > DNS Client and then selecting: Turn Off Multicast Name Resolution
Click Enabled and select OK

Option 2: Disable on Selected Hosts

Log onto the host and open an Administrative Command Prompt

Disable LLMNR by disabling the "EnableMulticast" registry key with the following commands:

REG ADD "HKLM\Software\policies\Microsoft\Windows NT\DNSClient"
REG ADD "HKLM\Software\policies\Microsoft\Windows NT\DNSClient" /v "EnableMulticast" /t REG_DWORD /d "0" /f