I gave a talk at a local hacker meetup this past weekend.  My talk was a combination of LLMNR and NetBIOS Poisoning, Responder, and the Responder Monitor decoy in Mazerunner.  A lot of what is in the presentation is already posted here but I think it would be helpful to have an aggregate, in the form of a presentation, to put it all together.  The key points are:  What is Responder?  How the attack works.  Possible defensive measures.  Reality.  And finally, How Mazerunner can help identify the attacker.

While performing registry queries for something not exactly related, I saw an application on my personal machine with an unquoted service path.  Since this is a commonly used application, I've contacted the developer and I've submitted the CVE to secure an ID -- that whole "responsible disclosure" thing.  Seriously though, this isn't an obscure application and I would go so far as to say it's heavily used.  The mitigation technique would be to quote the path but that's something the average user wouldn't be capable of doing.  So while we wait, I'll explain the problem in detail.

Disclosure date: 10/24/19

CVE-2019-18414

Restaurant Management System 1.0 is affected by a Cross Site Request Forgery vulnerability due to a lack of CSRF protection. This could lead to an attacker tricking the administrator into executing arbitrary code via a specially crafted HTML page.