- Product
Product Overview
Sophisticated security with unmatched simplicityCloud SIEM
Pre-configured detections across your environmentHoneypots
Deception technology to detect lateral movementEndpoint Visibility
Real-time monitoring with added detection & responseSecurity Reports
Data visualizations, compliance reports, and executive summariesAutomated Response
Detect, prioritize, and neutralize threats around the clockIntegrations
Cloud, on-prem, and open API connectionsXDR Platform
A complete view to identify risk, and things operational
- Pricing
- Why Blumira
Why Blumira
The Security Operations platform IT teams loveWatch A Demo
See Blumira in action and how it builds operational resilienceUse Cases
A unified security solution for every challengePricing
Unlimited data and predictable pricing structureCompany
Our human-centered approach to cybersecurityCompare Blumira
Find out how Blumira stacks up to similar security toolsIntegrations
Cloud, on-prem, and open API connectionsCustomer Stories
Learn how others like you found success with Blumira
- Solutions
- Partners
- Resources
Null Session
A null session occurs when you log in to a system with no username or password. NetBIOS null sessions are a vulnerability found in the Common Internet File System (CIFS) or SMB, depending on the operating system.
Note: Microsoft Windows uses SMB, and Unix/Linux systems use CIFS.
Once an attacker has made a NetBIOS connection using a null session to a system, they can easily get a full list of all usernames, groups, shares, permissions, policies, services, and more using the Null user account. The SMB and NetBIOS standards in Windows include APIs that return information about a system via TCP port 139.
One method of connecting a NetBIOS null session to a Windows system is to use the hidden Inter-Process Communication share (IPC$). This hidden share is accessible using the net use command.
The “net use” command is a built-in Windows command that connects to a share on another computer. The empty quotation marks (” “) indicate that you want to connect with no username and no password. To make a NetBIOS null session to a system with the IP address 192.21.7.1 with the built-in anonymous user account and a null password using the net use command, the syntax is as follows:
net use \\192.21.7.1 \IPC$ "" /u: ""
Once the net use command has been successfully completed, the attacker has a channel over which to use other hacking tools and techniques.
Disable Null Sessions in Windows For Security
Disabling null sessions is a key way to help you strengthen your organization’s security and reduce your attack surface. Learn How to Disable Null Session in Windows in our security guide from Blumira’s security team.
Detect and respond to Microsoft Windows security threats, including null session attacks by known hacker tools with Blumira’s detection and response platform to gain visibility in your Windows servers.