High-risk tools in Sec Netexec
10 of the 12 tools in Sec Netexec are classified as high risk. This page profiles those tools specifically, with recommended policy actions and the attack patterns that target them.
Every operation listed below is an action PolicyLayer recommends controlling at the transport layer. Open any tool to see the full profile, risk score, and YAML policy snippet.
Tools at high risk
-
nxc_ldapExecuteExecute NetExec LDAP protocol commands for Active Directory enumeration, including users, groups, Kerberoasting, and BloodHound collection.
-
nxc_mssqlExecuteExecute NetExec MSSQL protocol commands for SQL Server enumeration and command execution.
-
nxc_rawExecuteExecute a raw NetExec command with full control over all arguments. Use for advanced scenarios not covered by other tools.
-
nxc_rdpExecuteExecute NetExec RDP protocol commands for credential validation and screenshot capture.
-
nxc_sharesExecuteEnumerate and interact with SMB shares on target systems.
-
nxc_smbExecuteExecute NetExec SMB protocol commands for Windows enumeration, credential validation, command execution, and credential dumping. Supports pass-the-hash attacks.
-
nxc_sprayExecutePerform password spraying attacks across multiple targets with configurable options.
-
nxc_sshExecuteExecute NetExec SSH protocol commands for Linux/Unix enumeration and command execution.
-
nxc_winrmExecuteExecute NetExec WinRM protocol commands for remote Windows management and command execution.
-
nxc_wmiExecuteExecute NetExec WMI protocol commands for Windows management and command execution.
Attacks that target this class
High-risk tools in any server share these documented attack patterns. Each links to the full case and the defensive policy.