Archives by Tag 'SMB'

Windows Server SMB Authentication Rate Limiter

By Andrei Ungureanu - Last updated: Sunday, March 20, 2022

A small but cool feature is available in the new insider version of Windows Server (soon to be available on Windows 11 too) called SMB Authentication Rate Limiter. This will slow down NTLM brute force attacks against SMB servers and will be a good protection for those small environments where advanced analytics and monitoring are […]

SMB security stuff

By Andrei Ungureanu - Last updated: Monday, March 14, 2022

Just leaving here a couple of SMB security related stuff for anyone interested: How to Defend Users from Interception Attacks via SMB Client Defense Beyond the Edge: How to Secure SMB Traffic in Windows Always use SMB signing (and encryption if possible; on SMBv3 it’s better to use encryption). Do not be afraid to test […]

How to enable SMB Encryption on Windows Shares

By Andrei Ungureanu - Last updated: Friday, March 23, 2018

Transferul intre client si server-ul Windows ce hosteaza un network share este necriptat by default. Iar in scenariile unde se pune accent pe securitatea informatiilor, acest lucru poate fi o problema serioasa. Incepand cu SMB v3 si Windows 2012, exista SMB Encryption. Si toata criptarea asta end to end se poate face printr-un simplu click: […]

Create Windows shares on remote servers

By Andrei Ungureanu - Last updated: Tuesday, March 20, 2018

Cum in ultimul timp ma invart numai prin probleme legate de file server, permisiuni NTFS si network share-uri, tot invat cum sa fac anumite task-uri in diverse moduri. Iar sa creezi un share pe o masina remote e tricky cateodata. Pe vremuri foloseam PSEXEC si rulam MKDIR si NET SHARE. Dar acum avem pretentii de […]

Access Based Enumeration (ABE) and Windows 10

By Andrei Ungureanu - Last updated: Sunday, March 4, 2018

In postul precedent am scris despre ceva legat de permisiuni si am mentionat si Access Based Enumeration (ABE). ABE este o functionalitate a Windows-ului ce face ca un server ce share-uieste foldere/fisiere sa arate clientului doar resursele la care acesta are acces. Si cum in articolul precedent am mentionat cazul in care nu este dat […]

Different ways to check for remotely open files

By Andrei Ungureanu - Last updated: Tuesday, February 20, 2018

Sunt foarte multe cazuri cand doresti sa verifici daca anumite fisiere sunt deschise de catre un client remote, si cel mai bun exemplu ar fi atunci cand se pregateste o operatiune de mentananta a unui server. Pot fi si alte scenarii dar nu intram in detalii. Mai bine sa vedem care sunt metodele prin care […]

Network access validation algorithms NTLM/SMB

By Andrei Ungureanu - Last updated: Thursday, October 11, 2012

Rasfoind prin KB-urile de la MS am gasit unul foarte interesant. Chiar daca se refera doar la XP/2003/2000 inca mai e util in unele scenarii de troubleshooting. http://support.microsoft.com/kb/103390 Gasiti aici explicate cateva scenarii plus algoritmul parcurs in procesul de autentificare. Este high level dar totusi foarte util. Mai ales in scenarii de workgroup.