Collaborate Disseminate
While doing an internal assessment, I stumbled upon a very weird looking NTLMv2 hash (I will not use the "Net-NTLM" terminology but I’m talking about the NTLM protocol ) while using Responder with the –lm option (which afaik/wha… Continue reading Impossible NTLMv2 hash format with Responder lm option
Suppose I have several machines both Linux and Windows I want to connect to each other for file-sharing. Now I use mount -cifs command with vers=3.0 clause to access Windows shares from my Linux machines
mount -t cifs -o credentials=/etc/credentials.cred,vers=3.0,uid=1000,gid=1000 //192.168.137.1/folder /media/folder
and I also use standard Windows SMB/CIFS functionality to access Linux shares from Windows 10. What bothers me is the efficiency of such configuration.
I know that I can utilize encryption and signing in Windows, e.g. via Set-SmbServerConfiguration –RejectUnencryptedAccess $false, and I also know I can do this in Linux via smb.conf.
The question is: what is the most secure way to organize dual-way Samba sharing between Linux and Windows? Should I set up Linux as a server and Windows as client or vice versa?
It bothers me because of recent ransomware epidemic and impossibility to prohibit SMBv1 in Windows in such mixed heterogeneous landscape. When I turn off SMB/CIFS like this, my Linux boxes cannot access Windows boxes anymore.
Continue reading SMB/CIFS security in heterogeneous environment
With a lot of unpatched versions of Windows in an Active Directory domain, one can man-in-the-middle a client when it connects to the domain controller and inject a group policy that gives an attacker local administrator priv… Continue reading How does UNC path hardening and SMB signing work under the hood?
