Server Message Block [SMB]

Introduction to Network Trace Analysis 4: DNS (it’s always DNS)

Howdy everyone! I’m back to talk about one of my favorite causes of heartache, the domain name system (DNS). This will be our first foray into an application layer protocol. The concept of DNS is simple enough, but it can lead to some confusing situations if you don’t keep its function in mind. No time to […]

Introduction to Network Trace Analysis 4: DNS (it’s always DNS) Continue Reading

Active Directory Hardening Series – Part 2 – Removing SMBv1

Hi All!  Jerry Devore back again with another hardening Active Directory topic.  Before we jump into the technical stuff, I would like to briefly share some tips for structuring a protocol hardening project.  I picked up these suggestions from working with customers who have been successful in their protocol hardening efforts. Tip #1 – Collaborate

Active Directory Hardening Series – Part 2 – Removing SMBv1 Continue Reading

SMB over QUIC now available in Windows Server Insider Datacenter and Standard editions

Heya folks, Ned here again. Starting with Windows Server Insider Preview Build 25997, the SMB over QUIC server feature is now available in Datacenter and Standard editions. This changes the previous behavior, where it was only available in Windows Server Azure Edition. SMB over QUIC SMB over QUIC introduced an alternative to TCP and RDMA, supplying secure connectivity to

SMB over QUIC now available in Windows Server Insider Datacenter and Standard editions Continue Reading

SMB alternative ports now supported in Windows Insiders

Heya folks, Ned here again. Starting with Windows 11 Insider preview Build 25992 (Canary), the SMB client now supports connecting to an SMB server over TCP, QUIC, or RDMA using alternative network ports. Today I’ll explain how to configure this and talk about the near future of this in Windows and Windows Server Insiders a bit. Previous port behaviors

SMB alternative ports now supported in Windows Insiders Continue Reading

SMB alternative ports now supported in Windows Insider

Heya folks, Ned here again. Starting with Windows 11 Insider preview Build 25992 (Canary) and Windows Server Preview Build 25997, the SMB client now supports connecting to an SMB server over TCP, QUIC, or RDMA using alternative network ports. Today I’ll explain how to configure this and talk about the near future of this in Windows and Windows Server Insiders a

SMB alternative ports now supported in Windows Insider Continue Reading

SMB firewall rule changes in Windows Insider

Heya folks, Ned here again. Starting with Windows 11 Insider preview Build 25992 (Canary), creating SMB shares changes a longtime Windows Defender Firewall default behavior. Before Previously, creating a share automatically configured the firewall to enable the rules in the “File and Printer Sharing” group for the given firewall profiles. This began in Windows XP SP2 with the

SMB firewall rule changes in Windows Insider Continue Reading

DR 2.0: Migrating from DFSR to Storage Replica

Heya folks, Ned here again. Today I’m sharing advice on migrating from Distributed File System Replication (DFSR) to Storage Replica. This includes deciding when SR is a good replacement, inventorying your DFSR and DFS Namespaces, backing up your existing configuration, validating your existing replication and converging it, migrating to SR, then updating your disaster recovery

DR 2.0: Migrating from DFSR to Storage Replica Continue Reading

Octo Tempest crosses boundaries to facilitate extortion, encryption, and destruction

Microsoft has been tracking activity related to the financially motivated threat actor Octo Tempest, whose evolving campaigns represent a growing concern for organizations across multiple industries. Octo Tempest leverages broad social engineering campaigns to compromise organizations across the globe with the goal of financial extortion. With their extensive range of tactics, techniques, and procedures (TTPs),

Octo Tempest crosses boundaries to facilitate extortion, encryption, and destruction Continue Reading

New CISA Stop Ransomware Guide

Heya folks, Ned here again. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) just released their updated #StopRansomware Guide with a number of new contributions from Microsoft, including a substantial section on hardening SMB and remote file services.   Title pageSample page   See page 8 and 9 for the new SMB and remote file services recommendations. If you’ve been following my blogs

New CISA Stop Ransomware Guide Continue Reading

Active Directory Hardening Series – Part 1 – Disabling NTLMv1

Hello everyone, Jerry Devore back again after to along break from blogging to talk about Active Directory hardening.  In my role at Microsoft, I have found every organization has room to improve when it comes to hardening Active Directory.  Many times, customers are aware of issues but are afraid of unintended impacts if they make

Active Directory Hardening Series – Part 1 – Disabling NTLMv1 Continue Reading