How to scan for SMB vulnerabilities
Not too long in the wake of the WannaCry Ransomware attack that crippled companies, government branches and emergency services alike a new SMB vulnerability was accidentally leaked by Microsoft’s internal testing team. This vulnerability only impacts SMBv3, this means that Windows 7 and Windows Server 2008 R2 are safe from attack.
With successful exploitation, an attacker can gain full control of the remote system that is being targeted without any authentication by sending a specially crafted packet. To attack SMB clients a malicious SMB server would have to be set up by the attacker.
There is no known way to protect SMB clients, but for SMB servers two measures can be taken:
- Set your firewall policy to BLOCK firewall all traffic to port 445.
- Disable SMBv3 compression in the Windows Registry.
To disable compression for SMB, follow the instructions below:
- Start an elevated PowerShell prompt by right-clicking and selecting “Run as Administrator”.
- Execute the following command:
No attacks have been observed in the wild, but until Microsoft releases patch prevention is all we can do.
BreachLock Inc. has included the checks for CVE-2020-0796 in its RATA (Reliable Attack Testing Automation) Vulnerability Scanner. These checks are made available to all BreachLock clients per March 12th, 2020 as a part of the network scanning module.
- Application Security Testing10
- AWS Penetration Testing5
- Cloud Penetration Testing5
- DAST-Dynamic Application Security Testing9
- network penetration test1
- OSINT Penetration Testing1
- PCI DSS Compliance4
- Penetration Testing as a Service10
- Phishing as a Service4
- Service Organization Control(SOC)1
- web application security10
How to test your incident response using red teaming27 May, 2020
Integrate Slack with BreachLock SaaS platform21 May, 2020
Integrate Trello with BreachLock SaaS platform21 May, 2020