Daily Archives: January 11, 2018

SMB Tree Connect/Response Details

Posted on January 11, 2018 by HatsOffSecurity

If you want to play along at home, the sample PCAP I will be using for SMB2+ is here, the SMB v1 PCAP is not something I can give away sadly. Tree Connect Request/Response When the SMB protocol connects to … Continue reading →

Posted in Network Analytics, Network Forensics, SMB | Tagged artefact locations, hats off security, SMB, smbv1 vs smbv2 | Leave a comment

SMBv2+ SYNC Header Explained

Posted on January 11, 2018 by HatsOffSecurity

SMB2 Header The SMB2 Header will either be ASYNC or SYNC, you need to look this up from the flags. SYNC is the most common header as this can be in the form of a request or a response, where … Continue reading →

Posted in Network Analytics, Network Forensics, SMB | Tagged artefact locations, basics, hats off security, Network Forensics, SMB | Leave a comment

M	T	W	T	F	S	S
1	2	3	4	5	6	7
8	9	10	11	12	13	14
15	16	17	18	19	20	21
22	23	24	25	26	27	28
29	30	31

	Bianca the Baker on NoScript Plugin Forensic Inves…
	Week 40 – 2022… on PowerShell Basic Introduction…
	ALEX on AnyDesk Forensic Analysis and…
	Week 13 – 2022… on Improving Technical Interviews
	HatsOffSecurity on AnyDesk Forensic Analysis and…

Daily Archives: January 11, 2018

SMB Tree Connect/Response Details

SMBv2+ SYNC Header Explained

Recent Posts

Categories

CyberLinks

Recent Posts

Recent Comments

Archives

Categories

Meta