sambaXP 2021: Reverse engineering the Windows SMB server
The Windows SMB server doesn’t offer any way to dump the cryptographic keys used for SMB encryption. This can be very annoying when you’re trying to debug your client implementation or if you simply want to decrypt traffic in Wireshark. The server is sadly closed-source and is implemented as a kernel module, which makes debugging it more challenging.
This talk from Aurélien Aptel (SUSE / Samba Team) covers some of the architecture of the Windows SMB server, how to debug the Windows kernel, and how we can write another module to dump those keys from the server memory. All from the perspective of a Linux developer relatively new to the world of Windows development.
Slides: https://sambaxp.org/fileadmin/user_upload/sambaxp2021-slides/Aptel_Reverse_engineering_the_windows_SMB_server.pdf
Visit the conference website at https://sambaxp.org
by SAMBA
linux ftp server