Board Stats

  • stats Total de Usuarios: 20979
  • stats Total de Mensajes: 104436
  • stats Total de Temas: 10043
  • stats Total de Categorías: 15
  • stats Total de Foros: 73
  • stats Máx. usuarios conectados (simultáneamente): 818

Ultimo registro





Autor Tema: Ransomware - recopilatorio herramientas eliminar-descrifrar archivos infectados  (Leído 16749 veces)

0 Usuarios y 2 Visitantes están viendo este tema.

Desconectado maripuri

  • Master
  • Usuario
  • ******
  • Mensajes: 21976
  • Mari
    • WirelessWindows

<a href="http://www.youtube.com/watch?v=a8lBmQEIFMw" target="_blank">http://www.youtube.com/watch?v=a8lBmQEIFMw</a>

RansomOff - Ransomware Rapid Fire






RansomOff de Heilig Defense es una solución de seguridad gratuíta diseñada para hacer una cosa:

detener ataques ransomware antes de que infecte el equipo.

No trabaja con firmas (signature-less) por lo que la ofuscación de código es insuficiente para evitar que RansomOff detecte y detenga el ransomware antes de que tenga la oportunidad de causar daño.

Actualmente la versión en curso es 5.2017.156.2734 (Beta) - 5 Jun 2017 y cuenta con instaladores tanto para x32 como para x64 bits.


Changelog:

Código: [Seleccionar]
5.2017.156.2734 (Beta) - 5 Jun 2017

Added process hollowing detection.
Added import/export of settings.
Fixed security exemptions list issue with installer.
Fixed some settings not staying persistent across reboots.
Added app lockdown restart options after reboot.
Added scheduled tasks and services for start up notifications.
Expanded recovery mitigations.
Enhanced full screen window detection and mitigations.
Added wizard to help decide appropriate action for non-technical users.
Fixed username lookup bug on non-English language systems.
Enhanced compatibility of UI on higher scaling systems.
Minor UI updates and bug fixes.

5.2017.144.10111 (Beta) - 24 May 2017

Fix BSOD issue introduced in last release.
Made MBR protection optional during install.
Added ability to toggle MBR protection (requires reboot).
Added option to manually install updates.
Other minor bug fixes.

5.2017.142.4703 (Beta) - 22 May 2017

Fixed bug highlighted by Xdata ransomware.
Fixed issues with App Lockdown saved settings.
Enhanced App Lockdown efficiency.
Added default options for App Lockdown for error conditions.
Expanded Windows start up modification detection.
Updated Windows start up notification logic with option to prevent duplicative alerts.
Added ability to terminate process that made start up change in single workflow.
Other minor bug fixes.

5.2017.139.8295 (Beta) - 19 May 2017

Added application lockdown mode with confirmation for newly executed processes.
Added icons to indicate folder protection status.
Added per-folder toggling from folder protection window and taskbar menu with reboot persistence.
Added removable drive awareness to folder protection.
Added main protection toggling from taskbar menu.
Added taskbar icon change to indicate status.
Added ability to deny, deceive and make read-only for root folders.
Tied startup notifications in with exemption list and added easy exemption of processes that caused the notification.
Added alert message filtering and cleanup.
Expanded self-protection mechanisms.
Fixed installer issue of only showing the 'Program Files' directory.
Minor bug fixes.
Updated documentation.
Many thanks to the Wilders Security and MalwareTips communities for continued feedback and support.

5.2017.131.8772 (Beta) - 11 May 2017

Added folder protection capabilities to deny, deceive, hide or make read only with per process exemptions.
Added additional notifications if update has occured and restart is required.
UI tweaks to include taskbar icon animation.
Updated installer to prevent certificate conflict and mis-matched architecture.
Minor bug fixes.
Updated documentation.

5.2017.124.3598 (Beta) - 4 May 2017

Added registry artifact cleanup.
Added ability to delete recent file or registry start up changes.
Fix auto-update bug affecting Windows 8.1 systems.
Modified installer to allow for over-the-top update without uninstalling first.
Updated database update procedures to keep existing data.
Published documentation to website.

5.2017.119.4637 (Beta) - 29 Apr 2017

Updated process interaction heuristics and rules.
Added setup step to manually add existing security software for exemption.
Added additional notification and logging messages.
Minor UI changes and fixes.

5.2017.116.7686 (Beta) - 26 Apr 2017

General bug fixes.

5.2017.116.6374 (Beta) - 26 Apr 2017

File restore expanded to cover all processes with a variety of ways to restore modified files.
Added additional file backup and restore options for increased control.
Added ability to disable file backup.
Automatically identifies and adds anti-virus exemption.
Notifications on common Windows start-up area changes.

5.2017.107.8077 (Beta) - 17 Apr 2017

Automatic updating.
Added WMI and scheduled task tracking for improved process termination and cleanup.
Added undelete functionality to restore files deleted by RansomOff.

5.2017.105.5336 (Beta) - 14 Apr 2017

Fix numerous performance and stability issues.

5.2017.102.8559 (Beta) - 12 Apr 2017

Improved compatibility with existing programs.
Modified main UI with color coded protection status.
Added ability to disable ransomware protection.
Improved installer to prevent possible registry corruption that could lead to BSOD loop.
Changed all build times to UTC.
General bug fixes.

5.2017.101.7020 (Beta) - 11 Apr 2017

Modified installer to include better error checking and more robust restore point creation.
Improved false positive detection.
Fixed startup UI hang issue.
General bug fixes.

5.2017.99.6252 (Beta) - 9 Apr 2017

Modified installation bootstrapper to display message if minimum .NET version is not installed.
Improved heuristics to prevent false positives.
Added 'Allow' confirmation second-chance to prevent inadvertant ransomware continuation.
Expanded process propagation detection.
Added additional system processes to protect against code injection.
General bug fixes.


versión en curso:

Código: [Seleccionar]
https://www.ransomoff.com/downloads/RansomOff.5.2017.156.2734.BETA.x86.exe
https://www.ransomoff.com/downloads/RansomOff.5.2017.156.2734.BETA.x64.exe


Sorry, you are not allowed to see this part of the text. Por favor ingresa o regístrate.
  última version: 5.2017.139.8295 (Beta)
Sorry, you are not allowed to see this part of the text. Por favor ingresa o regístrate.
  /  Heilig Defense

Sorry, you are not allowed to see this part of the text. Por favor ingresa o regístrate.
 
Sorry, you are not allowed to see this part of the text. Por favor ingresa o regístrate.
No preguntes sobre temas del foro por privado, participa en el.

Desconectado maripuri

  • Master
  • Usuario
  • ******
  • Mensajes: 21976
  • Mari
    • WirelessWindows


http://s25.postimg.org/58ftwmomn/viruses_10556_0613_234782.png
Ransomware - recopilatorio herramientas eliminar-descrifrar archivos infectados




RakhniDecryptor ha recibido una actualización (versión en curso 1.21.2.1) para contrarestar los efectos del Ransomware Jaff catalogado por Kapersky labs como "Trojan-Ransom.Win32.Jaff".  Quienes hayan sido afectados por los efectos de Jaff pueden liberar ahora sus archivos de forma gratuíta.

La lista completa de malware que soporta ahora es la siguiente:

Citar
Trojan-Ransom.Win32.Rakhni
Trojan-Ransom.Win32.Agent.iih
Trojan-Ransom.Win32.Autoit
Trojan-Ransom.Win32.Aura
Trojan-Ransom.AndroidOS.Pletor
Trojan-Ransom.Win32.Rotor
Trojan-Ransom.Win32.Lamer
Trojan-Ransom.Win32.Cryptokluchen
Trojan-Ransom.Win32.Democry
Trojan-Ransom.Win32.Bitman version 3 and 4
Trojan-Ransom.Win32.Libra
Trojan-Ransom.MSIL.Lobzik
Trojan-Ransom.MSIL.Lortok
Trojan-Ransom.Win32.Chimera
Trojan-Ransom.Win32.CryFile
Trojan-Ransom.Win32.Nemchig
Trojan-Ransom.Win32.Mircop
Trojan-Ransom.Win32.Mor
Trojan-Ransom.Win32.Crusis
Trojan-Ransom.Win32.AecHu
Trojan-Ransom.Win32.Jaff

Sorry, you are not allowed to see this part of the text. Por favor ingresa o regístrate.
  /  Kapersky labs.

Sorry, you are not allowed to see this part of the text. Por favor ingresa o regístrate.
 
Sorry, you are not allowed to see this part of the text. Por favor ingresa o regístrate.
No preguntes sobre temas del foro por privado, participa en el.

Desconectado maripuri

  • Master
  • Usuario
  • ******
  • Mensajes: 21976
  • Mari
    • WirelessWindows


http://s25.postimg.org/yt92dvxdb/01_aes_ni_ransom_message.png
Ransomware - recopilatorio herramientas eliminar-descrifrar archivos infectados





Cita de: bleepingcomputer
El 21 de mayo, un investigador de seguridad que lleva el nombre de Thyrex, recibió un mensaje en un foro ruso que contenía un enlace a un archivo ZIP que supuestamente contenía un descifrador para la variante frogobig777 @ india.com de la AES-NI Ransomware. Después de examinar el archivo Thyrex publicado un enlace al archivo en nuestro Tema del soporte AES-NI tan eso víctima que podría utilizarlo para recuperar sus archivos.


Jakub Kroustek de Avast ha lanzado a un decrypter gratuíto para mitigar los efectos del ransomware AES_NI descubierto en diciembre de 2016.


Sorry, you are not allowed to see this part of the text. Por favor ingresa o regístrate.
  / blog Avast
Sorry, you are not allowed to see this part of the text. Por favor ingresa o regístrate.
  / descarga

mas info:

Sorry, you are not allowed to see this part of the text. Por favor ingresa o regístrate.
  /  bleepingcomputer
Sorry, you are not allowed to see this part of the text. Por favor ingresa o regístrate.
  /  bleepingcomputer

Sorry, you are not allowed to see this part of the text. Por favor ingresa o regístrate.
 
Sorry, you are not allowed to see this part of the text. Por favor ingresa o regístrate.
No preguntes sobre temas del foro por privado, participa en el.

Desconectado maripuri

  • Master
  • Usuario
  • ******
  • Mensajes: 21976
  • Mari
    • WirelessWindows


http://s25.postimg.org/5fmz95qcv/20170627.jpg
Ransomware - recopilatorio herramientas eliminar-descrifrar archivos infectados




Sorry, you are not allowed to see this part of the text. Por favor ingresa o regístrate.
  investigador de seguridad de Cybereason descubrió una solución que desactiva el ransomware NotPetya (NotPetya/Petna/Petya) que se propagó como la pólvora el pasado martes.  Como indican en el
Sorry, you are not allowed to see this part of the text. Por favor ingresa o regístrate.
abierto en bleepingcomputer NO es un Killswitch, es un remedio.. una vacuna.

Citar
Cybereason Principal Security Researcher Amit Serper discovered a work around solution that disables the NotPetya ransomware that wreaked havoc in Europe on Tuesday. To activate the vaccination mechanisms users must locate the C:\Windows\ folder and create a file named perfc, with no extension name. This should kill the application before it begins encrypting files.
When first run, the NotPetya ransomware searches for its own filename in the C:\windows\ folder, and if it is found, will cease operating. Once the original file name was found and verified by two different sources, Amit was able to piece together a kill switch that should work for any instance of the original ransomware infection.

Para facilitar la tarea a los mas inexpert@s Lawrence Abrams ha creado un archivo por lotes (.bat) que automatiza todo el trabajo, las instrucciones para hacer todo esto manualmente están en el
Sorry, you are not allowed to see this part of the text. Por favor ingresa o regístrate.
abierto en bleepingcomputer (mas abajo tenéis la descarga).

Comentar que el malware utiliza EternalBlue y EternalRomance por tanto PC actualizados con Windows 10 y anteriores que hayan instaladolos parches del boletín de seguridad MS17-010 están a salvo de la infección.  Ahora bién, todo lleva a pensar que el malware (enmascarado como ransomware) en realidad es un
Sorry, you are not allowed to see this part of the text. Por favor ingresa o regístrate.
así que mucho ojo porque daña irremediablemente el MBR del disco duro sobreescribiéndolo..  esto hace que sea imposible de leer o restaurar la información salvo desde una copia de seguridad, es decir nunca hubo intención de (tras un pago) restablecer los archivos cifrados.


Sorry, you are not allowed to see this part of the text. Por favor ingresa o regístrate.
Cybereason blog
Sorry, you are not allowed to see this part of the text. Por favor ingresa o regístrate.
  & 
Sorry, you are not allowed to see this part of the text. Por favor ingresa o regístrate.
(archivo por lotes de Lawrence Abrams)   /   bleepingcomputer
Sorry, you are not allowed to see this part of the text. Por favor ingresa o regístrate.
  Microsoft (TechNet)


Citar
TL;DR: The ransomware was a lure for the media, this variant of Petya is a disguised wiper.
Update1: Few hours later, Kaspersky’s research led to a similar conclusion.
Update2: Added more info on the wiper command & comparative screenshots of the two keys that visually confirms Kaspersky’s finding and why the MBR copy routine didn’t make sense.


Sorry, you are not allowed to see this part of the text. Por favor ingresa o regístrate.
  /  Matt Suiche
Sorry, you are not allowed to see this part of the text. Por favor ingresa o regístrate.
  (Anton Ivanov y Orkhan Mamedov)  Securelist / Karpesky
Sorry, you are not allowed to see this part of the text. Por favor ingresa o regístrate.
  / Karpesky


La cuenta de correo del autor del ransomware fue suspendida, no hay posibilidad de pago de rescate.


Citar
Midway through today (CEST) we became aware that ransomware blackmailers are currently using a Posteo address as a means of contact. Our anti-abuse team checked this immediately – and blocked the account straight away. There was no press coverage at that time. We do not tolerate the misuse of our platform: The immediate blocking of misused email accounts is the necessary approach by providers in such cases.
During the afternoon it emerged that the “PetrWrap/Petya” malware is currently spreading quickly in many places, including Ukraine.
Here are the facts that we can contribute to “PetrWrap/Petya”:
– Since midday it is no longer possible for the blackmailers to access the email account or send emails.
– Sending emails to the account is no longer possible either.
We are in contact with the Federal Office for Information Security (Bundesamt für Sicherheit in der Informationstechnik).
What is ransomware?
“Ransomware” denotes malicious software, which becomes installed on a device, for example, by clicking a bad link or attachment. This primarily occurs when the device is poorly protected – when software installed there has not been updated for an extended time, for example. The malicious software prevents access to data and systems – and the user affected is requested to pay a ransom for the release of their data. Payment often does not lead to the data being released, however.
Best regards,
The Posteo Team

Sorry, you are not allowed to see this part of the text. Por favor ingresa o regístrate.



relacionado: 

Sorry, you are not allowed to see this part of the text. Por favor ingresa o regístrate.
 

Sorry, you are not allowed to see this part of the text. Por favor ingresa o regístrate.
 
Sorry, you are not allowed to see this part of the text. Por favor ingresa o regístrate.
No preguntes sobre temas del foro por privado, participa en el.

Desconectado maripuri

  • Master
  • Usuario
  • ******
  • Mensajes: 21976
  • Mari
    • WirelessWindows


http://s25.postimg.org/xjdjnpga7/petyattack_2.png
Ransomware - recopilatorio herramientas eliminar-descrifrar archivos infectados


CyberGhost Petya Immunizer


La gente de CyberGhost han liberado un ejecutable que inmuniza frente a Petya (NotPetya) compatible con Windows XP (y demas S.O Windows) requiere de .Net Framework 4

Citar
Windows XP users among us please note that the Immunizer also works on this OS but requires the .net Framework 4

mas info:

Sorry, you are not allowed to see this part of the text. Por favor ingresa o regístrate.
descarga
Sorry, you are not allowed to see this part of the text. Por favor ingresa o regístrate.

Sorry, you are not allowed to see this part of the text. Por favor ingresa o regístrate.


Sorry, you are not allowed to see this part of the text. Por favor ingresa o regístrate.
 
Sorry, you are not allowed to see this part of the text. Por favor ingresa o regístrate.
No preguntes sobre temas del foro por privado, participa en el.

Desconectado maripuri

  • Master
  • Usuario
  • ******
  • Mensajes: 21976
  • Mari
    • WirelessWindows


http://s25.postimg.org/kf66t24z3/sshot_2017_07_09_19_57_22.jpg
Ransomware - recopilatorio herramientas eliminar-descrifrar archivos infectados



Janus, el autor del ransomware Petya original ha liberado la clave maestra privada con la que es posible desifrar todos los archivos encriptados por dicho ransomware..   es válida para la primera versión (Red Petya), la segunda versión (Green Petya) y las primeras versiones del ransomware GoldenEye.


http://s25.postimg.org/jbm2h3kbz/sshot_2017_07_09_19_35_29.jpg
Ransomware - recopilatorio herramientas eliminar-descrifrar archivos infectados



Citar
Congratulations!
Here is our secp192k1 privkey:
38dd46801ce61883433048d6d8c6ab8be18654a2695b4723
We used ECIES (with AES-256-ECB) Scheme to encrypt the decryption password into the "Personal Code" which is BASE58 encoded.

key:

Citar
b9777330e673cfa4bd8621b34270769e

OJO! el ransomware Petya no es el mismo que NotPetya, ExPetr, Eternal Petya, etc de los recientes ataques a nivel mundial  ..de hecho se sospecha que este último es una versión modificada del original por terceras personas, no por Janus.

No es la primera vez que Janus filtra en la red una "master key", ya lo hizo con la propia del ransomware Chimera.

Independientemente de la clave maestra seguramente pronto veremos "decrypters" que harán que el proceso de descifrado sea mas sencillo.

Sorry, you are not allowed to see this part of the text. Por favor ingresa o regístrate.
&
Sorry, you are not allowed to see this part of the text. Por favor ingresa o regístrate.
enlace al fichero en MEGA
Sorry, you are not allowed to see this part of the text. Por favor ingresa o regístrate.
  /  Malwarebytes
Sorry, you are not allowed to see this part of the text. Por favor ingresa o regístrate.
  Anton Ivanov  /   Kaspersky Lab

Sorry, you are not allowed to see this part of the text. Por favor ingresa o regístrate.
 
Sorry, you are not allowed to see this part of the text. Por favor ingresa o regístrate.
No preguntes sobre temas del foro por privado, participa en el.

Desconectado maripuri

  • Master
  • Usuario
  • ******
  • Mensajes: 21976
  • Mari
    • WirelessWindows

Esto no es un decrypter, ni una master key..    pero creo conveniente dejarlo en este hilo.

Citar
Hi folks, Ned here again. This blog post contains all products requiring SMB1, where the vendor explicitly states this in their own documentation or communications. This list is not complete and you should never treat it as complete; check back often.
All products arranged in alphabetical order, by vendor, by product, with a URL to their documentation stating SMB1 requirements.

Microsoft ha publicado una lista de prooveedores de productos / software (y la irá actualizando con la cooperación de tod@s) que todavía (aún a pesar de los recientes ataques que aprovecharon la brecha como Wannacry o NotPetya) demandan el desfasado y comprometivo protocolo SMB v1


Vendor – Product – Documentation

Citar
Aerohive – HiveManager, HiveOS (domain join) –
Sorry, you are not allowed to see this part of the text. Por favor ingresa o regístrate.

Aruba – Clearpass, when using MSCHAP for domain join – https://community.arubanetworks.com/t5/Security/Clearpass-V6-6-2-SMB-version-supported/td-p/296384
AVM – Fritz!Box – https://www.avforums.com/threads/windows-10-network-share-problem.2043190/page-2#post-23956280
Barracuda – SSL VPN – https://campus.barracuda.com/product/sslvpn/article/SSLVPN/CreateNetworkPlace/
Barracuda – Web Security Gateway backups –
Sorry, you are not allowed to see this part of the text. Por favor ingresa o regístrate.

Canon (& Océ) – Printers via “print to share” – https://support.usa.canon.com/kb/index?page=content&id=ART143573 & https://files.lfpp.csa.canon.com/media/Assets/PDFs/TSS/external/WF_PrintDrivers/Documentation/Oce_LF_Systems_Connectivity_information_for_Windows_environment_Administration_guide_en.GB.pdf
Cisco – Web Security Appliance/WSAv –
Sorry, you are not allowed to see this part of the text. Por favor ingresa o regístrate.
&
Sorry, you are not allowed to see this part of the text. Por favor ingresa o regístrate.

Cisco – Wide Area Application Services/WAAS 5.0 & older –
Sorry, you are not allowed to see this part of the text. Por favor ingresa o regístrate.

DataAccess – legacy Dataflex embedded DB (vendor also offers many alternative ways to not need SMB1) –
Sorry, you are not allowed to see this part of the text. Por favor ingresa o regístrate.

F5 – RDP client gateway, Microsoft Exchange Proxy –
Sorry, you are not allowed to see this part of the text. Por favor ingresa o regístrate.

Forcepoint (Raytheon) – “some Forcepoint products”, Content Gateway proxy authentication –
Sorry, you are not allowed to see this part of the text. Por favor ingresa o regístrate.

HP – Various printers (many do support SMB2) – http://h10032.www1.hp.com/ctg/Manual/c05547920
HPE – ArcSight (Legacy Unified Connector, not latest version) – https://community.saas.hpe.com/t5/ArcSight-Connectors/SmartConnector-for-Microsoft-Windows-Event-Log-Native/ta-p/1585123?attachment-id=59177
IBM – NetServer V7R2 or below – http://www-01.ibm.com/support/docview.wss?uid=nas8N1011878
IBM – QRadar Vulnerability Manager 7.2.x or below (7.3 has been updated) –
Sorry, you are not allowed to see this part of the text. Por favor ingresa o regístrate.

Infusion Business Software – Infusion (requires disabling SMB2) –
Sorry, you are not allowed to see this part of the text. Por favor ingresa o regístrate.

Lexmark – Firmware eSF 2.x & eSF 3.x MFPs (scan to network) – http://support.lexmark.com/index?page=content&id=FA716&locale=en&userlocale=EN_US
Linux Kernel – CIFS client 2.5.42 to 3.5.x (3.7 added first SMB2 client implementation) – https://wiki.samba.org/index.php/LinuxCIFSKernel
McAfee – Web Gateway –
Sorry, you are not allowed to see this part of the text. Por favor ingresa o regístrate.

Microsoft – Windows XP, Windows Server 2003 (and older), Windows Embedded Standard 2009
Mobotix – various products –
Sorry, you are not allowed to see this part of the text. Por favor ingresa o regístrate.

MYOB – Accountants Office & Accountants Enterprise (states requirement for disabling opportunistic locking, i.e. SMB1 behavior option)– https://www.myob.com/au/accountants-and-partners/support/minimum-system-requirements
NetApp – Versions of ONTAP prior to 8.3.2P5, 9.0P1 & 9.1 require SMB1 for domain join (not client connections). ONTAP 8.3.2P5, 9.0P1, 9.1 can instead utilize SMB2 for domain join as well as client connections via SMB2 & 3, and ONTAP 9.2 allows for complete disabling of any SMB1 connections –
Sorry, you are not allowed to see this part of the text. Por favor ingresa o regístrate.
& https://averageguyx.blogspot.com/2017/06/does-ontap-need-smb1-no.html?m=1 
NetGear – ReadyNAS (when used as backup target) –
Sorry, you are not allowed to see this part of the text. Por favor ingresa o regístrate.

Oracle – Solaris 11.3 and older – http://docs.oracle.com/cd/E86824_01/html/E54775/smb-4.html
Pulse Secure – PCS devices running 8.1R9 / 8.2R4 and below or PPS devices running 5.1R9 / 5.3R4 and below –
Sorry, you are not allowed to see this part of the text. Por favor ingresa o regístrate.
 
QNAP – all storage devices using firmware lower than 4.1 –
Sorry, you are not allowed to see this part of the text. Por favor ingresa o regístrate.

RedHat – RHEL 5, RHEL 6 domain join; earliest SMB2+ CIFS client documented is in RedHat 7.2 (
Sorry, you are not allowed to see this part of the text. Por favor ingresa o regístrate.
RedHat server provide by Samba, see Samba note below – https://access.redhat.com/solutions/3037961
Ricoh (Ricoh/Savin/Gestetner/Lanier) – all MFP printers (supporting Scan to Folder, Fax Transmission backup to Folder, Fax Forwarding) except SP C220S / C222SF, SP C231SF / C232SF, SP C240SF / C242SF, SP C250SF / C252SF, SP 3400SF / 3410SF, SP 3000SF / 3510SF – Announce-19-05-17-WannaCry-Ransomware-and-SMB-v1.0-exploit
RSA – Authentication Manager Server –
Sorry, you are not allowed to see this part of the text. Por favor ingresa o regístrate.

Samba – versions older than 3.5.0 (note: all supported versions of Samba support SMB2+, see
Sorry, you are not allowed to see this part of the text. Por favor ingresa o regístrate.
) – https://wiki.samba.org/index.php/Samba_3.6_Features_added/changed#SMB2_support &
Sorry, you are not allowed to see this part of the text. Por favor ingresa o regístrate.

Sharp – Subset of MFP printers (many do support SMB2 and 3) – https://msdnshared.blob.core.windows.net/media/2017/06/sharp2017.pdf
Sonos – Wireless speakers –
Sorry, you are not allowed to see this part of the text. Por favor ingresa o regístrate.

Sophos – Sophos UTM, Sophos XG firewall, Sophos Web Appliance –
Sorry, you are not allowed to see this part of the text. Por favor ingresa o regístrate.
&
Sorry, you are not allowed to see this part of the text. Por favor ingresa o regístrate.

SUSE – SUSE Linux Enterprise Server 11 and older (note: 10 and older versions are unsupported, regardless) –
Sorry, you are not allowed to see this part of the text. Por favor ingresa o regístrate.

Synology – Diskstation Manager (management, not client connection) –
Sorry, you are not allowed to see this part of the text. Por favor ingresa o regístrate.

Thompson Reuters – CS Professional Suite – http://cs.thomsonreuters.com/ua/acct_pr/csa/cs_us_en/kb/how-to-disable-opportunistic-locking-or-file-caching.htm
Tintri – Tintri OS, Tintri Global Center –
Sorry, you are not allowed to see this part of the text. Por favor ingresa o regístrate.
–_Reduced_Severity
VMware Vcenter VMware vCenter Server Appliance, VMware vRealize Automation Identity Appliance –
Sorry, you are not allowed to see this part of the text. Por favor ingresa o regístrate.
(note: steps to configure SMB2 for VCenter, at least on latest versions, until VMware updates their KB – https://virtualizationnation.com/2017/04/17/enabling-vcenter-server-appliance-vcsa-to-use-smb2/)
VMware – Older than ESXI 6.0 –
Sorry, you are not allowed to see this part of the text. Por favor ingresa o regístrate.
&
Sorry, you are not allowed to see this part of the text. Por favor ingresa o regístrate.

Worldox – Worldox GX3 DMS (SMB1 recommended but supports SMB2 under some circumstances; note that GX3 is end of life, per vendor) –
Sorry, you are not allowed to see this part of the text. Por favor ingresa o regístrate.

Xerox – SMB Workflow Scanning on printers not running ConnectKey Firmware, such as WC75XX models. Certain multifunction models – http://forum.support.xerox.com/t5/Copying-Faxing-Scanning/Xerox-Machines-and-SMBv2-V3-Scanning-Support/td-p/204802/highlight/true/page/2 & https://www.xerox.com/download/security/white-paper/1bcfc-55251eec62dd0/Xerox-Product-SMB-Supported-Versions.pdf

Si usas alguno de ellos tu PC corre un gran riesgo de ser comprometido por un ataque similar que aprovecha el desfasado protocolo SMB v1

Sorry, you are not allowed to see this part of the text. Por favor ingresa o regístrate.
  Technet (Microsoft)


Sorry, you are not allowed to see this part of the text. Por favor ingresa o regístrate.
 
Sorry, you are not allowed to see this part of the text. Por favor ingresa o regístrate.
No preguntes sobre temas del foro por privado, participa en el.

Desconectado maripuri

  • Master
  • Usuario
  • ******
  • Mensajes: 21976
  • Mari
    • WirelessWindows


http://s25.postimg.org/96osdngkv/Eternal_Blues_0.png
Ransomware - recopilatorio herramientas eliminar-descrifrar archivos infectados



Eternal Blues es un escáner de red gratuíto (muy sencillo en su uso) que permite la exploración de la red en búsqueda de vulnerabilidades abiertas basadas en los ataques EternalBllue (por ejemplo Wannacry, NotPetya, etc..).   

Es una herramienta preventiva, no parchea la vulnerabilidad..  la busca y si existe la localiza e informa de ella.


Sorry, you are not allowed to see this part of the text. Por favor ingresa o regístrate.
/ homepage y
Sorry, you are not allowed to see this part of the text. Por favor ingresa o regístrate.


Sorry, you are not allowed to see this part of the text. Por favor ingresa o regístrate.
 
Sorry, you are not allowed to see this part of the text. Por favor ingresa o regístrate.
No preguntes sobre temas del foro por privado, participa en el.