We ALSO presented SMBeagle at Blackhat!
We kept SMBeagle shrouded in mystery until Blackhat, but now its public on Github under the apache license.
When we submitted two of our tools to the Blackhat Arsenal earlier this year, we had no idea that both would be accepted and we would soon find ourselves presenting both of these tools and having some great discussions with the community.
Blackhat EU was absolutely fantastic, with some standout briefings on Azure security and the overlooked insecurity of current SCADA installations.
Daniel and Chris presented both of our SMBeagle sessions and had some great conversations with peers across the InfoSec industry, including students looking to break into Cyber and seasoned penetration testers from some of the biggest consultancies. SMBeagle provides visibility into overlooked file shares across an organisation and its found its niche in businesses both small and enterprise.
Our business is built on the consumption of opensource tools, products and libraries and we are passionate about being active and net beneficial members of the community. We’ve used a fork of SMBeagle internally for our Ransomware audits and as part of our wider penetration testing and auditing efforts, but now its is free to use by anyone.
What does SMBeagle do?
SMBeagle identifies all the SMB file shares in the environment and then enumerates every file on every share. The output of this effort is a catalogue of every accessible file and whether it can be read and written.
The applications for SMBeagle are huge. It is common for businesses to have file shares with poor or no restrictions, but they just don’t realise. Ransomware leverages this misconfiguration to steal and encrypt data that the compromised user should never have even had access to!
Penetration testers can use SMBeagle to quickly get a list off the accessible scripts in a business, or writeable executables that can form part of a watering hole attack. We have found printers with writeable drivers, database connection configurations with anonymous read access and plenty of sensitive information that is world readable.