How Lack of SMB Signing Caused a Law Firm’s Security Gap

What happens when your network skips a basic security setting? In this episode, we reveal how a law firm was fully compromised during a real-world internal penetration test, all because of a missing security control: SMB signing.

In this video, we explain how our pentest team exploited legacy broadcast protocols (like LLMNR and NetBIOS) in combination with the lack of SMB signing to execute a devastating man-in-the-middle attack. The result? Full access to sensitive resources by impersonating trusted systems on the network.

We share:
▪ How LLMNR, NetBIOS, and other legacy protocols create dangerous exposures
▪ Why SMB signing is critical—and how its absence enables credential relaying
▪ How attackers perform man-in-the-middle attacks inside your internal network
▪ Actionable steps to detect and fix these misconfigurations before attackers find them

If you need help securing your network, please check out our penetration testing services

#Cybersecurity #PenetrationTesting #pentest #pentesting #SMBSigning #ManInTheMiddle #InternalPentest #LawFirmSecurity #NetworkSecurity #LMGSecurity #ActiveDirectory #RedTeam