[nolok]

You really need to go out of your way to use smbv1 or unsigned smb, which usually means "in big slow entreprise setting", aka juicy targets ...

Even smbv2 is often only enabled because not-so-old printer don't support anything more recent.

[jabroni_salad]

Not even "big slow", just "slow and underserved". My clients are banks with 25-100 employees and under 10 branches. Their IT guy is usually a banker who got stuck with the role because somebody /has/ to be the IT officer.

In recent years they have been switching over from self service checklist audits to full spectrum pentest assessments and finding a lot of bugbears.

[Caboose8685]

SMB signing is only on by default for servers. I've done quite a few pentests where that's been leveraged to dump the SAM hashes of workstations that happen to have the Domain admin stored.

[technion]

Microsoft azhci will drop data and corrupt file systems if the servers attached have smb signing enforced. Good trap to keep in mind when a pentester says "just turn it on everywhere".

[not1ofU]

I worked previously with a security solution from $bigcorp, it ran on linux. If you wanted to do a backup to a Windows server, your only option, for a very long time, was to use SMBv1 only.