![]() ![]() DoublePulsar is a kernel-level exploit dropped by all of the exploits in the Fuzzbunch platform. It also removes the DoublePulsar backdoor, which Dillon said many security companies paid too much unnecessary attention to. The available Metasploit module, which is completely separate from the new Windows 10 port, is a stripped down version of EternalBlue that reduced the amount of network traffic involved, and as a result, many of the intrusion detection system rules created since the leak and recommended by security companies and the U.S. ![]() This helps defenders better understand the exploit chain so that they can build defenses for the exploit rather than the payload.” “The research is for the white-hat information security industry in order to increase the understanding and awareness of these exploits so that new techniques can be developed that prevent this and future attacks. “We’ve omitted certain details of the exploit chain that would only be useful to attackers and not so much for building defenses,” said senior research analyst Sean Dillon. The researchers did today publish a report (PDF download) explaining what was necessary to bring the NSA exploit to Windows 10 and examining the mitigations implemented by Microsoft that can keep these attacks in check moving forward. ![]() The best defense against EternalBlue, researchers maintain, is to apply the MS17-010 update provided in March by Microsoft. ![]() The proof of concept has been in the works since the ShadowBrokers’ April leak of Equation Group offensive hacking tools targeting Windows XP and Windows 7, as well as the development of a Metasploit module based on EternalBlue released two days after the WannaCry attacks. Researchers at RiskSense, among the first to analyze EternalBlue, its DoublePulsar backdoor payload, and the NSA’s Fuzzbunch platform (think: Metasploit), said they would not release the source code for the Windows 10 port for some time, if ever. The NSA’s EternalBlue exploit has been ported to Windows 10 by white hats, meaning that every unpatched version of the Microsoft operating system back to Windows XP-and likely earlier-can be affected by one of the most powerful attacks ever made public. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |