Week 21 In Review – 2017
- NolaCon 2017 – www.irongeek.com
- Ransomware using EternalBlue
This week’s release of Metasploit includes a scanner and exploit module for the EternalBlue vulnerability, which made headlines a couple of weeks ago when hacking group, the Shadow Brokers, disclosed a trove of alleged NSA exploits. Included among them, EternalBlue, exploits MS17-010, a Windows SMB vulnerability.
- Bypassing Application Whitelisting with BGInfo – msitpros.com
To bypass application whitelisting with bginfo you must first create a VBscript file that you want to execute. This can either be saved to disk on the system you want to run the script or you could serve it through a Webdav server from the internet
- 0patching the “Worst Windows Remote Code Execution Bug in Recent Memory” CVE-2017-0290 – 0patch.blogspot.de
Natalie Silvanovich and Tavis Ormandy of Google Project Zero found a pretty nasty bug in Microsoft Malware Protection Engine, allowing an attacker to execute arbitrary code as LocalSystem on any Windows computer running any Microsoft anti-malware product such as Security Essentials or Windows Defender by simply having that computer access a malicious file.
- Don’t tell people to turn off Windows Update, just don’t – www.troyhunt.com
When you position this article from a year ago next to the hundreds of thousands of machines that have just had their files encrypted, it’s hard to conclude that it in any way constitutes good advice. I had the author of this post ping me and suggest that people should just manually update their things if they disabled Windows Update.
- Gizmodo went phishing with the Trump team—will they catch a charge? – arstechnica.com
Earlier this week, the team at Gizmodo’s Special Projects Desk published a report on how they “phished” members of the administration and campaign teams of President Donald Trump. Gizmodo identified 15 prominent figures on Trump’s team and sent e-mails to each posing as friends, family members, or associates containing a faked Google Docs link.
- Net neutrality going down in flames as FCC votes to kill Title II rules – arstechnica.com
The US Federal Communications Commission voted 2-1 today to start the process of eliminating net neutrality rules and the classification of home and mobile Internet service providers as common carriers under Title II of the Communications Act.