Events Related
- NolaCon 2017 – www.irongeek.com
Resources
- Ransomware using EternalBlue
This week’s release of Metasploit includes a scanner and exploit module for the EternalBlue vulnerability, which made headlines a couple of weeks ago when hacking group, the Shadow Brokers, disclosed a trove of alleged NSA exploits. Included among them, EternalBlue, exploits MS17-010, a Windows SMB vulnerability.- EternalBlue: Metasploit Module for MS17-010 – community.rapid7.com
- EternalBlue, full Metasploit port – github.com
- Pcap of Wannacry Spreading Using EthernalBlue – jumpespjump.blogspot.com
- WannaCry/WannaCrypt Ransomware Summary – isc.sans.edu
Techniques
- Bypassing Application Whitelisting with BGInfo – msitpros.com
To bypass application whitelisting with bginfo you must first create a VBscript file that you want to execute. This can either be saved to disk on the system you want to run the script or you could serve it through a Webdav server from the internet
Vendor/Software Patches
- 0patching the “Worst Windows Remote Code Execution Bug in Recent Memory” CVE-2017-0290 – 0patch.blogspot.de
Natalie Silvanovich and Tavis Ormandy of Google Project Zero found a pretty nasty bug in Microsoft Malware Protection Engine, allowing an attacker to execute arbitrary code as LocalSystem on any Windows computer running any Microsoft anti-malware product such as Security Essentials or Windows Defender by simply having that computer access a malicious file.
Vulnerabilities
- Don’t tell people to turn off Windows Update, just don’t – www.troyhunt.com
When you position this article from a year ago next to the hundreds of thousands of machines that have just had their files encrypted, it’s hard to conclude that it in any way constitutes good advice. I had the author of this post ping me and suggest that people should just manually update their things if they disabled Windows Update.
Other News
- Gizmodo went phishing with the Trump team—will they catch a charge? – arstechnica.com
Earlier this week, the team at Gizmodo’s Special Projects Desk published a report on how they “phished” members of the administration and campaign teams of President Donald Trump. Gizmodo identified 15 prominent figures on Trump’s team and sent e-mails to each posing as friends, family members, or associates containing a faked Google Docs link.
- Net neutrality going down in flames as FCC votes to kill Title II rules – arstechnica.com
The US Federal Communications Commission voted 2-1 today to start the process of eliminating net neutrality rules and the classification of home and mobile Internet service providers as common carriers under Title II of the Communications Act.
Leave A Comment