NSA’s EthernalBlue exploit ported to Windows 10

If you were running Windows 10, then you didn’t need to worry about your box being hit with the leaked NSA EternalBlue exploit; but things change and now researchers have ported EternalBlue to Windows 10.

After the WannaCry ransomware attack, some defenders focused on building detection rules to protect against the DoublePulsar backdoor implant; but beware as RiskSense researchers completely removed DoublePulsar. They warned that DoublePulsar is a “red herring for defenders to focus on, as stealthier payload mechanisms can be crafted.”

While they are not revealing all the details about the exploit chain so attackers can jump on them, they hope white hat security researchers benefit from the technical overview of the exploit process “so that new generic and targeted techniques can be developed to prevent attacks.”

The report reads, “By removing superfluous fragments in network packets, our research makes it possible to detect all potential future variants of the exploit before a stripped-down version is used in the wild.”

Leave a Reply

Your email address will not be published. Required fields are marked *