DEF CON 26 - zerosum0x0 - Demystifying MS17 010 Reverse Engineering the ETERNAL Exploits
MS17-010 is the most important patch in the history of operating systems, fixing remote code execution vulnerabilities in the world of modern Windows. The ETERNAL exploits, written by the Equation Group and dumped by the Shadow Brokers, have been used in the most damaging cyber attacks in computing history: WannaCry, NotPetya, Olympic Destroyer, and many others.
Yet, how these complicated exploits work has not been made clear to most. This is due to the ETERNAL exploits taking advantage of undocumented features of the Windows kernel and the esoteric SMBv1 protocol.
This talk will condense years of research into Windows internals and the SMBv1 protocol driver. Descriptions of full reverse engineering of internal structures and all historical background info needed to understand how the exploit chains for ETERNALBLUE, ETERNALCHAMPION, ETERNALROMANCE, and ETERNALSYNERGY work will be provided.
This talk will also describe how the MS17-010 patch fixed the vulnerabilities, and identify additional vulnerabilities that were patched around the same time.
Видео DEF CON 26 - zerosum0x0 - Demystifying MS17 010 Reverse Engineering the ETERNAL Exploits канала DEFCONConference
Yet, how these complicated exploits work has not been made clear to most. This is due to the ETERNAL exploits taking advantage of undocumented features of the Windows kernel and the esoteric SMBv1 protocol.
This talk will condense years of research into Windows internals and the SMBv1 protocol driver. Descriptions of full reverse engineering of internal structures and all historical background info needed to understand how the exploit chains for ETERNALBLUE, ETERNALCHAMPION, ETERNALROMANCE, and ETERNALSYNERGY work will be provided.
This talk will also describe how the MS17-010 patch fixed the vulnerabilities, and identify additional vulnerabilities that were patched around the same time.
Видео DEF CON 26 - zerosum0x0 - Demystifying MS17 010 Reverse Engineering the ETERNAL Exploits канала DEFCONConference
Показать
Комментарии отсутствуют
Информация о видео
Другие видео канала
Running a Buffer Overflow Attack - Computerphile
Reverse Engineering - Computerphile
Black Hat 2013 - Exploiting Network Surveillance Cameras Like a Hollywood Hacker
The NSA Playset: A Year Of Toys And Tools
SteelCon 2018 EternalBlue: Exploit Analysis And Beyond by Emma McCall![How to write Chords and Songs in Minor [Songwriting Basics / Music Theory]](https://i.ytimg.com/vi/j-j4g0ktPGw/default.jpg)
How to write Chords and Songs in Minor [Songwriting Basics / Music Theory]
EternalBlue - MS17-010 - Manual Exploitation
Emotet trifft Heise – Einblicke in einen Trojaner-Angriff | #heiseshow (Reupload)
The Computer Chronicles - Windows 98 (1998)
Kernel Root Exploit via a ptrace() and execve() Race Condition
The Shadow Brokers - Cyber Fear Game-Changers
GreatFET: Making GoodFET Great Again
Exploiting Network Printers![Windows Native API - Roger Orr [ACCU 2019]](https://i.ytimg.com/vi/a0KozcRhotM/default.jpg)
Windows Native API - Roger Orr [ACCU 2019]
Popping a Shell with SMB Relay and Empire
What's on the Wireless? Automating RF Signal Identification
reductio ad absurdum by Christopher Domas
DEF CON 21 - Richard Thieme - The Government and UFOs A Historical Analysis
Breaking the x86 Instruction Set
DEF CON 26 - Christopher Domas - GOD MODE UNLOCKED Hardware Backdoors in redacted x86