Discover and read the best of Twitter Threads about #ETERNALBLUE

Most recents (4)

RDP brute-force attacks were up again in T2 2021, with 55 billion detections – a 104% increase compared to T1 2021. #ESETreserach also saw a massive surge in #RDP attacks against Spanish entities in August, accounting for a third of global all detections that month. 1/4 Image
Attackers seem to have a hard time finding new #RDP targets, yet those that are already on their list are hit more aggressively, confirmed by an increase in average daily attacks per unique client, which doubled from 1,392 attempts in T1 2021 to 2,756 in T2 2021. 2/4 Image
Password guessing was the top external network intrusion vector with 53%, followed by attempts to exploit #ProxyLogon #vulnerabilities (22%) and attempted deployment of NSA backdoor #DoublePulsar (10%). 3/4 Image
Read 5 tweets
🔥 "Hacking Tracking Pix & Macro Stomping Tricks"
📺 pscp.tv/FireEye/1djGXQ…

On this 🆕 #StateOfTheHack, @cglyer👨🏼‍🦲 & I break down trendy tradecraft.

Special guests:
👨🏻 Macro stomping (@a_tweeter_user)
👨🏻‍🦱 CVE exploitation in the trenches (@_bromiley)

👇🏼Episode Recap Thread! 🧵
We start with tracking pixels: ◻️ <spacer.gif>
We break down how marketing tools are used by attackers looking to learn more about their planned victim's behavior and system - prior to sending any first stage malware.
For some background, see this thread:
On the show, we chatted through what we've seen as defenders but also some cool victim behavior profiling methods from our offensive security friends, like those shared by @malcomvetter 🎇:

Ok, so why learn specific Office version used? ...
Read 11 tweets
#Campaign in tweets - @Guardicore Labs in a new tradition; we find the attacks, you get to know them and learn the attackers' tricks and techniques. This time, let's get familiarized with "Lemon_Duck", a #cryptomining campaign involving a sophisticated #propagation tool. 🍋🦆
Before we start: all scripts, binaries and IOCs are available on our github repository. In addition, malicious IPs, attack servers and domains appear on @Guadicore Cyber Threat Intelligence portal. You're welcome to take a look :)
threatintelligence.guardicore.com/?utm_medium=or…
github.com/guardicore/lab…
Lemon_Duck starts by breaching machines over the #MSSQL service or the #SMB protocol. We'll focus on the MS-SQL flow. Once inside the machine, the attacker enables #xp_cmdshell to run shell commands. It will take only a single command line to trigger the rest of the attack.
Read 12 tweets
I've had a few people mention to me the "lack" of oversight on NSA and the #EternalBlue losses that are now being used by adversaries to hack Baltimore, etc.

I have some thoughts on the public outcry on this point & the challenges of oversight.
NSA and its activities are overseen by the House and Senate Intelligence committees, that do their work in behind closed doors, in SCIFs, because most of the subject matter is classified at very high levels (TS/SCI). This means deliberations are not public.
The lack of public oversight means that outside observers like @KimZetter, the ACLU, CDT, or even now, myself, have little insight into the conversations that happen between the NSA & HPSCI and SSCI. We don't know if the NSA gets raked over the coals, or pats on the back.
Read 10 tweets

Related hashtags

Did Thread Reader help you today?

Support us! We are indie developers!


This site is made by just two indie developers on a laptop doing marketing, support and development! Read more about the story.

Become a Premium Member ($3.00/month or $30.00/year) and get exclusive features!

Become Premium

Too expensive? Make a small donation by buying us coffee ($5) or help with server cost ($10)

Donate via Paypal Become our Patreon

Thank you for your support!