Discover and read the best of Twitter Threads about #EternalBlue
Most recents (4)
RDP brute-force attacks were up again in T2 2021, with 55 billion detections – a 104% increase compared to T1 2021. #ESETreserach also saw a massive surge in #RDP attacks against Spanish entities in August, accounting for a third of global all detections that month. 1/4 
Attackers seem to have a hard time finding new #RDP targets, yet those that are already on their list are hit more aggressively, confirmed by an increase in average daily attacks per unique client, which doubled from 1,392 attempts in T1 2021 to 2,756 in T2 2021. 2/4
Password guessing was the top external network intrusion vector with 53%, followed by attempts to exploit #ProxyLogon #vulnerabilities (22%) and attempted deployment of NSA backdoor #DoublePulsar (10%). 3/4
🔥 "Hacking Tracking Pix & Macro Stomping Tricks"
📺 pscp.tv/FireEye/1djGXQ…
On this 🆕 #StateOfTheHack, @cglyer👨🏼🦲 & I break down trendy tradecraft.
Special guests:
👨🏻 Macro stomping (@a_tweeter_user)
👨🏻🦱 CVE exploitation in the trenches (@_bromiley)
👇🏼Episode Recap Thread! 🧵
📺 pscp.tv/FireEye/1djGXQ…
On this 🆕 #StateOfTheHack, @cglyer👨🏼🦲 & I break down trendy tradecraft.
Special guests:
👨🏻 Macro stomping (@a_tweeter_user)
👨🏻🦱 CVE exploitation in the trenches (@_bromiley)
👇🏼Episode Recap Thread! 🧵
We start with tracking pixels: ◻️ <spacer.gif>
We break down how marketing tools are used by attackers looking to learn more about their planned victim's behavior and system - prior to sending any first stage malware.
For some background, see this thread:
We break down how marketing tools are used by attackers looking to learn more about their planned victim's behavior and system - prior to sending any first stage malware.
For some background, see this thread:
On the show, we chatted through what we've seen as defenders but also some cool victim behavior profiling methods from our offensive security friends, like those shared by @malcomvetter 🎇:
Ok, so why learn specific Office version used? ...
Ok, so why learn specific Office version used? ...
#Campaign in tweets - @Guardicore Labs in a new tradition; we find the attacks, you get to know them and learn the attackers' tricks and techniques. This time, let's get familiarized with "Lemon_Duck", a #cryptomining campaign involving a sophisticated #propagation tool. 🍋🦆
Before we start: all scripts, binaries and IOCs are available on our github repository. In addition, malicious IPs, attack servers and domains appear on @Guadicore Cyber Threat Intelligence portal. You're welcome to take a look :)
threatintelligence.guardicore.com/?utm_medium=or…
github.com/guardicore/lab…
threatintelligence.guardicore.com/?utm_medium=or…
github.com/guardicore/lab…
Lemon_Duck starts by breaching machines over the #MSSQL service or the #SMB protocol. We'll focus on the MS-SQL flow. Once inside the machine, the attacker enables #xp_cmdshell to run shell commands. It will take only a single command line to trigger the rest of the attack.
I've had a few people mention to me the "lack" of oversight on NSA and the #EternalBlue losses that are now being used by adversaries to hack Baltimore, etc.
I have some thoughts on the public outcry on this point & the challenges of oversight.
I have some thoughts on the public outcry on this point & the challenges of oversight.
NSA and its activities are overseen by the House and Senate Intelligence committees, that do their work in behind closed doors, in SCIFs, because most of the subject matter is classified at very high levels (TS/SCI). This means deliberations are not public.
The lack of public oversight means that outside observers like @KimZetter, the ACLU, CDT, or even now, myself, have little insight into the conversations that happen between the NSA & HPSCI and SSCI. We don't know if the NSA gets raked over the coals, or pats on the back.
