TMCnet News

RiskSense Security Analyst will Deconstruct Windows ETERNAL Exploits in DEF CON 26 Session
[August 12, 2018]

RiskSense Security Analyst will Deconstruct Windows ETERNAL Exploits in DEF CON 26 Session


RiskSense®, Inc., the pioneer in intelligent threat and vulnerability management, today announced that senior security analyst and Windows kernel expert Sean Dillon will present a session on the notorious ETERNAL exploits at DEF CON 26 on August 12 in Las Vegas.





   

WHO:

Sean Dillon (aka @zerosum0x0), senior security analyst at RiskSense, has years of experience in penetration testing, exploit reverse engineering and malware research especially around the Microsoft (News - Alert) Windows kernel. Sean is a co-author of the ETERNALBLUE and other MS17-010 Metasploit exploit modules. He was the first to publish a reverse engineering analysis of the DOUBLEPULSAR SMB backdoor. Sean has taught workshops on Windows internals at DEF CON and to government agencies.
 

WHAT:

MS17-010 is one of the most important patches in the history of operating systems, fixing multiple remote code execution vulnerabilities in the Microsoft Windows platform. The ETERNAL exploits, written by the Equation Group and made public by the Shadow Brokers, have been used in some of the most damaging cyber attacks in recent years including WannaCry, NotPetya, Olympic Destroyer and others. In this talk, "Demystifying MS17-010: Reverse Engineering the ETERNAL Exploits," Sean will condense years of his research to explain how these exploits take advantage of undocumented features of the Windows kernel and the esoteric SMBv1 protocol. He will discuss how the exploit chains for ETERNALBLUE, ETERNALCHAMPION, ETERNALROMANCE, and ETERNALSYNERGY work, and are addressed, along with additional vulnerabilities, by the MS17-010 patch. He will also provide best practices for protecting Windows systems from future exploits.
 

WHEN:

Sunday, August 12, 2018 at 11:00 AM PDT in Track 3
 

WHERE:

DEF CON 26, Caesar's Palace, Las Vegas, NV
 

HOW:

To schedule a conversation with Sean Dillon, contact Marc Gendron at [email protected] or +1 781.237.0341. For more information, visit: https://www.defcon.org/html/defcon-26/dc-26-speakers.html#Zerosum0x0.


About RiskSense

RiskSense®, Inc. is the pioneer in intelligent threat and vulnerability management. The company provides enterprises and governments clear visibility into their entire attack surface, including attack susceptibility and validation, as well as quantification of risks based on operational data.

The RiskSense Software-as-a-Service (SaaS (News - Alert)) platform unifies and contextualizes internal security intelligence, external threat data and business criticality to transform your cyber risk management into a more proactive, collaborative, and real-time discipline. It embodies hands-on expertise gained from defending critical government and commercial networks from the world's most dangerous cyber adversaries.

By leveraging RiskSense threat and vulnerability management solutions, organizations can significantly shorten time-to-remediation, increase operational efficiency, strengthen their security programs, heighten response readiness, reduce costs, and ultimately reduce the attack surface and minimize cyber risks. For more information, please visit www.risksense.com or follow us on Twitter (News - Alert) at @RiskSense.


[ Back To TMCnet.com's Homepage ]