#eternalblue — Public Fediverse posts on home.social

Habr @[email protected] · 2025-03-19 · 08:42 UTC

Potatoes, EternalBlue, PrintNightmare: способы детектирования уязвимостей протокола SMB

Всем привет! Меня зовут Влад Кузнецов, я аналитик SOC в К2 Кибербезопасность . SMB — один из самых распространенных протоколов сетевой коммуникации для безопасного управления файлами и различными службами удаленного сервера. Несмотря на свою незаменимость, протокол SMB может быть отличной лазейкой для хакерских атак. В этой статье я расскажу о принципах эксплуатации и способах детектирования таких уязвимостей, как Potatoes, EternalBlue, PrintNightmare, а также о скрипте SMBExec. В конце материала вы найдете подробную информацию о настройке политик расширенного аудита и список общих рекомендаций по локализации и устранению уязвимостей, связанных с протоколом SMB.

https://habr.com/ru/companies/k2tech/articles/892202/

#smb #smb_протокол #уязвимости #уязвимость #rottenpotato #eternalblue #printnightmare #сетевой_протокол #кибербезопасность #информационная_безопасность

#информационная_безопасность #кибербезопасность #сетевой_протокол #printnightmare #eternalblue #rottenpotato

Geekmaster 👽:system76: @[email protected] · 2022-12-29 · 01:39 UTC

Also be sure to turn on these monitoring policies in #DefenderForCloudApps so you can #CatchTheHacker before they get too deep, whether you switch to #Kerberos or not. #NetworkSegregation is also a great #LayeredDefense method to ensure if one system is compromised the attacker can't use #SMBtraversal to get to all your computers, globally. #EternalBlue source code is still being used to get to #DCs via #Trikbot evolutions, after #Phishing a user with #LocalAdmin privileges, to execute #mimikatz against #ActiveDirectory to steal all the objects. #YesThisHappened

#defenderforcloudapps #catchthehacker #kerberos #networksegregation #layereddefense #smbtraversal

Geekmaster 👽:system76: @[email protected] · 2022-12-29 · 01:39 UTC

Also be sure to turn on these monitoring policies in #DefenderForCloudApps so you can #CatchTheHacker before they get too deep, whether you switch to #Kerberos or not. #NetworkSegregation is also a great #LayeredDefense method to ensure if one system is compromised the attacker can't use #SMBtraversal to get to all your computers, globally. #EternalBlue source code is still being used to get to #DCs via #Trikbot evolutions, after #Phishing a user with #LocalAdmin privileges, to execute #mimikatz against #ActiveDirectory to steal all the objects. #YesThisHappened

#defenderforcloudapps #catchthehacker #kerberos #networksegregation #layereddefense #smbtraversal

Geekmaster 👽:system76: @[email protected] · 2022-12-29 · 01:39 UTC

Also be sure to turn on these monitoring policies in #DefenderForCloudApps so you can #CatchTheHacker before they get too deep, whether you switch to #Kerberos or not. #NetworkSegregation is also a great #LayeredDefense method to ensure if one system is compromised the attacker can't use #SMBtraversal to get to all your computers, globally. #EternalBlue source code is still being used to get to #DCs via #Trikbot evolutions, after #Phishing a user with #LocalAdmin privileges, to execute #mimikatz against #ActiveDirectory to steal all the objects. #YesThisHappened

#defenderforcloudapps #catchthehacker #kerberos #networksegregation #layereddefense #smbtraversal

Geekmaster 👽:system76: @[email protected] · 2022-12-29 · 01:39 UTC

Also be sure to turn on these monitoring policies in #DefenderForCloudApps so you can #CatchTheHacker before they get too deep, whether you switch to #Kerberos or not. #NetworkSegregation is also a great #LayeredDefense method to ensure if one system is compromised the attacker can't use #SMBtraversal to get to all your computers, globally. #EternalBlue source code is still being used to get to #DCs via #Trikbot evolutions, after #Phishing a user with #LocalAdmin privileges, to execute #mimikatz against #ActiveDirectory to steal all the objects. #YesThisHappened

#defenderforcloudapps #catchthehacker #kerberos #networksegregation #layereddefense #smbtraversal

Astra Kernel :verified: @[email protected] · 2022-12-19 · 20:48 UTC

✨ CVE-2022-37958:
Critical Windows code-execution vulnerability went undetected until now

▶️ Potential to rival EternalBlue

▶️ Wormable

▶️ Unlike EternalBlue, Vulnerability present in a much broader range of network protocols

▶️ Good news: patch was released in September. hopefully all of us applied it

https://arstechnica.com/information-technology/2022/12/critical-windows-code-execution-vulnerability-went-undetected-until-now/

#infosec #eternalblue #patching #securityadvisory #sysadmin #blueteam #windowsvulnerability

#infosec #eternalblue #patching #securityadvisory #sysadmin #blueteam

IT News @[email protected] · 2019-05-28 · 17:50 UTC

Eternally Blue: Baltimore City leaders blame NSA for ransomware attack - Enlarge / Baltimore: An IT disaster area? (credit: Cyndi Monaghan via Getty Images)
The mayor an... more: https://arstechnica.com/?p=1511339 #baltimorecityransomware #nationalsecurityagency #shadowbrokers #eternalblue #microsoft #windows #biz&it #policy #nsa

#nsa #policy #biz #windows #microsoft #eternalblue

jotbe @[email protected] · 2019-05-26 · 07:51 UTC

In Baltimore and Beyond, a Stolen N.S.A. Tool Wreaks Havoc - https://www.nytimes.com/2019/05/25/us/nsa-hacking-tool-baltimore.html #rr […] “There are warehouses of kids overseas firing off phishing emails,” […] like thugs shooting military-grade weapons at random targets. […] #EternalBlue #NSA #ShadowBrokers

#shadowbrokers #nsa #eternalblue #rr