Presentation: EternalBlue: Exploit Analysis and Beyond
Share this on:
Abstract
In this presentation we will analyze the EternalBlue exploit that was leaked in early 2017 which was then abused to great effect throughout the year.
Beginning a journey into InfoSec research can be daunting. We will discuss how targeted analysis can help develop security skills while still assisting company, clients and colleagues. Even when dealing with sophisticated exploits and malware in situations such as these.
What is the focus of your work today?
I am a cyber security analyst at riot games, working within our internal blue team. My day-to-day involves active threat hunting as part of a team of analysts looking for threats to Riot, Rioters and our player base. The Technical threat hunting can be as wide as reviewing logs from traffic entering and leaving our environment, to as narrow as specifically reviewing processes and logs from a single build server to identify any unusual activity.
A large amount of my personal development time is being channeled into Malware and Exploit Analysis based around both threats targeting Riot and those raised by the global infosec community.
The focus of my work and talk today is to cover the details of the Shadowbrokers release in 2017, as well as provide technical overview of the Eternal Blue exploit which was used in some significant cyber attacks last year, with impact felt the world over. We will also cover how professionals who are not necessarily already in the security space can develop their security related skills - this will cover mostly technical aspects - even when faced with Nation State grade exploits or Malware.
What’s the motivation for this talk?
Understanding of newly released Malware and Exploits is something that I feel is severely under appreciated outside of a core group of CyberSecurity Professionals. In understanding these exploits we can build detections and provide advice to our companies and colleagues on how they can protect themselves against such risks.
I want to provide people who have an interest in security with some basic knowledge and a starting point to begin analysing and sharing data when situations like the shadowbrokers dump occurs and help develop their own skills much as I did myself.
How you you describe the persona and level of the target audience?
This talk is going to cover some technical aspects of exploit and malware analysis, this will be of most use to a developer or systems administrator, however should be understandable at, at least a basic level, to anyone with a technical background.
To get the most out of this talk, an audience member would have an interest in security and be interested in developing those skills practically.
What do you “that” persona to walk away from your talk knowing that they might not have known 50 minutes before?
A person taking the most away from this talk will leave understanding the events of April 2017, having an overview of exactly what was released by the Shadowbrokers, a technical understanding of the EternalBlue exploit and an overview of various techniques that can be used to develop themselves in the cybersecurity space and join into an analysis of any other exploits or malware that could be released in future.
Similar Talks
Tracks
Monday, 5 March
-
Leading Edge Backend Languages
Code the future! How cutting-edge programming languages and their more-established forerunners can help solve today and tomorrow’s server-side technical problems.
-
Security: Red XOR Blue Team
Security from the defender's AND the attacker's point of view
-
Microservices/ Serverless: Patterns and Practices
Stories of success and failure building modern service and function-based applications, including event sourcing, reactive, decomposition, & more.
-
Stream Processing in the Modern Age
Compelling applications of stream processing & recent advances in the field
-
DevEx: The Next Evolution of DevOps
Removing friction from the developer experience.
-
Modern CS in the Real World
Applied trends in Computer Science that are likely to affect Software Engineers today.
-
Speaker AMAs (Ask Me Anything)
Tuesday, 6 March
-
Next Gen Banking: It’s not all Blockchains and ICOs
Great technologies like Blockchain, smartphones and biometrics must not be limited to just faster banking, but better banking.
-
Observability: Logging, Alerting and Tracing
Observability in modern large distributed computer systems
-
Building Great Engineering Cultures & Organizations
Stories of cultural change in organizations
-
Architectures You've Always Wondered About
Topics like next-gen architecture mixed with applied use cases found in today's large-scale systems, self-driving cars, network routing, scale, robotics, cloud deployments, and more.
-
The Practice & Frontiers of AI
Learn about machine learning in practice and on the horizon
-
JavaScript and Beyond: The Future of the Frontend
Exploring the great frontend frameworks that make JavaScript so popular and theg JavaScript-based languages revolutionising frontend development.
-
Speaker AMAs (Ask Me Anything)
Wednesday, 7 March
-
Distributed Stateful Systems
Architecting and leveraging NoSQL revisitied
-
Operating Systems: LinuxKit, Unikernels, & Beyond
Applied, practical, & real-world deep-dive into industry adoption of OS, containers and virtualisation, including Linux on Windows, LinuxKit, and Unikernels
-
Architecting for Failure
If you're not architecting for failure you're heading for failure
-
Evolving Java and the JVM: Mobile, Micro and Modular
Although the Java language is holding strong as a developer favourite, new languages and paradigms are being embraced on JVM.
-
Tech Ethics in Action
Learning from the experiences of real-world companies driving technology decisions from ethics as much as technology.
-
Bare Knuckle Performance
Killing latency and getting the most out of your hardware
-
Speaker AMAs (Ask Me Anything)