Presentation: EternalBlue: Exploit Analysis and Beyond

Track: Security: Red XOR Blue Team

Location: St James, 4th flr.

Duration: 2:55pm - 3:45pm

Day of week: Monday

Level: Intermediate - Advanced

Share this on:

Abstract

In this presentation we will analyze the EternalBlue exploit that was leaked in early 2017 which was then abused to great effect throughout the year.
 
Beginning a journey into InfoSec research can be daunting. We will discuss how targeted analysis can help develop security skills while still assisting company, clients and colleagues. Even when dealing with sophisticated exploits and malware in situations such as these.
 

Question: 

What is the focus of your work today?

Answer: 

I am a cyber security analyst at riot games, working within our internal blue team. My day-to-day involves active threat hunting as part of a team of analysts looking for threats to Riot, Rioters and our player base. The Technical threat hunting can be as wide as reviewing logs from traffic entering and leaving our environment, to as narrow as specifically reviewing processes and logs from a single build server to identify any unusual activity.

A large amount of my personal development time is being channeled into Malware and Exploit Analysis based around both threats targeting Riot and those raised by the global infosec community.

The focus of my work and talk today is to cover the details of the Shadowbrokers release in 2017, as well as provide technical overview of the Eternal Blue exploit which was used in some significant cyber attacks last year, with impact felt the world over. We will also cover how professionals who are not necessarily already in the security space can develop their security related skills - this will cover mostly technical aspects - even when faced with Nation State grade exploits or Malware.

Question: 

What’s the motivation for this talk?

Answer: 

Understanding of newly released Malware and Exploits is something that I feel is severely under appreciated outside of a core group of CyberSecurity Professionals. In understanding these exploits we can build detections and provide advice to our companies and colleagues on how they can protect themselves against such risks.

I want to provide people who have an interest in security with some basic knowledge and a starting point to begin analysing and sharing data when situations like the shadowbrokers dump occurs and help develop their own skills much as I did myself.

Question: 

How you you describe the persona and level of the target audience?

Answer: 

This talk is going to cover some technical aspects of exploit and malware analysis, this will be of most use to a developer or systems administrator, however should be understandable at, at least a basic level, to anyone with a technical background. 

To get the most out of this talk, an audience member would have an interest in security and be interested in developing those skills practically.

Question: 

What do you “that” persona to walk away from your talk knowing that they might not have known 50 minutes before?

Answer: 

A person taking the most away from this talk will leave understanding the events of April 2017, having an overview of exactly what was released by the Shadowbrokers, a technical understanding of the EternalBlue exploit and an overview of various techniques that can be used to develop themselves in the cybersecurity space and join into an analysis of any other exploits or malware that could be released in future.

Speaker: Emma McCall

Security Analyst @RiotGames

As a Security Analyst at Riot Games, Emma is responsible for hunting, mitigating and analyzing threats targeting the games industry. She is also active in the security community, avidly following the release of new malware and exploits. Emma has recently produced in-depth analyses of well known examples such as EternalBlue and WannaCry. Emma has prior experience in penetration testing and vulnerability analysis, performing large scale assessments for the financial sector, online gaming, insurance, and private traders.

Find Emma McCall at

Similar Talks

Founder of SafeStack
Researcher in Information Security at Graz University of Technology
Microservice, Cloud, CI/CD Thoughtleader
Software Development Engineer @AWS Security
Co-founder @SnykSec, previously CTO @Akamai
Experiment Tech Lead & Architect @UBS

Tracks