Market Overview

RiskSense Security Analyst will Deconstruct Windows ETERNAL Exploits in DEF CON 26 Session

Share:

Sean Dillon to Present Years of Reverse Engineering Research that
Sheds Light on WannaCry, NotPetya and Olympic Destroyer Pandemics, and
the Massive MS17-010 Patch

RiskSense®, Inc.,
the pioneer in intelligent threat and vulnerability management, today
announced that senior security analyst and Windows kernel expert Sean
Dillon will present a session on the notorious ETERNAL exploits at DEF
CON 26 on August 12 in Las Vegas.

   

WHO:

Sean Dillon (aka @zerosum0x0), senior security analyst at RiskSense,
has years of experience in penetration testing, exploit reverse
engineering and malware research especially around the Microsoft
Windows kernel. Sean is a co-author of the ETERNALBLUE and other
MS17-010 Metasploit exploit modules. He was the first to publish a
reverse engineering analysis of the DOUBLEPULSAR SMB backdoor. Sean
has taught workshops on Windows internals at DEF CON and to
government agencies.
 

WHAT:

MS17-010 is one of the most important patches in the history of
operating systems, fixing multiple remote code execution
vulnerabilities in the Microsoft Windows platform. The ETERNAL
exploits, written by the Equation Group and made public by the
Shadow Brokers, have been used in some of the most damaging cyber
attacks in recent years including WannaCry, NotPetya, Olympic
Destroyer and others. In this talk, "Demystifying MS17-010: Reverse
Engineering the ETERNAL Exploits," Sean will condense years of his
research to explain how these exploits take advantage of
undocumented features of the Windows kernel and the esoteric SMBv1
protocol. He will discuss how the exploit chains for ETERNALBLUE,
ETERNALCHAMPION, ETERNALROMANCE, and ETERNALSYNERGY work, and are
addressed, along with additional vulnerabilities, by the MS17-010
patch. He will also provide best practices for protecting Windows
systems from future exploits.
 

WHEN:

Sunday, August 12, 2018 at 11:00 AM PDT in Track 3
 

WHERE:

DEF CON 26, Caesar's Palace, Las Vegas, NV
 

HOW:

To schedule a conversation with Sean Dillon, contact Marc Gendron
at marc@mgpr.net or +1
781.237.0341. For more information, visit: https://www.defcon.org/html/defcon-26/dc-26-speakers.html#Zerosum0x0.

About RiskSense

RiskSense®, Inc. is the pioneer in intelligent threat and
vulnerability management. The company provides enterprises and
governments clear visibility into their entire attack surface, including
attack susceptibility and validation, as well as quantification of risks
based on operational data.

The RiskSense Software-as-a-Service (SaaS) platform unifies and
contextualizes internal security intelligence, external threat data and
business criticality to transform your cyber risk management into a more
proactive, collaborative, and real-time discipline. It embodies hands-on
expertise gained from defending critical government and commercial
networks from the world's most dangerous cyber adversaries.

By leveraging RiskSense threat and vulnerability management solutions,
organizations can significantly shorten time-to-remediation, increase
operational efficiency, strengthen their security programs, heighten
response readiness, reduce costs, and ultimately reduce the attack
surface and minimize cyber risks. For more information, please visit www.risksense.com
or follow us on Twitter at @RiskSense.

View Comments and Join the Discussion!