-
With Sysmon logging &
@markus_neis' Sigma rule you can detects non-standard programs connecting to RDP port 3389/tcp e.g. malware exploiting#CVE20190708 to spread within a network https://github.com/Neo23x0/sigma/blob/master/rules/windows/sysmon/sysmon_susp_rdp.yml …pic.twitter.com/WmBqKkxD8U
-
#bluekeep#cve20190708#exploit RDP from patch to remote code execution.pdf from tecent keenlab UAF -> heap spray -> get EIP https://github.com/blackorbird/APT_REPORT/blob/master/exploit_report/%23bluekeep%20RDP%20from%20patch%20to%20remote%20code%20execution.pdf …pic.twitter.com/ZKeWrCQ04z
-
New Release - CANVAS 7.23: This release features a new module for the RDP exploit, BLUEKEEP. Check out our video demonstration here: https://vimeo.com/349688256/aecbf5cac5 …
#bluekeep#cve20190708#exploit -
Regarding the RDP Vulnerability: we know that well-kept and patch management integrated systems will be patched in time - it's the unmanaged or embedded system that'll break everyone's neck
#KB4493472#CVE20190708 https://threatpost.com/microsoft-patches-zero-day/144742/ … Advisory https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0708 …pic.twitter.com/Y5Hx1WNUgM
-
hunt for
#BlueKeep exploitation for deployment of#monero miner using http://uncoder.io the first#sigma on the list p.s. did you know it has a color theme switcher? ;-)#CVE20190708 pic.twitter.com/ZPZALMvbwl
-
#sigma on Possible#Monero#Miner Delivery via#BlueKeep Exploit#CVE20190708 (CVE-2019–0708) free / community access at https://tdm.socprime.com/tdm/info/3Gl8cEMqsE25/?p=1 … working on adding it to uncoderpic.twitter.com/LM49NqNgIz
-
I cracked them, they are just a fake tool and rely on EternalBlue. Maybe I will publish the source code as soon as possible. ------------------------
#cve20190708#exploit#BlueKeeppic.twitter.com/HNZZ5uCNyC
Prikaži ovu nit -
Our exploit of the day is
#Bluekeep the#CVE20190708 ! One of the most critical vulnerabilities of 2019! Read all about it: https://blog.firosolutions.com/exploits/bluekeep/ … -
Just created a simple RDP (3389/tcp)
#honeypot to detect#bluekeep#CVE20190708 attacks/worms... Hope your IP is not listed here. Should I use#kibana and#elasticsearch to visualise the data?pic.twitter.com/8DuOfcfhKr
Prikaži ovu nit -
I've just tested it on our LAN. Very useful as it shows the need of a reboot to apply the patch. I couldn't get this info with
#LanSweeper Thanks@ErrataRob#CVE20190708#BlueKeep -
[
#Report] STM Siber Füzyon Merkezimiz tarafından incelenerek bilgi notu hazırlanan “CVE-2019-0708(BlueKeep) Zafiyet İncelemesi” yayında; http://bit.ly/2HFQjnF#CVE20190708#BlueKeep#STMCyberpic.twitter.com/J1ZLxZsMIr
-
https://youtu.be/kz0LZhXCkk8 video overview of
#CVE20190708 detection rule pack using#ArcSight https://tdm.socprime.com/tdm/info/2160/ pic.twitter.com/QwZF0HFSku
-
#Cybersecurity:#Microsoft says, "Prevent a#Worm by updating#RemoteDesktopServices (#CVE20190708)" https://blogs.technet.microsoft.com/msrc/2019/05/14/prevent-a-worm-by-updating-remote-desktop-services-cve-2019-0708/ … via@Microsoft "This#vuln is pre-#authentication & requires no user interaction. In other words, the#vulnerability is ‘#wormable’"#Hackers#Infosecpic.twitter.com/g14JPillNZ -
Stop yours fake poc/EXP operation !
#CVE20190708 -
There is currently no reliable way to detect CVE-2019-0708 over the network, but you CAN scan for the absence of NLA using
@nmap: nmap -p 3389 --script rdp-enum-encryption ipaddr. This can imply an affected version because later versions enable NLA by default.#CVE20190708Prikaži ovu nit -
CVE-2019-0708(aka BlueKeep) PoC demo image. Cc
@syrius_bughunt Microsoft RDP(Remote Desktop Protocol) RCE Calc.exe pwned! - Windows 7, Windows Server 2K3, Windows Server 2K8#RCE#RDP#BlueKeep,#KB4493472#CVE20190708 https://github.com/syriusbughunt/CVE-2019-0708/ … -
Oh, your satelites are running Windows? ;)
#CVE20190708
Erstes 
Čini se da učitavanje traje već neko vrijeme.
Twitter je možda preopterećen ili ima kratkotrajnih poteškoća u radu. Pokušajte ponovno ili potražite dodatne informacije u odjeljku Status Twittera.