https://cybersecpolitics.blogspot.com/2019/05/baltimore-is-not-eternalblue.html … @nicoleperlroth @riskybusiness That article is badly researched and I didn't have time to do a line by line correction, but I did some of it.
-
-
Replying to @daveaitel @zerointerupt and
If “Robin Hood” doesn’t even use ETERNALBLUE, then crucial facts like that the bug has been public for 2 years pale in comparison (as important as such facts are and remain!). You may need to dig deeper,
@nicoleperlroth and@ScottShaneNYT.1 reply 0 retweets 6 likes -
Replying to @fugueish @daveaitel and
I’m on the other side from Dave, but, we need to agree on the basics for the good of all. Please be more careful next time.
1 reply 0 retweets 5 likes -
Replying to @fugueish @daveaitel and
There’s no evidence Robbinhood did not use EternalBlue to spread in this case. They are still investigating whether this is a new variant/there were other propagation tools but multiple IR have confirmed EB’s role for lateral movement.
1 reply 0 retweets 1 like -
Replying to @nicoleperlroth @daveaitel and
“No evidence that not-X” is... not a high standard, to put it gently. But even if Dave is wrong and RH used EB, that just means we fall back to other problems with the article.
1 reply 3 retweets 6 likes -
Replying to @fugueish @daveaitel and
Nicole Perlroth Retweeted Nicole Perlroth
Nicole Perlroth added,
Nicole PerlrothVerified account @nicoleperlrothA couple points on Dave’s hit piece that our story was a “badly researched” and written to sell books: 1. There are multiple IR teams on the ground in Baltimore. Every single one has confirmed the presence of EternalBlue as a propagation tool. 1/X) Every. Single. One. https://twitter.com/daveaitel/status/1133157567243464704 …Show this thread1 reply 0 retweets 3 likes -
Replying to @nicoleperlroth @daveaitel and
Chris Palmer Retweeted Nicole Perlroth
Well, re this: https://twitter.com/nicoleperlroth/status/1133578307105054720?s=20 … Reverse engineering patches to develop exploits is 100% a real thing. It’s some people’s full-time job. I don’t know who you’re talking to, but that’s reality. Different equities would change the timeline, but not the root problem.
Chris Palmer added,
Nicole PerlrothVerified account @nicoleperlroth6. If NSA had turned the underlying 0day over to Microsoft 7+ years ago for patching, could hackers/nation states have reversed the patch and written an exploit for the underlying flaw and used it all the same? Maybe. Former TAOs have different takes than Dave on this.Show this thread2 replies 2 retweets 17 likes -
-
Replying to @nicoleperlroth @fugueish and
Chris is right on this, finding an infoleak to make a vuln reliable is just part of exploit development. I don't always agree with Dave, but this is not a matter of opinion, he's just stating a fact.
2 replies 0 retweets 18 likes -
Replying to @taviso @nicoleperlroth and
There’s an interesting data point with MS17-010, the patch which fixed EternalBlue.exe exploit - it was released months beforehand, and basically nobody cared except zerosum.
2 replies 0 retweets 10 likes
There are professional teams who reverse engineer and bindiff every patch, they care about every patch - we've hired some of them. I guess you mean nobody blogged about it? That's not unusual, but doesn't mean very much.
-
-
Replying to @taviso @nicoleperlroth and
Sure - but does anybody have any evidence this was reversed and exploit developed? Even when EternalBlue was released it took months to be picked apart - it contained never before seen things.
@zerosum0x03 replies 0 retweets 4 likes -
Replying to @GossiTheDog @taviso and
What evidence would there be? Is there any evidence the NSA used or even had the exploit before it was leaked?
1 reply 0 retweets 4 likes - 5 more replies
New conversation -
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.