I’m on the other side from Dave, but, we need to agree on the basics for the good of all. Please be more careful next time.
-
-
Replying to @fugueish @daveaitel and
There’s no evidence Robbinhood did not use EternalBlue to spread in this case. They are still investigating whether this is a new variant/there were other propagation tools but multiple IR have confirmed EB’s role for lateral movement.
1 reply 0 retweets 1 like -
Replying to @nicoleperlroth @daveaitel and
“No evidence that not-X” is... not a high standard, to put it gently. But even if Dave is wrong and RH used EB, that just means we fall back to other problems with the article.
1 reply 3 retweets 6 likes -
Replying to @fugueish @daveaitel and
Nicole Perlroth Retweeted Nicole Perlroth
Nicole Perlroth added,
Nicole PerlrothVerified account @nicoleperlrothA couple points on Dave’s hit piece that our story was a “badly researched” and written to sell books: 1. There are multiple IR teams on the ground in Baltimore. Every single one has confirmed the presence of EternalBlue as a propagation tool. 1/X) Every. Single. One. https://twitter.com/daveaitel/status/1133157567243464704 …Show this thread1 reply 0 retweets 3 likes -
Replying to @nicoleperlroth @daveaitel and
Chris Palmer Retweeted Nicole Perlroth
Well, re this: https://twitter.com/nicoleperlroth/status/1133578307105054720?s=20 … Reverse engineering patches to develop exploits is 100% a real thing. It’s some people’s full-time job. I don’t know who you’re talking to, but that’s reality. Different equities would change the timeline, but not the root problem.
Chris Palmer added,
Nicole PerlrothVerified account @nicoleperlroth6. If NSA had turned the underlying 0day over to Microsoft 7+ years ago for patching, could hackers/nation states have reversed the patch and written an exploit for the underlying flaw and used it all the same? Maybe. Former TAOs have different takes than Dave on this.Show this thread2 replies 2 retweets 17 likes -
-
Replying to @nicoleperlroth @fugueish and
Chris is right on this, finding an infoleak to make a vuln reliable is just part of exploit development. I don't always agree with Dave, but this is not a matter of opinion, he's just stating a fact.
2 replies 0 retweets 18 likes -
Replying to @taviso @nicoleperlroth and
There’s an interesting data point with MS17-010, the patch which fixed EternalBlue.exe exploit - it was released months beforehand, and basically nobody cared except zerosum.
2 replies 0 retweets 10 likes -
Replying to @GossiTheDog @nicoleperlroth and
There are professional teams who reverse engineer and bindiff every patch, they care about every patch - we've hired some of them. I guess you mean nobody blogged about it? That's not unusual, but doesn't mean very much.
1 reply 0 retweets 15 likes -
Replying to @taviso @nicoleperlroth and
Sure - but does anybody have any evidence this was reversed and exploit developed? Even when EternalBlue was released it took months to be picked apart - it contained never before seen things.
@zerosum0x03 replies 0 retweets 4 likes
There is no question it was reversed and reports provided to customers, as every patch out of Redmond is. I don't know if anyone asked for an exploit, but that is certainly something they could have done...
-
-
Replying to @taviso @nicoleperlroth and
Yeah. I guess the point for me which gets lost in all the dick swinging of online debate is rather than focus on the vulnerability as the problem, look at the loss of the exploit.
1 reply 0 retweets 3 likes -
Replying to @GossiTheDog @taviso and
That’s where we wound up on the show this week.
1 reply 0 retweets 1 like - 2 more replies
New conversation -
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.