https://cybersecpolitics.blogspot.com/2019/05/baltimore-is-not-eternalblue.html … @nicoleperlroth @riskybusiness That article is badly researched and I didn't have time to do a line by line correction, but I did some of it.
-
-
Replying to @daveaitel @zerointerupt and
If “Robin Hood” doesn’t even use ETERNALBLUE, then crucial facts like that the bug has been public for 2 years pale in comparison (as important as such facts are and remain!). You may need to dig deeper,
@nicoleperlroth and@ScottShaneNYT.1 reply 0 retweets 6 likes -
Replying to @fugueish @daveaitel and
I’m on the other side from Dave, but, we need to agree on the basics for the good of all. Please be more careful next time.
1 reply 0 retweets 5 likes -
Replying to @fugueish @daveaitel and
There’s no evidence Robbinhood did not use EternalBlue to spread in this case. They are still investigating whether this is a new variant/there were other propagation tools but multiple IR have confirmed EB’s role for lateral movement.
1 reply 0 retweets 1 like -
Replying to @nicoleperlroth @daveaitel and
“No evidence that not-X” is... not a high standard, to put it gently. But even if Dave is wrong and RH used EB, that just means we fall back to other problems with the article.
1 reply 3 retweets 6 likes -
Replying to @fugueish @daveaitel and
Nicole Perlroth Retweeted Nicole Perlroth
Nicole Perlroth added,
Nicole PerlrothVerified account @nicoleperlrothA couple points on Dave’s hit piece that our story was a “badly researched” and written to sell books: 1. There are multiple IR teams on the ground in Baltimore. Every single one has confirmed the presence of EternalBlue as a propagation tool. 1/X) Every. Single. One. https://twitter.com/daveaitel/status/1133157567243464704 …Show this thread1 reply 0 retweets 3 likes -
Replying to @nicoleperlroth @daveaitel and
Chris Palmer Retweeted Nicole Perlroth
Well, re this: https://twitter.com/nicoleperlroth/status/1133578307105054720?s=20 … Reverse engineering patches to develop exploits is 100% a real thing. It’s some people’s full-time job. I don’t know who you’re talking to, but that’s reality. Different equities would change the timeline, but not the root problem.
Chris Palmer added,
Nicole PerlrothVerified account @nicoleperlroth6. If NSA had turned the underlying 0day over to Microsoft 7+ years ago for patching, could hackers/nation states have reversed the patch and written an exploit for the underlying flaw and used it all the same? Maybe. Former TAOs have different takes than Dave on this.Show this thread2 replies 2 retweets 17 likes -
-
Replying to @nicoleperlroth @fugueish and
Chris is right on this, finding an infoleak to make a vuln reliable is just part of exploit development. I don't always agree with Dave, but this is not a matter of opinion, he's just stating a fact.
2 replies 0 retweets 18 likes -
Replying to @taviso @nicoleperlroth and
IMHO and without taking sides on the bigger discussion, it's less about the vuln itself, but more about the robustness ("NSA grade“) of the exploit: reliable, cross Windows versions, easy payload integration etc.
1 reply 0 retweets 4 likes
Sure, but that's just software engineering. You can make a flappy bird clone in an evening, but it's not going to run on much other than your desktop until you do some testing and get some bug reports. Nothing exploit specific there, that's just how sw development works?
-
-
Replying to @taviso @nicoleperlroth and
Vulnerability research takes one (very capable) man. Software engineering? It takes a village. Not to mention the maturity of code tested in the wild on many platforms for years.
1 reply 0 retweets 2 likes -
Replying to @TalBeerySec @nicoleperlroth and
Yes, but my point is there is nothing magical about what the NSA did. I don't have to make my exploits reliable, because I just want the bugs fixed. I've seen metasploit devs take my code, test more configs, versions, fix bug reports from pentesters, etc and make it "NSA grade".
1 reply 0 retweets 7 likes - 4 more replies
New conversation -
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.