EternalSilence: Why your router may be at risk from this NSA tool

14 de January de 2019 Por

Today’s article is courtesy of John Mason, co-founder of  TheBestVPN.com and writer at TripwireStaySafeOnline, DigitalGuardian y Educause. You can find him on twitter as @JohnCyberMason.

Do you trust your router to keep you safe from hackers and spies? You may want to take another look just to make sure.

Akamai recently discovered a malware campaign that has already compromised over 45,113 home and office routers. This was done using a tool based on the United States of America’s NSA hacking tools which were leaked online in 2017. To explain how hackers use this tool to turn your router into a proxy server, we first have to understand how UPnP works.

UPnP is a protocol that eases device and service discovery as well as the configuration of consumer devices and networks. Its primary purpose was to allow devices on a LAN to automatically expose services and functionality other devices on the local network.

[Read more…]

Shadow Brokers: exploiting Eternalblue + Doublepulsar

23 de May de 2017 Por

(Just one month after publishing this post in spanish, these exploits were used in conjunction with the WanaCry ransomware to perform one of the largest worldwide cyber attacks of the last few years.
Hundreds of companies (Hospitals too) were compromised and all their data was encrypted.)

A few days ago the news broke out that the group Shadow Brokers had released a new batch of exploits of the NSA. As if this were not enough, in the github where the exploits are there is also information on how to attack the banking systems.

The vast majority of published exploits make compromising a Windows system childlike and almost as we see in movies, since they are several 0-day (now patched by Microsoft) that attack the SMB protocol in all its versions.

Of all the exploits available, the one that has drawn the most attention to the community has been the combo called Eternalblue + Doublepulsar. In this post we will explain how to deploy a test environment where you can test the exploits.

(Editor’s note: Needless to say, the information is provided for informational and didactic purposes in order to collaborate in improving the knowledge of cybersecurity technicians. Cybercriminals do not need anyone to teach them how to use exploits, and to those unsuspecting scriptkiddies who think of playing cybercriminals, well, good luck in the courts).
[Read more…]