This is an incident response analysis assignment done for Noroff University. It is done on the m57.biz data set from Digital Corpora.
Tag: Analysis
This was an assessment written for Noroff University, doing network analysis and threat hunting
This is a written assignment for Noroff University on the EternalBlue exploit.
Introduction
EternalBlue is an exploit, developed by the National Security Agency (NSA). It was leaked by a hacker group known as the Shadow Brokers on April 14th, 2017. The exploit was one of over twenty professional and advanced hacking tools leaked. It exploited a zero-day vulnerability in almost every Windows version prior to Windows 8, a flaw in the Server Message Block (SMB). The exploit allows for privilege escalation, lateral movement, and arbitrary code execution on vulnerable machines.
EternalBlue exploits a memory overflow in the srv2.sys driver in the SMB protocol, specifically a Non-Paged Pool overflow. It accomplishes this through a malformed header in the NT Trans2 packet header. The malformed header includes a pointer that points to the section of memory that holds the embedded shell-code, and by gaining control of the execution flow of the srv2.sys driver, the exploit is able to redirect it to the embedded shell-code that allows for the execution of the payload.
Is there more to the moon of Pandora than the pretty landscapes and the beautiful wildlife that inhabits it? What if beneath the crust of this lush moon, there hides something truly terrifying? Something that’s beyond any of us, an existential curiosity. It all begins with the reason for humanities arrival on the moon in the first place.