In April 2017, The Shadow Brokers release a collection of hacking tools
belonging to the Equation group, one of the more sophisticated nation-state
threat actors known to date. This collection contained several zero-day
exploits some of which targeted Windows OS.
The good thing is that Microsoft was able to patch its supported OSes before
the tools were made available to the general public. The bad side is that some
of these exploits also work on obsolete OSes such as Windows XP and Server
2003, and those will never be patched by Microsoft.
According to Bloomberg Businessweek, by April 27th nearly half a million
computers were found to be infected by these tools. As a security vendor, this
made us consider the need to patch also the legacy systems.
In this talk we’ll showcase the tradecraft of a nation-state threat actor and
present our research of the April leak:
• Technical analysis of the SMB exploit, EternalBlue
• Description of the DoublePulsar backdoor - including bugs we found in this
backdoor and how it differs from other backdoors.
• A patch for legacy OS that we made freely available to the public.