Loading…
This event has ended. View the official site or create your own event → Check it out
This event has ended. Create your own
View analytic
Tuesday, July 25 • 19:00 - 19:25
The Attack Chain Of A Nation-State (Equation Group)

Sign up or log in to save this to your schedule and see who's attending!

Feedback form is now closed.
In April 2017, The Shadow Brokers release a collection of hacking tools belonging to the Equation group, one of the more sophisticated nation-state threat actors known to date. This collection contained several zero-day exploits some of which targeted Windows OS.
The good thing is that Microsoft was able to patch its supported OSes before the tools were made available to the general public. The bad side is that some of these exploits also work on obsolete OSes such as Windows XP and Server 2003, and those will never be patched by Microsoft.
According to Bloomberg Businessweek, by April 27th nearly half a million computers were found to be infected by these tools. As a security vendor, this made us consider the need to patch also the legacy systems.
In this talk we’ll showcase the tradecraft of a nation-state threat actor and present our research of the April leak:
• Technical analysis of the SMB exploit, EternalBlue
• Description of the DoublePulsar backdoor - including bugs we found in this backdoor and how it differs from other backdoors.
• A patch for legacy OS that we made freely available to the public.

Presenters
avatar for Tal Liberman

Tal Liberman

Security Research Team Leader, enSilo
Tal has a strong interest in cyber-security, mainly focusing around OS-internals, reverse-engineering and low-level research. As a cyber security research team lead at enSilo, Tal’s team is responsible for reverse engineering OS internals, exploits, and malware and integrating... Read More →
OM

Omri Misgav

Security Researcher, enSilo
Omri has participated in R&D of large-scale defensive security solutions and did low-level research while taking part of an incident response team. As a security researcher at enSilo he digs into OS internals and exploits, as well as reverse engineering of malware. Omri is intrig... Read More →


Tuesday July 25, 2017 19:00 - 19:25
Underground (Florentine E) 255 E Flamingo Rd, Las Vegas, NV 89169