- Nov 29, 2011
Enter EternalBlue and it's spawn, DoublePulsar. These tools are part of a nasty piece of kit recently released by the Shadow Brokers, giving Nation State power to cyber criminals around the globe. Essentially, this kit enables attackers to exploit ancient vulnerabilities present in operating systems from Windows XP to Server 2008. EternalBlue works by exploiting a remote code-execution bug in the latest version of Windows 2008 R2 (and everything prior) using the server message block and NetBT protocols. Once EternalBlue's handywork is complete, DoublePulsar steps in and establishes a comand and control (C2) channel using previously obscure features built in to SMB. Once a C2 channel is established an attacker is free to wreak as much havoc as they can handle.