contact us

Sean Dillon will Expand on his DEF CON Talk with Full Report on his Research into the Source of WannaCry and NotPetya Ransonware Pandemics

SUNNYVALE , Calif. – Sep. 26, 2018 – RiskSense®, Inc., pioneering risk-based vulnerability prioritization and management, today announced that senior security analyst and Windows kernel expert Sean Dillon will present a deep dive session on the high-profile NSA ETERNAL exploits at DerbyCon 8.0 in Louisville, Kentucky.

WHO: Sean Dillon (aka @zerosum0x0), senior security analyst at RiskSense, has years of experience in penetration testing, exploit reverse engineering and malware research especially around the Microsoft Windows kernel. Sean is a co-author of the ETERNALBLUE and other MS17-010 Metasploit exploit modules. He was the first to publish a reverse engineering analysis of the DOUBLEPULSAR SMB backdoor. Sean has taught workshops on Windows internals at DEF CON and to government agencies.

WHAT: At DEF CON 26, Sean presented preliminary findings from his reverse engineering of the Windows ETERNAL exploits and remote code execution vulnerabilities in the Microsoft Windows platform used to carry out the global WannaCry, NotPetya and Olympic Destroyer attacks. In this DerbyCon presentation, Sean will reveal his complete report from reverse engineering the mechanisms behind these exploits, including internal structures and background details on the exploit chains used by ETERNALBLUE, ETERNALCHAMPION, ETERNALROMANCE, and ETERNALSYNERGY. Sean will also recommend best practices for protecting Windows systems from future attacks that use these exploits.

WHEN: Friday, October 5, 2018, 2:00-2:50 PM EDT in Track 2

WHERE: DerbyCon 8.0, Marriott Louisville, 280 West Jefferson, Louisville, Kentucky 40202

HOW: To schedule a conversation with Sean Dillon, contact Marc Gendron at marc@mgpr.net or +1 781.237.0341. For more information, visit: https://www.derbycon.com/friday-schedule/#event-35.