Sean Dillon to Present Years of Reverse Engineering Research that Sheds Light on WannaCry, NotPetya and Olympic Destroyer Pandemics, and the Massive MS17-010 Patch
SUNNYVALE , Calif. – August 1, 2018 – RiskSense®, Inc., the pioneer in intelligent threat and vulnerability management, today announced that senior security analyst and Windows kernel expert Sean Dillon will present a session on the notorious ETERNAL exploits at DEF CON 26 on August 12 in Las Vegas.
WHO: Sean Dillon (aka @zerosum0x0), senior security analyst at RiskSense, has years of experience in penetration testing, exploit reverse engineering and malware research especially around the Microsoft Windows kernel. Sean is a co-author of the ETERNALBLUE and other MS17-010 Metasploit exploit modules. He was the first to publish a reverse engineering analysis of the DOUBLEPULSAR SMB backdoor. Sean has taught workshops on Windows internals at DEF CON and to government agencies.
WHAT: MS17-010 is one of the most important patches in the history of operating systems, fixing multiple remote code execution vulnerabilities in the Microsoft Windows platform. The ETERNAL exploits, written by the Equation Group and made public by the Shadow Brokers, have been used in some of the most damaging cyber attacks in recent years including WannaCry, NotPetya, Olympic Destroyer and others. In this talk, “Demystifying MS17-010: Reverse Engineering the ETERNAL Exploits,” Sean will condense years of his research to explain how these exploits take advantage of undocumented features of the Windows kernel and the esoteric SMBv1 protocol. He will discuss how the exploit chains for ETERNALBLUE, ETERNALCHAMPION, ETERNALROMANCE, and ETERNALSYNERGY work, and are addressed, along with additional vulnerabilities, by the MS17-010 patch. He will also provide best practices for protecting Windows systems from future exploits.
WHEN: Sunday, August 12, 2018 at 11:00 AM PDT in Track 3
WHERE: DEF CON 26, Caesar’s Palace, Las Vegas, NV
HOW: To schedule a conversation with Sean Dillon, contact Marc Gendron at firstname.lastname@example.org or +1 781.237.0341. For more information, visit: https://www.defcon.org/html/defcon-26/dc-26-speakers.html#Zerosum0x0.