Bluekeep

BlueKeep, also known as CVE-2019–0708, is a vulnerability in the Remote Desktop Protocol (RDP) service in older versions of the Windows operating system (Windows XP, Windows 2003, Windows 7, Windows Server 2008, and Windows Server 2008 R2). Details : https://github.com/rapid7/metasploit-framework/pull/12283 https://klaus.hohenpoelz.de/playing-with-the-bluekeep-metasploit-module.html https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0708

The goal here is to analyze the behavior of the Metasploit Blueekeep Module, which exploits the CVE-2019–0708 vulnerability, and identify signatures which can be used in writing a snort rule for detecting its usage. Both NCC Group and Talos Intelligence has published snort rules for detecting the CVE-2019–0708. However, both…

The test was executed on a Windows 7 Enterprise x64 Ultimate, running over a VMWare 15 Workstation Pro. The metasploit was placed on a Kali Linux 4.19, also over VMWare. Setting Up Summary of the packages installed in order to run the project’s branch with the operational bluekeep exploit: UPDATE: Seems that…

Author：SungLin @ Knownsec 404 Team Date：2019/09/18 Chinese Version: https://paper.seebug.org/1035/ 0x00 Channel Creation, Connection and Release The channel’s data packet is defined in the MCS Connect Inittial PDU with GCC Conference Create Request. The RDP connection process is shown in the following figure: The format of the packet is as follows:

The Pentest-Tools.com security team has tested the recently announced Metasploit module for BlueKeep, the critical Remote Code Execution vulnerability in Microsoft’s RDP service. We show how to obtain a Meterpreter shell on a vulnerable Windows 2008 R2 machine by adjusting the Metasploit module code (GROOMBASE and GROOMSIZE values) because the…

A follow up retrospective on Forecasting Bluekeep — Any industry that values prediction needs to be rigorous in understanding prediction failures. This applies to all industries that are concerned with risk from meteorology to the intelligence community. This includes us in cyber security as well. Sometimes meteorologists forecast events that don’t materialize. Or, they don’t adequately represent threats…

BlueKeep is a critical security flaw found in Microsoft Remote Desktop Services that was making the headlines for the past two months. In this article, we explore the key facts about this vulnerability. The first thing to know about BlueKeep is that it “is wormable and any future malware that…

(CVE-2019–0708) Threat Description BlueKeep RDP flaw (CVE-2019–0708) has grown into a global concern, as sources state that around 1 million devices have port 3389 (RDP) open, used for the remote desktop services. This makes machines with older OS versions with port 3389 open vulnerable to malware attacks, similar to the infamous WannaCry…

UPNP + EternalBlue + Bluekeep| WTF u say UPnProxy: EternalSilence By, Chad Seaman Overview: UPnProxy is alive and well. There are 277,000 devices, out of a pool of 3.5 million, running…blogs.akamai.com This work was originally inspired by this group of asshat’s pulling this off I had to know how it worked, So I made this tool and of course made it check eternal like them. But I stepped it up a notch and…