In: Computer Science
1.
Demonstrate the use of an Eternal Blue attack on Windows
system.
2.
Recommend mitigation against Eternal Blue attacks.
EternalBlue is an exploit most likely developed by the NSA as a former zero-day. It was released in 2017 by the Shadow Brokers, a hacker group known for leaking tools and exploits used by the Equation Group, which has possible ties to the Tailored Access Operations unit of the NSA.
Demonstration:
Find a Module to Use
The first thing we need to do is open up the terminal and start Metasploit. Type service postgresql start to initialize the PostgreSQL database, if it is not running already, followed by msfconsole.
Next, use the search command within Metasploit to locate a suitable module to use.
There is an auxiliary scanner that we can run to determine if a target is vulnerable to MS17-010. It's always a good idea to perform the necessary recon like this. Otherwise, you could end up wasting a lot of time if the target isn't even vulnerable.
Once we have determined that our target is indeed vulnerable to EternalBlue, we can use the following exploit module from the search we just did.
Step 2: Run The Module
Now the target is compromise
B:
According to the U.K. National Cyber Security Center, computer emergency response teams and security experts, businesses and organizations worldwide need to ensure that the following five mitigation strategies are in place: