During the March holidays, NYP InfoSec organized an introduction workshop to the EternalBlue exploit. Through the workshop, we hoped to raise awareness about the infamous vulnerability.
We started with a the fascinating story of EternalBlue's history, and how it came to be described by the New York Times as "one of the most useful exploits in the NSA's cyber arsenal".
Next, time for some (ethical) hacking! During the practical session, our members used the Metasploit command line tool to exploit the vulnerability on a special virtual machine. Metasploit is a staple during Cybersecurity competitions and Penetration Testing projects, so it was great to be able to introduce the tool in such an engaging way.
A big thank you to everyone who joined us. We hope you had fun and learnt something new. We're definitely planning more hacking workshops soon, so stay tuned.
CREDITS
Lim Yong En, Ho Xin Ying, Elton Tay
Excos: Mark Bosco, Gregory Choong, Edwin Chua
FUN FACT
You can exploit EternalBlue manually without using Metasploit! Our vice president Edwin wrote a guide about the process here: