I just popped a SYSTEM shell on a Windows 7 machine using my own penetration testing framework written entirely in Rust.

Amatsumara is a full exploitation framework including dynamic module loading via C FFI, interactive console, session management, 154 exploit modules, all built in Rust. Tonight I finished implementing EternalBlue (MS17-010) from scratch. Heap grooming, the SrvOs2FeaListToNt integer overflow, kernel shellcode, SrvNet buffer corruption, OS detection to automatically route between Win7 and Win8 exploit paths.

Now I have to try to find a way to sleep and not keep messing around in excitement.

#Rust #RustLang #Infosec #Cybersecurity #PenTesting #EternalBlue #MS17010 #ExploitDevelopment #CTF #TryHackMe #RedTeam #Hacking #OpenSource

Agi: Allarme iPhone: scoperto “Coruna”, il kit che svuota i wallet. Come proteggersi

AGI - I vecchi iPhone sono nel mirino di un nuovo, letale exploit kit chiamato "Coruna". A portarlo alla luce, sono stati gli esperti del Google Threat Intelligence Group (GTIG). Si tratta di una "cassetta degli attrezzi" digitale composta da ben 23 exploit differenti, capace di penetrare le difese degli smartphone Apple e sottrarre non solo dati sensibili, ma anche asset digitali dai wallet di criptovalute.
Secondo le ricostruzioni fornite da Google e confermate dagli analisti di iVerify, la genesi di Coruna è inquietante. Il kit sarebbe stato sviluppato da un'azienda specializzata in software di sorveglianza per essere venduto al governo degli Stati Uniti. Tuttavia, per dinamiche ancora da chiarire, il software è "sfuggito" al controllo originario, finendo sul mercato di seconda mano del dark web. Le conseguenze non sono tardate ad arrivare. Tra il febbraio e la fine del 2025, Coruna è diventato lo strumento preferito di gruppi di cybercriminali russi e cinesi, utilizzati per campagne di spionaggio e furto finanziario su scala globale.
Come funziona Coruna
Il kit non è un unico virus, ma una raccolta modulare che sfrutta falle di sicurezza (vulnerabilità) presenti nelle versioni di iOS comprese tra la 13 e la 17.2.1. Questo significa che il bersaglio principale sono gli utenti che possiedono iPhone datati, modelli che non possono più essere aggiornati alle versioni più recenti del sistema operativo.
Analogie con EternalBlue
Il caso Coruna presenta analogie con quanto accaduto nel 2017 con EternalBlue. All'epoca, un exploit sviluppato dalla NSA per Windows fu rubato dal gruppo Shadow Brokers e reso pubblico. Quella fuga di dati portò alla nascita di WannaCry e NotPetya, i ransomware che misero in ginocchio ospedali, banche e aziende in tutto il mondo. Oggi, la storia sembra ripetersi: uno strumento nato per la sicurezza nazionale diventa un volano per il crimine informatico globale.
Le contromisure di Apple
La buona notizia è che Apple ha già rilasciato le contromisure necessarie. Tutte le vulnerabilità sfruttate da Coruna sono state risolte con il rilascio di iOS 26. La migliore soluzione, dunque, è aggiornare il sistema operativo alla versione più recente possibile. Attualmente, resterebbero fuori dall’aggiornamento gli iPhone precedenti ai 13/14.

iPhone Alert: “Coruna” discovered, the kit that drains wallets. How to protect yourself.

AGI - Old iPhones are the target of a new, lethal exploit kit called "Coruna." Google Threat Intelligence Group (GTIG) experts brought it to light. It’s a digital “tool kit” consisting of 23 different exploits, capable of penetrating Apple smartphones’ defenses and stealing not only sensitive data but also digital assets from cryptocurrency wallets.

According to Google’s reconstruction and confirmed by iVerify analysts, the genesis of Coruna is unsettling. The kit was reportedly developed by a company specializing in surveillance software to be sold to the United States government. However, due to still-unclear dynamics, the software “escaped” from its original control, ending up on the secondary market of the dark web. The consequences didn’t delay. Between February and the end of 2025, Coruna became the preferred tool of Russian and Chinese cybercriminal groups, used for global espionage and financial theft campaigns.

How Coruna Works

The kit is not a single virus, but a modular collection that exploits security vulnerabilities (vulnerabilities) present in iOS versions between 13 and 17.2.1. This means the main target are users who own outdated iPhones, models that can no longer be updated to the latest versions of the operating system.

Analogies with EternalBlue

The Coruna case presents analogies with what happened in 2017 with EternalBlue. At the time, an exploit developed by the NSA for Windows was stolen by the Shadow Brokers and made public. That data leak led to the birth of WannaCry and NotPetya, the ransomware that brought hospitals, banks and companies around the world to their knees. Today, the story seems to repeat itself: a tool born for national security becomes a catalyst for global cybercrime.

Apple’s Countermeasures

The good news is that Apple has already released the necessary countermeasures. All the vulnerabilities exploited by Coruna have been resolved with the release of iOS 26. The best solution, therefore, is to update the operating system to the latest possible version. Currently, iPhones prior to the 13/14 would remain outside the update.

#Apple #Google #Coruna #UnitedStates #Russian #Chinese #EternalBlue #WannaCry #NotPetya

https://www.agi.it/estero/news/2026-03-05/iphone-coruna-35953925/

Lunar Remastered Collection | (digital & physical release Friday April 18th, 2025) | #NintendoSwitch #PlayStation | Watch out for a review coming to the Generic Video Game Podcast (GVGP ep.61) in the near future! 🐱 #GungHo #GameArts #Kadokawa #SilverStarStory #EternalBlue

Potatoes, EternalBlue, PrintNightmare: способы детектирования уязвимостей протокола SMB

Всем привет! Меня зовут Влад Кузнецов, я аналитик SOC в К2 Кибербезопасность . SMB — один из самых распространенных протоколов сетевой коммуникации для безопасного управления файлами и различными службами удаленного сервера. Несмотря на свою незаменимость, протокол SMB может быть отличной лазейкой для хакерских атак. В этой статье я расскажу о принципах эксплуатации и способах детектирования таких уязвимостей, как Potatoes, EternalBlue, PrintNightmare, а также о скрипте SMBExec. В конце материала вы найдете подробную информацию о настройке политик расширенного аудита и список общих рекомендаций по локализации и устранению уязвимостей, связанных с протоколом SMB.

https://habr.com/ru/companies/k2tech/articles/892202/

#smb #smb_протокол #уязвимости #уязвимость #rottenpotato #eternalblue #printnightmare #сетевой_протокол #кибербезопасность #информационная_безопасность

Eternal Blue : A Spiritbox Graphic Novel Available March 4

#horror – #horrorcomics – #comicbooks – #EternalBlue – @Z2comics – #Spiritbox – #Z2Comics – #JimKrueger By: Spiritbox (Author), Jim Krueger (Author) Eva is a popular painter on the verge of unbelievable acclaim and success, but her inability to reconcile the public perception of who she is, vers…

#horror #ad #Releases #Comics #EternalBlue #Spiritbox(Author) #JimKrueger(Author)

https://horrornerdonline.com/2025/01/eternal-blue-a-spiritbox-graphic-novel-available-march-4/

Before i pay almost 30 bucks shipping:
Is there any European store that sells Eternal Blue by Spiritbox vinyls?

#vinyl #spiritbox #eternalblue

#EternalBlue all over, oder: Warum Schwachstellen veröffentlicht werden müssen

https://blog.google/threat-analysis-group/state-backed-attackers-and-commercial-surveillance-vendors-repeatedly-use-the-same-exploits/

#Cybersecurity #HackingHackers #BSI #ENISA

Играем в защите будущего: как мы обеспечивали безопасность первого международного фиджитал-турнира

С 21 февраля по 3 марта в Казани проходил первый международный фиджитал-турнир «Игры будущего». Зрелищные соревнования на стыке традиционного и цифрового спорта, инновационные дисциплины, более 2000 участников со всего мира — турнир стал по-настоящему уникальным событием. Мероприятие ожидаемо привлекло зрителей и получило широкое освещение в СМИ. Правда, было и то, что на протяжении всего турнира неизменно оставалось за кадром: кибератаки и инциденты информационной безопасности на "Играх будущего". Масштаб таких мероприятий всегда диктует исключительные требования к обеспечению кибербезопасности. А учитывая специфику турнира, киберспортивную составляющую и сложную IT-инфраструктуру, к защите игр необходим был особый подход. Поэтому для нас, экспертов Positive Technologies, выступившей ключевым партнером по кибербезопасности на «Играх будущего», это стало своего рода вызовом. Забегая вперед, докладываем, что справились мы с ним успешно: на мероприятии не было допущено ни одного инцидента ИБ, повлекшего последствия для проведения турнира! Но обо всем по порядку. Как мы, специалисты PT Expert Security Center (PT ESC), защищали от кибератак «Игры будущего»? Какие инциденты обнаруживали? Какие продукты и технологии нам помогали? Обо всем этом читайте под катом! Назад в "Игры будущего"

https://habr.com/ru/companies/pt/articles/824066/

#киберспорт #игры_будущего #cybersecurity #фиджитал_игры #soc #кибератаки #eternalblue #wannacry #maxpatrol_siem #майнеры

@jerry My PTSD-inducing event was with #EternalBlue and #WannaCry. I was on a 24-hour bridge with hundreds of people to effectively patch every Windows device in the company. The call started at 4 pm on Friday and we patched until 4 pm on Saturday.

Surprise GitHub notifications for 2019 #Metasploit issues are kind of a neat little walk down memory lane 🥲 Less neat, but not at all surprising, is that #EternalBlue is still being used regularly in 2024.

Unrevealing #EternalBlue: inside the #WannaCry’s enabler
https://securityaffairs.com/150220/hacking/unraveling-eternalblue-exploit.html
#securityaffairs #hacking #malware #NSA

▪️@cybernews research▪️ #WannaCry and #NotPetya were both only made possible because of #EternalBlue. Here is how the #NSA-developed cyber monster works, and how you should defend against it.
#cybersecurity #datasecurity #infosec #ransomware

https://cybernews.com/security/eternalblue-vulnerability-exploit-explained/

@campuscodi There would never have been a #wannacry without the American CIA leak of #eternalblue

Oh goodie, there's a new #Windows #vulnerability (CVE-2022-37958) that can remotely execute code without any authentication, like #EternalBlue (CVE-2017-0144), but more flexible. Fortunately, #Micosoft patched this in September 2022 after #IBM #XForce reported it to them. #IBM will release the full technical details in Q2 2023.

https://securityintelligence.com/posts/critical-remote-code-execution-vulnerability-spnego-extended-negotiation-security-mechanism/

#cybersecurity #infosec #exploit

Also be sure to turn on these monitoring policies in #DefenderForCloudApps so you can #CatchTheHacker before they get too deep, whether you switch to #Kerberos or not. #NetworkSegregation is also a great #LayeredDefense method to ensure if one system is compromised the attacker can't use #SMBtraversal to get to all your computers, globally. #EternalBlue source code is still being used to get to #DCs via #Trikbot evolutions, after #Phishing a user with #LocalAdmin privileges, to execute #mimikatz against #ActiveDirectory to steal all the objects. #YesThisHappened

#Microsoft heeft de ernst van een al eerder gevonden fout verhoogd naar kritiek. Het gaat om CVE-2022-37958, dat - zo blijkt nu - vergelijkbaar is met #EternalBlue.

https://www.agconnect.nl/artikel/kritieke-windows-fout-gevonden-die-vergelijkbaar-met-eternalblue

✨ CVE-2022-37958:
Critical Windows code-execution vulnerability went undetected until now

▶️ Potential to rival EternalBlue

▶️ Wormable

▶️ Unlike EternalBlue, Vulnerability present in a much broader range of network protocols

▶️ Good news: patch was released in September. hopefully all of us applied it

https://arstechnica.com/information-technology/2022/12/critical-windows-code-execution-vulnerability-went-undetected-until-now/

#infosec #eternalblue #patching #securityadvisory #sysadmin #blueteam #windowsvulnerability