Using Firepower to defend against encrypted RDP attacks like BlueKeep

This blog was authored by Brandon Stultz Microsoft recently released fixes for a critical pre-authentication remote code execution vulnerability in Remote Desktop Protocol Services RDP. Identified as CVE-2019-0708 in May's Patch Tuesday, the vulnerability caught the attention of researchers and t...

Forget BlueKeep: Beware the GoldBrute

While everyone’s talking about the BlueKeep Mega-Worm, this is not the main monster to fear, according to recent web attack activity. Rather, a researcher is warning that the GoldBrute botnet poses the greatest threat to Windows systems right now. In the past few days, GoldBrute named after the...

News Wrap: Infosecurity Europe Highlights and BlueKeep Anxiety

This week, the focus was on Infosecurity Europe, which took place in London and showcased a myriad of sessions, threat research and trends in the cybersecurity space. During the Threatpost news wrap for the week ended June 7, the team breaks down the top news from the show, as well as other...

New Brute-Force Botnet Targeting Over 1.5 Million RDP Servers Worldwide

Security researchers have discovered an ongoing sophisticated botnet campaign that is currently brute-forcing more than 1.5 million publicly accessible Windows RDP servers on the Internet. Dubbed GoldBrute, the botnet scheme has been designed in a way to escalate gradually by adding every new...

BlueKeep 'Mega-Worm' Looms as Fresh PoC Shows Full System Takeover

A researcher has created a proof-of-concept Metasploit module for the critical BlueKeep vulnerability, which successfully demonstrates how to achieve complete takeover of a target Windows machine. Reverse engineer Zǝɹosum0x0 tweeted about his success on Tuesday, noting that he plans to keep the...

Unpatched Bug Let Attackers Bypass Windows Lock Screen On RDP Sessions

A security researcher today revealed details of a newly unpatched vulnerability in Microsoft Windows Remote Desktop Protocol RDP. Tracked as CVE-2019-9510, the reported vulnerability could allow client-side attackers to bypass the lock screen on remote desktop RD sessions. Discovered by Joe...

NSA Releases Advisory on BlueKeep Vulnerability

The National Security Agency NSA has released a cybersecurity advisory for CVE-2019-0708—a vulnerability dubbed BlueKeep. Although Microsoft has issued a patch, potentially millions of machines are still unpatched and remain vulnerable. The Cybersecurity and Infrastructure Security Agency CISA...

CVE-2019-0708 BlueKeep Microsoft Remote Desktop RCE Check

This module checks a range of hosts for the CVE-2019-0708 vulnerability by binding the MST120 channel outside of its normal slot and sending non-DoS packets which respond differently on patched and vulnerable hosts. It can optionally trigger the DoS vulnerability. This module requires Metasploit:...

Exploit for Use After Free in Microsoft

detectbluekeep.py Python script to detect bluekeep vulnerabil...

Windows RDP RCE (BlueKeep)

Binary data 7286.pasl...

Exploit for Use After Free in Microsoft

CVE-2019-0708 - BlueKeep RDP RDP Connection Sequence:...

Microsoft's BlueKeep Bug Isn't Getting Patched Fast Enough

At this rate, it will take years to fix a critical vulnerability that remains in over 900,000 Windows machines. A worm will arrive much sooner...

Exploit for Improper Input Validation in Microsoft

CVE-2019-0708 BlueKeep Exploit CVE-2019-07...

Exploit for Use After Free in Microsoft

Note: This project has been archived as actual exploits have...

Microsoft Windows Remote Desktop - BlueKeep Denial of Service Exploit

import socket, sys, struct from OpenSSL import SSL from impacket.structure import Structure I'm not responsible for what you use this to accomplish and should only be used for education purposes Could clean these up since I don't even use them class TPKTStructure: commonHdr = 'Version','B=3',...

Microsoft Windows Remote Desktop - BlueKeep Denial of Service

Microsoft Windows Remote Desktop - BlueKeep Denial of Service import socket, sys, struct from OpenSSL import SSL from impacket.structure import Structure I'm not responsible for what you use this to accomplish and should only be used for education purposes Could clean these up since I don't even...

Microsoft Windows Remote Desktop - 'BlueKeep' Denial of Service

import socket, sys, struct from OpenSSL import SSL from impacket.structure import Structure I'm not responsible for what you use this to accomplish and should only be used for education purposes Could clean these up since I don't even use them class TPKTStructure: commonHdr = 'Version','B=3',...

Microsoft Windows Remote Desktop BlueKeep Denial Of Service

import socket, sys, struct from OpenSSL import SSL from impacket.structure import Structure I'm not responsible for what you use this to accomplish and should only be used for education purposes Could clean these up since I don't even use them class TPKTStructure: commonHdr = 'Version','B=3',...

Exploit for Use After Free in Microsoft

Bluekeep PoC This repo contains research concerning CVE-2019-...

Beers with Talos Ep. #54: Patch after listening, RDP and wild 0-days

Beers with Talos BWT Podcast Ep. 54 is now available. Download this episode and subscribe to Beers with Talos: If iTunes and Google Play aren't your thing, click here. Recorded May 24, 2019 — There is another BlueX to talk about and guess what? YES, YOU STILL NEED TO PATCH. We talk about RDP, the...