Description: WannaCry, Eternal Blue, SambaCry are the popular topic recently. During the outbreak in May 2017, we designed a 'real' Windows 7 / Samba server with the open source Dionaea honeypot and exposed the favourable SMB port to the world. There are tons of expected WannaCry attacked the pot, and interestingly there are more juicy collection than that! In this session, we would like to present the stories from a 15 days SMB honeypot. As a honeypot hobbyist, we deployed an emulated Windows 7 machine which implanted with DoublePulsar backdoor. Yes, a Windows system infected with DoublePulsar! Also, our honeypot is up for the CVE 2017-7494 SambaCry vulnerability. We observed tons of scanning which looks for targets to spread the expected WannaCry ransomware. Surprisingly, there are more juicy collection in the pot, e.g. EternalRocks, Reverse Shell, RAT, DDoSers, Coin Miner, Trojan, etc (you name it you have it!). We love to share various interesting data, with the 15 days observation from a single home-based sensor in the entire IP space.
For More Information Please Visit:- https://defcon.org/
Tags:
Disclaimer: We are a infosec video aggregator and this video is linked from an external website. The original author may be different from the user re-posting/linking it here. Please do not assume the authors to be same without verifying.