Abstract

In 2017, a group of hackers leaked some data from the NSA. Which further resulted in many malicious and criminal activities. That leak was named as “Vault 7 : Year Zero”. After the release of year zero, there was huge change in the security of the organisation in terms of system and servers. This leak also include some remote exploits, which lead to crafting of some of the worst ransomware. This series of remote exploit is known as “Eternal Series”, which are SMB (Server Message Block) vulnerabilities, running on port 445. This eternal series contains the known attacks
● Eternal Blue
● Eternal Red
● Eternal Synergy
● Eternal Romance
● Eternal Champion

Which resulted in the following ransomware crafting:
● WannaCry - From EternalBlue DoublePulsar
● Bad Rabbit or SambaCry - From EternalRed

In this delivery of the session, the speaker will demonstrate about both of the exploits, I.e., EternalBlue and EternalRed and one of the ransomware. We will talk about the vulnerabilities, why this happened and the ways of mitigation. The speaker will also talk about the effect and the impact of the whole Eternal Series on the cyber Space and the organisation regarding these Eternal Exploits.

Speaker

Abhijeet Singh

Cyber Security Analyst | Researcher | Info-Sec Trainer | Hard & Smart Working

Being a cyberspace researcher and security analyst, focusing only on one area is not in my scope. Not only Web Application Security but Network Security and VAPT are my keen area of interest. My mission is to provide the best security services that I have to the organization.

My work is my motivation. Being a workaholic is what I am. Ready to work anytime and anywhere. Love to tackle challenges.

Pursued my Graduation from Lovely Professional University, Jalandhar in Bachelor of Technology in Computer Science [B. Tech::CSE]. Majors in cyberspace, forensics and exploitations. Minors in Networking. Ready to be deployed in any field out of my comfort zone. Wrote a research paper for Ersica Springers Chaircar, the youngest researcher. Many white papers on "Cyber Security and Exploitations" and "Local Privilege Escalation".

Worked under name of many banners. Some of them are:
► IBM
► Intel
► Quickheal
► Microsoft
► Google Developers (GDC)

Few of my Skills are:
► Exploit Writing
► Vulnerable Assessment and Penetration Testing
► Web Application (VAPT)
► Network (VAPT)
► Mobile Device (VAPT)
► Network Security and Exploitation
► Wireless Security Exploitation
► Desktop Security Exploitation
► Cyber Forensics
► Malware Analysis
► OWASP Top 10
► Cryptanalysis
► Reverse Engineering
► Information Gathering
► OS and Digital Footprinting
► Network Administration
► Linux Administration
► Web Application Firewall Bypassing
► Router Pentesting
► Buffer Overflow
► Network Traffic Packet Analysis
► Intrusion Detection and Prevention Systems
► Log Analysis
► Compliance (ISO:27001 and ISO:27002)
► Social Engineering

Timing

Starts at Saturday February 16 2019, 12:50 PM. The sessions runs for about 1 hour.

Resources