This is promotional content. Learn more.
A short while ago, the world was made aware of a new vulnerability called BlueKeep. There was a lot of discussion in the media about what it was/is and what harm it could cause to organizations that didn’t address this RDP-based weakness.
Driven by a comment made on social media suggesting the media wasn’t telling the full story, I took the opportunity to connect with some folks from the industry familiar with the vulnerability—we recorded this podcast. Unfortunately, I was unable to pull in one of the leading players connected to this research, a well-known researcher that goes by the handle @zerosum and whose real name is Sean Dillon.
Since the publication of this first podcast, I was determined to find a time to connect with Sean to get some background on his research and to also get an update on his work surrounding this vulnerability. Little did I know that we would not only be fortunate enough to connect with Sean to discuss BlueKeep during Black Hat in Las Vegas, but we would also get a chance to bring in Nate Caroe (aka @The_Naterz), who was also working on vulnerability research and open-source tool development to help identify and test this and other vulnerabilities.
This conversation gets even better as we dig deeper into BlueKeep than I thought we would/could—plus we got to discuss some other research and tool development on which this duo are working (WannaCry research and Metasploit tools, for example) … all things designed to help organizations identify and mitigate the risks they face when it comes to some of the potentially-nastiest exploits in recent times if the negative stars were to line up properly.
This is a great story that pulls back a few layers of technology. I hope you enjoy it and find it useful as well.