Funny that M$ should think that way, if you want you can get the slide deck from the DEFCON 25 Media server (Media.defcon.org) The name of the presentation is DEFCON-25-zerosum0x0-alephnaught-Koadic-C3
And yes it causes a complete DOS of the windows system and just imagine, you can just weaponize the exploit and DOS the entire internal infrastructure. Another great talk on insecure active directory DACL's which I am sure would hit home for the AD administrators here is the following presentation: DEFCON-25-Andrew-Robbins-and-Will-Schroeder-An-Ace-Up-The-Sleeve (Also on the Defcon media server) Can use AD ACLscanner, Powerview, and Powershell Empire to completely own AD and to maintain persistence, hide objects,etc. Positively, there was 2 discussions on Microsoft Advanced Threat Analytics and Advanced Threat Protection which is gaining stream and providing visibility into lateral movement within AD environments, which security/operational teams need to be aware of and protect against. (Penetration testers love lateral movement) Also Bloodhound Tool has been revised to version 1.3 with additional functionality, so if you are looking to evaluate and control privilege access within your AD domains/Forests, I would defintely check out Bloodhound. Sincerely, Ed On Mon, Jul 31, 2017 at 7:15 PM, Kurt Buff <kurt.b...@gmail.com> wrote: > https://isc.sans.edu/forums/diary/SMBLoris+the+new+SMB+flaw/22662/ > > However, this post: > https://threatpost.com/windows-smb-zero-day-to-be- > disclosed-during-def-con/126927/ > seems to indicate that this only affects SMB1: > > “The case offers no serious security implications and we do not > plan to address > it with a security update,” a Microsoft spokesperson told Threatpost. > “For > enterprise customers who may be concerned, we recommend they consider > blocking access from the internet to SMBv1.” > > I'm not sure that's the case, so I'm waiting on further word. > > Kurt > > On Mon, Jul 31, 2017 at 10:17 AM, Ed Ziots <eziot...@gmail.com> wrote: > > Sorry for the hijack of the thread but wanted to give the list a heads > up on > > a new 0-day in Windows, based off Shadow-Brokers attacks, there is a new > > tool called smbloris which was released at defcon which can DOS a Windows > > box within minutes. > > > > See the Isc.sans.edu main page for more information. > > > > Also all presentations from Defcon25 are on the defcon media server > > (media.defcon.org) > > > > Happy Monday, > > Ed > > > > >
