The Attack Patterns and Threatened Environments of EternalBlue
You've probably all heard of EternalBlue. After The Shadow Brokers obtained and disclosed it in 2017, lots of Windows systems which cannot updates on time became victims. And the most famous malware is the WannaCry ransomware, which exploited through the disclosed EternalBlue to infect hundreds of thousands of computers in May at the same year, spreading widely and affecting factories and critical infrastructure in numerous countries.
In this session, we will approach the topic from the perspective of network threat researchers by examples of EternalBlue and the malware that spreading based on EternalBlue. We'll demonstrate that even seven years later, the attacks leveraging EternalBlue still persist. We'll explore how to utilize existing threat intelligence to develop network based detection for classifying the suspicious network packets we currently received. Furthermore, by applying these detection on our hunting engines, we'll present what kind of malware that we have collected, and examine the potential threats of EternalBlue attacks posed in today's environments.
TOPIC / TRACK
Threat Research Forum
Live Translation Session
LOCATION
Taipei Nangang Exhibition Center, Hall 2
4F 4B
LEVEL
Intermediate Intermediate sessions focus on
cybersecurity
architecture, tools, and practical applications, ideal for
professionals with a basic understanding of
cybersecurity.
SESSION TYPE
Breakout Session
LANGUAGE
Chinese
Real-Time Chinese & English Translation
SUBTOPIC
Threat Hunting
Threat Research
Threat Detection & Response
CYBERSEC 2025 uses cookies to provide you with the best user experience possible. By continuing to use this site, you agree to the terms in our Privacy Policy 。