As the Metasploit Bluekeep exploit module released to the public in few days ago, that’s lets me experiment the exploit and analyze the network traffic and logs generated.
This article will demonstrate quick PoC video and will explain the initial RDP connection sequence of the exploit, and provide detection methods in the wire and host level.
Vulnerability Overview
CVE-2019-0708 or Bluekeep is a vulnerability in Windows remote desktop service (RDP) that allows an attacker to execute unauthenticated arbitrary code in the target machine.
PoC
in the above video showing the exploit using Metasploit framework against Windows 7 SP1 ruining in VirtualBox. exploit module Groomsize setting of 150 used and worked for me.
Continue reading “Metasploit BlueKeep CVE-2019-0708 Exploit Logs Analysis and Detection”