An Analysis of the BlueKeep Vulnerability
On May of 2019, Microsoft announced of a remote code execution vulnerability in their remote desktop service for Windows, which can be triggered remotely without any prior authentication. This vulnerability sent panic across the globe as Microsoft warns the possibility of it being 'wormable'. This is pretty serious as even NSA released an advisory to urge everyone to patch their system ASAP. As the mystery of the CVE-2019-0708 slowly reveal itself to the public by the Vulnerability Research community, I can now share my analysis and exploitation strategy with the audience.
Johnny Yu (@straight_blast) has been hacking since the early 2000s, honing his offensive security skills through various capture-the-flag and wargame challenges. Prior to indulging into the InfoSec space as a penetration tester, Johnny earned both a bachelor and a master degrees in Computer Science while working as an application developer. He currently works in the Security Testing and Analysis Team at Walmart.