exploiting-ms17-010-eternalblue-vulnerability

# Exploiting MS17-010 EternalBlue Vulnerability ## Overview MS17-010 (EternalBlue) is a critical vulnerability in Microsoft's SMBv1 implementation that allows remote code execution. Originally discovered by the NSA and leaked by the Shadow Brokers in 2017, it was used in the WannaCry and NotPetya ransomware campaigns. Despite patches being available since March 2017, many organizations still have unpatched systems, making it a viable red team exploitation vector especially in legacy environments. ## When to Use - When performing authorized security testing that involves exploiting ms17 010 eternalblue vulnerability - When analyzing malware samples or attack artifacts in a controlled environment - When conducting red team exercises or penetration testing engagements - When building detection capabilities based on offensive technique understanding ## Prerequisites - Familiarity with red teaming concepts and tools - Access to a test or lab environment for safe execution - Python 3.8+ with required dependencies installed - Appropriate authorization for any testing activities ## MITRE ATT&CK Mapping - **T1210** - Exploitation of Remote Services - **T1190** - Exploit Public-Facing Application - **T1569.002** - System Services: Service Execution ## Workflow ### Phase 1: Vulnerability Scanning 1. Scan target networks for SMB port 445 2. Check for SMBv1 protocol support 3. Run MS17-010 vulnerability check (Nmap NSE script or Metasploit auxiliary) 4. Document vulnerable syst...