xorl %eax, %eax

A short story around WannaCry

leave a comment »

A couple of weeks ago a friend of mine messaged me about the following recently released documentary by Tomorrow Unlocked. The reason was a mention of one of my Tweets (for something that I would least expect, to be honest). Although this has happened many times since I started participating in the security community almost 15 years ago, it was a nice reminder of how small things that you consider silly or unimportant can sometimes make a difference.

Long story short, the documentary implies that Marcus Hutchins, the guy that registered the killswitch domain for WannaCry, realized the impact of him registering that domain from that Tweet. I am not sure if this is really true, but if it is, I’m glad that I helped even a tiny bit in stopping this global threat in this very indirect, kind of silly, way.

This was interesting to me since for a long time I was considering that my greatest contribution to the WannaCry case was just helping with the mutex killswitch (MsWinZoneCacheCounterMutexA) discovery. Nevertheless, that incident passed and a couple of months later, in July 2017, along with a colleague (@IISResetMe) we presented some blue team related learnings regarding WannaCry in an event at Amsterdam. The slides for that are available here.

To summarize, you never know when something that you published or shared is going to help thwart a real threat. So, never stop sharing because if there is one thing that makes the security community great is this. We are all dealing with the same threats. Whether it is a cyber-criminal or a nation-state, even small hints could really help in building the bigger picture and protecting our assets. So, yeah… The security community, crowdsourcing challenges before it was cool. :)

Written by xorl

December 23, 2019 at 15:44

Posted in security

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

%d bloggers like this: