In this episode Spencer and Brad talk about the hidden dangers of not properly protecting Microsoft WSUS Servers. That’s Windows Server Update Service for those not in the know. Attackers often use legitimate functionality to gain ground and WSUS is no different.
Also be sure to check out Spencer’s WSUS abuse demo!
Nettitude blog discussing SharpWSUS: Introducing SharpWSUS – Nettitude Labs
Spencer’s fork of SharpWSUS: GitHub – techspence/SharpWSUS: SharpWSUS is a c# tool for abusing Microsoft Windows Server Update Services for Lateral Movement
If you’re on to go, listen here or on your favorite podcast app: https://www.buzzsprout.com/1731753/11742768
Work with Us: https://securit360.com