Episode 17: Abusing WSUS for Lateral Movement

In this episode Spencer and Brad talk about the hidden dangers of not properly protecting Microsoft WSUS Servers. That’s Windows Server Update Service for those not in the know. Attackers often use legitimate functionality to gain ground and WSUS is no different.

Also be sure to check out Spencer’s WSUS abuse demo!

Nettitude blog discussing SharpWSUS: Introducing SharpWSUS – Nettitude Labs
Spencer’s fork of SharpWSUS: GitHub – techspence/SharpWSUS: SharpWSUS is a c# tool for abusing Microsoft Windows Server Update Services for Lateral Movement

If you’re on to go, listen here or on your favorite podcast app: https://www.buzzsprout.com/1731753/11742768

Blog: https://offsec.blog/
Youtube: https://www.youtube.com/channel/UCCWmudG_CTNAFBaV48vIcfw
Twitter: https://twitter.com/cyberthreatpov
Work with Us: https://securit360.com