I thought this was an interesting read: https://doublepulsar.com/eternalpot...t-infrastructure-3f2a0b064ffe?gi=d5b73476eddf
Yes, what this SMB exploit did give us was a great opportunity to see which endpoint security tools could block the attack in either the first or second stage. If you failed to block it, it really makes you look bad.