How I Scanned The Internet For NSA Compromised Firewalls

Presented at BSidesLV 2017, July 26, 2017, 6:30 p.m. (25 minutes)

Last summer the Equation Group's TTPs were leaked by a group known as the ShadowBrokers. Unlike most people simply satisfied with rooting their firewalls and moving on, I RTFM'd and worked out how the second stage and implant software was meant to work. Armed only with incomplete software, the NSA ANT catalogue, and a lot of motivation, I'll take us on a journey of discovery that culminates with an Internet wide scan of devices looking for NSA implant code.

Presenters:

• Chuck McAuley   as chuck mcauley
  Chuck is responsible for gathering actionable application and security intelligence for Keysight products. Chuck has more than 15 years of experience working in the field of Computer and Network Security for Ixia Communications, BreakingPoint, Spirent Communications, and Imperfect Networks. Chuck applies his passion through engineering and speaking at technology events. But he mostly spends his time in a cave in New Hampchussetts staring at PCAPs.

Links:

• https://bsideslv2017.sched.com/event/BNGI/how-i-scanned-the-internet-for-nsa-compromised-firewalls

Similar Presentations:

• ShmooCon 2023 / How I Scanned the Internet for NSA Compromised Firewalls
• Black Hat USA 2015 / The NSA Playset: A Year of Toys and Tools
• ToorCamp 2014 / The NSA Playset