DanderSpritz: How the Equation Group's 2013 tools pwn in 2017

Presented at THOTCON 0x9 (2018), Unknown date/time (50 minutes).

Everyone has focused on the Equation Group's ""weapons grade"" exploits but no one has focused on their extremely effective post exploitation capabilities. In this talk I will cover the tools, methods, and capabilities built into the DanderSpritz post exploitation framework. We will review how the Equation Group gained and maintained persistence, bypassed auditing and AV, scan, sampled, subdued, and successfully dominated an entire organization ninja-style. We'll dig into the technical details of how the framework gains persistence, performs key logging, captures traffic and screenshots, steals credentials, gathers target information, owns AV and WSUS servers, exfiltrates secrets, and causes general mayhem.


Presenters:

  • Francisco Donoso
    Francisco is a passionate security professional with experience in many different areas of infosec from consulting to service architecture

Similar Presentations: