Dailydave mailing list archives

Re: APT

From: toby <toby00 () gmail com>
Date: Tue, 11 Mar 2014 09:13:56 -0700

I don't think that the "avoid all systems with HIPS" had anything to do
with being sufficiently advanced. That looked like a decision to avoid
complexity because the people following that decision tree weren't skilled
enough to handle attacking those systems and the default toolset wasn't
designed to handle evasion on those systems.

I have no doubt that the NSA has all the tools necessary to exploit or
evade HIPS but this doesn't look like evidence of it. Using your framing,
this looks like "what we are doing is so sensitive and questionable and
high risk that it is better to ignore targets we are even a little bit
queasy about rather than risk detection". That's avoiding consequences, not
being amazingly bad-ass.

toby


On Tue, Mar 11, 2014 at 6:41 AM, Dave Aitel <dave () immunityinc com> wrote:

 So the thing about being advanced enough is that you don't really have to
be persistent in any normal sense of the word. Nobody has pointed out how
the first stage of the NSA shellcode (as leaked by "backgrounded by the
Constitution and definitely not at all a narcissist" Snowden) just avoids
executing anything on systems protected by HIPS. Imagine if you were so
good at your job you could ignore targets you already had execution on if
you felt even a *little bit* queasy about their defense.

Look, Richard Beitlitch thinks I don't know anything about 
"Strategy"<http://taosecurity.blogspot.com/2014/02/the-limits-of-tool-and-tactics-centric.html>.
This may be true! But on the other hand, sometimes just outshooting your
opponent <https://www.youtube.com/watch?v=G02FiZNbZHY> everywhere you
engage them is a pretty decent strategy. And that comes down to "Tools,
Tactics and Procedures" on the ground. Speaking of which - INNUENDO is
going to be 1.0 Beta today because I can't find any more bugs in it. :>

-dave


_______________________________________________
Dailydave mailing list
Dailydave () lists immunityinc com
https://lists.immunityinc.com/mailman/listinfo/dailydave

_______________________________________________
Dailydave mailing list
Dailydave () lists immunityinc com
https://lists.immunityinc.com/mailman/listinfo/dailydave

Current thread:

APT Dave Aitel (Mar 11)
- Re: APT toby (Mar 11)
- Re: APT J. Oquendo (Mar 11)
  - Re: APT Andreas Lindh (Mar 11)
- Re: APT Justin Seitz (Mar 11)
  - Re: APT Brett Watson (Mar 12)
  - Re: APT Moses Hernandez (Mar 12)
    - Re: APT David Maynor (Mar 14)
- Re: APT Wim Remes (Mar 11)