[Dailydave] APT
toby
toby00 at gmail.com
Tue Mar 11 12:13:56 EDT 2014
I don't think that the "avoid all systems with HIPS" had anything to do
with being sufficiently advanced. That looked like a decision to avoid
complexity because the people following that decision tree weren't skilled
enough to handle attacking those systems and the default toolset wasn't
designed to handle evasion on those systems.
I have no doubt that the NSA has all the tools necessary to exploit or
evade HIPS but this doesn't look like evidence of it. Using your framing,
this looks like "what we are doing is so sensitive and questionable and
high risk that it is better to ignore targets we are even a little bit
queasy about rather than risk detection". That's avoiding consequences, not
being amazingly bad-ass.
toby
On Tue, Mar 11, 2014 at 6:41 AM, Dave Aitel <dave at immunityinc.com> wrote:
> So the thing about being advanced enough is that you don't really have to
> be persistent in any normal sense of the word. Nobody has pointed out how
> the first stage of the NSA shellcode (as leaked by "backgrounded by the
> Constitution and definitely not at all a narcissist" Snowden) just avoids
> executing anything on systems protected by HIPS. Imagine if you were so
> good at your job you could ignore targets you already had execution on if
> you felt even a *little bit* queasy about their defense.
>
> Look, Richard Beitlitch thinks I don't know anything about "Strategy"<http://taosecurity.blogspot.com/2014/02/the-limits-of-tool-and-tactics-centric.html>.
> This may be true! But on the other hand, sometimes just outshooting your
> opponent <https://www.youtube.com/watch?v=G02FiZNbZHY> everywhere you
> engage them is a pretty decent strategy. And that comes down to "Tools,
> Tactics and Procedures" on the ground. Speaking of which - INNUENDO is
> going to be 1.0 Beta today because I can't find any more bugs in it. :>
>
> -dave
>
>
> _______________________________________________
> Dailydave mailing list
> Dailydave at lists.immunityinc.com
> https://lists.immunityinc.com/mailman/listinfo/dailydave
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.immunityinc.com/pipermail/dailydave/attachments/20140311/7e2588a6/attachment.html>
More information about the Dailydave
mailing list