Dailydave mailing list archives
Re: APT
From: toby <toby00 () gmail com>
Date: Tue, 11 Mar 2014 09:13:56 -0700
I don't think that the "avoid all systems with HIPS" had anything to do with being sufficiently advanced. That looked like a decision to avoid complexity because the people following that decision tree weren't skilled enough to handle attacking those systems and the default toolset wasn't designed to handle evasion on those systems. I have no doubt that the NSA has all the tools necessary to exploit or evade HIPS but this doesn't look like evidence of it. Using your framing, this looks like "what we are doing is so sensitive and questionable and high risk that it is better to ignore targets we are even a little bit queasy about rather than risk detection". That's avoiding consequences, not being amazingly bad-ass. toby On Tue, Mar 11, 2014 at 6:41 AM, Dave Aitel <dave () immunityinc com> wrote:
So the thing about being advanced enough is that you don't really have to be persistent in any normal sense of the word. Nobody has pointed out how the first stage of the NSA shellcode (as leaked by "backgrounded by the Constitution and definitely not at all a narcissist" Snowden) just avoids executing anything on systems protected by HIPS. Imagine if you were so good at your job you could ignore targets you already had execution on if you felt even a *little bit* queasy about their defense. Look, Richard Beitlitch thinks I don't know anything about "Strategy"<http://taosecurity.blogspot.com/2014/02/the-limits-of-tool-and-tactics-centric.html>. This may be true! But on the other hand, sometimes just outshooting your opponent <https://www.youtube.com/watch?v=G02FiZNbZHY> everywhere you engage them is a pretty decent strategy. And that comes down to "Tools, Tactics and Procedures" on the ground. Speaking of which - INNUENDO is going to be 1.0 Beta today because I can't find any more bugs in it. :> -dave _______________________________________________ Dailydave mailing list Dailydave () lists immunityinc com https://lists.immunityinc.com/mailman/listinfo/dailydave
_______________________________________________ Dailydave mailing list Dailydave () lists immunityinc com https://lists.immunityinc.com/mailman/listinfo/dailydave