[US GOV Warning! - most likely topsecret content] The shadowbrokers released yet another full set of working tools


####  warning those in the US working for the gov   #### 
you better look away now as the NSA stuff most likely is top secret or so

The shadowbrokers today released yet another set of the allegedly NSA EquationGroup hacking tools - this last dump seems to be pretty devesating for Microsoft as many many many of the already tried exploits target M$ in several versions.

The original one they released the password for:

and the new one of today

on this two git repos they are already decypted so be careful weather or not your download them or even run any of it :wink:

1 Like

Damn, this cool, good post, but I think that you should put it in the title that this if read does go against quite a few people jobs considering how many people on here are doing stuff for the government, but than again most would know to stay away when shadowbrokers is mentioned.

Well damn it. My job is about to get more difficult for the next few weeks. I was having such a nice time until now.

For those who don't know, I do InfoSec related work.

1 Like

I honestly find it hilarious that of all people gov employees are not allowed to know what their government is up to.
That always has been iffy to me.



Ignore the man behind the curtain

Go back to sleep



The infosec people on twitter are harvesting through the dumps like mad - ever 10 min a new discovery XD

Like that? :wink:

That is perverted in a way - but on the other hand the policy is somewhat clear - it is not officially declassified and thus not your business to know; In my country at least when it is "public" (a.k.a. the newspapers have it) you ok to know it - even if it is not your classification level

That's good

it's early evening here on a friday so I haven't exactly been paying attention. But yeah now that I look at it my twitter feed is blowing up.

1 Like

(by @Swati_THN on Twitter)

Yeah - timezone helped me - the french guy started in the mid morning european time ^^ since than I got a safety copy XD

The Windows stuff all looks like old shit. Wind XP and S2003. Very niche stuff, likely used for industrial sector.

Otherwise, Turns out the SWIFT banking network breaches may be NSA's work.... targeting middle east bank nets... RIP

Some nice Win S2008 SMB NBT exploits

The Linux stuff I have no clue as of yet, looks like lots of bin replacement exploits, spawners and shell's.

Tested on those old ones - but we all know that 0days sometimes survive code refactoring :wink:

Not sure if that did not come from WikiLeaks Vault7 - its been a bit messy on my feed today

Yeah - it works... and I know a loooooot S2008 still running

this one is also a good one

ShadowBrokers ESKIMOROLL (Eskimoroll-1.1.1.exe) is MS14-068 exploit with MD5 "signature"



I pretty much just mirrored the stuff to a secure box and told the rest of the security team to have fun with it. :laughing:

1 Like

Would realy like to know what you and your team might find - yah know not a professional here - but always cruous :wink:

One more article:

Press is catching up =)

Well we've already found a Win 8.1 exploit which might be Win 10 capable.

Aside from that all of the stuff we ran through our scanner was bloody indetectable except for some heuristic matches and some stuff that broke system integrity protection.

But this stuff is oldish. I'm pretty sure It's long been improved, the payloads are all robust stuff, whoever made these is probably even using revision control and has release cycle. :stuck_out_tongue:

1 Like

I was pretty much surprised by how much of the collection is picked up by clamav XD

We didn't scan everything just some of the nice bits. The boring stuff our VM already threw out.
Won't even really bother looking at those, since they've already 'dismissed themselves'. :wink:
But honestly I also can't say exactly, because policy.

Like I said, lots of old shite in there.

1 Like

Don't worry - so very much people have the data - it will become public anyway =)

Well, yeah there's that and then there's working for a company. The rules don't always make sense :wink:

I've anyway left work now. Rest can wait till monday, I'm now only poking around with some of the stuff.

1 Like

Aprooved by @snowden ^^

Edward Snowden‏ @Snowden 10 Min.vor 10 Minuten

Edward Snowden hat Edward Snowden retweetet

If you're a tech or natsec reporter, follow @hackerfantastic, @x0rz, @emptywheel, and @josephfcox for analysis and developments.

they are picking it apart thoroughly - @Viss is also digging through the stuff

1 Like

Haha this is hilarious

The "Can it run minesweeper" joke also applies to malware now