Blue Team Village - Killsuit - How The Equation Group Remained Out Of Sight

Cite

DEF CON

Fan, Lacie Morley, Connor

Formal Metadata

Title

Blue Team Village - Killsuit - How The Equation Group Remained Out Of Sight

Title of Series

DEF CON 27

Number of Parts

335

Author

Fan, Lacie

Morley, Connor

License

CC Attribution 3.0 Unported:
You are free to use, adapt and copy, distribute and transmit the work or content in adapted or unchanged form for any legal purpose as long as the work is attributed to the author in the manner specified by the author or licensor.

Identifiers

10.5446/48584 (DOI)

Publisher

DEF CON

Release Date

2019

Language

English

Content Metadata

Subject Area

Computer Science

Genre

Conference/Talk

Abstract

When the shadow brokers released a large number of Equation Group tools in 2017, many researchers jumped on the analysis of EternalBlue, FuzzBunch etc. The exploits of the leak have now been thoroughly analysed and mostly patched, but the works of its persistence tool (Danderspritz) is still widely unknown. In our talk, we are going to break down the Killsuit modules of Danderspritz. Killsuit (KiSu) is a modular post-exploitation persistence and capability mechanism employed in various hacker frameworks including Danderspritz (DdSz).