Coderman's taobios-v2.tar.bz2

coderman coderman at
Tue Jan 8 17:23:49 PST 2019


some things to note about the samples:

- the L1 image uses BIOS recovery to trigger actual exploit payload on unaddressable storage; that is to say it does not store the loader / malware directly on SPI flash memory. NSA has been adept at avoiding trivial detection via this route for a long time...

- the L2 image is a configuration permanent denial of service. this is designed to disrupt target activities, rather than perform any traditional exploitation or exfiltration. with an impossible boot configuration, the system appears "dead".

these techniques are the opposite of the Sednit approach where the malware resides as an UEFI module with malicious code stored on SPI flash memory.  this makes it easy to detect (if you happen to catch it! :) as per the talk linked originally

best regards,
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: text/html
Size: 1321 bytes
Desc: not available
URL: <>

More information about the cypherpunks mailing list