EXETOOLS FORUM  

Go Back   EXETOOLS FORUM > General > General Discussion

Notices

Reply
 
Thread Tools Display Modes
  #16  
Old 03-13-2017, 18:16
Kerlingen Kerlingen is offline
VIP
 
Join Date: Feb 2011
Posts: 246
Rept. Given: 0
Rept. Rcvd 253 Times in 90 Posts
Thanks Given: 0
Thanks Rcvd at 61 Times in 29 Posts
Kerlingen Reputation: 200-299 Kerlingen Reputation: 200-299 Kerlingen Reputation: 200-299
You are aware that a journalist's scope of duties doesn't cover providing script kiddies with free 0day exploits?
Reply With Quote
  #17  
Old 03-13-2017, 19:25
cybercoder cybercoder is offline
Friend
 
Join Date: Aug 2005
Posts: 83
Rept. Given: 2
Rept. Rcvd 11 Times in 8 Posts
Thanks Given: 14
Thanks Rcvd at 20 Times in 9 Posts
cybercoder Reputation: 11
Wouldn't like to see what would happen if skiddies got hold of this crap, although anti-virus / firewalls being insecure is nothing new... remember what happened with OptixPro years ago...
Reply With Quote
  #18  
Old 03-24-2017, 20:52
_Servil_ _Servil_ is offline
VIP
 
Join Date: Jan 2002
Posts: 169
Rept. Given: 54
Rept. Rcvd 12 Times in 2 Posts
Thanks Given: 58
Thanks Rcvd at 19 Times in 7 Posts
_Servil_ Reputation: 12
Inheresting article
Code:
http://boards.4chan.org/pol/thread/117886401/intel-me
Has by chance anyone anywhere proved what the guy says?
I'm not too much into kernel debugging, but if there was a solid old fashion kernel debugger, was it able to reveal and analyze the malicious blocks?
I remark that Intel Management Engine is being present on all intel Core powered devices...maybe another reason why not to upgrade to Windows 10.
__________________
_Servil_
SemtekSoft Corporation, Inc.
Reply With Quote
The Following 2 Users Say Thank You to _Servil_ For This Useful Post:
abhi93696 (03-28-2017), niculaita (03-24-2017)
  #19  
Old 03-28-2017, 17:38
robotics0 robotics0 is offline
Friend
 
Join Date: May 2016
Location: Land of Aus
Posts: 6
Rept. Given: 0
Rept. Rcvd 0 Times in 0 Posts
Thanks Given: 4
Thanks Rcvd at 3 Times in 2 Posts
robotics0 Reputation: 0
Curious what these government hackers/coders annual base salary is/was.
Reply With Quote
  #20  
Old 03-29-2017, 19:23
H4vC H4vC is offline
Friend
 
Join Date: Jan 2017
Posts: 26
Rept. Given: 0
Rept. Rcvd 1 Time in 1 Post
Thanks Given: 3
Thanks Rcvd at 18 Times in 9 Posts
H4vC Reputation: 1
Quote:
Originally Posted by _Servil_ View Post
Inheresting article
Code:
http://boards.4chan.org/pol/thread/117886401/intel-me
Has by chance anyone anywhere proved what the guy says?
I'm not too much into kernel debugging, but if there was a solid old fashion kernel debugger, was it able to reveal and analyze the malicious blocks?
I remark that Intel Management Engine is being present on all intel Core powered devices...maybe another reason why not to upgrade to Windows 10.
I don't think that's true, knowing typical 4chan it's just mild trolling, I don't think anyone dumping this kind of info would go about so much detail about how they got to know said information, it's extremely identifying. And intel ME isn't what it's chalked up to be, you can even remove most of it without much effect. https://github.com/corna/me_cleaner it's a bit crude but it wipes most of ME (except the init parts) out.

Intel ME is in all processors intel makes and can interface with any OS you install since it's operating under it's own OS and can read the memory and the registers as well as has it's own network stack.

There was a great talk about exploiting intel ME a REcon https://recon.cx/2014/slides/Recon%202014%20Skochinsky.pdf .

In all fairness I should add that AMD processors also have similar capabilities through a thing called AMD Platform Security Processor, it's basically the same idea, it runs off of a tiny ARM chip and let's the CPU's core out of RESET state on boot, so you can't really get rid of it afaik.

Last edited by H4vC; 03-31-2017 at 02:44.
Reply With Quote
The Following 2 Users Say Thank You to H4vC For This Useful Post:
niculaita (03-30-2017), _Servil_ (03-30-2017)
  #21  
Old 04-01-2017, 07:48
TechLord TechLord is offline
VIP
 
Join Date: Mar 2005
Location: PlanetTech
Posts: 472
Rept. Given: 366
Rept. Rcvd 176 Times in 77 Posts
Thanks Given: 493
Thanks Rcvd at 904 Times in 236 Posts
TechLord Reputation: 100-199 TechLord Reputation: 100-199
Talking Marble Framework - hamper forensic investigators and anti-virus companies

Marble Framework (Source Code)


Quote:
Today, March 31st 2017, WikiLeaks releases Vault 7 "Marble" -- 676 source code files for the CIA's secret anti-forensic Marble Framework. Marble is used to hamper forensic investigators and anti-virus companies from attributing viruses, trojans and hacking attacks to the CIA.

Marble does this by hiding ("obfuscating") text fragments used in CIA malware from visual inspection. This is the digital equivallent of a specalized CIA tool to place covers over the english language text on U.S. produced weapons systems before giving them to insurgents secretly backed by the CIA.

Marble forms part of the CIA's anti-forensics approach and the CIA's Core Library of malware code. It is "[D]esigned to allow for flexible and easy-to-use obfuscation" as "string obfuscation algorithms (especially those that are unique) are often used to link malware to a specific developer or development shop."

The Marble source code also includes a deobfuscator to reverse CIA text obfuscation. Combined with the revealed obfuscation techniques, a pattern or signature emerges which can assist forensic investigators attribute previous hacking attacks and viruses to the CIA. Marble was in use at the CIA during 2016. It reached 1.0 in 2015.

The source code shows that Marble has test examples not just in English but also in Chinese, Russian, Korean, Arabic and Farsi. This would permit a forensic attribution double game, for example by pretending that the spoken language of the malware creator was not American English, but Chinese, but then showing attempts to conceal the use of Chinese, drawing forensic investigators even more strongly to the wrong conclusion, --- but there are other possibilities, such as hiding fake error messages.

The Marble Framework is used for obfuscation only and does not contain any vulnerabilties or exploits by itself.

LINK TO SOURCE CODE :

Code:
https://wikileaks.org/vault7/document/Marble/Marble.zip

Last edited by TechLord; 04-01-2017 at 08:03.
Reply With Quote
Reply

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



All times are GMT +8. The time now is 13:08.


ICP05004977
Always Your Best Friend: Aaron, JMI, ahmadmansoor, ZeNiX