Last summer the Equation Group's TTPs were leaked by a group known
as the ShadowBrokers. Unlike most people simply satisfied with rooting
their firewalls and moving on, I RTFM'd and worked out how the second
stage and implant software was meant to work. Armed only with incomplete
software, the NSA ANT catalogue, and a lot of motivation, I'll
take us on a journey of discovery that culminates
with an Internet wide scan of devices looking for NSA implant code.
Chuck is responsible for gathering actionable application and security intelligence for Keysight products. Chuck has more than 15 years of experience working in the field of Computer and Network Security for Ixia Communications, BreakingPoint, Spirent Communications, and Imperfect Networks. Chuck applies his passion through engineering and speaking at technology events. But he mostly spends his time in a cave in New Hampchussetts staring at PCAPs.