Hackedteam |
|
organizer: | niekt0 |
date/time: | 9.7.2015 19:00 |
place: | brmlab |
stream: | jen ten neoficiální |
Drazi supi,
internetove more nam vyplavilo obzvlaste velkou a smrdutou zdechlinu.
Nuze hodujme.
K dispozici by meli byt kompletni leaknute data (400G), mozna i zaindexovane jestli se to stihne.
Cilem je najit co nejvic informaci relevantnich pro nasi malou cz-sk gubernii.
http://www.csoonline.com/article/2943968/data-breach/hacking-team-hacked-attackers-claim-400gb-in-dumped-data.html
https://www.reddit.com/r/HackedTeam
Data processing
get it
remove warez? there is a lot of software (cracked Windows, IDA…), it eats capacity and may cause legal problems with sharing
extract all archives
extract Outlook folders with readpst -S -D
run recoll (xapian index machine), this takes some time if you don't have SSD
-
/support.hackingteam.com.tar.gz contained SQL database, you should be able to drop it to /var/lib/mysql and read it
Support database
It seems that most exploits are created semi-automatically as one-time droppers to prevent misuse. This means that every exploit has been processed as a support ticket.
Extraction script: http://nat.brmlab.cz/ht-cherrypick/getcz.sh
Extracted tickets by Czech police: http://nat.brmlab.cz/ht-cherrypick/supcz.tar.gz and http://nat.brmlab.cz/ht-cherrypick/supczold.tar.gz
Currently the following techniques were identified as being used by the Czech police:
-
MS Word exploits
browser and Office exploits are usually just wrappers for Flash exploit (see
vector-exploit repo for builders and source)
Recording ambient audio with infected Android device
Flash exploits injected using a MITM device (think connected at the target's ISP, evil WIFI AP etc.). This works for flash on both Win, OSX and Linux.
Computer tracking based on sorrounding SSID
Infecting Windows PC by Evil Maid attack
Czech police had license for Windows version of the spyware and was evaluating Linux and iOS version. The evaluation license was issued 26 Jun 2015, so they presumably did not have too much time to enjoy it.
General spyware info
It looks like the Hackingteam spyware won't install inside virtual machine or when one of the following processes is running: