KNOCK KNOCK! WHO'S THERE? NSA! presented at bsideslisbon 2017

by Pedro Vilaça,

Summary : Thanks to the ShadowBrokers we can finally take a peek at some of NSA's tools and exploits.
What do you do with a archive full of NSA binaries? You start reverse engineering them!
This time we are diving into the internals of a cross platform NSA port-knocking RAT.
After finishing reversing its port-knocking protocol I asked my good friends at if they could scan the whole Internet for live instances of this particular RAT.
Surprise surprise, they found live NSA hacked hosts all over the world.
No videos or slides to be published so be there or miss all the fun.
(We can no longer see those hosts using this RAT but I don't want to get into trouble :P)
Poupas always complains my presentations are too low level and this is no exception!
Sorry, web hacking is for wussies :P (Hi JustPassingBy!)