[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Extracting Equation Group's malware from hard drives

To: [email protected]
Subject: Extracting Equation Group's malware from hard drives
From: [email protected] (grarpamp)
Date: Wed, 18 Feb 2015 16:20:05 -0500
In-reply-to: <[email protected]>
References: <1424220975.3438110.229002373.02319FA1@webmail.messagingengine.com> <CAD2Ti2_TW2j6c6Fv_B2HPtt0OqRggSGW8OhLAiHEjxGMD-nxaA@mail.gmail.com> <[email protected]>

On Wed, Feb 18, 2015 at 2:48 AM, Virilha
<[email protected]> wrote:
>
> This 3-letters-agency did it with software, mostly using undocumented ATA
> commands.
>
> Assuming no one knows the specifications for the ATA commands

All the non vendor specific command specs are documented
at t10, t13, serialata ...
https://ata.wiki.kernel.org/index.php/Developer_Resources

Which you can bitbash for fun from userland with the likes of ...
http://www.freebsd.org/cgi/man.cgi?query=camcontrol

References:
- Extracting Equation Group's malware from hard drives
  - From: [email protected] (Alfie John)
- Extracting Equation Group's malware from hard drives
  - From: [email protected] (grarpamp)
- Extracting Equation Group's malware from hard drives
  - From: [email protected] (Virilha)

Prev by Date: Extracting Equation Group's malware from hard drives
Next by Date: Fwd: [tor-talk] Call for Participation – ACM SigComm2015 – Workshop on Ethics in Networked Systems Research
Previous by thread: Extracting Equation Group's malware from hard drives
Next by thread: Extracting Equation Group's malware from hard drives
Index(es):
- Date
- Thread