Vault7: CIA Hacking Tools Revealed
Navigation: » Latest version
Owner: User #524297
2014-10-23 Branch Direction Meeting notes
Date
Oct 23, 2014
Attendees
- User #11628962
- User #524420
- User #20873326
- User #524420
- User #71456
- User #71455
Goals
- To address Branch concerns over personnel reallocation and possible requirements adjustments
- To determine future goals and direction for Embedded Devices Branch
- To better position the Branch to meet future operational needs
- To discuss how the Branch can adapt/improve to meet these needs
- To discuss how the Branch can work as a team to meet these goals
Discussion items
Time | Item | Who | Notes |
---|---|---|---|
15min | Intro from AED/FO | User #71456/User #71455 |
|
Rest | EDB Direction | User #524297 et.al. |
Reference
-
Potential Mission Areas for EDB
-
Firmware Targets
Internet of Things (e.g. Weeping Angel (Extending) Engineering Notes )
Vehicle Systems (e.g. VSEP)
- ICS/SCADA
- Network Devices (including but not limited to SOHOSmall Office / Home Office routers)
- EFI
-
Software Targets
Linux/Unix
BSD
Solaris
VxWorks - not addressed by any EDBEmbedded Devices Branch work
QNX - not addressed by any EDBEmbedded Devices Branch work, big player in VSEP
-
Software Capabilities
Exploitation
Access
Persistence
Network
Implant
-
-
"Advertising" the Branch
- Do we have a flagship product?
- Do we need to define "embedded systems"?
- Technical: A single-purpose device that has a firmware running a software operating system.
- Non-technical: A computer serving a singular function that doesn't have a screen or keyboard.
- Really non-technical: "The Things in the Internet of Things"
-
Discussion of need for generic implant for Linux-based Embedded Systems, applicable to future
- A flagship product to enable the branch to better position for operations
- Working for subset of target platforms. Once a new/similar platform is encountered, effort is decreased to important problems (e.g. access, persistence)
- When do we seek customer buy-in? How do we know what target platforms are seen day-to-day?
- Perhaps when we have demonstrable capability, easier to ask "Where do you want us to go from here?"
- Seek to develop modular "library" of capabilties to unify across platforms, require only necessary components
- A flagship product to enable the branch to better position for operations
-
Some discussion of need for Working Agreement – for future:
-
Mapping Values to Work - Scrum Values (excerpt from http://www.scrumalliance.org/why-scrum/core-scrum-values-roles) ?
- Focus - Because we focus on only a few things at a time, we work well together and produce excellent work. We deliver valuable items sooner.
- Courage - Because we work as a team, we feel supported and have more resources at our disposal. This gives us the courage to undertake greater challenges.
- Openness - As we work together, we express how we're doing, what's in our way, and our concerns so they can be addressed.
- Commitment - Because we have great control over our own destiny, we are more committed to success. We strive to deliver what we promise.
- Respect - As we work together, sharing successes and failures, we come to respect each other and to help each other become worthy of respect.
-
Mapping Values to Work - Scrum Values (excerpt from http://www.scrumalliance.org/why-scrum/core-scrum-values-roles) ?
Action items
ID | Status | Task |
---|---|---|
1 | incomplete | @mention a person to assign them an action item and notify them. |