Vault7: CIA Hacking Tools Revealed
Navigation: » Latest version
Owner: User #71467
JQJSECONDCUT
Cisco 881 - Cinnamon 5.0 for PPC
Tests we should perform
- Smaller (<1500) MTUMaximum Transmission Unit sizes in beacons to Blot
- "Realistic" web servers for Internet detection (DNSDomain Name System and HTTPHypertext Transfer Protocol GET)
- DNS forwarding server - Completed - Internet detection succeeds using 4.4.4.4 DNSDomain Name System server Seed traffic
- Authoritative DNSDomain Name System Server - Completed - Internet detection succeeds using X.X.X.X (LVLT-GOGL-8-8-8[US]) DNSDomain Name System server seeds traffic.
- New DNS_PROBE# list in cinnamon.cfg - what probe sites should be configured for ops delivery?
- Different beacon intervals and jitter rates (cinnamon.cfg) -
- Inspect wireshark of beacons (TLSTransport Layer Security handshake with Blot)
- Upgrading (and downgrading) IOSApple operating system for small devices while Cinnamon installed - COMPLETE - test 13
- Uninstall - COMPLETE - test 4, 5
- IAC/Norb install -> device_stick command to persist - COMPLETE - test 11
- Test tool_upgrade feature - COMPLETE - test 14
- Breaking Point
- Small office profile
- Packet scrambler (fuzzing)
- VoIP traffic
- Traffic Survey
- Redirection
- SNMP - get CPU utilization
- Other SNMPSimple Network Management Protocol we want?
- tc (traffic conditioning) - linux
- What ROMMONRead-Only Memory Monitor Cisco bootstrap program to use for ops delivery? - using ops ROMMONRead-Only Memory Monitor Cisco bootstrap program in test - 12.4(22r)YB5
- Should we use newer ROMMONRead-Only Memory Monitor Cisco bootstrap program ver than the read-only to be less alerting?
- Use active filters for both survey and redirect at the same time
- Inspect survey and redirect output with different rules and verify that correct traffic was captured as expected
- Persist CMNCaiman (Codename)? and then reload, test re-uploading and using modules
- Test restarting modules/loading/unloading without reboot - COMPLETE - test 10
- Monitor for memory leaks (with multiple module reloads or reboots, traffic, etc) - long term monitoring
- Perform system administrator functions while cmn present/active - create and delete interfaces
- Reload nodes behind/adjacent to DUTDevice Under Test while CMNCaiman (Codename)? active
- Configure DUTDevice Under Test for SNMPSimple Network Management Protocol Traps, tac_plus authentication, Solarwinds and verify CIConcern concerns with logging - Monitoring SNMPSimple Network Management Protocol and traps throughout testing
- Reload times with Persistent CMNCaiman (Codename)? - COMPLETE - test 12 - CMNCaiman (Codename)? adds about 40 seconds
- cppcheck/code inspection