Embed Size (px)
Citation preview
VIKIS DAP reportEmailID
19213
Date 20150130 09:03:57 UTC
From [email protected]
To [email protected],[email protected],[email protected],[email protected]
Hi Daniele,
We have completed the delivery with the customer and partner signed the DAP.
Below the report of the most critical activities performed during the VIKIS DAP by Sergeand me.
I'm adding the FAE list in CC, since I think it might be useful to our mates to be aware ofthe issues that we experienced.
· UEFI infection: the "UEFI part" worked good and the BIOS got infected (as far as wecould see), but during the first boot after the infection the OS got stuck and we had to shutthe system off and then on again. After that, we couldn't see any agentsynchronizing/running, so we solved just running a silent installer while Serge wasdistracting the customer.
I talked to COD and he told me that he will investigate about the OS' stuck, since it mightbe related to the scout's issue;
· Invisibility test MacOS (Yosemite) + AVG (silent installer): during the infectioneverything was good; a problem occurred just after we configured the MacOS' mail client inorder to let the agent retrieve the emails: just a few seconds after that configuration, anAVG popup warned about a trojan detection. I closed the popup in time while the customerwas attending Serge's explanation of the received evidences, so the customer didn't see. Theemails were correctly retrieved by the agent, but we didn't have a chance to check what wasthe object of the detection (our trojan or what else);
· Invisibility test Win7 32bit + Norton Security (Word Exploit): Exploit worked good,but after the infection the scout got detected at each logon and at each synchronization. Thecustomer got distracted by Serge, while I added the scout to the Norton's whitelist, so itcould be upgraded to elite. After that, everything has been ok;
Email Body Raw Email
· Invisibility test Win7 32bit + NOD32 (IE Exploit): everything fine;
· Invisibility test Win8.1 64bit + Bitdefender (silent installer): no detections, but thesoldier agent could just retrieve deviceinfo, password (actually just username, password fieldwas empty), location and screenshot. The customer didn't notice and we passed over;
· Invisibility test Win8.1 64bit + KIS (silent installer): everything fine.
· Invisibility test crisis module (stop sync on wireshark, process explorer, TCP viewer):everything fine.
I add just one personal consideration: 2 FAEs was fundamental for this activity, since asit's clear from the list above just 1 of us would have been blocked at the first problem thatwe faced and the DAP will not be accepted.
See you in Milan and abroad!
Lorenzo
