Finally

I couldn’t really believe my ears when I heard the judge declare that:

Read More

Of regrets

Here is a copy of the MIT license. One of the well-known open source licenses. It is, effectively, the only license that I’ve used for software I wrote or contributed in the last 10 years:

Read More

The widening gyre

Recent events have made me reflect on a few things in my life I was already thinking about for a while. Also, responses on social media have made me realize that people have strange expectations from me, and what my role in the Bitcoin Core project is.

Read More

BUZZDIRECTION: BLATSTING reloaded

This time I will be taking a cursory look at a different malware framework in the EQGRP free dump: BUZZDIRECTION. BUZZDIRECTION is another modular rootkit, but more extensive than BLATSTING. This list classifies it as “a firewall software implant for Fortigate firewalls”, just like BLATSTING. Maybe it is just a successor for the same purpose, but maybe it is something more.

Read More

BLATSTING Command-and-Control protocol

In this installment I’m going to describe the Command-and-Control (or C&C) protocol of BLATSTING. This the protocol used in the network traffic between the malware and what is used by the person controlling it. I’m also going to see whether this traffic can be detected.

Read More

TADAQUEOUS moments

The one mystery module in the BLATSTING rootkit/malware/implant/… in the Equation Group dump is m12000000, or TADAQUEOUS. There is only one mention of it in the various documentation and scripts:

Read More