Archives for JETPLOW

Dell PowerEdge Servers BIOS Exploit DEITYBOUNCE

DEITYBOUNCE is a software exploit that exploits the BIOS on Dell PowerEdge servers, utilizing System Management Mode (SMM) to gain periodic execution while the Operating System loads.   What It Is As I said above DEITYBOUNCE is a software exploit that exploits the BIOS on Dell PowerEdge servers. To re-flash the BIOS on a target machine the NSA uses ARKSTREAM. ARKSTREAM is used to implant DEITYBOUNCE and its payload or the implant installer. Once DEITYBOUNCE has been implanted onto the target system its frequency of execution (dropping the payload) is configurable and occurs when the system is powered on. It
Read More

Categories: Information Technology, IT Security, and Preston Hood.

Cisco IOS Firmware Persistence Implant JETPLOW

JETPLOW is a firmware persistence implant for Cisco PIX Series and ASA (Adaptive Security Appliance) firewalls. Cisco officially acknowledged the possible NSA security vulnerabilities in their firewalls. You can view what Cisco has to say here. I personally think if this backdoor is legitimate that Cisco was not involved in the process of developing it.   What It Is This backdoor allows the NSA to exploit a network that is secured with a Cisco PIX or ASA firewall by modifying the firewalls OS during boot time. If BANANAGLEE support is not available for the booting operating system then it can
Read More

Categories: Information Technology, IT Security, and Preston Hood.