minkione/EQgroup.md

Forked from bontchev/EQgroup.md

Created August 14, 2017 10:10

Star (0) You must be signed in to star a gist
Fork (0) You must be signed in to fork a gist

Learn more about clone URLs
Clone this repository at <script src="https://gist.github.com/minkione/ba072b1f4aa943d9d82d0dcdfb1d787d.js"></script>
Save minkione/ba072b1f4aa943d9d82d0dcdfb1d787d to your computer and use it in GitHub Desktop.

Download ZIP

Curated list of links describing the leaked Equation Group tools for Windows

Raw

Links describing the leaked EQ Group tools for Windows

Repositories and ports

Lost in Translation - a repository of the leaked tools
MS17-010 - port of some of the exploits to Windows 10

Installation and usage guides

INSTALL.md - notes on how to install and use the tools
Equation Group Dump Analysis and Full RCE on Win7 on MS17-010 with Cobalt Strike - notes on how to use EternalBlue and DoublePulsar
Powershell Empire and FuzzBunch: exploitation of the sensational vulnerability ETERNALBLUE - how to install PowerShell Empire and FuzzBunch under WINE on Linux and how to use the EternalBlue and DoublePulsar payloads from Empire
HOW TO EXPLOIT ETERNALBLUE & DOUBLEPULSAR TO GET AN EMPIRE/METERPRETER SESSION ON WINDOWS 7/2008 (PDF) - how to install and set up FuzzBunch and how to use EternalBlue and DoublePulsar from it and from PowerShell Empire
HOW TO EXPLOIT ETERNALROMANCE/SYNERGY TO GET A METERPRETER SESSION ON WINDOWS SERVER 2016 (PDF) - how to use the Metasploit modules for EternalRomance and EternalSynergy to get a Meterpreter session
Data analysis of the Shadow Brokers leak - a general description of what the package of tools contains
A peek view in the Equation Group toolbox - how to use the tools from FuzzBunch and DanderSpiritz frameworks

General analysis

Analysis of the Shadow Brokers release and mitigation with Windows 10 virtualization-based security - behavior of EtenralBlue and EternalRomance on Windows 10
Hunting the hunter, finding bugs in NSA tools - description of some bugs in the tools

Analysis of EternalBlue and DoublePulsar

Exploring the crypt: Analysis of the WannaCrypt ransomware SMB exploit propagation - use of EternalBlue and DoublePulsar in the WannaCry worm
The Wannacry and NotPetya bug - CVE-2017-0144 SMB Remote Execution RCE - use of EternalBlue in the WannaCry and Petya worms
ETERNALBLUE: Exploit Analysis and Port to Microsoft Windows 10 - port of EternalBlue to Windows 10
Memory analysis of Eternalblue - another analysis of EternalBlue
EternalBlue’s Large Non-Paged Pool Overflow in SRV Driver - another analysis of EternalBlue
Shadow Brokers: exploiting Eternalblue + Doublepulsar - analysis of EternalBlue and DoublePulsar
DoublePulsar Initial SMB Backdoor Ring 0 Shellcode Analysis - analysis of the shellcode that installs the DoublePulsar backdoor

Analysis of the other tools in the package

Eternalromance: Exploiting Windows Server 2003 - analysis of EternalRomance
Eternal Champion Exploit Analysis - analysis of EternalChampion
A Quick Analysis of Microsoft's ESTEEMAUDIT Patch - analysis of EsteemAudit
A Dissection of the “EsteemAudit” Windows Remote Desktop Exploit - another analysis of EsteemAudit
A quick look at the NSA exploits & Dander Spiritz trojan - analysis of DanderSpiritz
The Equation Group’s post-exploitation tools (DanderSpritz and more) Part 1 - another analysis of DanderSpiritz
EnglishmansDentist Exploit Analysis - analysis of EnglishmanDentist
Eternal Synergy Exploit Analysis - analysis of EternalSynergy

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment