Hey guys, just wanted to share this extremely funny HackingTeam email. It shows the kind of shady tatics HackingTeam uses to make their customers look like a joke. I will only be posting the relevant parts of the email, the full email can be accessed here: https://wikileaks.org/hackingteam/emails/emailid/19213
"Below the report of the most critical activities performed during the VIKIS DAP by Serge and me.
· UEFI infection: the "UEFI part" worked good and the BIOS got infected (as far as we could see), but during the first boot after the infection the OS got stuck and we had to shut the system off and then on again. After that, we couldn't see any agent synchronizing/running, so we solved just running a silent installer while Serge was distracting the customer.
I talked to COD and he told me that he will investigate about the OS' stuck, since it might be related to the scout's issue;
· Invisibility test - MacOS (Yosemite) + AVG (silent installer): during the infection everything was good; a problem occurred just after we configured the MacOS' mail client in order to let the agent retrieve the emails: just a few seconds after that configuration, an AVG popup warned about a trojan detection. I closed the popup in time while the customer was attending Serge's explanation of the received evidences, so the customer didn't see. The emails were correctly retrieved by the agent, but we didn't have a chance to check what was the object of the detection (our trojan or what else);
· Invisibility test - Win7 32bit + Norton Security (Word Exploit): Exploit worked good, but after the infection the scout got detected at each logon and at each synchronization. The customer got distracted by Serge, while I added the scout to the Norton's whitelist, so it could be upgraded to elite. After that, everything has been ok;
· Invisibility test - Win7 32bit + NOD32 (IE Exploit): everything fine;
· Invisibility test - Win8.1 64bit + Bitdefender (silent installer): no detections, but the soldier agent could just retrieve deviceinfo, password (actually just username, password field was empty), location and screenshot. The customer didn't notice and we passed over;
· Invisibility test - Win8.1 64bit + KIS (silent installer): everything fine.
· Invisibility test - crisis module (stop sync on wireshark, process explorer, TCP viewer): everything fine. "
"Below the report of the most critical activities performed during the VIKIS DAP by Serge and me.
· UEFI infection: the "UEFI part" worked good and the BIOS got infected (as far as we could see), but during the first boot after the infection the OS got stuck and we had to shut the system off and then on again. After that, we couldn't see any agent synchronizing/running, so we solved just running a silent installer while Serge was distracting the customer.
I talked to COD and he told me that he will investigate about the OS' stuck, since it might be related to the scout's issue;
· Invisibility test - MacOS (Yosemite) + AVG (silent installer): during the infection everything was good; a problem occurred just after we configured the MacOS' mail client in order to let the agent retrieve the emails: just a few seconds after that configuration, an AVG popup warned about a trojan detection. I closed the popup in time while the customer was attending Serge's explanation of the received evidences, so the customer didn't see. The emails were correctly retrieved by the agent, but we didn't have a chance to check what was the object of the detection (our trojan or what else);
· Invisibility test - Win7 32bit + Norton Security (Word Exploit): Exploit worked good, but after the infection the scout got detected at each logon and at each synchronization. The customer got distracted by Serge, while I added the scout to the Norton's whitelist, so it could be upgraded to elite. After that, everything has been ok;
· Invisibility test - Win7 32bit + NOD32 (IE Exploit): everything fine;
· Invisibility test - Win8.1 64bit + Bitdefender (silent installer): no detections, but the soldier agent could just retrieve deviceinfo, password (actually just username, password field was empty), location and screenshot. The customer didn't notice and we passed over;
· Invisibility test - Win8.1 64bit + KIS (silent installer): everything fine.
· Invisibility test - crisis module (stop sync on wireshark, process explorer, TCP viewer): everything fine. "
