Vault 7: Projects

This publication series is about specific projects related to the Vault 7 main publication.
Pg. 07
Boot PersistenceBoot PersistenceBoot
Persistence
4.13.2.1 – does this mean we need to create the following deliverables
installer.exe/installer.dll/installer.bin run.exe/run.dll/run.bin – non persistent (everything occurs
in ram)
installer.dll and run.dll
4.16.6 – can we use UTF8 internally (python) and convert this to unicode/expanded on target?
YES
4.17.1 – can we use python bottle (Apache supported WSGI framework) instead of CGI on
linux lp?
YES – but we’ve used CGI in the past
4.19 – Does this mean you want 4 deliverables (which linux distro?)
offline_win_x86.exe/offline_win_x64.exe/offline_linux_x86/offline_linux_x64
if you build a app just make it 32bit, but if you use a script include both the x86 and x64
instances within the offline installer directory.
4.19.1 – Note: we will not be able to support encrypted or bios locked systems.
Fine
4.19.2.1 – can we use Bart PE? Will customer give us a Windows Server 2003 Standard
Edition or Win XP
SP3 installation disk to use for hosting the PE image? (licensing issue)
NO – just use the standard windows install disk in restore mode and live linux distro.
4.19.2.2 – what linux OS(Ubuntu/Centos) did you want us to target? Can we use tinycore
(10BM)?
Ubuntu 14.01
4.19.2.2 – will customer be supplying a windows registry library for linux or do we use hivexsh,
etc.?
Yes – regit should be on GIT
Command Question:
What is the idea behind of pre/post execution delay – instead of just an inter-command delay?
No – the user wants both
Exec:
Srvhost cannot access foreground desktop due to os restrictions.
Fine