Behind Enemy Lines - Inside the Operations of a Nation State's Cyber Program

Explore the inner workings of a nation state's cyber surveillance program in this 47-minute conference talk from ShmooCon 2019. Delve into the decision-making process behind developing offensive cyber capabilities for desktop and mobile platforms, including iOS and Android. Gain insights from exfiltrated content obtained during an investigation of a bespoke tool, examining the build vs. buy decisions made by key individuals. Learn about communications with lawful intercept and exploit shops, in-house development efforts, and the resulting solutions. Discover the mystery, intrigue, and operational security failures surrounding the creation of these surveillance programs. Follow along as security researchers Michael and Andrew from Lookout's Threat Intelligence team share their expertise in tracking and disrupting state-sponsored cyber operations, drawing from their investigations into campaigns like Pegasus, Chrysaor, Dark Caracal, and more.

Intro
New phone, who dis?
The Quest for a Cyber Surveillance Program
What goes through the mind of a nation state?
Building Your Cyber Surveillance Program
SELLERS OF SURVEILLANCEWARE...
The Vendors
Zero Click iOS Compromise
Mobile 0-days Compromise
Edge 0-Day Demo Video
Flash 0-Day Demo Video
Desktop 0-days Compromise
Network Traffic Interception
Vendors Are Reading Our Research
Why inhouse development?
StoneFish and Barracuda
iOS Tooling and Capabilities
iOS Infection Vector
Android Infection Vectors
Data Analysis
Attribution Disclaimer