Killsuit - The Equation Group's Swiss Army Knife for Persistence, Evasion, and Data Exfil

Explore the Equation Group's sophisticated persistence, evasion, and data exfiltration tool known as Killsuit in this 40-minute conference talk from Derbycon 2018. Delve into the intricacies of this advanced cyber weapon, including its kernel mode orchestrator, custom TCP/IP stack, and unique network protocols. Discover how Killsuit employs innovative techniques like Solar Time, Redirecting, Knocking, and Strangelands to evade detection. Examine its data exfiltration capabilities, including ODBC drivers, canned query plans, and the mysterious Magic Bean. Learn about the tool's installation types, implants, and the concept of the dimension wheel. Gain insights into how the speaker uncovered this powerful cyber espionage tool and understand its implications for modern cybersecurity landscapes.

Introduction
Overview
What is Fran
Killsuit
Expanding Puli
Squits
Terms
What is Killsuit
Persistence
Kernel Mode Orchestrator
Solar Time
How do they avoid defenders
Custom TCPIP stack
Redirect
Knocking
Strangelands
DarkSkyline
ODBC drivers
Canned query plans
Magic Bean
Data Exfiltration
Custom Network Protocol
somber nave
straight bizarre
how it works
how I found this
kisuh install type
double feature
implants
reverse
dimension wheel
goal
Exploitation
Review
Danish Boots