[driverobject]

Some of the claims by these guys seem to be way too long a shot such as decrypting PGP and others. While malware installed on a system could gain access to the unencrypted traffic, can anybody here actually confirm there is merit to some of the overblown features they are talking about? This comes to mind after the recent hack they were exposed to. And they also state the most advanced infection vectors however in one attack they published on the CitizenLab https://citizenlab.org/2015/03/hacking- ... d-spyware/ they are using a .doc file attack which seems a bit outdated for an attack done in 2014.

[EP_X0FF]

Except exploits I found nothing interesting (for me at least) in this pack of junk. What exactly you want to know, are they so good as they claimed for marketing purposes?

[driverobject]

yeah, did they actually have 0 days and a solid malware or just good enough malware? teaching those agencies how to send good phishing emails with known document exploits?
btw I'm still trying to download a magnet link to the files, it's been 8 hours still downloading metadata :) any better way to download it?

[EP_X0FF]

Shits in dirs view can be found here http://ht.transparencytoolkit.org/, files downloadable. Currently most interesting folder http://ht.transparencytoolkit.org/gitla ... i-Browser/ unknown Adobe zeroday.

From what I see they bought some exploits and probably developed some, for example they have self made font fuzzer.

[driverobject]

Thank you as always great information.

[Xylitol]

Haven't looked at binaries yet, i'm just exploring the content online and seem there is a lot of warez/garbage/junk, i noticed anyway some files.

Githubs:
https://github.com/9b/hackingteam_infra
https://github.com/hackedteam
https://github.com/informationextraction

Online mirrors (browse with caution):
hxtps://ht.transparencytoolkit.org/
hxtps://hacked.thecthulhu.com/HT/
hxtp://hacking.technology/Hacked%20Team/
hxtp://ht.musalbas.com/

ID Cards: /Amministrazione/07 - PERSONALE/06 - Documenti Personali/
Spanish intelligence agency: /Amministrazione/01 - CLIENTI/6 - Offensiva/CNI Documentazione 2010.rar
5k Job contract: /Amministrazione/07 - PERSONALE/05 - Contratti/3 - CONTRATTI/Pelliccione/Contratto 01-03-13.pdf
VMprotect: /rcs-dev\share/HOME/guido/9.2-vmprotect-licenza.zip
Themida: /rcs-dev\share/HOME/Ivan/full_themida_core/
IDA key file v5.4: /rcs-dev\share/HOME/rev/ida.key
VPS credentials: /rcs-dev\share/HOME/cristian/DocVpsDaniele/VPS_LIST.txt
httpX: /rcs-dev\share/HOME/Naga/httpX/
Backdoor: /rcs-dev\share/HOME/ALoR/htdocs/conf.php
Exploit kit ?: /rcs-dev\share/HOME/ALoR/htdocs/
elevator.c: /gitlab/Windows-Multi-Browser/2_stage_shellcode_source/source_pie_8.1/elevator.c
VUPEN stuff: /FileServer/FileServer/Hackingteam/OLD/vupen security exploits/
RCS lics: /FAE DiskStation/4. INTERNAL/4.1. Product Licenses/

Fun/drama tweets:
https://twitter.com/ydklijnsma/status/6 ... 9535885313
https://twitter.com/pwnallthethings/sta ... 2005181440
https://twitter.com/hertzmau5/status/61 ... 52/photo/1
https://twitter.com/Mario_Greenly/statu ... 6032539648
@christian_pozzi twitter account got deleted, the community manager of Hacking Team will have a hard week.

Collateral damage (Blue coat partner portal infos leak).

I suppose there is more but bored to test passwords.

[USForce]

To me it looks vintage piece of code - apart from the 0day exploits, some of them probably bought by Vupen. I agree, the font fuzzer has been written by them, but I raise some doubt about the Flash 0day.

About the Windows driver code it's quite questionable I'd say - some parts of the code look written by somebody who has no clue what he's doing

[R136a1]

Your are right, the Flash exploits were purchased from a private exploit developer: https://twitter.com/VoxelNight/status/6 ... 3968707584

In the past, this guy released some exploits publicly and also contributed to bug bounty programs.

[Xylitol]

Subject: some ideas that might help ...
https://wikileaks.org/hackingteam/emails/emailid/493916

[rkhunter]

:)

https://wikileaks.org/hackingteam/email ... archresult