[Bro] Hacking Team Galileo client

Slagell, Adam J slagell at illinois.edu
Wed Jul 22 20:18:18 PDT 2015

Anyone look on their or their clients’ networks for this with Bro? I’m particularly interested if it is easy to find past indicators in Bro logs.

"They have moderately sophisticated hiding mechanisms, including both rootkits and UEFI persistence, but this is let down by a very obvious and noisy network signature. Obviously Hacking Team assume that their targets will not be looking at the network traffic emanating from their computers, but would be disconcerted to see 'agent.exe' appear in their Task Managers."



Adam J. Slagell
Chief Information Security Officer
Assistant Director, Cybersecurity Directorate
National Center for Supercomputing Applications
University of Illinois at Urbana-Champaign

"Under the Illinois Freedom of Information Act (FOIA), any written communication to or from University employees regarding University business is a public record and may be subject to public disclosure." 

More information about the Bro mailing list