Help, my fingers seem to be infected with #BadBIOS2! The virus is modulating airgap crossing communications using 50Hz ASK! Should I see a doctor??pic.twitter.com/Nh52dFt6xp
You can add location information to your Tweets, such as your city or precise location, from the web and via third-party applications. You always have the option to delete your Tweet location history. Learn more
How many of your raspis have an mmc1? I can give you a file system dump but it won’t help much as the fun stuff is loaded into a ramdisk from inaccessible hidden partition and only the unmodified components are available to dump. Offline forensics won’t make much headway.
Older versions used to connect fun stuff through virtual nfs server mount, but as of Raspi version switched to virtual iscsi connection , brought up in USB probing. Several jail/chroot/slice techniques have been used to partition real boot files from pretend ones & prevent access
Stop throwing random vague elements being treated implicitly as IOC on twitter and open a detailed collection of symptoms, logs and dumps on github for others to look at. This is the only way. You should hold yourself to much better standards than this ridiculous tweetfest.
Well the issue is that most of the industry techniques are Stone Age tools designed for static malware, which just fall down and fail spectacularly when faced with a dynamic attacker with ops and dev staff. You seem to think that blaming me for your procedural inadequacy matters.
With all due respect, the only one with procedural inadequacy here is you and you alone. As of today there is not a single shred of evidence, rather than your belief, of any attacker. Plus every single expert analysis of your alleged IOC is being ignored. This is nonsense. EOL.
/me waves to the ops team chuckling at your disbelief.
The only success I’ve had is selectively disabling live systems, analyzing them in their semi disabled state. Dumping from them presents other difficulties because of flash controller malware. But working on off chip access methods but that will involve some flash reconstruction.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.