Lessons learned: with a dynamic and reactive opponent with development resources and ops staff, a focus onstatic IOCs is an ancient philosophy stuck in the last decade. An attentive opponent will fix them before you can deploy detection.
Actual conclusion: there was never any evidence of compromise or actual implant code published. Had it been, it would've been big news. The BIOS image that was publicly posted was normal and had no malicious code. See https://en.m.wikipedia.org/wiki/BadBIOS
-
-
I would very much like to see a BadBIOS-like implant. Alas, no such thing was ever found. I'm sure nation state level APTs have such capabilities, but nothing like that was on Dragos' computer.
Thanks. Twitter will use this to make your timeline better. UndoUndo
-
-
-
This Tweet is unavailable.
-
The only answer I can give to that is I believe Dragos has mental health issues (i.e. paranoid schizophrenia perhaps). I hope he is seeing a therapist/psychologist about it. Here's a good article on why BadBIOS most likely isn't real:https://www.csoonline.com/article/2609622/security/4-reasons-badbios-isn-t-real.html …
- Show replies
-
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.