The hacking group known as Shadow Brokers has released details of a number of tools that can be used to exploit Windows systems, all of which it claims are from the NSA.
The group gained prominence last year when it advertised a number of tools for sale, all of which it had come into possession of by hacking an entity known as the Equation Group. The latter has long suspected of being a front for the NSA.
The tools were verified to be NSA material by a number of sources.
The current exploits which have been listed by the Shadow Brokers include tools to evade anti-virus products, according to Jacob Williams, the founder of Rendition Infosec.
{loadposition sam08}Shadow Brokers advertised the availability of these tools on its Twitter account, with a number of screenshots as well.
Williams wrote that the list of exploits indicated that among them, based on the asking price, was a possible zero-day for the server message block protocol.
One of the screenshots released by the Shadow Brokers, showing some of the exploits it has put up for sale.
Version numbers of the tools indicated that they were under development.
Several plugins were listed by Shadow Brokers as well, including one that had the name EventLogEdit, indicating that it could be used to clear event logs after an intrusion, an advanced capability that often ends up making a system unstable if done randomly.
Williams wrote: "While we understand that event logs can be cleared and event logging stopped, surgically editing event logs is usually considered to be a very advanced capability (if possible at all). We've seen rootkit code over the years (some was published on the now defunct rootkit.com) that supported this feature, but often made the system unstable in the process.
"Knowing that some attackers apparently have the ability to edit event logs can be a game changer for an investigation. If Shadow Brokers release this code to the world (as they've done previously), it will undermine the reliability of event logs in forensic investigations."