Last summer the Equation Group's TTPs were leaked by a group known
as the ShadowBrokers. Unlike most people simply satisfied with rooting
their firewalls and moving on, I RTFM'd and worked out how the second
stage and implant software was meant to work. Armed only with incomplete
software, the NSA ANT catalogue, and a lot of motivation, I'll
take us on a journey of discovery that culminates
with an Internet wide scan of devices looking for NSA implant code.