[text:
From mzbat (socially distant, mask wearing bat)
My heart goes out to the unsung IT heroes at the Capitol tonight. My guess is they’ve never had to run asset inventory before - a daunting, stressful task in a tabletop exercise - and they’re running one (prob w/o a playbook) following a full on assault of the Capitol.
Response thread from @jacobian (jacobian):
Just to give folks who aren’t in the field an idea of what we’re talking about: - we must assume that foreign agents were among the rioters - snooping devices can be implanted into anything with a power cord - so every device in the capitol is now a potential foreign asset.
So, just for starters: - all computers need to be inventoried, inspected inside and out, and the OS paved/rebuilt - keyboards, mice, &c might now have implants, they probably should be tossed (see eg keelog.com/forensic-keylo... which looks like a usb cable but it in fact a logger)
Then everything with a power source needs to be audited. This means lamps. Thermostats. Those cute little portrait lights on top of photos. The vacuum cleaner in the storage closet. Even outlets - a fav trick of one Red Team I know is a fake outlet cover that hides a mic.
I’m probably missing about a dozen things. This is off the top of my head and I suck at physical security.
Oof, via a friend who’d like to remain anon, a huge one I missed: rioters were inside the capitol long enough to re-flash the firmware on any device with writeable firmware - which these days is almost everything. Anything with a mic of camera probably needs to be tossed.
end transcription]
EDIT: Thread can be found here.













