Vault 7: Projects

This publication series is about specific projects related to the Vault 7 main publication.

Dumbo User Guide SECRET//X1
Dumbo User Guide
1.0 (S) Introduction
(S) Dumbo runs on a target that we have physical access, attempts to disable all network
adapters, and terminates specified processes.
1.1 (S) Requirement
(S) The Intelligence Community has identified the need (requirement # 2012-0527) for a
capability to quickly terminate potential processes utilizing webcams that could compromise a
PAG deployment.
1.2 (S) Purpose
(S) This User Guide describes how to use Dumbo v1.0. The document provides the Dumbo
configuration process and the installation process.
2.0 (S) System Overview
(S) Configuration
o (S) The configuration for the tool is entirely from the command-line program
ConfigureProcesses. The usage is:
ConfigureProcesses -v executable (To read current configuration of exe)
ConfigureProcesses -e executable -f config_file (To write resources from a
config file to the executable)
ConfigureProcesses -e executable -p List Of Processes (To write resources
from the command line to the executable)
o Note that the process names are entered into a text document, separated by row:
Skype.exe
WebCamSoftware.exe
OtherProcess.exe
o The process name must be exactly as is displayed by task manager (*32 does not
matter as this designates 32-bit processes on 64-bit machines)
(S) Installation Execution
o (S) Once configured, simply execute the configured tool on a target machine directly
from a USB thumb drive. The application will require administrator privileges; It will
immediately display a message box with a quick summary detailing whether or not all
network adapters were disabled and if any processes failed to terminate.
SECRET//X1
1

e-Highlighter

Click to send permalink to address bar, or right-click to copy permalink.

Un-highlight all Un-highlight selectionu Highlight selectionh