Vault 7: Projects

This publication series is about specific projects related to the Vault 7 main publication.
UNCLASSIFIED
PIQUE PoC Delivery
Direct Kernel Ob
ject
Mani
p
ulation
(
DKO
M)
Ra
y
theon Blackbird Technolo
g
i
es,
Inc. 5 29 December 2014
Use or disclosure of data contained on this sheet is su
bje
ct to the restrictions on the title
page
of this document.
UNCLASSIFIED
Figure 6. Execution of User Application on Target BSODs
4.0 (U) Next Steps
(U) We will debug the target kernel during our PoC code execution to get insight into the nature
of the BSOD. We will review the user application and driver code to find any improper memory
address usage or IRP-based communications errors between the user application and device
driver. We will draw on additional debug/reverse engineering resources within Blackbird to track
down the issue(s) with the BSOD down and resolve them.
(U) We believe we are very close to having this PoC completed.
5.0 (U) Delivery
(U) Per guidance received at the TEM on December 15, after describing the some of the
development challenges, this report and the separately attached Microsoft Visual Studio 2013
Solution files with the associated compiler settings and configurations constitutes a PoC delivery
for December.
(U) We expect to have the final working PoC completed and delivered in January after the
holidays.