Jack Rhysider

I guess when the good guys make it, it's called an implant.

But if the bad guys were to make it, it would just be called malware.

But essentially, a kernel implant is a hidden piece of software that they developed to sneak onto their firewalls to covertly and sneakily spy on what the firewall is doing.

This is going to take me a minute to fully grasp.

Sophos developed an implant and sneakily put it on one of their customers' devices to essentially spy on them.

And not just threat actor controlled, but threat actor owned.

Like this is where they're doing their research.

Exactly.

So that's what, you've got 40 people in the room, the lawyers must be in there too.

Like, are we allowed to hack into these devices that we think are owned?

Yeah.

Well, I've never heard of a security vendor doing anything like this.

Adding in stealthy secret implants to spy on their users?

In my opinion, spyware is malware.

And gosh, before hearing all this, I would have said, that is going too far.

But now I'm not sure.

My ethics are really being challenged here.

Oh, wow.

So the firewalls that come to mind for me are like Cisco, Palo Alto, Juniper, Checkpoint, Fortinet.

And he says he saw other vendor firewalls set up alongside their firewall in this threat actor's lab.