Wayne Ronaldson: How Vault 7 Leaks Helped Develop My Own Digital Espionage Weapon


Wayne is an experienced tester, having conducted security assessments for a range of leading global organisations. He specialises in red team assessments and Foreign Intelligence Simulations from physical, digital, social and supply chain. He has presented to many private companies and government departments on the current and future state of the security landscape.


“Recent leaks from intelligence agencies have increased the skills gap between attacker and defender over time. An attacker doesn’t have to be highly resourced to leverage the kinds of attack techniques that have traditionally been associated with sophisticated adversaries and Nation-State Actors.

In fact, they can build their own. On the other hand, by empowering your offensive security team to think like an attacker, your organisation can build or leverage an offensive security testing capability that ensures you’re testing your security posture against real-world threats. In the last few years, we have seen a number of classified documents leaked from Wikileaks.

This includes the data dump from the CIA’s entire hacking arsenal, which has been named ““Vault 7”". Wikileaks went to some lengths to redact the Vault 7 data and removed any actual software code. This was a responsible step taken to ensure that would-be hackers and governments weren’t able to leverage and mimic the CIA’s attack capability. I wanted to test whether or not the censorship that Wikileaks undertook went far enough.

To do this, I sought to implement an attack capability based off information available to the public via the Vault 7 leaks, to see whether an individual could glean enough information to build their own digital-espionage tool.

My presentation will attempt to demonstrate the kinds of information an attacker could extract from the information in the Vault 7 leaks and will discuss and demonstrate the development life cycle I used for this project.

During my presentation I will discuss the high-level steps taken to build and test a digital-espionage attack tool both in the lab, and also in real-world Red Team Assessments, discussing the lessons learned, and what it can show an organisation about their exposure to real-world threats. I’ll conclude with a live demonstration of the tool.”