This undated presentation from NSA’s UK-based Menwith Hill station describes the various uses of open source intelligence (OSINT) in computer network operations, including the monitoring of hacker forums and spotting opportunities for so-called “Fourth Party Collection”: see the Intercept article XKEYSCORE: NSA’s Google for the World’s Private Communications, 1 July 2015.
This 61-page NSA presentation from May 2010 provides analysts with a guide to tracking individuals within XKeyScore using the system’s fingerprint capability: see the Intercept article XKEYSCORE: NSA’s Google for the World’s Private Communications, 1 July 2015.
This 24 May 2010 NSA presentation describes the ways the agency uses botnets (“bot herding”): see the Der Spiegel article The Digital Arms Race: NSA Preps America for Future Battle, 17 January 2015.
This undated NSA presentation describes techniques for detecting botnets: see the Der Spiegel article The Digital Arms Race: NSA Preps America for Future Battle, 17 January 2015.
This undated NSA SIGINT presentation describes nine varieties of QUANTUM malware attack, their operational status and success in the field: see the Intercept article How the NSA Plans to Infect ‘Millions’ of Computers with Malware, 12 March 2014.
These three slides, taken from a 11 April 2013 NSA presentation show screenshots from a tool called CyberCOP, which appears to monitor botnets and the DDOS attacks they perform: see the NDR.de article Cyberkrieg: Wie gefährdet ist Deutschland?, 12 January 2015.
This undated GCHQ presentation introduces the FLYING PIG and HUSH PUPPY tools: see the Der Spiegel story Prying Eyes: Inside the NSA’s War on Internet Security, 28 December 2014.
This internal NSA report dated 14 August 2009 describes that year’s SIGDEV (Sigint Development) Conference, in which representatives of 5 Eyes agencies and the wider US intelligence community meet “to synchronize discovery efforts, share breakthroughs, and swap knowledge on the art of analysis”: see the Intercept article: The “Cuban Twitter” Scam Is a Drop in the Internet Propaganda Bucket, 4 April 2014.
This presentation from the 2010 SIGDEV Conference describes the contribution made by GCHQ to the development of Quantum techniques: see the Intercept article How the NSA Plans to Infect ‘Millions’ of Computers with Malware, 12 March 2014.
This page from the NSA intranet dated July 2011 supplies advice from the NSA Offices of General Counsel (OGC) and Oversight and Compliance (NOC) on the admissibility of targeting strategies against the users of popular websites (including WikLeaks and the Pirate Bay): see the Intercept article Snowden Documents Reveal Covert Surveillance and Pressure Tactics Aimed at WikiLeaks and Its Supporters, 18 February 2014.