This undated NSA presentation from the agency’s Information Technology Directorate, aimed at analysts, describes techniques for decrypting IPSec VPN traffic: see the Der Spiegel story Prying Eyes: Inside the NSA’s War on Internet Security, 28 December 2014.
This 2011 presentation, created by GCHQ’s Network Analysis Centre describes new techniques for gathering reconnaissance on the IT personnel of targeted organisations (their “Network Operations Centres”), using Belgacom as an example in several slides: see the Intercept article Operation Socialist: The Inside Story of How British Spies Hacked Belgium’s Largest Telco, 13 December 2014.
A series of casual posts written by a single author stationed in the NSA’s Signals Intelligence Directorate and posted on the agency’s intranet in 2012. Several posts written in December of that year describe the rationale and methodology of targeting systems administrators: see the Intercept article Inside the NSA’s Secret Efforts to Hunt and Hack System Administrators, 20 March 2014.
This extract from an NSA document dated December 2012 shows the agency’s concern that other nation-state actors are adopting similar techniques: see the Intercept article How the NSA Plans to Infect ‘Millions’ of Computers with Malware, 12 March 2014.