Root access to the great firewall. [Research Saturday]

CyberWire Daily

N2K Networks, Inc.

Daily News, Tech News, News, Technology

4.6 • 1K Ratings

🗓️ 13 December 2025

⏱️ 26 minutes

🔗️ Recording | iTunes | RSS

🧾️ Download transcript

Summary

Daniel Schwalbe, DomainTools Head of Investigations and CISO, is sharing their work on "Inside the Great Firewall." This two-part research project analyzes an extraordinary 500–600GB leak that exposes the internal architecture, tooling, and human ecosystem behind China’s Great Firewall. Across both parts, you break down thousands of leaked documents, source code repositories, diagrams, packet captures, and telemetry that reveal how systems like the Traffic Secure Gateway, MAAT, Redis-based analytics, and modular DPI engines work together to censor, surveil, and fingerprint users at scale. Taken together, the research shows how the Great Firewall functions not just as a technical system, but as a living censorship-industrial complex that adapts, learns, and coordinates across government, telecoms, and security vendors. The research can be found here: Inside the Great Firewall Part 1: The Dump Inside the Great Firewall Part 2: Technical Infrastructure Learn more about your ad choices. Visit megaphone.fm/adchoices

Transcript

Click on a timestamp to play from that location

0:00.0	You're listening to the Cyberwire Network, powered by N2K.
0:09.7	Most environments trust far more than they should, and attackers know it.
0:16.3	Threat Locker solves that by enforcing default deny at the point of execution.
0:25.6	With Threat Locker Allow listing, you stop unknown executables cold. With ring fencing, you control how trusted applications behave.
0:29.6	And with Threat Locker DAC, defense against configurations, you get real assurance that your environment is free of misconfigurations, and clear visibility into whether you meet compliance standards.
0:41.3	Threat Locker is the simplest way to enforce zero-trust principles without the operational pain.
0:46.3	It's powerful protection that gives CISO's real visibility, real control, and real peace of mind.
0:52.3	Threat Locker makes zero-trust attainable, even for small security teams.
0:58.0	See why thousands of organizations choose Threat Locker to minimize alert fatigue,
1:02.4	stop ransomware at the source, and regain control over their environments.
1:07.1	Schedule your demo at Threatlocker.com slash N2K today.
1:11.6	Hello, everyone, and welcome to the CyberWires Research Saturday.
1:28.3	I'm Dave Bittner, and this is our weekly conversation with researchers and analysts
1:33.3	tracking down the threats and vulnerabilities, solving some of the hard problems and protecting ourselves in a rapidly evolving cyberspace.
1:41.3	Thanks for joining us.
2:03.6	Basically a data leak happened in September of this year, so a few months ago, which was an unprecedented amount of very specific details on how the great firewall actually works. And of course, when such a data leak is exposed to the public, it's always worth having a look.
2:10.6	And my research team was kind of chomping at the bit.
2:13.6	Like, can we look at this?
2:14.6	And we said, yeah, of course, with other requisite precautions. Sometimes these dumps might be pre-trapped or otherwise, but this
2:21.8	appear to be genuine and a treasure trove of information about something that's generally
2:27.5	has been kept very secret. That's Daniel Schwabby, head of investigations and CISO at Domain Tools.
2:35.6	The research we're discussing today is titled Inside the Great Firewall.
	...

Transcript will be available on the free plan in 22 days. Upgrade to see the full transcript now.

Previous episode | Next episode

Disclaimer: The podcast and artwork embedded on this page are from N2K Networks, Inc., and are the property of its owner and not affiliated with or endorsed by Tapesearch.

Generated transcripts are the property of N2K Networks, Inc. and are distributed freely under the Fair Use doctrine. Transcripts generated by Tapesearch are not guaranteed to be accurate.