This GCHQ application for warrant renewal from June 2008 shows that the agency has been engaged in the reverse engineering of commercial antivirus software for the purposes of facilitating its hacking operations: see the Intercept article Popular Security Software Came Under Relentless NSA and GCHQ Attacks, 22 June 2015.
This 26 April 2011 SIDToday post from the NSA/CSS Threat Operations Center (NTOC) Hawaii describes how the NSA has developed its capabilities in collecting “other people’s sigint”, for instance in exploiting Chinese operations against the United Nations: see the Der Spiegel article The Digital Arms Race: NSA Preps America for Future Battle, 17 January 2015.
This NSA classification guide dated 1 February 2010 details the sensitivity of particular aspects of the joint NSA/Department of Defense Crytographic Modernization Program: see the Der Spiegel story Prying Eyes: Inside the NSA’s War on Internet Security, 28 December 2014.
This document, produced by the NSA and the US military’s Joint Functional Component Command – Network Wardare, provides a briefing on, and classification guide to, the highly sensitive group of “core computer network operations secrets” codenamed SENTRY EAGLE: see the Intercept article Core Secrets: NSA Saboteurs in China and Germany, 10 October 2014.
This internal NSA report dated 14 August 2009 describes that year’s SIGDEV (Sigint Development) Conference, in which representatives of 5 Eyes agencies and the wider US intelligence community meet “to synchronize discovery efforts, share breakthroughs, and swap knowledge on the art of analysis”: see the Intercept article: The “Cuban Twitter” Scam Is a Drop in the Internet Propaganda Bucket, 4 April 2014.