This undated presentation from the NSA’s Expeditionary Access Operations discusses how malware techniques are used in the field: see the Intercept article The NSA Leak is Real, Snowden Documents Confirm, 19 August 2016.
This 12 July 2012 post from the NSA newsletter SIDToday describes the internal culture of Tailored Access Operations (TAO) from the perspective of a practitioner: see the Intercept article What the Snowden Files Say About the Osama Bin Laden Raid, 18 May 2015.
This post from internal NSA newsletter SIDToday dated 16 July 2003 explains the differences between different modes of collection and the terms the agency uses to decribe them. The article also notes that the sheer amount of information the agency collects is an issue – “our targets communications are increasingly buried by millions of non-target communications”: see the Intercept article Iraqi Insurgents Stymied the NSA and Other Highlights from 263 Internal Agency Reports, 10 August 2016.
This GCHQ research report dated 20 September 2011, cowritten by researchers at Heilbronn Institute for Mathematical Research based at the University of Bristol, concerns the use of data mining techniques to develop usable intelligence as well as the contradictions that arise from the use of algorithms to identify wrong doers, or potential wrong doers. The paper also provides a great deal of background information on GCHQ operations and the detailed discussion of network theory demonstrates the power of metadata collection: see the Boing Boing article Doxxing Sherlock, 2 February 2016.
This GCHQ report dated 3 February 2011 and written by a seconded NSA staff member, alludes to the agencies’ capabilities against 13 models of firewalls produced by Juniper Networks, Inc: see the Intercept article NSA Helped British Spies Find Security Holes In Juniper Firewalls, 23 December 2015.