Iftach Ian Amit | November 2011               Advanced Data Exfiltration               The way Q would have done it        ...
Iftach Ian Amit | November 2011                                                     whoamiAll rights reserved to Security ...
Iftach Ian Amit | November 2011                                                     whoamiAll rights reserved to Security ...
Iftach Ian Amit | November 2011                                                     whoamiAll rights reserved to Security ...
Iftach Ian Amit | November 2011                                                     whoamiAll rights reserved to Security ...
Iftach Ian Amit | November 2011                                                     whoamiAll rights reserved to Security ...
Iftach Ian Amit | November 2011                                                     whoamiAll rights reserved to Security ...
Iftach Ian Amit | November 2011                                                     whoamiAll rights reserved to Security ...
Iftach Ian Amit | November 2011                                                     whoamiAll rights reserved to Security ...
Iftach Ian Amit | November 2011                                                     whoamiAll rights reserved to Security ...
Iftach Ian Amit | November 2011                                                     whoamiAll rights reserved to Security ...
Iftach Ian Amit | November 2011                                                     whoamiAll rights reserved to Security ...
Iftach Ian Amit | November 2011                                                     AgendaAll rights reserved to Security ...
Iftach Ian Amit | November 2011                                                     AgendaAll rights reserved to Security ...
Iftach Ian Amit | November 2011                                                     AgendaAll rights reserved to Security ...
Iftach Ian Amit | November 2011                                                     AgendaAll rights reserved to Security ...
Iftach Ian Amit | November 2011All rights reserved to Security Art ltd. 2002-2011   4
Iftach Ian Amit | November 2011All rights reserved to Security Art ltd. 2002-2011   5
Iftach Ian Amit | November 2011All rights reserved to Security Art ltd. 2002-2011   5
Iftach Ian Amit | November 2011All rights reserved to Security Art ltd. 2002-2011   5
Iftach Ian Amit | November 2011All rights reserved to Security Art ltd. 2002-2011   5
Iftach Ian Amit | November 2011All rights reserved to Security Art ltd. 2002-2011   5
Iftach Ian Amit | November 2011All rights reserved to Security Art ltd. 2002-2011   6
Iftach Ian Amit | November 2011All rights reserved to Security Art ltd. 2002-2011   6
Iftach Ian Amit | November 2011All rights reserved to Security Art ltd. 2002-2011   6
Iftach Ian Amit | November 2011All rights reserved to Security Art ltd. 2002-2011   6
Iftach Ian Amit | November 2011All rights reserved to Security Art ltd. 2002-2011   6
Iftach Ian Amit | November 2011All rights reserved to Security Art ltd. 2002-2011   6
Iftach Ian Amit | November 2011All rights reserved to Security Art ltd. 2002-2011   6
Iftach Ian Amit | November 2011All rights reserved to Security Art ltd. 2002-2011   7
Iftach Ian Amit | November 2011All rights reserved to Security Art ltd. 2002-2011   7
Iftach Ian Amit | November 2011All rights reserved to Security Art ltd. 2002-2011   7
Iftach Ian Amit | November 2011All rights reserved to Security Art ltd. 2002-2011   7
Iftach Ian Amit | November 2011All rights reserved to Security Art ltd. 2002-2011   7
Iftach Ian Amit | November 2011All rights reserved to Security Art ltd. 2002-2011   7
Iftach Ian Amit | November 2011All rights reserved to Security Art ltd. 2002-2011   8
Iftach Ian Amit | November 2011All rights reserved to Security Art ltd. 2002-2011   8
Iftach Ian Amit | November 2011All rights reserved to Security Art ltd. 2002-2011   8
Iftach Ian Amit | November 2011All rights reserved to Security Art ltd. 2002-2011   8
Iftach Ian Amit | November 2011All rights reserved to Security Art ltd. 2002-2011   9
Iftach Ian Amit | November 2011                   •      eMails, web links,                          phishing...All rights...
Iftach Ian Amit | November 2011                   •      eMails, web links,                          phishing...          ...
Iftach Ian Amit | November 2011                   •      eMails, web links,                          phishing...          ...
Iftach Ian Amit | November 2011                   •      eMails, web links,                          phishing...          ...
Iftach Ian Amit | November 2011                   •      eMails, web links,                          phishing...          ...
Iftach Ian Amit | November 2011          And... being nice/nasty/          obnoxious/needy always          helps!All right...
Iftach Ian Amit | November 2011          And... being nice/nasty/          obnoxious/needy always          helps!All right...
Iftach Ian Amit | November 2011          And... being nice/nasty/          obnoxious/needy always          helps!All right...
Iftach Ian Amit | November 2011          And... being nice/nasty/          obnoxious/needy always          helps!All right...
Iftach Ian Amit | November 2011          And... being nice/nasty/          obnoxious/needy always          helps!All right...
Iftach Ian Amit | November 2011All rights reserved to Security Art ltd. 2002-2011   11
Iftach Ian Amit | November 2011All rights reserved to Security Art ltd. 2002-2011   11
Iftach Ian Amit | November 2011                                                     Internet                              ...
Iftach Ian Amit | November 2011                                                     Internet                              ...
Iftach Ian Amit | November 2011                                                     Internet                              ...
Iftach Ian Amit | November 2011                                                     Internet                              ...
Iftach Ian Amit | November 2011                                                     Internet                              ...
Iftach Ian Amit | November 2011                                                     Internet                              ...
Iftach Ian Amit | November 2011                                                     Internet                              ...
Iftach Ian Amit | November 2011All rights reserved to Security Art ltd. 2002-2011   12
Iftach Ian Amit | November 2011All rights reserved to Security Art ltd. 2002-2011   12
Iftach Ian Amit | November 2011All rights reserved to Security Art ltd. 2002-2011   12
Iftach Ian Amit | November 2011       What is the       target “willing”       to tell about       itself?All rights reser...
Iftach Ian Amit | November 2011       What is the       target “willing”       to tell about       itself?All rights reser...
Iftach Ian Amit | November 2011       What is the       target “willing”       to tell about       itself?All rights reser...
Iftach Ian Amit | November 2011                              Who’s your daddy?                       And buddy, and friend...
Iftach Ian Amit | November 2011                              Who’s your daddy?                       And buddy, and friend...
Iftach Ian Amit | November 2011                              Who’s your daddy?                       And buddy, and friend...
Iftach Ian Amit | November 2011                              Who’s your daddy?                       And buddy, and friend...
Iftach Ian Amit | November 2011All rights reserved to Security Art ltd. 2002-2011   15
Iftach Ian Amit | November 2011All rights reserved to Security Art ltd. 2002-2011   15
Iftach Ian Amit | November 2011               Select your target wisely                         And then craft your payloa...
Iftach Ian Amit | November 2011All rights reserved to Security Art ltd. 2002-2011   17
Iftach Ian Amit | November 2011All rights reserved to Security Art ltd. 2002-2011   17
Iftach Ian Amit | November 2011All rights reserved to Security Art ltd. 2002-2011   17
Iftach Ian Amit | November 2011All rights reserved to Security Art ltd. 2002-2011   17
Iftach Ian Amit | November 2011All rights reserved to Security Art ltd. 2002-2011   17
Iftach Ian Amit | November 2011    • ZeuS: $3000-$5000    • SpyEye: $2500-$4000    • Limbo: $500-$1500All rights reserved ...
Iftach Ian Amit | November 2011    • ZeuS: $3000-$5000                    E!                  RE    • SpyEye: $2500-$4000 ...
Iftach Ian Amit | November 2011All rights reserved to Security Art ltd. 2002-2011   18
Iftach Ian Amit | November 2011All rights reserved to Security Art ltd. 2002-2011   18
Iftach Ian Amit | November 2011   Experienced travelers   know the importance    of packing properlyAll rights reserved to...
Iftach Ian Amit | November 2011   Experienced travelers   know the importance    of packing properlyAll rights reserved to...
Iftach Ian Amit | November 2011                • File servers                • Databases                • File types      ...
Iftach Ian Amit | November 2011             Mass infection:                                    APT:             5-6 days b...
Iftach Ian Amit | November 2011             Mass infection:                                    APT:             5-6 days b...
Iftach Ian Amit | November 2011             Mass infection:                                    APT:             5-6 days b...
Iftach Ian Amit | November 2011                                         PATIENCE             Mass infection:              ...
Iftach Ian Amit | November 2011All rights reserved to Security Art ltd. 2002-2011   22
Iftach Ian Amit | November 2011All rights reserved to Security Art ltd. 2002-2011   22
Iftach Ian Amit | November 2011All rights reserved to Security Art ltd. 2002-2011   22
Iftach Ian Amit | November 2011All rights reserved to Security Art ltd. 2002-2011   22
Iftach Ian Amit | November 2011All rights reserved to Security Art ltd. 2002-2011   22
Iftach Ian Amit | November 2011All rights reserved to Security Art ltd. 2002-2011   22
Iftach Ian Amit | November 2011All rights reserved to Security Art ltd. 2002-2011   22
Iftach Ian Amit | November 2011All rights reserved to Security Art ltd. 2002-2011   23
Iftach Ian Amit | November 2011All rights reserved to Security Art ltd. 2002-2011   23
Iftach Ian Amit | November 2011All rights reserved to Security Art ltd. 2002-2011   24
Iftach Ian Amit | November 2011All rights reserved to Security Art ltd. 2002-2011   24
Iftach Ian Amit | November 2011All rights reserved to Security Art ltd. 2002-2011   24
Iftach Ian Amit | November 2011                        -----BEGIN PGP MESSAGE-----                                        ...
Iftach Ian Amit | November 2011                         Still “too detectable”All rights reserved to Security Art ltd. 200...
Iftach Ian Amit | November 2011                         Still “too detectable”                        hQMOA1jQIm6UkL4eEAv/...
Iftach Ian Amit | November 2011                                                     Much better                   • Throws...
Iftach Ian Amit | November 2011                                                     Resistance is futileAll rights reserve...
Iftach Ian Amit | November 2011All rights reserved to Security Art ltd. 2002-2011   29
Iftach Ian Amit | November 2011        80                                                          53                     ...
Iftach Ian Amit | November 2011        80                                                          53                     ...
Iftach Ian Amit | November 2011                                          Kill some treesAll rights reserved to Security Ar...
Iftach Ian Amit | November 2011All rights reserved to Security Art ltd. 2002-2011   31
Iftach Ian Amit | November 2011All rights reserved to Security Art ltd. 2002-2011   31
Iftach Ian Amit | November 2011                                       Good ol’e DD...All rights reserved to Security Art l...
Iftach Ian Amit | November 2011All rights reserved to Security Art ltd. 2002-2011   33
Iftach Ian Amit | November 2011All rights reserved to Security Art ltd. 2002-2011   33
Iftach Ian Amit | November 2011                                                     1/2 byte                              ...
Iftach Ian Amit | November 2011                                                     1/2 byte                              ...
Iftach Ian Amit | November 2011                                                     1/2 byte                              ...
Iftach Ian Amit | November 2011All rights reserved to Security Art ltd. 2002-2011   34
Iftach Ian Amit | November 2011All rights reserved to Security Art ltd. 2002-2011   34
Iftach Ian Amit | November 2011All rights reserved to Security Art ltd. 2002-2011   34
Iftach Ian Amit | November 2011All rights reserved to Security Art ltd. 2002-2011   34
Iftach Ian Amit | November 2011All rights reserved to Security Art ltd. 2002-2011   34
Iftach Ian Amit | November 2011All rights reserved to Security Art ltd. 2002-2011   34
Iftach Ian Amit | November 2011All rights reserved to Security Art ltd. 2002-2011   34
Iftach Ian Amit | November 2011All rights reserved to Security Art ltd. 2002-2011   34
Iftach Ian Amit | November 2011All rights reserved to Security Art ltd. 2002-2011   35
Iftach Ian Amit | November 2011All rights reserved to Security Art ltd. 2002-2011   35
Iftach Ian Amit | November 2011                                                          1 0 1 0All rights reserved to Sec...
Iftach Ian Amit | November 2011                                                     DEMOAll rights reserved to Security Ar...
Iftach Ian Amit | November 2011                                                     DEMOAll rights reserved to Security Ar...
Iftach Ian Amit | November 2011                                                     DEMOAll rights reserved to Security Ar...
Iftach Ian Amit | November 2011                                                     DEMOAll rights reserved to Security Ar...
Iftach Ian Amit | November 2011                                                     DEMOAll rights reserved to Security Ar...
Iftach Ian Amit | November 2011                                                     DEMOAll rights reserved to Security Ar...
Iftach Ian Amit | November 2011All rights reserved to Security Art ltd. 2002-2011   37
Iftach Ian Amit | November 2011                     Killing paper isn’t nice                   • Fax it!                  ...
Iftach Ian Amit | November 2011                                                     ConclusionsAll rights reserved to Secu...
Iftach Ian Amit | November 2011                                                     ConclusionsAll rights reserved to Secu...
Iftach Ian Amit | November 2011                                                     ConclusionsAll rights reserved to Secu...
Iftach Ian Amit | November 2011                                                     ConclusionsAll rights reserved to Secu...
Iftach Ian Amit | November 2011                   • Start with the                           human factor                 ...
Iftach Ian Amit | November 2011                   • Start with the                           human factor                 ...
Iftach Ian Amit | November 2011                   • Where people leave data                    • Hint - spend time with de...
Iftach Ian Amit | November 2011                   • Where people leave data                    • Hint - spend time with de...
Iftach Ian Amit | November 2011                                                          “be true to                      ...
Iftach Ian Amit | November 2011                                                          “be true to                      ...
Iftach Ian Amit | November 2011                 They are YOUR assets                        after all                     ...
Iftach Ian Amit | November 2011All rights reserved to Security Art ltd. 2002-2011   44
Iftach Ian Amit | November 2011All rights reserved to Security Art ltd. 2002-2011   44
Iftach Ian Amit | November 2011All rights reserved to Security Art ltd. 2002-2011   44
Iftach Ian Amit | November 2011               TEST SOME MOREFor hints/guides see: www.pentest-standard.orgAll rights reser...
Iftach Ian Amit | November 2011                                                     Questions?                      Thank ...
Upcoming SlideShare
Loading in...5
×

Advanced Data Exfiltration The Way Q Would Have Done It

847

Published on

SOURCE Barcelona 2011 - Iftach Ian Amit

Published in: Technology, Business
0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total Views
847
On Slideshare
0
From Embeds
0
Number of Embeds
1
Actions
Shares
0
Downloads
47
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide

Transcript of "Advanced Data Exfiltration The Way Q Would Have Done It"

  1. 1. Iftach Ian Amit | November 2011 Advanced Data Exfiltration The way Q would have done it Iftach Ian Amit VP Consulting DC9723 CSA-IL Board member IL-CERT VisionaryAll rights reserved to Security Art ltd. 2002-2011 www.security-art.com
  2. 2. Iftach Ian Amit | November 2011 whoamiAll rights reserved to Security Art ltd. 2002-2011 2
  3. 3. Iftach Ian Amit | November 2011 whoamiAll rights reserved to Security Art ltd. 2002-2011 2
  4. 4. Iftach Ian Amit | November 2011 whoamiAll rights reserved to Security Art ltd. 2002-2011 2
  5. 5. Iftach Ian Amit | November 2011 whoamiAll rights reserved to Security Art ltd. 2002-2011 2
  6. 6. Iftach Ian Amit | November 2011 whoamiAll rights reserved to Security Art ltd. 2002-2011 2
  7. 7. Iftach Ian Amit | November 2011 whoamiAll rights reserved to Security Art ltd. 2002-2011 2
  8. 8. Iftach Ian Amit | November 2011 whoamiAll rights reserved to Security Art ltd. 2002-2011 2
  9. 9. Iftach Ian Amit | November 2011 whoamiAll rights reserved to Security Art ltd. 2002-2011 2
  10. 10. Iftach Ian Amit | November 2011 whoamiAll rights reserved to Security Art ltd. 2002-2011 2
  11. 11. Iftach Ian Amit | November 2011 whoamiAll rights reserved to Security Art ltd. 2002-2011 2
  12. 12. Iftach Ian Amit | November 2011 whoamiAll rights reserved to Security Art ltd. 2002-2011 2
  13. 13. Iftach Ian Amit | November 2011 AgendaAll rights reserved to Security Art ltd. 2002-2011 3
  14. 14. Iftach Ian Amit | November 2011 AgendaAll rights reserved to Security Art ltd. 2002-2011 3
  15. 15. Iftach Ian Amit | November 2011 AgendaAll rights reserved to Security Art ltd. 2002-2011 3
  16. 16. Iftach Ian Amit | November 2011 AgendaAll rights reserved to Security Art ltd. 2002-2011 3
  17. 17. Iftach Ian Amit | November 2011All rights reserved to Security Art ltd. 2002-2011 4
  18. 18. Iftach Ian Amit | November 2011All rights reserved to Security Art ltd. 2002-2011 5
  19. 19. Iftach Ian Amit | November 2011All rights reserved to Security Art ltd. 2002-2011 5
  20. 20. Iftach Ian Amit | November 2011All rights reserved to Security Art ltd. 2002-2011 5
  21. 21. Iftach Ian Amit | November 2011All rights reserved to Security Art ltd. 2002-2011 5
  22. 22. Iftach Ian Amit | November 2011All rights reserved to Security Art ltd. 2002-2011 5
  23. 23. Iftach Ian Amit | November 2011All rights reserved to Security Art ltd. 2002-2011 6
  24. 24. Iftach Ian Amit | November 2011All rights reserved to Security Art ltd. 2002-2011 6
  25. 25. Iftach Ian Amit | November 2011All rights reserved to Security Art ltd. 2002-2011 6
  26. 26. Iftach Ian Amit | November 2011All rights reserved to Security Art ltd. 2002-2011 6
  27. 27. Iftach Ian Amit | November 2011All rights reserved to Security Art ltd. 2002-2011 6
  28. 28. Iftach Ian Amit | November 2011All rights reserved to Security Art ltd. 2002-2011 6
  29. 29. Iftach Ian Amit | November 2011All rights reserved to Security Art ltd. 2002-2011 6
  30. 30. Iftach Ian Amit | November 2011All rights reserved to Security Art ltd. 2002-2011 7
  31. 31. Iftach Ian Amit | November 2011All rights reserved to Security Art ltd. 2002-2011 7
  32. 32. Iftach Ian Amit | November 2011All rights reserved to Security Art ltd. 2002-2011 7
  33. 33. Iftach Ian Amit | November 2011All rights reserved to Security Art ltd. 2002-2011 7
  34. 34. Iftach Ian Amit | November 2011All rights reserved to Security Art ltd. 2002-2011 7
  35. 35. Iftach Ian Amit | November 2011All rights reserved to Security Art ltd. 2002-2011 7
  36. 36. Iftach Ian Amit | November 2011All rights reserved to Security Art ltd. 2002-2011 8
  37. 37. Iftach Ian Amit | November 2011All rights reserved to Security Art ltd. 2002-2011 8
  38. 38. Iftach Ian Amit | November 2011All rights reserved to Security Art ltd. 2002-2011 8
  39. 39. Iftach Ian Amit | November 2011All rights reserved to Security Art ltd. 2002-2011 8
  40. 40. Iftach Ian Amit | November 2011All rights reserved to Security Art ltd. 2002-2011 9
  41. 41. Iftach Ian Amit | November 2011 • eMails, web links, phishing...All rights reserved to Security Art ltd. 2002-2011 9
  42. 42. Iftach Ian Amit | November 2011 • eMails, web links, phishing... • Works like a charm!All rights reserved to Security Art ltd. 2002-2011 9
  43. 43. Iftach Ian Amit | November 2011 • eMails, web links, phishing... • Works like a charm! • And can be mostly automatedAll rights reserved to Security Art ltd. 2002-2011 9
  44. 44. Iftach Ian Amit | November 2011 • eMails, web links, phishing... • Works like a charm! • And can be mostly automated • SET to the rescueAll rights reserved to Security Art ltd. 2002-2011 9
  45. 45. Iftach Ian Amit | November 2011 • eMails, web links, phishing... • Works like a charm! • And can be mostly automated • SET to the rescueAll rights reserved to Security Art ltd. 2002-2011 9
  46. 46. Iftach Ian Amit | November 2011 And... being nice/nasty/ obnoxious/needy always helps!All rights reserved to Security Art ltd. 2002-2011 10
  47. 47. Iftach Ian Amit | November 2011 And... being nice/nasty/ obnoxious/needy always helps!All rights reserved to Security Art ltd. 2002-2011 10
  48. 48. Iftach Ian Amit | November 2011 And... being nice/nasty/ obnoxious/needy always helps!All rights reserved to Security Art ltd. 2002-2011 10
  49. 49. Iftach Ian Amit | November 2011 And... being nice/nasty/ obnoxious/needy always helps!All rights reserved to Security Art ltd. 2002-2011 10
  50. 50. Iftach Ian Amit | November 2011 And... being nice/nasty/ obnoxious/needy always helps!All rights reserved to Security Art ltd. 2002-2011 10
  51. 51. Iftach Ian Amit | November 2011All rights reserved to Security Art ltd. 2002-2011 11
  52. 52. Iftach Ian Amit | November 2011All rights reserved to Security Art ltd. 2002-2011 11
  53. 53. Iftach Ian Amit | November 2011 Internet 3rd party You! TargetAll rights reserved to Security Art ltd. 2002-2011 11
  54. 54. Iftach Ian Amit | November 2011 Internet 3rd party You! TargetAll rights reserved to Security Art ltd. 2002-2011 11
  55. 55. Iftach Ian Amit | November 2011 Internet 3rd party You! TargetAll rights reserved to Security Art ltd. 2002-2011 11
  56. 56. Iftach Ian Amit | November 2011 Internet 3rd party You! TargetAll rights reserved to Security Art ltd. 2002-2011 11
  57. 57. Iftach Ian Amit | November 2011 Internet 3rd party You! TargetAll rights reserved to Security Art ltd. 2002-2011 11
  58. 58. Iftach Ian Amit | November 2011 Internet 3rd party You! TargetAll rights reserved to Security Art ltd. 2002-2011 11
  59. 59. Iftach Ian Amit | November 2011 Internet 3rd party You! TargetAll rights reserved to Security Art ltd. 2002-2011 11
  60. 60. Iftach Ian Amit | November 2011All rights reserved to Security Art ltd. 2002-2011 12
  61. 61. Iftach Ian Amit | November 2011All rights reserved to Security Art ltd. 2002-2011 12
  62. 62. Iftach Ian Amit | November 2011All rights reserved to Security Art ltd. 2002-2011 12
  63. 63. Iftach Ian Amit | November 2011 What is the target “willing” to tell about itself?All rights reserved to Security Art ltd. 2002-2011 13
  64. 64. Iftach Ian Amit | November 2011 What is the target “willing” to tell about itself?All rights reserved to Security Art ltd. 2002-2011 13
  65. 65. Iftach Ian Amit | November 2011 What is the target “willing” to tell about itself?All rights reserved to Security Art ltd. 2002-2011 13
  66. 66. Iftach Ian Amit | November 2011 Who’s your daddy? And buddy, and friends, relatives, colleagues...All rights reserved to Security Art ltd. 2002-2011 14
  67. 67. Iftach Ian Amit | November 2011 Who’s your daddy? And buddy, and friends, relatives, colleagues...All rights reserved to Security Art ltd. 2002-2011 14
  68. 68. Iftach Ian Amit | November 2011 Who’s your daddy? And buddy, and friends, relatives, colleagues...All rights reserved to Security Art ltd. 2002-2011 14
  69. 69. Iftach Ian Amit | November 2011 Who’s your daddy? And buddy, and friends, relatives, colleagues...All rights reserved to Security Art ltd. 2002-2011 14
  70. 70. Iftach Ian Amit | November 2011All rights reserved to Security Art ltd. 2002-2011 15
  71. 71. Iftach Ian Amit | November 2011All rights reserved to Security Art ltd. 2002-2011 15
  72. 72. Iftach Ian Amit | November 2011 Select your target wisely And then craft your payload :-)All rights reserved to Security Art ltd. 2002-2011 16
  73. 73. Iftach Ian Amit | November 2011All rights reserved to Security Art ltd. 2002-2011 17
  74. 74. Iftach Ian Amit | November 2011All rights reserved to Security Art ltd. 2002-2011 17
  75. 75. Iftach Ian Amit | November 2011All rights reserved to Security Art ltd. 2002-2011 17
  76. 76. Iftach Ian Amit | November 2011All rights reserved to Security Art ltd. 2002-2011 17
  77. 77. Iftach Ian Amit | November 2011All rights reserved to Security Art ltd. 2002-2011 17
  78. 78. Iftach Ian Amit | November 2011 • ZeuS: $3000-$5000 • SpyEye: $2500-$4000 • Limbo: $500-$1500All rights reserved to Security Art ltd. 2002-2011 17
  79. 79. Iftach Ian Amit | November 2011 • ZeuS: $3000-$5000 E! RE • SpyEye: $2500-$4000 F • Limbo: $500-$1500All rights reserved to Security Art ltd. 2002-2011 17
  80. 80. Iftach Ian Amit | November 2011All rights reserved to Security Art ltd. 2002-2011 18
  81. 81. Iftach Ian Amit | November 2011All rights reserved to Security Art ltd. 2002-2011 18
  82. 82. Iftach Ian Amit | November 2011 Experienced travelers know the importance of packing properlyAll rights reserved to Security Art ltd. 2002-2011 18
  83. 83. Iftach Ian Amit | November 2011 Experienced travelers know the importance of packing properlyAll rights reserved to Security Art ltd. 2002-2011 18
  84. 84. Iftach Ian Amit | November 2011 • File servers • Databases • File types • Gateways (routes) • PrintersAll rights reserved to Security Art ltd. 2002-2011 19
  85. 85. Iftach Ian Amit | November 2011 Mass infection: APT: 5-6 days before 5-6 months before detection detectionAll rights reserved to Security Art ltd. 2002-2011 20
  86. 86. Iftach Ian Amit | November 2011 Mass infection: APT: 5-6 days before 5-6 months before detection detectionAll rights reserved to Security Art ltd. 2002-2011 20
  87. 87. Iftach Ian Amit | November 2011 Mass infection: APT: 5-6 days before 5-6 months before detection detection Frequent updates No* updates * AlmostAll rights reserved to Security Art ltd. 2002-2011 20
  88. 88. Iftach Ian Amit | November 2011 PATIENCE Mass infection: APT: 5-6 days before 5-6 months before detection detection Frequent updates No* updates * AlmostAll rights reserved to Security Art ltd. 2002-2011 21
  89. 89. Iftach Ian Amit | November 2011All rights reserved to Security Art ltd. 2002-2011 22
  90. 90. Iftach Ian Amit | November 2011All rights reserved to Security Art ltd. 2002-2011 22
  91. 91. Iftach Ian Amit | November 2011All rights reserved to Security Art ltd. 2002-2011 22
  92. 92. Iftach Ian Amit | November 2011All rights reserved to Security Art ltd. 2002-2011 22
  93. 93. Iftach Ian Amit | November 2011All rights reserved to Security Art ltd. 2002-2011 22
  94. 94. Iftach Ian Amit | November 2011All rights reserved to Security Art ltd. 2002-2011 22
  95. 95. Iftach Ian Amit | November 2011All rights reserved to Security Art ltd. 2002-2011 22
  96. 96. Iftach Ian Amit | November 2011All rights reserved to Security Art ltd. 2002-2011 23
  97. 97. Iftach Ian Amit | November 2011All rights reserved to Security Art ltd. 2002-2011 23
  98. 98. Iftach Ian Amit | November 2011All rights reserved to Security Art ltd. 2002-2011 24
  99. 99. Iftach Ian Amit | November 2011All rights reserved to Security Art ltd. 2002-2011 24
  100. 100. Iftach Ian Amit | November 2011All rights reserved to Security Art ltd. 2002-2011 24
  101. 101. Iftach Ian Amit | November 2011 -----BEGIN PGP MESSAGE----- So... Version: GnuPG/MacGPG2 v2.0.14 (Darwin) hQMOA1jQIm6UkL4eEAv/W3r/eYLUmqRNi/Jegt72lK6qdBiBfkg9PZ5YKql9CUZp FGnVk029K3gEVcrA4k7w2aOtP7tYKRF8v4yrZQ9GZ7eXzR7+Tbf1g+7dveH6U8Bf BHo8LRovj5OlGghrvpyKYRPIf/NAgzL2G8dyi/FVB0YB4J7/4x0YFEalQHaLiKyt /gkikyV92njPJ6tPm2sdKUqUHSb20r9AdowZ0VVRrWwdRgUhdNXajjwcbH1BjVuS Gilw8MnmQkmJAT+TAFkTqC9fjiwtnNMNANJbo2Z36RqsAcKbhVh1eMA7ev0pUakp Tm4xN64syk/1DEc0VHFbanAreTV3tCbUUIoPQDFGFpiu3oS6/089oUvRtBBbC5p6 leYKEnDllcGWAomRSiYBFWjTca/DIw43QIW/lmdBnwcWLuQmDCmwr3HuhEaOmqfO hdgaxM4GuVdJCDdwXzwpuaPElCd18weH2XNzudLdeRKN+wjl/4D6bIo+038BcLei SyhWrMFB7mKSmEzQufQUDACFamtMCn9YOo3mgo+YYk505qhIDLNwZXqyVUqOHvIG vu7gzuNwUdY5idLqsGEs0K0xVwYntTKUh61tNS/HDfNTVm4Y3p8M88JHhcg7npY5 gJuhWuHkgp2CTsQT+gRjthm3l3AlnIvAfuC5uWLMsjA4sCw2FRDOARxrN9El8maX /vCxN9aB3dK4S9MSGJ5HhaYpTfpc9CdFkFryzb2sFWfW85nSzNo7dVFCy0jmSr19 o4Jsfj0J0izS3MeGYYz5NSsfBz+6o/IYURL3OXrm4DuJNHY0DvVbYqSQRRx3o2S+ uZekwXwYsqpei/f/sYo875p5NeX3g62zgjy2Vly+n58WaZWoHb5Y0QCxNfpjdcAQ 3tuZQaUvlqrkQeSRxKXD7pxlHdwHDgfvw01RU8NsMkfsBoTZY27BjFvIg5S/pv9O 6IznXaJu9jRWDj6tvSypx8X2iiVgtSHYahlqEUH1RusAMCILkx0DydCvUud/qRbT YcnkVVgA8ojeDoVpp3AabRrSmgEAOwW6M0KvnSuMKniLIKe7kolqGjEuLAx7s5Kg mMHfNki5dYWvQzHv03ID9UG+uW6o54BnsajEVe2EcYTPT+8pg2bCxnMElK0ds9Is qvf2Kx4kqO0qMeJG1II2zfAFqmMiTMtgA2CZ0Y42hA/bQK/CCM8QVo9JcGn3Jf6N 0X1TVob7xDo/fkRROHv74dIh2Kxa0SH8iGdb4kI= =jN3t -----END PGP MESSAGE-----All rights reserved to Security Art ltd. 2002-2011 25
  102. 102. Iftach Ian Amit | November 2011 Still “too detectable”All rights reserved to Security Art ltd. 2002-2011 26
  103. 103. Iftach Ian Amit | November 2011 Still “too detectable” hQMOA1jQIm6UkL4eEAv/W3r/eYLUmqRNi/Jegt72lK6qdBiBfkg9PZ5YKql9CUZp FGnVk029K3gEVcrA4k7w2aOtP7tYKRF8v4yrZQ9GZ7eXzR7+Tbf1g+7dveH6U8Bf BHo8LRovj5OlGghrvpyKYRPIf/NAgzL2G8dyi/FVB0YB4J7/4x0YFEalQHaLiKyt /gkikyV92njPJ6tPm2sdKUqUHSb20r9AdowZ0VVRrWwdRgUhdNXajjwcbH1BjVuS Gilw8MnmQkmJAT+TAFkTqC9fjiwtnNMNANJbo2Z36RqsAcKbhVh1eMA7ev0pUakp Tm4xN64syk/1DEc0VHFbanAreTV3tCbUUIoPQDFGFpiu3oS6/089oUvRtBBbC5p6 leYKEnDllcGWAomRSiYBFWjTca/DIw43QIW/lmdBnwcWLuQmDCmwr3HuhEaOmqfO hdgaxM4GuVdJCDdwXzwpuaPElCd18weH2XNzudLdeRKN+wjl/4D6bIo+038BcLei SyhWrMFB7mKSmEzQufQUDACFamtMCn9YOo3mgo+YYk505qhIDLNwZXqyVUqOHvIG vu7gzuNwUdY5idLqsGEs0K0xVwYntTKUh61tNS/HDfNTVm4Y3p8M88JHhcg7npY5 gJuhWuHkgp2CTsQT+gRjthm3l3AlnIvAfuC5uWLMsjA4sCw2FRDOARxrN9El8maX /vCxN9aB3dK4S9MSGJ5HhaYpTfpc9CdFkFryzb2sFWfW85nSzNo7dVFCy0jmSr19 o4Jsfj0J0izS3MeGYYz5NSsfBz+6o/IYURL3OXrm4DuJNHY0DvVbYqSQRRx3o2S+ uZekwXwYsqpei/f/sYo875p5NeX3g62zgjy2Vly+n58WaZWoHb5Y0QCxNfpjdcAQ 3tuZQaUvlqrkQeSRxKXD7pxlHdwHDgfvw01RU8NsMkfsBoTZY27BjFvIg5S/pv9O 6IznXaJu9jRWDj6tvSypx8X2iiVgtSHYahlqEUH1RusAMCILkx0DydCvUud/qRbT YcnkVVgA8ojeDoVpp3AabRrSmgEAOwW6M0KvnSuMKniLIKe7kolqGjEuLAx7s5Kg mMHfNki5dYWvQzHv03ID9UG+uW6o54BnsajEVe2EcYTPT+8pg2bCxnMElK0ds9Is qvf2Kx4kqO0qMeJG1II2zfAFqmMiTMtgA2CZ0Y42hA/bQK/CCM8QVo9JcGn3Jf6N 0X1TVob7xDo/fkRROHv74dIh2Kxa0SH8iGdb4kI= =jN3tAll rights reserved to Security Art ltd. 2002-2011 26
  104. 104. Iftach Ian Amit | November 2011 Much better • Throws in some additional encodings • And an XOR for old time’s sake • And we are good to go... • 0% detection rateAll rights reserved to Security Art ltd. 2002-2011 27
  105. 105. Iftach Ian Amit | November 2011 Resistance is futileAll rights reserved to Security Art ltd. 2002-2011 28
  106. 106. Iftach Ian Amit | November 2011All rights reserved to Security Art ltd. 2002-2011 29
  107. 107. Iftach Ian Amit | November 2011 80 53 443All rights reserved to Security Art ltd. 2002-2011 29
  108. 108. Iftach Ian Amit | November 2011 80 53 443All rights reserved to Security Art ltd. 2002-2011 29
  109. 109. Iftach Ian Amit | November 2011 Kill some treesAll rights reserved to Security Art ltd. 2002-2011 30
  110. 110. Iftach Ian Amit | November 2011All rights reserved to Security Art ltd. 2002-2011 31
  111. 111. Iftach Ian Amit | November 2011All rights reserved to Security Art ltd. 2002-2011 31
  112. 112. Iftach Ian Amit | November 2011 Good ol’e DD...All rights reserved to Security Art ltd. 2002-2011 32
  113. 113. Iftach Ian Amit | November 2011All rights reserved to Security Art ltd. 2002-2011 33
  114. 114. Iftach Ian Amit | November 2011All rights reserved to Security Art ltd. 2002-2011 33
  115. 115. Iftach Ian Amit | November 2011 1/2 byte = 16 values 1 0 1 0All rights reserved to Security Art ltd. 2002-2011 33
  116. 116. Iftach Ian Amit | November 2011 1/2 byte = 16 values 1 0 1 0All rights reserved to Security Art ltd. 2002-2011 33
  117. 117. Iftach Ian Amit | November 2011 1/2 byte = 16 values 1 0 1 0All rights reserved to Security Art ltd. 2002-2011 33
  118. 118. Iftach Ian Amit | November 2011All rights reserved to Security Art ltd. 2002-2011 34
  119. 119. Iftach Ian Amit | November 2011All rights reserved to Security Art ltd. 2002-2011 34
  120. 120. Iftach Ian Amit | November 2011All rights reserved to Security Art ltd. 2002-2011 34
  121. 121. Iftach Ian Amit | November 2011All rights reserved to Security Art ltd. 2002-2011 34
  122. 122. Iftach Ian Amit | November 2011All rights reserved to Security Art ltd. 2002-2011 34
  123. 123. Iftach Ian Amit | November 2011All rights reserved to Security Art ltd. 2002-2011 34
  124. 124. Iftach Ian Amit | November 2011All rights reserved to Security Art ltd. 2002-2011 34
  125. 125. Iftach Ian Amit | November 2011All rights reserved to Security Art ltd. 2002-2011 34
  126. 126. Iftach Ian Amit | November 2011All rights reserved to Security Art ltd. 2002-2011 35
  127. 127. Iftach Ian Amit | November 2011All rights reserved to Security Art ltd. 2002-2011 35
  128. 128. Iftach Ian Amit | November 2011 1 0 1 0All rights reserved to Security Art ltd. 2002-2011 35
  129. 129. Iftach Ian Amit | November 2011 DEMOAll rights reserved to Security Art ltd. 2002-2011 36
  130. 130. Iftach Ian Amit | November 2011 DEMOAll rights reserved to Security Art ltd. 2002-2011 36
  131. 131. Iftach Ian Amit | November 2011 DEMOAll rights reserved to Security Art ltd. 2002-2011 36
  132. 132. Iftach Ian Amit | November 2011 DEMOAll rights reserved to Security Art ltd. 2002-2011 36
  133. 133. Iftach Ian Amit | November 2011 DEMOAll rights reserved to Security Art ltd. 2002-2011 36
  134. 134. Iftach Ian Amit | November 2011 DEMOAll rights reserved to Security Art ltd. 2002-2011 36
  135. 135. Iftach Ian Amit | November 2011All rights reserved to Security Art ltd. 2002-2011 37
  136. 136. Iftach Ian Amit | November 2011 Killing paper isn’t nice • Fax it! • Most corporations have email-to-fax services • heard of the address 555-7963@fax.corp.com ? • Just send any document (text, doc, pdf) to it and off you go with the data...All rights reserved to Security Art ltd. 2002-2011 38
  137. 137. Iftach Ian Amit | November 2011 ConclusionsAll rights reserved to Security Art ltd. 2002-2011 39
  138. 138. Iftach Ian Amit | November 2011 ConclusionsAll rights reserved to Security Art ltd. 2002-2011 39
  139. 139. Iftach Ian Amit | November 2011 ConclusionsAll rights reserved to Security Art ltd. 2002-2011 39
  140. 140. Iftach Ian Amit | November 2011 ConclusionsAll rights reserved to Security Art ltd. 2002-2011 39
  141. 141. Iftach Ian Amit | November 2011 • Start with the human factor • Then add technologyAll rights reserved to Security Art ltd. 2002-2011 40
  142. 142. Iftach Ian Amit | November 2011 • Start with the human factor • Then add technologyAll rights reserved to Security Art ltd. 2002-2011 40
  143. 143. Iftach Ian Amit | November 2011 • Where people leave data • Hint - spend time with developers. • “Hack” the business process • Test, test again, and then test. Follow with a surprise test!All rights reserved to Security Art ltd. 2002-2011 41
  144. 144. Iftach Ian Amit | November 2011 • Where people leave data • Hint - spend time with developers. • “Hack” the business process • Test, test again, and then test. Follow with a surprise test!All rights reserved to Security Art ltd. 2002-2011 41
  145. 145. Iftach Ian Amit | November 2011 “be true to yourself, not to what you believe things should look like” Old chinese proverbAll rights reserved to Security Art ltd. 2002-2011 42
  146. 146. Iftach Ian Amit | November 2011 “be true to yourself, not to what you believe things should look like” Old chinese proverbAll rights reserved to Security Art ltd. 2002-2011 42
  147. 147. Iftach Ian Amit | November 2011 They are YOUR assets after all No reason to be shy about it... And remember to add honey...All rights reserved to Security Art ltd. 2002-2011 43
  148. 148. Iftach Ian Amit | November 2011All rights reserved to Security Art ltd. 2002-2011 44
  149. 149. Iftach Ian Amit | November 2011All rights reserved to Security Art ltd. 2002-2011 44
  150. 150. Iftach Ian Amit | November 2011All rights reserved to Security Art ltd. 2002-2011 44
  151. 151. Iftach Ian Amit | November 2011 TEST SOME MOREFor hints/guides see: www.pentest-standard.orgAll rights reserved to Security Art ltd. 2002-2011 45
  152. 152. Iftach Ian Amit | November 2011 Questions? Thank you! Whitepapers: www.security-art.comData modulation Exfil POC: Too shy to ask now? http://code.google.com/p/ iamit@security-art.com data-sound-poc/ Need your daily chatter? twitter.com/iiamitAll rights reserved to Security Art ltd. 2002-2011 46
  1. A particular slide catching your eye?

    Clipping is a handy way to collect important slides you want to go back to later.

×