Your SlideShare is downloading. ×
0
Advanced Data Exfiltration - the way Q would have done it
Advanced Data Exfiltration - the way Q would have done it
Advanced Data Exfiltration - the way Q would have done it
Advanced Data Exfiltration - the way Q would have done it
Advanced Data Exfiltration - the way Q would have done it
Advanced Data Exfiltration - the way Q would have done it
Advanced Data Exfiltration - the way Q would have done it
Advanced Data Exfiltration - the way Q would have done it
Advanced Data Exfiltration - the way Q would have done it
Advanced Data Exfiltration - the way Q would have done it
Advanced Data Exfiltration - the way Q would have done it
Advanced Data Exfiltration - the way Q would have done it
Advanced Data Exfiltration - the way Q would have done it
Advanced Data Exfiltration - the way Q would have done it
Advanced Data Exfiltration - the way Q would have done it
Advanced Data Exfiltration - the way Q would have done it
Advanced Data Exfiltration - the way Q would have done it
Advanced Data Exfiltration - the way Q would have done it
Advanced Data Exfiltration - the way Q would have done it
Advanced Data Exfiltration - the way Q would have done it
Advanced Data Exfiltration - the way Q would have done it
Advanced Data Exfiltration - the way Q would have done it
Advanced Data Exfiltration - the way Q would have done it
Advanced Data Exfiltration - the way Q would have done it
Advanced Data Exfiltration - the way Q would have done it
Advanced Data Exfiltration - the way Q would have done it
Advanced Data Exfiltration - the way Q would have done it
Advanced Data Exfiltration - the way Q would have done it
Advanced Data Exfiltration - the way Q would have done it
Advanced Data Exfiltration - the way Q would have done it
Advanced Data Exfiltration - the way Q would have done it
Advanced Data Exfiltration - the way Q would have done it
Advanced Data Exfiltration - the way Q would have done it
Advanced Data Exfiltration - the way Q would have done it
Advanced Data Exfiltration - the way Q would have done it
Advanced Data Exfiltration - the way Q would have done it
Advanced Data Exfiltration - the way Q would have done it
Advanced Data Exfiltration - the way Q would have done it
Advanced Data Exfiltration - the way Q would have done it
Advanced Data Exfiltration - the way Q would have done it
Advanced Data Exfiltration - the way Q would have done it
Advanced Data Exfiltration - the way Q would have done it
Advanced Data Exfiltration - the way Q would have done it
Advanced Data Exfiltration - the way Q would have done it
Advanced Data Exfiltration - the way Q would have done it
Advanced Data Exfiltration - the way Q would have done it
Advanced Data Exfiltration - the way Q would have done it
Advanced Data Exfiltration - the way Q would have done it
Advanced Data Exfiltration - the way Q would have done it
Advanced Data Exfiltration - the way Q would have done it
Advanced Data Exfiltration - the way Q would have done it
Advanced Data Exfiltration - the way Q would have done it
Advanced Data Exfiltration - the way Q would have done it
Advanced Data Exfiltration - the way Q would have done it
Advanced Data Exfiltration - the way Q would have done it
Advanced Data Exfiltration - the way Q would have done it
Advanced Data Exfiltration - the way Q would have done it
Advanced Data Exfiltration - the way Q would have done it
Advanced Data Exfiltration - the way Q would have done it
Advanced Data Exfiltration - the way Q would have done it
Advanced Data Exfiltration - the way Q would have done it
Advanced Data Exfiltration - the way Q would have done it
Advanced Data Exfiltration - the way Q would have done it
Advanced Data Exfiltration - the way Q would have done it
Advanced Data Exfiltration - the way Q would have done it
Advanced Data Exfiltration - the way Q would have done it
Advanced Data Exfiltration - the way Q would have done it
Advanced Data Exfiltration - the way Q would have done it
Advanced Data Exfiltration - the way Q would have done it
Advanced Data Exfiltration - the way Q would have done it
Advanced Data Exfiltration - the way Q would have done it
Advanced Data Exfiltration - the way Q would have done it
Advanced Data Exfiltration - the way Q would have done it
Advanced Data Exfiltration - the way Q would have done it
Advanced Data Exfiltration - the way Q would have done it
Advanced Data Exfiltration - the way Q would have done it
Advanced Data Exfiltration - the way Q would have done it
Advanced Data Exfiltration - the way Q would have done it
Advanced Data Exfiltration - the way Q would have done it
Advanced Data Exfiltration - the way Q would have done it
Advanced Data Exfiltration - the way Q would have done it
Advanced Data Exfiltration - the way Q would have done it
Advanced Data Exfiltration - the way Q would have done it
Advanced Data Exfiltration - the way Q would have done it
Advanced Data Exfiltration - the way Q would have done it
Advanced Data Exfiltration - the way Q would have done it
Advanced Data Exfiltration - the way Q would have done it
Advanced Data Exfiltration - the way Q would have done it
Advanced Data Exfiltration - the way Q would have done it
Advanced Data Exfiltration - the way Q would have done it
Advanced Data Exfiltration - the way Q would have done it
Advanced Data Exfiltration - the way Q would have done it
Advanced Data Exfiltration - the way Q would have done it
Advanced Data Exfiltration - the way Q would have done it
Advanced Data Exfiltration - the way Q would have done it
Advanced Data Exfiltration - the way Q would have done it
Advanced Data Exfiltration - the way Q would have done it
Advanced Data Exfiltration - the way Q would have done it
Advanced Data Exfiltration - the way Q would have done it
Advanced Data Exfiltration - the way Q would have done it
Advanced Data Exfiltration - the way Q would have done it
Advanced Data Exfiltration - the way Q would have done it
Advanced Data Exfiltration - the way Q would have done it
Advanced Data Exfiltration - the way Q would have done it
Advanced Data Exfiltration - the way Q would have done it
Advanced Data Exfiltration - the way Q would have done it
Advanced Data Exfiltration - the way Q would have done it
Advanced Data Exfiltration - the way Q would have done it
Advanced Data Exfiltration - the way Q would have done it
Advanced Data Exfiltration - the way Q would have done it
Advanced Data Exfiltration - the way Q would have done it
Advanced Data Exfiltration - the way Q would have done it
Advanced Data Exfiltration - the way Q would have done it
Advanced Data Exfiltration - the way Q would have done it
Advanced Data Exfiltration - the way Q would have done it
Advanced Data Exfiltration - the way Q would have done it
Advanced Data Exfiltration - the way Q would have done it
Advanced Data Exfiltration - the way Q would have done it
Advanced Data Exfiltration - the way Q would have done it
Advanced Data Exfiltration - the way Q would have done it
Advanced Data Exfiltration - the way Q would have done it
Advanced Data Exfiltration - the way Q would have done it
Advanced Data Exfiltration - the way Q would have done it
Advanced Data Exfiltration - the way Q would have done it
Advanced Data Exfiltration - the way Q would have done it
Advanced Data Exfiltration - the way Q would have done it
Advanced Data Exfiltration - the way Q would have done it
Advanced Data Exfiltration - the way Q would have done it
Advanced Data Exfiltration - the way Q would have done it
Advanced Data Exfiltration - the way Q would have done it
Advanced Data Exfiltration - the way Q would have done it
Advanced Data Exfiltration - the way Q would have done it
Advanced Data Exfiltration - the way Q would have done it
Advanced Data Exfiltration - the way Q would have done it
Advanced Data Exfiltration - the way Q would have done it
Advanced Data Exfiltration - the way Q would have done it
Advanced Data Exfiltration - the way Q would have done it
Advanced Data Exfiltration - the way Q would have done it
Advanced Data Exfiltration - the way Q would have done it
Advanced Data Exfiltration - the way Q would have done it
Advanced Data Exfiltration - the way Q would have done it
Advanced Data Exfiltration - the way Q would have done it
Advanced Data Exfiltration - the way Q would have done it
Advanced Data Exfiltration - the way Q would have done it
Advanced Data Exfiltration - the way Q would have done it
Advanced Data Exfiltration - the way Q would have done it
Advanced Data Exfiltration - the way Q would have done it
Advanced Data Exfiltration - the way Q would have done it
Advanced Data Exfiltration - the way Q would have done it
Advanced Data Exfiltration - the way Q would have done it
Advanced Data Exfiltration - the way Q would have done it
Advanced Data Exfiltration - the way Q would have done it
Upcoming SlideShare
Loading in...5
×

Thanks for flagging this SlideShare!

Oops! An error has occurred.

×
Saving this for later? Get the SlideShare app to save on your phone or tablet. Read anywhere, anytime – even offline.
Text the download link to your phone
Standard text messaging rates apply

Advanced Data Exfiltration - the way Q would have done it

819

Published on

An updated version of my data exfiltration talk. Much more "visual" in nature. …

An updated version of my data exfiltration talk. Much more "visual" in nature.
Used it at Hashdays, Govcert.NL, SourceBCN, and SecurityZone.

Published in: Technology, Business
1 Comment
1 Like
Statistics
Notes
No Downloads
Views
Total Views
819
On Slideshare
0
From Embeds
0
Number of Embeds
2
Actions
Shares
0
Downloads
34
Comments
1
Likes
1
Embeds 0
No embeds

Report content
Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
No notes for slide

Transcript

  • 1. Iftach Ian Amit | November 2011 Advanced Data Exfiltration The way Q would have done it Iftach Ian Amit VP Consulting DC9723 CSA-IL Board member IL-CERT Visionary All rights reserved to Security Art ltd. 2002-2011 www.security-art.comWednesday, December 7, 11
  • 2. Iftach Ian Amit | November 2011 whoami All rights reserved to Security Art ltd. 2002-2011 2Wednesday, December 7, 11
  • 3. Iftach Ian Amit | November 2011 whoami All rights reserved to Security Art ltd. 2002-2011 2Wednesday, December 7, 11
  • 4. Iftach Ian Amit | November 2011 whoami All rights reserved to Security Art ltd. 2002-2011 2Wednesday, December 7, 11
  • 5. Iftach Ian Amit | November 2011 whoami All rights reserved to Security Art ltd. 2002-2011 2Wednesday, December 7, 11
  • 6. Iftach Ian Amit | November 2011 whoami All rights reserved to Security Art ltd. 2002-2011 2Wednesday, December 7, 11
  • 7. Iftach Ian Amit | November 2011 whoami All rights reserved to Security Art ltd. 2002-2011 2Wednesday, December 7, 11
  • 8. Iftach Ian Amit | November 2011 whoami All rights reserved to Security Art ltd. 2002-2011 2Wednesday, December 7, 11
  • 9. Iftach Ian Amit | November 2011 whoami All rights reserved to Security Art ltd. 2002-2011 2Wednesday, December 7, 11
  • 10. Iftach Ian Amit | November 2011 whoami All rights reserved to Security Art ltd. 2002-2011 2Wednesday, December 7, 11
  • 11. Iftach Ian Amit | November 2011 whoami All rights reserved to Security Art ltd. 2002-2011 2Wednesday, December 7, 11
  • 12. Iftach Ian Amit | November 2011 whoami All rights reserved to Security Art ltd. 2002-2011 2Wednesday, December 7, 11
  • 13. Iftach Ian Amit | November 2011 Agenda All rights reserved to Security Art ltd. 2002-2011 3Wednesday, December 7, 11
  • 14. Iftach Ian Amit | November 2011 Agenda All rights reserved to Security Art ltd. 2002-2011 3Wednesday, December 7, 11
  • 15. Iftach Ian Amit | November 2011 Agenda All rights reserved to Security Art ltd. 2002-2011 3Wednesday, December 7, 11
  • 16. Iftach Ian Amit | November 2011 Agenda All rights reserved to Security Art ltd. 2002-2011 3Wednesday, December 7, 11
  • 17. Iftach Ian Amit | November 2011 All rights reserved to Security Art ltd. 2002-2011 4Wednesday, December 7, 11
  • 18. Iftach Ian Amit | November 2011 All rights reserved to Security Art ltd. 2002-2011 5Wednesday, December 7, 11
  • 19. Iftach Ian Amit | November 2011 All rights reserved to Security Art ltd. 2002-2011 5Wednesday, December 7, 11
  • 20. Iftach Ian Amit | November 2011 All rights reserved to Security Art ltd. 2002-2011 5Wednesday, December 7, 11
  • 21. Iftach Ian Amit | November 2011 All rights reserved to Security Art ltd. 2002-2011 5Wednesday, December 7, 11
  • 22. Iftach Ian Amit | November 2011 All rights reserved to Security Art ltd. 2002-2011 5Wednesday, December 7, 11
  • 23. Iftach Ian Amit | November 2011 All rights reserved to Security Art ltd. 2002-2011 6Wednesday, December 7, 11
  • 24. Iftach Ian Amit | November 2011 All rights reserved to Security Art ltd. 2002-2011 6Wednesday, December 7, 11
  • 25. Iftach Ian Amit | November 2011 All rights reserved to Security Art ltd. 2002-2011 6Wednesday, December 7, 11
  • 26. Iftach Ian Amit | November 2011 All rights reserved to Security Art ltd. 2002-2011 6Wednesday, December 7, 11
  • 27. Iftach Ian Amit | November 2011 All rights reserved to Security Art ltd. 2002-2011 6Wednesday, December 7, 11
  • 28. Iftach Ian Amit | November 2011 All rights reserved to Security Art ltd. 2002-2011 6Wednesday, December 7, 11
  • 29. Iftach Ian Amit | November 2011 All rights reserved to Security Art ltd. 2002-2011 6Wednesday, December 7, 11
  • 30. Iftach Ian Amit | November 2011 All rights reserved to Security Art ltd. 2002-2011 7Wednesday, December 7, 11
  • 31. Iftach Ian Amit | November 2011 All rights reserved to Security Art ltd. 2002-2011 7Wednesday, December 7, 11
  • 32. Iftach Ian Amit | November 2011 All rights reserved to Security Art ltd. 2002-2011 7Wednesday, December 7, 11
  • 33. Iftach Ian Amit | November 2011 All rights reserved to Security Art ltd. 2002-2011 7Wednesday, December 7, 11
  • 34. Iftach Ian Amit | November 2011 All rights reserved to Security Art ltd. 2002-2011 7Wednesday, December 7, 11
  • 35. Iftach Ian Amit | November 2011 All rights reserved to Security Art ltd. 2002-2011 7Wednesday, December 7, 11
  • 36. Iftach Ian Amit | November 2011 All rights reserved to Security Art ltd. 2002-2011 8Wednesday, December 7, 11
  • 37. Iftach Ian Amit | November 2011 All rights reserved to Security Art ltd. 2002-2011 8Wednesday, December 7, 11
  • 38. Iftach Ian Amit | November 2011 All rights reserved to Security Art ltd. 2002-2011 8Wednesday, December 7, 11
  • 39. Iftach Ian Amit | November 2011 All rights reserved to Security Art ltd. 2002-2011 8Wednesday, December 7, 11
  • 40. Iftach Ian Amit | November 2011 All rights reserved to Security Art ltd. 2002-2011 9Wednesday, December 7, 11
  • 41. Iftach Ian Amit | November 2011 • eMails, web links, phishing... All rights reserved to Security Art ltd. 2002-2011 9Wednesday, December 7, 11
  • 42. Iftach Ian Amit | November 2011 • eMails, web links, phishing... • Works like a charm! All rights reserved to Security Art ltd. 2002-2011 9Wednesday, December 7, 11
  • 43. Iftach Ian Amit | November 2011 • eMails, web links, phishing... • Works like a charm! • And can be mostly automated All rights reserved to Security Art ltd. 2002-2011 9Wednesday, December 7, 11
  • 44. Iftach Ian Amit | November 2011 • eMails, web links, phishing... • Works like a charm! • And can be mostly automated • SET to the rescue All rights reserved to Security Art ltd. 2002-2011 9Wednesday, December 7, 11
  • 45. Iftach Ian Amit | November 2011 • eMails, web links, phishing... • Works like a charm! • And can be mostly automated • SET to the rescue All rights reserved to Security Art ltd. 2002-2011 9Wednesday, December 7, 11
  • 46. Iftach Ian Amit | November 2011 And... being nice/nasty/ obnoxious/needy always helps! All rights reserved to Security Art ltd. 2002-2011 10Wednesday, December 7, 11
  • 47. Iftach Ian Amit | November 2011 And... being nice/nasty/ obnoxious/needy always helps! All rights reserved to Security Art ltd. 2002-2011 10Wednesday, December 7, 11
  • 48. Iftach Ian Amit | November 2011 And... being nice/nasty/ obnoxious/needy always helps! All rights reserved to Security Art ltd. 2002-2011 10Wednesday, December 7, 11
  • 49. Iftach Ian Amit | November 2011 And... being nice/nasty/ obnoxious/needy always helps! All rights reserved to Security Art ltd. 2002-2011 10Wednesday, December 7, 11
  • 50. Iftach Ian Amit | November 2011 And... being nice/nasty/ obnoxious/needy always helps! All rights reserved to Security Art ltd. 2002-2011 10Wednesday, December 7, 11
  • 51. Iftach Ian Amit | November 2011 All rights reserved to Security Art ltd. 2002-2011 11Wednesday, December 7, 11
  • 52. Iftach Ian Amit | November 2011 All rights reserved to Security Art ltd. 2002-2011 11Wednesday, December 7, 11
  • 53. Iftach Ian Amit | November 2011 Internet 3rd party You! Target All rights reserved to Security Art ltd. 2002-2011 11Wednesday, December 7, 11
  • 54. Iftach Ian Amit | November 2011 Internet 3rd party You! Target All rights reserved to Security Art ltd. 2002-2011 11Wednesday, December 7, 11
  • 55. Iftach Ian Amit | November 2011 Internet 3rd party You! Target All rights reserved to Security Art ltd. 2002-2011 11Wednesday, December 7, 11
  • 56. Iftach Ian Amit | November 2011 Internet 3rd party You! Target All rights reserved to Security Art ltd. 2002-2011 11Wednesday, December 7, 11
  • 57. Iftach Ian Amit | November 2011 Internet 3rd party You! Target All rights reserved to Security Art ltd. 2002-2011 11Wednesday, December 7, 11
  • 58. Iftach Ian Amit | November 2011 Internet 3rd party You! Target All rights reserved to Security Art ltd. 2002-2011 11Wednesday, December 7, 11
  • 59. Iftach Ian Amit | November 2011 Internet 3rd party You! Target All rights reserved to Security Art ltd. 2002-2011 11Wednesday, December 7, 11
  • 60. Iftach Ian Amit | November 2011 All rights reserved to Security Art ltd. 2002-2011 12Wednesday, December 7, 11
  • 61. Iftach Ian Amit | November 2011 All rights reserved to Security Art ltd. 2002-2011 12Wednesday, December 7, 11
  • 62. Iftach Ian Amit | November 2011 All rights reserved to Security Art ltd. 2002-2011 12Wednesday, December 7, 11
  • 63. Iftach Ian Amit | November 2011 What is the target “willing” to tell about itself? All rights reserved to Security Art ltd. 2002-2011 13Wednesday, December 7, 11
  • 64. Iftach Ian Amit | November 2011 What is the target “willing” to tell about itself? All rights reserved to Security Art ltd. 2002-2011 13Wednesday, December 7, 11
  • 65. Iftach Ian Amit | November 2011 What is the target “willing” to tell about itself? All rights reserved to Security Art ltd. 2002-2011 13Wednesday, December 7, 11
  • 66. Iftach Ian Amit | November 2011 Who’s your daddy? And buddy, and friends, relatives, colleagues... All rights reserved to Security Art ltd. 2002-2011 14Wednesday, December 7, 11
  • 67. Iftach Ian Amit | November 2011 Who’s your daddy? And buddy, and friends, relatives, colleagues... All rights reserved to Security Art ltd. 2002-2011 14Wednesday, December 7, 11
  • 68. Iftach Ian Amit | November 2011 Who’s your daddy? And buddy, and friends, relatives, colleagues... All rights reserved to Security Art ltd. 2002-2011 14Wednesday, December 7, 11
  • 69. Iftach Ian Amit | November 2011 Who’s your daddy? And buddy, and friends, relatives, colleagues... All rights reserved to Security Art ltd. 2002-2011 14Wednesday, December 7, 11
  • 70. Iftach Ian Amit | November 2011 All rights reserved to Security Art ltd. 2002-2011 15Wednesday, December 7, 11
  • 71. Iftach Ian Amit | November 2011 All rights reserved to Security Art ltd. 2002-2011 15Wednesday, December 7, 11
  • 72. Iftach Ian Amit | November 2011 Select your target wisely And then craft your payload :-) All rights reserved to Security Art ltd. 2002-2011 16Wednesday, December 7, 11
  • 73. Iftach Ian Amit | November 2011 All rights reserved to Security Art ltd. 2002-2011 17Wednesday, December 7, 11
  • 74. Iftach Ian Amit | November 2011 All rights reserved to Security Art ltd. 2002-2011 17Wednesday, December 7, 11
  • 75. Iftach Ian Amit | November 2011 All rights reserved to Security Art ltd. 2002-2011 17Wednesday, December 7, 11
  • 76. Iftach Ian Amit | November 2011 All rights reserved to Security Art ltd. 2002-2011 17Wednesday, December 7, 11
  • 77. Iftach Ian Amit | November 2011 All rights reserved to Security Art ltd. 2002-2011 17Wednesday, December 7, 11
  • 78. Iftach Ian Amit | November 2011 • ZeuS: $3000-$5000 • SpyEye: $2500-$4000 • Limbo: $500-$1500 All rights reserved to Security Art ltd. 2002-2011 17Wednesday, December 7, 11
  • 79. Iftach Ian Amit | November 2011 • ZeuS: $3000-$5000 E! RE • SpyEye: $2500-$4000 F • Limbo: $500-$1500 All rights reserved to Security Art ltd. 2002-2011 17Wednesday, December 7, 11
  • 80. Iftach Ian Amit | November 2011 All rights reserved to Security Art ltd. 2002-2011 18Wednesday, December 7, 11
  • 81. Iftach Ian Amit | November 2011 All rights reserved to Security Art ltd. 2002-2011 18Wednesday, December 7, 11
  • 82. Iftach Ian Amit | November 2011 Experienced travelers know the importance of packing properly All rights reserved to Security Art ltd. 2002-2011 18Wednesday, December 7, 11
  • 83. Iftach Ian Amit | November 2011 Experienced travelers know the importance of packing properly All rights reserved to Security Art ltd. 2002-2011 18Wednesday, December 7, 11
  • 84. Iftach Ian Amit | November 2011 • File servers • Databases • File types • Gateways (routes) • Printers All rights reserved to Security Art ltd. 2002-2011 19Wednesday, December 7, 11
  • 85. Iftach Ian Amit | November 2011 Mass infection: APT: 5-6 days before 5-6 months before detection detection All rights reserved to Security Art ltd. 2002-2011 20Wednesday, December 7, 11
  • 86. Iftach Ian Amit | November 2011 Mass infection: APT: 5-6 days before 5-6 months before detection detection All rights reserved to Security Art ltd. 2002-2011 20Wednesday, December 7, 11
  • 87. Iftach Ian Amit | November 2011 Mass infection: APT: 5-6 days before 5-6 months before detection detection Frequent updates No* updates * Almost All rights reserved to Security Art ltd. 2002-2011 20Wednesday, December 7, 11
  • 88. Iftach Ian Amit | November 2011 PATIENCE Mass infection: APT: 5-6 days before 5-6 months before detection detection Frequent updates No* updates * Almost All rights reserved to Security Art ltd. 2002-2011 21Wednesday, December 7, 11
  • 89. Iftach Ian Amit | November 2011 All rights reserved to Security Art ltd. 2002-2011 22Wednesday, December 7, 11
  • 90. Iftach Ian Amit | November 2011 All rights reserved to Security Art ltd. 2002-2011 22Wednesday, December 7, 11
  • 91. Iftach Ian Amit | November 2011 All rights reserved to Security Art ltd. 2002-2011 22Wednesday, December 7, 11
  • 92. Iftach Ian Amit | November 2011 All rights reserved to Security Art ltd. 2002-2011 22Wednesday, December 7, 11
  • 93. Iftach Ian Amit | November 2011 All rights reserved to Security Art ltd. 2002-2011 22Wednesday, December 7, 11
  • 94. Iftach Ian Amit | November 2011 All rights reserved to Security Art ltd. 2002-2011 22Wednesday, December 7, 11
  • 95. Iftach Ian Amit | November 2011 All rights reserved to Security Art ltd. 2002-2011 22Wednesday, December 7, 11
  • 96. Iftach Ian Amit | November 2011 All rights reserved to Security Art ltd. 2002-2011 23Wednesday, December 7, 11
  • 97. Iftach Ian Amit | November 2011 All rights reserved to Security Art ltd. 2002-2011 23Wednesday, December 7, 11
  • 98. Iftach Ian Amit | November 2011 All rights reserved to Security Art ltd. 2002-2011 24Wednesday, December 7, 11
  • 99. Iftach Ian Amit | November 2011 All rights reserved to Security Art ltd. 2002-2011 24Wednesday, December 7, 11
  • 100. Iftach Ian Amit | November 2011 All rights reserved to Security Art ltd. 2002-2011 24Wednesday, December 7, 11
  • 101. Iftach Ian Amit | November 2011 -----BEGIN PGP MESSAGE----- So... Version: GnuPG/MacGPG2 v2.0.14 (Darwin) hQMOA1jQIm6UkL4eEAv/W3r/eYLUmqRNi/Jegt72lK6qdBiBfkg9PZ5YKql9CUZp FGnVk029K3gEVcrA4k7w2aOtP7tYKRF8v4yrZQ9GZ7eXzR7+Tbf1g+7dveH6U8Bf BHo8LRovj5OlGghrvpyKYRPIf/NAgzL2G8dyi/FVB0YB4J7/4x0YFEalQHaLiKyt /gkikyV92njPJ6tPm2sdKUqUHSb20r9AdowZ0VVRrWwdRgUhdNXajjwcbH1BjVuS Gilw8MnmQkmJAT+TAFkTqC9fjiwtnNMNANJbo2Z36RqsAcKbhVh1eMA7ev0pUakp Tm4xN64syk/1DEc0VHFbanAreTV3tCbUUIoPQDFGFpiu3oS6/089oUvRtBBbC5p6 leYKEnDllcGWAomRSiYBFWjTca/DIw43QIW/lmdBnwcWLuQmDCmwr3HuhEaOmqfO hdgaxM4GuVdJCDdwXzwpuaPElCd18weH2XNzudLdeRKN+wjl/4D6bIo+038BcLei SyhWrMFB7mKSmEzQufQUDACFamtMCn9YOo3mgo+YYk505qhIDLNwZXqyVUqOHvIG vu7gzuNwUdY5idLqsGEs0K0xVwYntTKUh61tNS/HDfNTVm4Y3p8M88JHhcg7npY5 gJuhWuHkgp2CTsQT+gRjthm3l3AlnIvAfuC5uWLMsjA4sCw2FRDOARxrN9El8maX /vCxN9aB3dK4S9MSGJ5HhaYpTfpc9CdFkFryzb2sFWfW85nSzNo7dVFCy0jmSr19 o4Jsfj0J0izS3MeGYYz5NSsfBz+6o/IYURL3OXrm4DuJNHY0DvVbYqSQRRx3o2S+ uZekwXwYsqpei/f/sYo875p5NeX3g62zgjy2Vly+n58WaZWoHb5Y0QCxNfpjdcAQ 3tuZQaUvlqrkQeSRxKXD7pxlHdwHDgfvw01RU8NsMkfsBoTZY27BjFvIg5S/pv9O 6IznXaJu9jRWDj6tvSypx8X2iiVgtSHYahlqEUH1RusAMCILkx0DydCvUud/qRbT YcnkVVgA8ojeDoVpp3AabRrSmgEAOwW6M0KvnSuMKniLIKe7kolqGjEuLAx7s5Kg mMHfNki5dYWvQzHv03ID9UG+uW6o54BnsajEVe2EcYTPT+8pg2bCxnMElK0ds9Is qvf2Kx4kqO0qMeJG1II2zfAFqmMiTMtgA2CZ0Y42hA/bQK/CCM8QVo9JcGn3Jf6N 0X1TVob7xDo/fkRROHv74dIh2Kxa0SH8iGdb4kI= =jN3t -----END PGP MESSAGE----- All rights reserved to Security Art ltd. 2002-2011 25Wednesday, December 7, 11
  • 102. Iftach Ian Amit | November 2011 Still “too detectable” All rights reserved to Security Art ltd. 2002-2011 26Wednesday, December 7, 11
  • 103. Iftach Ian Amit | November 2011 Still “too detectable” hQMOA1jQIm6UkL4eEAv/W3r/eYLUmqRNi/Jegt72lK6qdBiBfkg9PZ5YKql9CUZp FGnVk029K3gEVcrA4k7w2aOtP7tYKRF8v4yrZQ9GZ7eXzR7+Tbf1g+7dveH6U8Bf BHo8LRovj5OlGghrvpyKYRPIf/NAgzL2G8dyi/FVB0YB4J7/4x0YFEalQHaLiKyt /gkikyV92njPJ6tPm2sdKUqUHSb20r9AdowZ0VVRrWwdRgUhdNXajjwcbH1BjVuS Gilw8MnmQkmJAT+TAFkTqC9fjiwtnNMNANJbo2Z36RqsAcKbhVh1eMA7ev0pUakp Tm4xN64syk/1DEc0VHFbanAreTV3tCbUUIoPQDFGFpiu3oS6/089oUvRtBBbC5p6 leYKEnDllcGWAomRSiYBFWjTca/DIw43QIW/lmdBnwcWLuQmDCmwr3HuhEaOmqfO hdgaxM4GuVdJCDdwXzwpuaPElCd18weH2XNzudLdeRKN+wjl/4D6bIo+038BcLei SyhWrMFB7mKSmEzQufQUDACFamtMCn9YOo3mgo+YYk505qhIDLNwZXqyVUqOHvIG vu7gzuNwUdY5idLqsGEs0K0xVwYntTKUh61tNS/HDfNTVm4Y3p8M88JHhcg7npY5 gJuhWuHkgp2CTsQT+gRjthm3l3AlnIvAfuC5uWLMsjA4sCw2FRDOARxrN9El8maX /vCxN9aB3dK4S9MSGJ5HhaYpTfpc9CdFkFryzb2sFWfW85nSzNo7dVFCy0jmSr19 o4Jsfj0J0izS3MeGYYz5NSsfBz+6o/IYURL3OXrm4DuJNHY0DvVbYqSQRRx3o2S+ uZekwXwYsqpei/f/sYo875p5NeX3g62zgjy2Vly+n58WaZWoHb5Y0QCxNfpjdcAQ 3tuZQaUvlqrkQeSRxKXD7pxlHdwHDgfvw01RU8NsMkfsBoTZY27BjFvIg5S/pv9O 6IznXaJu9jRWDj6tvSypx8X2iiVgtSHYahlqEUH1RusAMCILkx0DydCvUud/qRbT YcnkVVgA8ojeDoVpp3AabRrSmgEAOwW6M0KvnSuMKniLIKe7kolqGjEuLAx7s5Kg mMHfNki5dYWvQzHv03ID9UG+uW6o54BnsajEVe2EcYTPT+8pg2bCxnMElK0ds9Is qvf2Kx4kqO0qMeJG1II2zfAFqmMiTMtgA2CZ0Y42hA/bQK/CCM8QVo9JcGn3Jf6N 0X1TVob7xDo/fkRROHv74dIh2Kxa0SH8iGdb4kI= =jN3t All rights reserved to Security Art ltd. 2002-2011 26Wednesday, December 7, 11
  • 104. Iftach Ian Amit | November 2011 Much better • Throws in some additional encodings • And an XOR for old time’s sake • And we are good to go... • 0% detection rate All rights reserved to Security Art ltd. 2002-2011 27Wednesday, December 7, 11
  • 105. Iftach Ian Amit | November 2011 Resistance is futile All rights reserved to Security Art ltd. 2002-2011 28Wednesday, December 7, 11
  • 106. Iftach Ian Amit | November 2011 All rights reserved to Security Art ltd. 2002-2011 29Wednesday, December 7, 11
  • 107. Iftach Ian Amit | November 2011 80 53 443 All rights reserved to Security Art ltd. 2002-2011 29Wednesday, December 7, 11
  • 108. Iftach Ian Amit | November 2011 80 53 443 All rights reserved to Security Art ltd. 2002-2011 29Wednesday, December 7, 11
  • 109. Iftach Ian Amit | November 2011 Kill some trees All rights reserved to Security Art ltd. 2002-2011 30Wednesday, December 7, 11
  • 110. Iftach Ian Amit | November 2011 All rights reserved to Security Art ltd. 2002-2011 31Wednesday, December 7, 11
  • 111. Iftach Ian Amit | November 2011 All rights reserved to Security Art ltd. 2002-2011 31Wednesday, December 7, 11
  • 112. Iftach Ian Amit | November 2011 Good ol’e DD... All rights reserved to Security Art ltd. 2002-2011 32Wednesday, December 7, 11
  • 113. Iftach Ian Amit | November 2011 All rights reserved to Security Art ltd. 2002-2011 33Wednesday, December 7, 11
  • 114. Iftach Ian Amit | November 2011 All rights reserved to Security Art ltd. 2002-2011 33Wednesday, December 7, 11
  • 115. Iftach Ian Amit | November 2011 1/2 byte = 16 values 1 0 1 0 All rights reserved to Security Art ltd. 2002-2011 33Wednesday, December 7, 11
  • 116. Iftach Ian Amit | November 2011 1/2 byte = 16 values 1 0 1 0 All rights reserved to Security Art ltd. 2002-2011 33Wednesday, December 7, 11
  • 117. Iftach Ian Amit | November 2011 1/2 byte = 16 values 1 0 1 0 All rights reserved to Security Art ltd. 2002-2011 33Wednesday, December 7, 11
  • 118. Iftach Ian Amit | November 2011 All rights reserved to Security Art ltd. 2002-2011 34Wednesday, December 7, 11
  • 119. Iftach Ian Amit | November 2011 All rights reserved to Security Art ltd. 2002-2011 34Wednesday, December 7, 11
  • 120. Iftach Ian Amit | November 2011 All rights reserved to Security Art ltd. 2002-2011 34Wednesday, December 7, 11
  • 121. Iftach Ian Amit | November 2011 All rights reserved to Security Art ltd. 2002-2011 34Wednesday, December 7, 11
  • 122. Iftach Ian Amit | November 2011 All rights reserved to Security Art ltd. 2002-2011 34Wednesday, December 7, 11
  • 123. Iftach Ian Amit | November 2011 All rights reserved to Security Art ltd. 2002-2011 34Wednesday, December 7, 11
  • 124. Iftach Ian Amit | November 2011 All rights reserved to Security Art ltd. 2002-2011 34Wednesday, December 7, 11
  • 125. Iftach Ian Amit | November 2011 All rights reserved to Security Art ltd. 2002-2011 34Wednesday, December 7, 11
  • 126. Iftach Ian Amit | November 2011 All rights reserved to Security Art ltd. 2002-2011 35Wednesday, December 7, 11
  • 127. Iftach Ian Amit | November 2011 All rights reserved to Security Art ltd. 2002-2011 35Wednesday, December 7, 11
  • 128. Iftach Ian Amit | November 2011 1 0 1 0 All rights reserved to Security Art ltd. 2002-2011 35Wednesday, December 7, 11
  • 129. Iftach Ian Amit | November 2011 DEMO All rights reserved to Security Art ltd. 2002-2011 36Wednesday, December 7, 11
  • 130. Iftach Ian Amit | November 2011 DEMO All rights reserved to Security Art ltd. 2002-2011 36Wednesday, December 7, 11
  • 131. Iftach Ian Amit | November 2011 DEMO All rights reserved to Security Art ltd. 2002-2011 36Wednesday, December 7, 11
  • 132. Iftach Ian Amit | November 2011 DEMO All rights reserved to Security Art ltd. 2002-2011 36Wednesday, December 7, 11
  • 133. Iftach Ian Amit | November 2011 DEMO All rights reserved to Security Art ltd. 2002-2011 36Wednesday, December 7, 11
  • 134. Iftach Ian Amit | November 2011 DEMO All rights reserved to Security Art ltd. 2002-2011 36Wednesday, December 7, 11
  • 135. Iftach Ian Amit | November 2011 All rights reserved to Security Art ltd. 2002-2011 37Wednesday, December 7, 11
  • 136. Iftach Ian Amit | November 2011 Killing paper isn’t nice • Fax it! • Most corporations have email-to-fax services • heard of the address 555-7963@fax.corp.com ? • Just send any document (text, doc, pdf) to it and off you go with the data... All rights reserved to Security Art ltd. 2002-2011 38Wednesday, December 7, 11
  • 137. Iftach Ian Amit | November 2011 Conclusions All rights reserved to Security Art ltd. 2002-2011 39Wednesday, December 7, 11
  • 138. Iftach Ian Amit | November 2011 Conclusions All rights reserved to Security Art ltd. 2002-2011 39Wednesday, December 7, 11
  • 139. Iftach Ian Amit | November 2011 Conclusions All rights reserved to Security Art ltd. 2002-2011 39Wednesday, December 7, 11
  • 140. Iftach Ian Amit | November 2011 Conclusions All rights reserved to Security Art ltd. 2002-2011 39Wednesday, December 7, 11
  • 141. Iftach Ian Amit | November 2011 • Start with the human factor • Then add technology All rights reserved to Security Art ltd. 2002-2011 40Wednesday, December 7, 11
  • 142. Iftach Ian Amit | November 2011 • Start with the human factor • Then add technology All rights reserved to Security Art ltd. 2002-2011 40Wednesday, December 7, 11
  • 143. Iftach Ian Amit | November 2011 • Where people leave data • Hint - spend time with developers. • “Hack” the business process • Test, test again, and then test. Follow with a surprise test! All rights reserved to Security Art ltd. 2002-2011 41Wednesday, December 7, 11
  • 144. Iftach Ian Amit | November 2011 • Where people leave data • Hint - spend time with developers. • “Hack” the business process • Test, test again, and then test. Follow with a surprise test! All rights reserved to Security Art ltd. 2002-2011 41Wednesday, December 7, 11
  • 145. Iftach Ian Amit | November 2011 “be true to yourself, not to what you believe things should look like” Old chinese proverb All rights reserved to Security Art ltd. 2002-2011 42Wednesday, December 7, 11
  • 146. Iftach Ian Amit | November 2011 “be true to yourself, not to what you believe things should look like” Old chinese proverb All rights reserved to Security Art ltd. 2002-2011 42Wednesday, December 7, 11
  • 147. Iftach Ian Amit | November 2011 They are YOUR assets after all No reason to be shy about it... And remember to add honey... All rights reserved to Security Art ltd. 2002-2011 43Wednesday, December 7, 11
  • 148. Iftach Ian Amit | November 2011 All rights reserved to Security Art ltd. 2002-2011 44Wednesday, December 7, 11
  • 149. Iftach Ian Amit | November 2011 All rights reserved to Security Art ltd. 2002-2011 44Wednesday, December 7, 11
  • 150. Iftach Ian Amit | November 2011 All rights reserved to Security Art ltd. 2002-2011 44Wednesday, December 7, 11
  • 151. Iftach Ian Amit | November 2011 TEST SOME MORE For hints/guides see: www.pentest-standard.org All rights reserved to Security Art ltd. 2002-2011 45Wednesday, December 7, 11
  • 152. Iftach Ian Amit | November 2011 Questions? Thank you! Whitepapers: www.security-art.comData modulation Exfil POC: Too shy to ask now? http://code.google.com/p/ iamit@security-art.com data-sound-poc/ Need your daily chatter? twitter.com/iiamit All rights reserved to Security Art ltd. 2002-2011 46Wednesday, December 7, 11

×