Successfully reported this slideshow.
Your SlideShare is downloading. ×

Introducing (DET) the Data Exfiltration Toolkit

Ad

Introducing DET
(Data Exfiltration Toolkit)
Paul Amar - BSides Ljubjana - 09/03/2016

Ad

100

Ad

General Approach
TCP
DNS
HTTP
ICMP
SMTP

Ad

Ad

Ad

Ad

Ad

Ad

Ad

Ad

Ad

Ad

Ad

Ad

Ad

Ad

Ad

Ad

Ad

Ad

Ad

Ad

Ad

Ad

Ad

Ad

Ad

Ad

Ad

Ad

Ad

Ad

Ad

Ad

Ad

Ad

Ad

Ad

Ad

Ad

Ad

Ad

Ad

Ad

Upcoming SlideShare
Termux commands-list
Termux commands-list
Loading in …3
×

Check these out next

1 of 45 Ad
1 of 45 Ad

Introducing (DET) the Data Exfiltration Toolkit

Download to read offline

A talk by Paul Amar (@paulwebsec) about DET; a tool for stealthily exfiltrating data from internal network, at BSides Ljubjana 2016.

A talk by Paul Amar (@paulwebsec) about DET; a tool for stealthily exfiltrating data from internal network, at BSides Ljubjana 2016.

Advertisement
Advertisement

More Related Content

Advertisement
Advertisement

Introducing (DET) the Data Exfiltration Toolkit

  1. 1. Introducing DET (Data Exfiltration Toolkit) Paul Amar - BSides Ljubjana - 09/03/2016
  2. 2. 100
  3. 3. General Approach TCP DNS HTTP ICMP SMTP
  4. 4. General Approach TCP DNS HTTP ICMP SMTP
  5. 5. General Approach TCP DNS HTTP ICMP SMTP
  6. 6. General Approach TCP DNS HTTP ICMP SMTP
  7. 7. General Approach TCP DNS HTTP ICMP SMTP
  8. 8. General Approach TCP DNS HTTP ICMP SMTP
  9. 9. HammerToss (July 2015)
  10. 10. What’s available today?
  11. 11. What’s available today? And many more.. created almost everyday. Not kidding.
  12. 12. Current state TCP DNS HTTP ICMP Twitter DMs SMTP (eg. Gmail)
  13. 13. Introducing DET
  14. 14. Configuration file (JSON format)
  15. 15. File to exfiltrate
  16. 16. Folder to exfiltrate / multi-threaded
  17. 17. Plugin(s) to use
  18. 18. Plugin(s) to exclude
  19. 19. Server mode
  20. 20. Configuration file List all your plugins and their configuration
  21. 21. Configuration file Each plugin has its own configuration (username, pwd, …)
  22. 22. Configuration file Additional configuration (XOR Key, Sleeping time, …)
  23. 23. Let’s dig a bit (Client-side)
  24. 24. “Registration” phase 1/2
  25. 25. “Registration” phase 2/2
  26. 26. Sending the data 1/2
  27. 27. Sending the data 2/2
  28. 28. “End” phase 1/2
  29. 29. “End” phase 2/2
  30. 30. So in few words..
  31. 31. But wait! There’s moar.
  32. 32. Additional plugins (Tor Integration) 1/2 Source: http://foxglovesecurity.com/2015/11/02/hack-like-the-bad-guys-using-tor-for- firewall-evasion-and-anonymous-remote-access/
  33. 33. Additional plugins (Tor Integration) 2/2
  34. 34. “Experimental” plugins
  35. 35. What’s next - Port DET *entirely* to PowerShell (With Plugin based) (“Empire”-like) - More plugins! - Data obfuscation layer using Markov Chains - https://github.com/bwall/markovobfuscate
  36. 36. Installation Get/install it: - git clone https://github.com/sensepost/DET - pip install -r requirements --user (instal dependencies for the local user) Client side: - python det.py -f /etc/passwd -c ./config.json (or PS scripts) Server side: - python det.py -L -c ./config.json
  37. 37. sys.exit(0) Paul Amar (paul@sensepost.com) / @PaulWebSec

×