Iftach Ian Amit, profile picture
Uploaded byIftach Ian Amit
PDF, PPTX7,411 views

Advanced Data Exfiltration - the way Q would have done it

The document discusses advanced data exfiltration techniques, highlighting various methods such as emails, web links, and phishing. It emphasizes the importance of choosing targets wisely and understanding the target's willingness to share information. Additionally, it mentions different malware options with associated costs and the timeline for mass infection detection.

Embed presentation

Download as PDF, PPTX
1 / 152
2 / 152
3 / 152
4 / 152
5 / 152
6 / 152
7 / 152
8 / 152
9 / 152
10 / 152
11 / 152
12 / 152
13 / 152
14 / 152
15 / 152
16 / 152
17 / 152
18 / 152
19 / 152
20 / 152
21 / 152
22 / 152
23 / 152
24 / 152
25 / 152
26 / 152
27 / 152
28 / 152
29 / 152
30 / 152
31 / 152
32 / 152
33 / 152
34 / 152
35 / 152
36 / 152
37 / 152
38 / 152
39 / 152
40 / 152
41 / 152
42 / 152
43 / 152
44 / 152
45 / 152
46 / 152
47 / 152
48 / 152
49 / 152
50 / 152
51 / 152
52 / 152
53 / 152
54 / 152
55 / 152
56 / 152
57 / 152
58 / 152
59 / 152
60 / 152
61 / 152
62 / 152
63 / 152
64 / 152
65 / 152
66 / 152
67 / 152
68 / 152
69 / 152
70 / 152
71 / 152
72 / 152
73 / 152
74 / 152
75 / 152
76 / 152
77 / 152
78 / 152
79 / 152
80 / 152
81 / 152
82 / 152
83 / 152
84 / 152
85 / 152
86 / 152
87 / 152
88 / 152
89 / 152
90 / 152
91 / 152
92 / 152
93 / 152
94 / 152
95 / 152
96 / 152
97 / 152
98 / 152
99 / 152
100 / 152
101 / 152
102 / 152
103 / 152
104 / 152
105 / 152
106 / 152
107 / 152
108 / 152
109 / 152
110 / 152
111 / 152
112 / 152
113 / 152
114 / 152
115 / 152
116 / 152
117 / 152
118 / 152
119 / 152
120 / 152
121 / 152
122 / 152
123 / 152
124 / 152
125 / 152
126 / 152
127 / 152
128 / 152
129 / 152
130 / 152
131 / 152
132 / 152
133 / 152
134 / 152
135 / 152
136 / 152
137 / 152
138 / 152
139 / 152
140 / 152
141 / 152
142 / 152
143 / 152
144 / 152
145 / 152
146 / 152
147 / 152
148 / 152
149 / 152
150 / 152
151 / 152
152 / 152
Iftach Ian Amit | November 2011 Advanced Data Exfiltration The way Q would have done it Iftach Ian Amit VP Consulting DC9723 CSA-IL Board member IL-CERT Visionary All rights reserved to Security Art ltd. 2002-2011 www.security-art.com Wednesday, December 7, 11
Iftach Ian Amit | November 2011 whoami All rights reserved to Security Art ltd. 2002-2011 2 Wednesday, December 7, 11
Iftach Ian Amit | November 2011 whoami All rights reserved to Security Art ltd. 2002-2011 2 Wednesday, December 7, 11
Iftach Ian Amit | November 2011 whoami All rights reserved to Security Art ltd. 2002-2011 2 Wednesday, December 7, 11
Iftach Ian Amit | November 2011 whoami All rights reserved to Security Art ltd. 2002-2011 2 Wednesday, December 7, 11
Iftach Ian Amit | November 2011 whoami All rights reserved to Security Art ltd. 2002-2011 2 Wednesday, December 7, 11
Iftach Ian Amit | November 2011 whoami All rights reserved to Security Art ltd. 2002-2011 2 Wednesday, December 7, 11
Iftach Ian Amit | November 2011 whoami All rights reserved to Security Art ltd. 2002-2011 2 Wednesday, December 7, 11
Iftach Ian Amit | November 2011 whoami All rights reserved to Security Art ltd. 2002-2011 2 Wednesday, December 7, 11
Iftach Ian Amit | November 2011 whoami All rights reserved to Security Art ltd. 2002-2011 2 Wednesday, December 7, 11
Iftach Ian Amit | November 2011 whoami All rights reserved to Security Art ltd. 2002-2011 2 Wednesday, December 7, 11
Iftach Ian Amit | November 2011 whoami All rights reserved to Security Art ltd. 2002-2011 2 Wednesday, December 7, 11
Iftach Ian Amit | November 2011 Agenda All rights reserved to Security Art ltd. 2002-2011 3 Wednesday, December 7, 11
Iftach Ian Amit | November 2011 Agenda All rights reserved to Security Art ltd. 2002-2011 3 Wednesday, December 7, 11
Iftach Ian Amit | November 2011 Agenda All rights reserved to Security Art ltd. 2002-2011 3 Wednesday, December 7, 11
Iftach Ian Amit | November 2011 Agenda All rights reserved to Security Art ltd. 2002-2011 3 Wednesday, December 7, 11
Iftach Ian Amit | November 2011 All rights reserved to Security Art ltd. 2002-2011 4 Wednesday, December 7, 11
Iftach Ian Amit | November 2011 All rights reserved to Security Art ltd. 2002-2011 5 Wednesday, December 7, 11
Iftach Ian Amit | November 2011 All rights reserved to Security Art ltd. 2002-2011 5 Wednesday, December 7, 11
Iftach Ian Amit | November 2011 All rights reserved to Security Art ltd. 2002-2011 5 Wednesday, December 7, 11
Iftach Ian Amit | November 2011 All rights reserved to Security Art ltd. 2002-2011 5 Wednesday, December 7, 11
Iftach Ian Amit | November 2011 All rights reserved to Security Art ltd. 2002-2011 5 Wednesday, December 7, 11
Iftach Ian Amit | November 2011 All rights reserved to Security Art ltd. 2002-2011 6 Wednesday, December 7, 11
Iftach Ian Amit | November 2011 All rights reserved to Security Art ltd. 2002-2011 6 Wednesday, December 7, 11
Iftach Ian Amit | November 2011 All rights reserved to Security Art ltd. 2002-2011 6 Wednesday, December 7, 11
Iftach Ian Amit | November 2011 All rights reserved to Security Art ltd. 2002-2011 6 Wednesday, December 7, 11
Iftach Ian Amit | November 2011 All rights reserved to Security Art ltd. 2002-2011 6 Wednesday, December 7, 11
Iftach Ian Amit | November 2011 All rights reserved to Security Art ltd. 2002-2011 6 Wednesday, December 7, 11
Iftach Ian Amit | November 2011 All rights reserved to Security Art ltd. 2002-2011 6 Wednesday, December 7, 11
Iftach Ian Amit | November 2011 All rights reserved to Security Art ltd. 2002-2011 7 Wednesday, December 7, 11
Iftach Ian Amit | November 2011 All rights reserved to Security Art ltd. 2002-2011 7 Wednesday, December 7, 11
Iftach Ian Amit | November 2011 All rights reserved to Security Art ltd. 2002-2011 7 Wednesday, December 7, 11
Iftach Ian Amit | November 2011 All rights reserved to Security Art ltd. 2002-2011 7 Wednesday, December 7, 11
Iftach Ian Amit | November 2011 All rights reserved to Security Art ltd. 2002-2011 7 Wednesday, December 7, 11
Iftach Ian Amit | November 2011 All rights reserved to Security Art ltd. 2002-2011 7 Wednesday, December 7, 11
Iftach Ian Amit | November 2011 All rights reserved to Security Art ltd. 2002-2011 8 Wednesday, December 7, 11
Iftach Ian Amit | November 2011 All rights reserved to Security Art ltd. 2002-2011 8 Wednesday, December 7, 11
Iftach Ian Amit | November 2011 All rights reserved to Security Art ltd. 2002-2011 8 Wednesday, December 7, 11
Iftach Ian Amit | November 2011 All rights reserved to Security Art ltd. 2002-2011 8 Wednesday, December 7, 11
Iftach Ian Amit | November 2011 All rights reserved to Security Art ltd. 2002-2011 9 Wednesday, December 7, 11
Iftach Ian Amit | November 2011 • eMails, web links, phishing... All rights reserved to Security Art ltd. 2002-2011 9 Wednesday, December 7, 11
Iftach Ian Amit | November 2011 • eMails, web links, phishing... • Works like a charm! All rights reserved to Security Art ltd. 2002-2011 9 Wednesday, December 7, 11
Iftach Ian Amit | November 2011 • eMails, web links, phishing... • Works like a charm! • And can be mostly automated All rights reserved to Security Art ltd. 2002-2011 9 Wednesday, December 7, 11
Iftach Ian Amit | November 2011 • eMails, web links, phishing... • Works like a charm! • And can be mostly automated • SET to the rescue All rights reserved to Security Art ltd. 2002-2011 9 Wednesday, December 7, 11
Iftach Ian Amit | November 2011 • eMails, web links, phishing... • Works like a charm! • And can be mostly automated • SET to the rescue All rights reserved to Security Art ltd. 2002-2011 9 Wednesday, December 7, 11
Iftach Ian Amit | November 2011 And... being nice/nasty/ obnoxious/needy always helps! All rights reserved to Security Art ltd. 2002-2011 10 Wednesday, December 7, 11
Iftach Ian Amit | November 2011 And... being nice/nasty/ obnoxious/needy always helps! All rights reserved to Security Art ltd. 2002-2011 10 Wednesday, December 7, 11
Iftach Ian Amit | November 2011 And... being nice/nasty/ obnoxious/needy always helps! All rights reserved to Security Art ltd. 2002-2011 10 Wednesday, December 7, 11
Iftach Ian Amit | November 2011 And... being nice/nasty/ obnoxious/needy always helps! All rights reserved to Security Art ltd. 2002-2011 10 Wednesday, December 7, 11
Iftach Ian Amit | November 2011 And... being nice/nasty/ obnoxious/needy always helps! All rights reserved to Security Art ltd. 2002-2011 10 Wednesday, December 7, 11
Iftach Ian Amit | November 2011 All rights reserved to Security Art ltd. 2002-2011 11 Wednesday, December 7, 11
Iftach Ian Amit | November 2011 All rights reserved to Security Art ltd. 2002-2011 11 Wednesday, December 7, 11
Iftach Ian Amit | November 2011 Internet 3rd party You! Target All rights reserved to Security Art ltd. 2002-2011 11 Wednesday, December 7, 11
Iftach Ian Amit | November 2011 Internet 3rd party You! Target All rights reserved to Security Art ltd. 2002-2011 11 Wednesday, December 7, 11
Iftach Ian Amit | November 2011 Internet 3rd party You! Target All rights reserved to Security Art ltd. 2002-2011 11 Wednesday, December 7, 11
Iftach Ian Amit | November 2011 Internet 3rd party You! Target All rights reserved to Security Art ltd. 2002-2011 11 Wednesday, December 7, 11
Iftach Ian Amit | November 2011 Internet 3rd party You! Target All rights reserved to Security Art ltd. 2002-2011 11 Wednesday, December 7, 11
Iftach Ian Amit | November 2011 Internet 3rd party You! Target All rights reserved to Security Art ltd. 2002-2011 11 Wednesday, December 7, 11
Iftach Ian Amit | November 2011 Internet 3rd party You! Target All rights reserved to Security Art ltd. 2002-2011 11 Wednesday, December 7, 11
Iftach Ian Amit | November 2011 All rights reserved to Security Art ltd. 2002-2011 12 Wednesday, December 7, 11
Iftach Ian Amit | November 2011 All rights reserved to Security Art ltd. 2002-2011 12 Wednesday, December 7, 11
Iftach Ian Amit | November 2011 All rights reserved to Security Art ltd. 2002-2011 12 Wednesday, December 7, 11
Iftach Ian Amit | November 2011 What is the target “willing” to tell about itself? All rights reserved to Security Art ltd. 2002-2011 13 Wednesday, December 7, 11
Iftach Ian Amit | November 2011 What is the target “willing” to tell about itself? All rights reserved to Security Art ltd. 2002-2011 13 Wednesday, December 7, 11
Iftach Ian Amit | November 2011 What is the target “willing” to tell about itself? All rights reserved to Security Art ltd. 2002-2011 13 Wednesday, December 7, 11
Iftach Ian Amit | November 2011 Who’s your daddy? And buddy, and friends, relatives, colleagues... All rights reserved to Security Art ltd. 2002-2011 14 Wednesday, December 7, 11
Iftach Ian Amit | November 2011 Who’s your daddy? And buddy, and friends, relatives, colleagues... All rights reserved to Security Art ltd. 2002-2011 14 Wednesday, December 7, 11
Iftach Ian Amit | November 2011 Who’s your daddy? And buddy, and friends, relatives, colleagues... All rights reserved to Security Art ltd. 2002-2011 14 Wednesday, December 7, 11
Iftach Ian Amit | November 2011 Who’s your daddy? And buddy, and friends, relatives, colleagues... All rights reserved to Security Art ltd. 2002-2011 14 Wednesday, December 7, 11
Iftach Ian Amit | November 2011 All rights reserved to Security Art ltd. 2002-2011 15 Wednesday, December 7, 11
Iftach Ian Amit | November 2011 All rights reserved to Security Art ltd. 2002-2011 15 Wednesday, December 7, 11
Iftach Ian Amit | November 2011 Select your target wisely And then craft your payload :-) All rights reserved to Security Art ltd. 2002-2011 16 Wednesday, December 7, 11
Iftach Ian Amit | November 2011 All rights reserved to Security Art ltd. 2002-2011 17 Wednesday, December 7, 11
Iftach Ian Amit | November 2011 All rights reserved to Security Art ltd. 2002-2011 17 Wednesday, December 7, 11
Iftach Ian Amit | November 2011 All rights reserved to Security Art ltd. 2002-2011 17 Wednesday, December 7, 11
Iftach Ian Amit | November 2011 All rights reserved to Security Art ltd. 2002-2011 17 Wednesday, December 7, 11
Iftach Ian Amit | November 2011 All rights reserved to Security Art ltd. 2002-2011 17 Wednesday, December 7, 11
Iftach Ian Amit | November 2011 • ZeuS: $3000-$5000 • SpyEye: $2500-$4000 • Limbo: $500-$1500 All rights reserved to Security Art ltd. 2002-2011 17 Wednesday, December 7, 11
Iftach Ian Amit | November 2011 • ZeuS: $3000-$5000 E! RE • SpyEye: $2500-$4000 F • Limbo: $500-$1500 All rights reserved to Security Art ltd. 2002-2011 17 Wednesday, December 7, 11
Iftach Ian Amit | November 2011 All rights reserved to Security Art ltd. 2002-2011 18 Wednesday, December 7, 11
Iftach Ian Amit | November 2011 All rights reserved to Security Art ltd. 2002-2011 18 Wednesday, December 7, 11
Iftach Ian Amit | November 2011 Experienced travelers know the importance of packing properly All rights reserved to Security Art ltd. 2002-2011 18 Wednesday, December 7, 11
Iftach Ian Amit | November 2011 Experienced travelers know the importance of packing properly All rights reserved to Security Art ltd. 2002-2011 18 Wednesday, December 7, 11
Iftach Ian Amit | November 2011 • File servers • Databases • File types • Gateways (routes) • Printers All rights reserved to Security Art ltd. 2002-2011 19 Wednesday, December 7, 11
Iftach Ian Amit | November 2011 Mass infection: APT: 5-6 days before 5-6 months before detection detection All rights reserved to Security Art ltd. 2002-2011 20 Wednesday, December 7, 11
Iftach Ian Amit | November 2011 Mass infection: APT: 5-6 days before 5-6 months before detection detection All rights reserved to Security Art ltd. 2002-2011 20 Wednesday, December 7, 11
Iftach Ian Amit | November 2011 Mass infection: APT: 5-6 days before 5-6 months before detection detection Frequent updates No* updates * Almost All rights reserved to Security Art ltd. 2002-2011 20 Wednesday, December 7, 11
Iftach Ian Amit | November 2011 PATIENCE Mass infection: APT: 5-6 days before 5-6 months before detection detection Frequent updates No* updates * Almost All rights reserved to Security Art ltd. 2002-2011 21 Wednesday, December 7, 11
Iftach Ian Amit | November 2011 All rights reserved to Security Art ltd. 2002-2011 22 Wednesday, December 7, 11
Iftach Ian Amit | November 2011 All rights reserved to Security Art ltd. 2002-2011 22 Wednesday, December 7, 11
Iftach Ian Amit | November 2011 All rights reserved to Security Art ltd. 2002-2011 22 Wednesday, December 7, 11
Iftach Ian Amit | November 2011 All rights reserved to Security Art ltd. 2002-2011 22 Wednesday, December 7, 11
Iftach Ian Amit | November 2011 All rights reserved to Security Art ltd. 2002-2011 22 Wednesday, December 7, 11
Iftach Ian Amit | November 2011 All rights reserved to Security Art ltd. 2002-2011 22 Wednesday, December 7, 11
Iftach Ian Amit | November 2011 All rights reserved to Security Art ltd. 2002-2011 22 Wednesday, December 7, 11
Iftach Ian Amit | November 2011 All rights reserved to Security Art ltd. 2002-2011 23 Wednesday, December 7, 11
Iftach Ian Amit | November 2011 All rights reserved to Security Art ltd. 2002-2011 23 Wednesday, December 7, 11
Iftach Ian Amit | November 2011 All rights reserved to Security Art ltd. 2002-2011 24 Wednesday, December 7, 11
Iftach Ian Amit | November 2011 All rights reserved to Security Art ltd. 2002-2011 24 Wednesday, December 7, 11
Iftach Ian Amit | November 2011 All rights reserved to Security Art ltd. 2002-2011 24 Wednesday, December 7, 11
Iftach Ian Amit | November 2011 -----BEGIN PGP MESSAGE----- So... Version: GnuPG/MacGPG2 v2.0.14 (Darwin) hQMOA1jQIm6UkL4eEAv/W3r/eYLUmqRNi/Jegt72lK6qdBiBfkg9PZ5YKql9CUZp FGnVk029K3gEVcrA4k7w2aOtP7tYKRF8v4yrZQ9GZ7eXzR7+Tbf1g+7dveH6U8Bf BHo8LRovj5OlGghrvpyKYRPIf/NAgzL2G8dyi/FVB0YB4J7/4x0YFEalQHaLiKyt /gkikyV92njPJ6tPm2sdKUqUHSb20r9AdowZ0VVRrWwdRgUhdNXajjwcbH1BjVuS Gilw8MnmQkmJAT+TAFkTqC9fjiwtnNMNANJbo2Z36RqsAcKbhVh1eMA7ev0pUakp Tm4xN64syk/1DEc0VHFbanAreTV3tCbUUIoPQDFGFpiu3oS6/089oUvRtBBbC5p6 leYKEnDllcGWAomRSiYBFWjTca/DIw43QIW/lmdBnwcWLuQmDCmwr3HuhEaOmqfO hdgaxM4GuVdJCDdwXzwpuaPElCd18weH2XNzudLdeRKN+wjl/4D6bIo+038BcLei SyhWrMFB7mKSmEzQufQUDACFamtMCn9YOo3mgo+YYk505qhIDLNwZXqyVUqOHvIG vu7gzuNwUdY5idLqsGEs0K0xVwYntTKUh61tNS/HDfNTVm4Y3p8M88JHhcg7npY5 gJuhWuHkgp2CTsQT+gRjthm3l3AlnIvAfuC5uWLMsjA4sCw2FRDOARxrN9El8maX /vCxN9aB3dK4S9MSGJ5HhaYpTfpc9CdFkFryzb2sFWfW85nSzNo7dVFCy0jmSr19 o4Jsfj0J0izS3MeGYYz5NSsfBz+6o/IYURL3OXrm4DuJNHY0DvVbYqSQRRx3o2S+ uZekwXwYsqpei/f/sYo875p5NeX3g62zgjy2Vly+n58WaZWoHb5Y0QCxNfpjdcAQ 3tuZQaUvlqrkQeSRxKXD7pxlHdwHDgfvw01RU8NsMkfsBoTZY27BjFvIg5S/pv9O 6IznXaJu9jRWDj6tvSypx8X2iiVgtSHYahlqEUH1RusAMCILkx0DydCvUud/qRbT YcnkVVgA8ojeDoVpp3AabRrSmgEAOwW6M0KvnSuMKniLIKe7kolqGjEuLAx7s5Kg mMHfNki5dYWvQzHv03ID9UG+uW6o54BnsajEVe2EcYTPT+8pg2bCxnMElK0ds9Is qvf2Kx4kqO0qMeJG1II2zfAFqmMiTMtgA2CZ0Y42hA/bQK/CCM8QVo9JcGn3Jf6N 0X1TVob7xDo/fkRROHv74dIh2Kxa0SH8iGdb4kI= =jN3t -----END PGP MESSAGE----- All rights reserved to Security Art ltd. 2002-2011 25 Wednesday, December 7, 11
Iftach Ian Amit | November 2011 Still “too detectable” All rights reserved to Security Art ltd. 2002-2011 26 Wednesday, December 7, 11
Iftach Ian Amit | November 2011 Still “too detectable” hQMOA1jQIm6UkL4eEAv/W3r/eYLUmqRNi/Jegt72lK6qdBiBfkg9PZ5YKql9CUZp FGnVk029K3gEVcrA4k7w2aOtP7tYKRF8v4yrZQ9GZ7eXzR7+Tbf1g+7dveH6U8Bf BHo8LRovj5OlGghrvpyKYRPIf/NAgzL2G8dyi/FVB0YB4J7/4x0YFEalQHaLiKyt /gkikyV92njPJ6tPm2sdKUqUHSb20r9AdowZ0VVRrWwdRgUhdNXajjwcbH1BjVuS Gilw8MnmQkmJAT+TAFkTqC9fjiwtnNMNANJbo2Z36RqsAcKbhVh1eMA7ev0pUakp Tm4xN64syk/1DEc0VHFbanAreTV3tCbUUIoPQDFGFpiu3oS6/089oUvRtBBbC5p6 leYKEnDllcGWAomRSiYBFWjTca/DIw43QIW/lmdBnwcWLuQmDCmwr3HuhEaOmqfO hdgaxM4GuVdJCDdwXzwpuaPElCd18weH2XNzudLdeRKN+wjl/4D6bIo+038BcLei SyhWrMFB7mKSmEzQufQUDACFamtMCn9YOo3mgo+YYk505qhIDLNwZXqyVUqOHvIG vu7gzuNwUdY5idLqsGEs0K0xVwYntTKUh61tNS/HDfNTVm4Y3p8M88JHhcg7npY5 gJuhWuHkgp2CTsQT+gRjthm3l3AlnIvAfuC5uWLMsjA4sCw2FRDOARxrN9El8maX /vCxN9aB3dK4S9MSGJ5HhaYpTfpc9CdFkFryzb2sFWfW85nSzNo7dVFCy0jmSr19 o4Jsfj0J0izS3MeGYYz5NSsfBz+6o/IYURL3OXrm4DuJNHY0DvVbYqSQRRx3o2S+ uZekwXwYsqpei/f/sYo875p5NeX3g62zgjy2Vly+n58WaZWoHb5Y0QCxNfpjdcAQ 3tuZQaUvlqrkQeSRxKXD7pxlHdwHDgfvw01RU8NsMkfsBoTZY27BjFvIg5S/pv9O 6IznXaJu9jRWDj6tvSypx8X2iiVgtSHYahlqEUH1RusAMCILkx0DydCvUud/qRbT YcnkVVgA8ojeDoVpp3AabRrSmgEAOwW6M0KvnSuMKniLIKe7kolqGjEuLAx7s5Kg mMHfNki5dYWvQzHv03ID9UG+uW6o54BnsajEVe2EcYTPT+8pg2bCxnMElK0ds9Is qvf2Kx4kqO0qMeJG1II2zfAFqmMiTMtgA2CZ0Y42hA/bQK/CCM8QVo9JcGn3Jf6N 0X1TVob7xDo/fkRROHv74dIh2Kxa0SH8iGdb4kI= =jN3t All rights reserved to Security Art ltd. 2002-2011 26 Wednesday, December 7, 11
Iftach Ian Amit | November 2011 Much better • Throws in some additional encodings • And an XOR for old time’s sake • And we are good to go... • 0% detection rate All rights reserved to Security Art ltd. 2002-2011 27 Wednesday, December 7, 11
Iftach Ian Amit | November 2011 Resistance is futile All rights reserved to Security Art ltd. 2002-2011 28 Wednesday, December 7, 11
Iftach Ian Amit | November 2011 All rights reserved to Security Art ltd. 2002-2011 29 Wednesday, December 7, 11
Iftach Ian Amit | November 2011 80 53 443 All rights reserved to Security Art ltd. 2002-2011 29 Wednesday, December 7, 11
Iftach Ian Amit | November 2011 80 53 443 All rights reserved to Security Art ltd. 2002-2011 29 Wednesday, December 7, 11
Iftach Ian Amit | November 2011 Kill some trees All rights reserved to Security Art ltd. 2002-2011 30 Wednesday, December 7, 11
Iftach Ian Amit | November 2011 All rights reserved to Security Art ltd. 2002-2011 31 Wednesday, December 7, 11
Iftach Ian Amit | November 2011 All rights reserved to Security Art ltd. 2002-2011 31 Wednesday, December 7, 11
Iftach Ian Amit | November 2011 Good ol’e DD... All rights reserved to Security Art ltd. 2002-2011 32 Wednesday, December 7, 11
Iftach Ian Amit | November 2011 All rights reserved to Security Art ltd. 2002-2011 33 Wednesday, December 7, 11
Iftach Ian Amit | November 2011 All rights reserved to Security Art ltd. 2002-2011 33 Wednesday, December 7, 11
Iftach Ian Amit | November 2011 1/2 byte = 16 values 1 0 1 0 All rights reserved to Security Art ltd. 2002-2011 33 Wednesday, December 7, 11
Iftach Ian Amit | November 2011 1/2 byte = 16 values 1 0 1 0 All rights reserved to Security Art ltd. 2002-2011 33 Wednesday, December 7, 11
Iftach Ian Amit | November 2011 1/2 byte = 16 values 1 0 1 0 All rights reserved to Security Art ltd. 2002-2011 33 Wednesday, December 7, 11
Iftach Ian Amit | November 2011 All rights reserved to Security Art ltd. 2002-2011 34 Wednesday, December 7, 11
Iftach Ian Amit | November 2011 All rights reserved to Security Art ltd. 2002-2011 34 Wednesday, December 7, 11
Iftach Ian Amit | November 2011 All rights reserved to Security Art ltd. 2002-2011 34 Wednesday, December 7, 11
Iftach Ian Amit | November 2011 All rights reserved to Security Art ltd. 2002-2011 34 Wednesday, December 7, 11
Iftach Ian Amit | November 2011 All rights reserved to Security Art ltd. 2002-2011 34 Wednesday, December 7, 11
Iftach Ian Amit | November 2011 All rights reserved to Security Art ltd. 2002-2011 34 Wednesday, December 7, 11
Iftach Ian Amit | November 2011 All rights reserved to Security Art ltd. 2002-2011 34 Wednesday, December 7, 11
Iftach Ian Amit | November 2011 All rights reserved to Security Art ltd. 2002-2011 34 Wednesday, December 7, 11
Iftach Ian Amit | November 2011 All rights reserved to Security Art ltd. 2002-2011 35 Wednesday, December 7, 11
Iftach Ian Amit | November 2011 All rights reserved to Security Art ltd. 2002-2011 35 Wednesday, December 7, 11
Iftach Ian Amit | November 2011 1 0 1 0 All rights reserved to Security Art ltd. 2002-2011 35 Wednesday, December 7, 11
Iftach Ian Amit | November 2011 DEMO All rights reserved to Security Art ltd. 2002-2011 36 Wednesday, December 7, 11
Iftach Ian Amit | November 2011 DEMO All rights reserved to Security Art ltd. 2002-2011 36 Wednesday, December 7, 11
Iftach Ian Amit | November 2011 DEMO All rights reserved to Security Art ltd. 2002-2011 36 Wednesday, December 7, 11
Iftach Ian Amit | November 2011 DEMO All rights reserved to Security Art ltd. 2002-2011 36 Wednesday, December 7, 11
Iftach Ian Amit | November 2011 DEMO All rights reserved to Security Art ltd. 2002-2011 36 Wednesday, December 7, 11
Iftach Ian Amit | November 2011 DEMO All rights reserved to Security Art ltd. 2002-2011 36 Wednesday, December 7, 11
Iftach Ian Amit | November 2011 All rights reserved to Security Art ltd. 2002-2011 37 Wednesday, December 7, 11
Iftach Ian Amit | November 2011 Killing paper isn’t nice • Fax it! • Most corporations have email-to-fax services • heard of the address 555-7963@fax.corp.com ? • Just send any document (text, doc, pdf) to it and off you go with the data... All rights reserved to Security Art ltd. 2002-2011 38 Wednesday, December 7, 11
Iftach Ian Amit | November 2011 Conclusions All rights reserved to Security Art ltd. 2002-2011 39 Wednesday, December 7, 11
Iftach Ian Amit | November 2011 Conclusions All rights reserved to Security Art ltd. 2002-2011 39 Wednesday, December 7, 11
Iftach Ian Amit | November 2011 Conclusions All rights reserved to Security Art ltd. 2002-2011 39 Wednesday, December 7, 11
Iftach Ian Amit | November 2011 Conclusions All rights reserved to Security Art ltd. 2002-2011 39 Wednesday, December 7, 11
Iftach Ian Amit | November 2011 • Start with the human factor • Then add technology All rights reserved to Security Art ltd. 2002-2011 40 Wednesday, December 7, 11
Iftach Ian Amit | November 2011 • Start with the human factor • Then add technology All rights reserved to Security Art ltd. 2002-2011 40 Wednesday, December 7, 11
Iftach Ian Amit | November 2011 • Where people leave data • Hint - spend time with developers. • “Hack” the business process • Test, test again, and then test. Follow with a surprise test! All rights reserved to Security Art ltd. 2002-2011 41 Wednesday, December 7, 11
Iftach Ian Amit | November 2011 • Where people leave data • Hint - spend time with developers. • “Hack” the business process • Test, test again, and then test. Follow with a surprise test! All rights reserved to Security Art ltd. 2002-2011 41 Wednesday, December 7, 11
Iftach Ian Amit | November 2011 “be true to yourself, not to what you believe things should look like” Old chinese proverb All rights reserved to Security Art ltd. 2002-2011 42 Wednesday, December 7, 11
Iftach Ian Amit | November 2011 “be true to yourself, not to what you believe things should look like” Old chinese proverb All rights reserved to Security Art ltd. 2002-2011 42 Wednesday, December 7, 11
Iftach Ian Amit | November 2011 They are YOUR assets after all No reason to be shy about it... And remember to add honey... All rights reserved to Security Art ltd. 2002-2011 43 Wednesday, December 7, 11
Iftach Ian Amit | November 2011 All rights reserved to Security Art ltd. 2002-2011 44 Wednesday, December 7, 11
Iftach Ian Amit | November 2011 All rights reserved to Security Art ltd. 2002-2011 44 Wednesday, December 7, 11
Iftach Ian Amit | November 2011 All rights reserved to Security Art ltd. 2002-2011 44 Wednesday, December 7, 11
Iftach Ian Amit | November 2011 TEST SOME MORE For hints/guides see: www.pentest-standard.org All rights reserved to Security Art ltd. 2002-2011 45 Wednesday, December 7, 11
Iftach Ian Amit | November 2011 Questions? Thank you! Whitepapers: www.security-art.com Data modulation Exfil POC: Too shy to ask now? http://code.google.com/p/ iamit@security-art.com data-sound-poc/ Need your daily chatter? twitter.com/iiamit All rights reserved to Security Art ltd. 2002-2011 46 Wednesday, December 7, 11

More Related Content

PDF
Advanced Data Exfiltration The Way Q Would Have Done It
bySource Conference
 
PDF
Pushing in, leaving a present, and pulling out slowly without anyone noticing
byIftach Ian Amit
 
PDF
Advanced Data Exfiltration
byIftach Ian Amit
 
PDF
Ian Iftach Amit - Cyber[Crime|War] - Connecting The Dots
bySource Conference
 
PDF
Cyber [Crime|War] - SourceBoston 2011
byIftach Ian Amit
 
PDF
Cyber [crime|war deepsec
byIftach Ian Amit
 
PDF
Cyber[Crime|War] - Brucon
byIftach Ian Amit
 
PPTX
Dan Crowley - Jack Of All Formats
bySource Conference
 
Advanced Data Exfiltration The Way Q Would Have Done It
bySource Conference
 
Pushing in, leaving a present, and pulling out slowly without anyone noticing
byIftach Ian Amit
 
Advanced Data Exfiltration
byIftach Ian Amit
 
Ian Iftach Amit - Cyber[Crime|War] - Connecting The Dots
bySource Conference
 
Cyber [Crime|War] - SourceBoston 2011
byIftach Ian Amit
 
Cyber [crime|war deepsec
byIftach Ian Amit
 
Cyber[Crime|War] - Brucon
byIftach Ian Amit
 
Dan Crowley - Jack Of All Formats
bySource Conference
 

More from Iftach Ian Amit

PDF
Cheating in Computer Games
byIftach Ian Amit
 
PDF
Exploiting Second life
byIftach Ian Amit
 
PPTX
Cyber Risk Quantification - CyberTLV
byIftach Ian Amit
 
PDF
Infecting Python Bytecode
byIftach Ian Amit
 
PDF
Telecommunication basics dc9723
byIftach Ian Amit
 
PDF
Devsecops at Cimpress
byIftach Ian Amit
 
PDF
Dtmf phreaking
byIftach Ian Amit
 
PDF
Armorizing applications
byIftach Ian Amit
 
PDF
Cyber state
byIftach Ian Amit
 
PDF
From your Pocket to your Heart and Back
byIftach Ian Amit
 
PPTX
Hacking cyber-iamit
byIftach Ian Amit
 
PPTX
BSidesTLV Closing Keynote
byIftach Ian Amit
 
PDF
Sexy defense
byIftach Ian Amit
 
PDF
"Cyber" security - all good, no need to worry?
byIftach Ian Amit
 
PDF
Painting a Company Red and Blue
byIftach Ian Amit
 
PDF
Bitcoin
byIftach Ian Amit
 
PDF
ISTS12 Keynote
byIftach Ian Amit
 
PDF
Passwords good badugly181212-2
byIftach Ian Amit
 
PDF
Seeing Red In Your Future?
byIftach Ian Amit
 
PDF
Social Media Risk Metrics
byIftach Ian Amit
 
Cheating in Computer Games
byIftach Ian Amit
 
Exploiting Second life
byIftach Ian Amit
 
Cyber Risk Quantification - CyberTLV
byIftach Ian Amit
 
Infecting Python Bytecode
byIftach Ian Amit
 
Telecommunication basics dc9723
byIftach Ian Amit
 
Devsecops at Cimpress
byIftach Ian Amit
 
Dtmf phreaking
byIftach Ian Amit
 
Armorizing applications
byIftach Ian Amit
 
Cyber state
byIftach Ian Amit
 
From your Pocket to your Heart and Back
byIftach Ian Amit
 
Hacking cyber-iamit
byIftach Ian Amit
 
BSidesTLV Closing Keynote
byIftach Ian Amit
 
Sexy defense
byIftach Ian Amit
 
"Cyber" security - all good, no need to worry?
byIftach Ian Amit
 
Painting a Company Red and Blue
byIftach Ian Amit
 
Bitcoin
byIftach Ian Amit
 
ISTS12 Keynote
byIftach Ian Amit
 
Passwords good badugly181212-2
byIftach Ian Amit
 
Seeing Red In Your Future?
byIftach Ian Amit
 
Social Media Risk Metrics
byIftach Ian Amit
 

Recently uploaded

PDF
Unlocking the Power of Salesforce Architecture: Frameworks for Effective Solu...
byvarsha30tiwari
 
PPTX
THIS IS CYBER SECURITY NOTES USED IN CLASS ON VARIOUS TOPICS USED IN CYBERSEC...
byMelissaGblinwon
 
PPTX
Ethics in AI - Artificial Intelligence Fundamentals.pptx
byemenyiblessing
 
PDF
Making Sense of Raster: From Bit Depth to Better Workflows
bySafe Software
 
PDF
Vibe Coding vs. Spec-Driven Development [Free Meetup]
byHaim Michael
 
PDF
December Patch Tuesday
byIvanti
 
PDF
Igniting the Future: Copilot trends, agentic transformation and product roadm...
byUni Systems S.M.S.A.
 
PDF
TrustArc Webinar - Assessing AI Risk with Confidence
byTrustArc
 
PDF
Safeguarding AI-Based Financial Infrastructure
byYasir Naveed Riaz
 
PDF
Zero Trust & Defense-in-Depth: The Future of Critical Infrastructure Security
byYasir Naveed Riaz
 
PDF
Innovative AI Solutions for Business Growth.pdf
byVox Works
 
PDF
TPPmark2025 Kenta Inoue's answer 12/04/2025
byKenta Inoue
 
PDF
Incident Response Planning with a Foundation Model
byKim Hammar
 
PDF
Empowering Productivity with Clever Prompts and Intelligent Agents
byUni Systems S.M.S.A.
 
PDF
Greetings All Students Update 3 by Mia Corp
by©LDMMIA, ©Reiki Yoga
 
PPTX
The Future of IT Service Management AI Automation & Beyond.pptx
byChetu
 
PDF
Agentic Automation for Testers – A Hands-On Deep Dive
byUiPathCommunity
 
PPTX
Combining Induction and Transduction for Abstract Reasoning.pptx
byallen578468
 
PPTX
RISE with SAP for Automotive - S4 HANA Value.pptx
byAmira Jemi
 
PDF
Recursive Self Improvement vs Continuous Learning
byBob Marcus
 
Unlocking the Power of Salesforce Architecture: Frameworks for Effective Solu...
byvarsha30tiwari
 
THIS IS CYBER SECURITY NOTES USED IN CLASS ON VARIOUS TOPICS USED IN CYBERSEC...
byMelissaGblinwon
 
Ethics in AI - Artificial Intelligence Fundamentals.pptx
byemenyiblessing
 
Making Sense of Raster: From Bit Depth to Better Workflows
bySafe Software
 
Vibe Coding vs. Spec-Driven Development [Free Meetup]
byHaim Michael
 
December Patch Tuesday
byIvanti
 
Igniting the Future: Copilot trends, agentic transformation and product roadm...
byUni Systems S.M.S.A.
 
TrustArc Webinar - Assessing AI Risk with Confidence
byTrustArc
 
Safeguarding AI-Based Financial Infrastructure
byYasir Naveed Riaz
 
Zero Trust & Defense-in-Depth: The Future of Critical Infrastructure Security
byYasir Naveed Riaz
 
Innovative AI Solutions for Business Growth.pdf
byVox Works
 
TPPmark2025 Kenta Inoue's answer 12/04/2025
byKenta Inoue
 
Incident Response Planning with a Foundation Model
byKim Hammar
 
Empowering Productivity with Clever Prompts and Intelligent Agents
byUni Systems S.M.S.A.
 
Greetings All Students Update 3 by Mia Corp
by©LDMMIA, ©Reiki Yoga
 
The Future of IT Service Management AI Automation & Beyond.pptx
byChetu
 
Agentic Automation for Testers – A Hands-On Deep Dive
byUiPathCommunity
 
Combining Induction and Transduction for Abstract Reasoning.pptx
byallen578468
 
RISE with SAP for Automotive - S4 HANA Value.pptx
byAmira Jemi
 
Recursive Self Improvement vs Continuous Learning
byBob Marcus
 

Advanced Data Exfiltration - the way Q would have done it

  • 1.
    Iftach Ian Amit| November 2011 Advanced Data Exfiltration The way Q would have done it Iftach Ian Amit VP Consulting DC9723 CSA-IL Board member IL-CERT Visionary All rights reserved to Security Art ltd. 2002-2011 www.security-art.com Wednesday, December 7, 11
  • 2.
    Iftach Ian Amit| November 2011 whoami All rights reserved to Security Art ltd. 2002-2011 2 Wednesday, December 7, 11
  • 3.
    Iftach Ian Amit| November 2011 whoami All rights reserved to Security Art ltd. 2002-2011 2 Wednesday, December 7, 11
  • 4.
    Iftach Ian Amit| November 2011 whoami All rights reserved to Security Art ltd. 2002-2011 2 Wednesday, December 7, 11
  • 5.
    Iftach Ian Amit| November 2011 whoami All rights reserved to Security Art ltd. 2002-2011 2 Wednesday, December 7, 11
  • 6.
    Iftach Ian Amit| November 2011 whoami All rights reserved to Security Art ltd. 2002-2011 2 Wednesday, December 7, 11
  • 7.
    Iftach Ian Amit| November 2011 whoami All rights reserved to Security Art ltd. 2002-2011 2 Wednesday, December 7, 11
  • 8.
    Iftach Ian Amit| November 2011 whoami All rights reserved to Security Art ltd. 2002-2011 2 Wednesday, December 7, 11
  • 9.
    Iftach Ian Amit| November 2011 whoami All rights reserved to Security Art ltd. 2002-2011 2 Wednesday, December 7, 11
  • 10.
    Iftach Ian Amit| November 2011 whoami All rights reserved to Security Art ltd. 2002-2011 2 Wednesday, December 7, 11
  • 11.
    Iftach Ian Amit| November 2011 whoami All rights reserved to Security Art ltd. 2002-2011 2 Wednesday, December 7, 11
  • 12.
    Iftach Ian Amit| November 2011 whoami All rights reserved to Security Art ltd. 2002-2011 2 Wednesday, December 7, 11
  • 13.
    Iftach Ian Amit| November 2011 Agenda All rights reserved to Security Art ltd. 2002-2011 3 Wednesday, December 7, 11
  • 14.
    Iftach Ian Amit| November 2011 Agenda All rights reserved to Security Art ltd. 2002-2011 3 Wednesday, December 7, 11
  • 15.
    Iftach Ian Amit| November 2011 Agenda All rights reserved to Security Art ltd. 2002-2011 3 Wednesday, December 7, 11
  • 16.
    Iftach Ian Amit| November 2011 Agenda All rights reserved to Security Art ltd. 2002-2011 3 Wednesday, December 7, 11
  • 17.
    Iftach Ian Amit| November 2011 All rights reserved to Security Art ltd. 2002-2011 4 Wednesday, December 7, 11
  • 18.
    Iftach Ian Amit| November 2011 All rights reserved to Security Art ltd. 2002-2011 5 Wednesday, December 7, 11
  • 19.
    Iftach Ian Amit| November 2011 All rights reserved to Security Art ltd. 2002-2011 5 Wednesday, December 7, 11
  • 20.
    Iftach Ian Amit| November 2011 All rights reserved to Security Art ltd. 2002-2011 5 Wednesday, December 7, 11
  • 21.
    Iftach Ian Amit| November 2011 All rights reserved to Security Art ltd. 2002-2011 5 Wednesday, December 7, 11
  • 22.
    Iftach Ian Amit| November 2011 All rights reserved to Security Art ltd. 2002-2011 5 Wednesday, December 7, 11
  • 23.
    Iftach Ian Amit| November 2011 All rights reserved to Security Art ltd. 2002-2011 6 Wednesday, December 7, 11
  • 24.
    Iftach Ian Amit| November 2011 All rights reserved to Security Art ltd. 2002-2011 6 Wednesday, December 7, 11
  • 25.
    Iftach Ian Amit| November 2011 All rights reserved to Security Art ltd. 2002-2011 6 Wednesday, December 7, 11
  • 26.
    Iftach Ian Amit| November 2011 All rights reserved to Security Art ltd. 2002-2011 6 Wednesday, December 7, 11
  • 27.
    Iftach Ian Amit| November 2011 All rights reserved to Security Art ltd. 2002-2011 6 Wednesday, December 7, 11
  • 28.
    Iftach Ian Amit| November 2011 All rights reserved to Security Art ltd. 2002-2011 6 Wednesday, December 7, 11
  • 29.
    Iftach Ian Amit| November 2011 All rights reserved to Security Art ltd. 2002-2011 6 Wednesday, December 7, 11
  • 30.
    Iftach Ian Amit| November 2011 All rights reserved to Security Art ltd. 2002-2011 7 Wednesday, December 7, 11
  • 31.
    Iftach Ian Amit| November 2011 All rights reserved to Security Art ltd. 2002-2011 7 Wednesday, December 7, 11
  • 32.
    Iftach Ian Amit| November 2011 All rights reserved to Security Art ltd. 2002-2011 7 Wednesday, December 7, 11
  • 33.
    Iftach Ian Amit| November 2011 All rights reserved to Security Art ltd. 2002-2011 7 Wednesday, December 7, 11
  • 34.
    Iftach Ian Amit| November 2011 All rights reserved to Security Art ltd. 2002-2011 7 Wednesday, December 7, 11
  • 35.
    Iftach Ian Amit| November 2011 All rights reserved to Security Art ltd. 2002-2011 7 Wednesday, December 7, 11
  • 36.
    Iftach Ian Amit| November 2011 All rights reserved to Security Art ltd. 2002-2011 8 Wednesday, December 7, 11
  • 37.
    Iftach Ian Amit| November 2011 All rights reserved to Security Art ltd. 2002-2011 8 Wednesday, December 7, 11
  • 38.
    Iftach Ian Amit| November 2011 All rights reserved to Security Art ltd. 2002-2011 8 Wednesday, December 7, 11
  • 39.
    Iftach Ian Amit| November 2011 All rights reserved to Security Art ltd. 2002-2011 8 Wednesday, December 7, 11
  • 40.
    Iftach Ian Amit| November 2011 All rights reserved to Security Art ltd. 2002-2011 9 Wednesday, December 7, 11
  • 41.
    Iftach Ian Amit| November 2011 • eMails, web links, phishing... All rights reserved to Security Art ltd. 2002-2011 9 Wednesday, December 7, 11
  • 42.
    Iftach Ian Amit| November 2011 • eMails, web links, phishing... • Works like a charm! All rights reserved to Security Art ltd. 2002-2011 9 Wednesday, December 7, 11
  • 43.
    Iftach Ian Amit| November 2011 • eMails, web links, phishing... • Works like a charm! • And can be mostly automated All rights reserved to Security Art ltd. 2002-2011 9 Wednesday, December 7, 11
  • 44.
    Iftach Ian Amit| November 2011 • eMails, web links, phishing... • Works like a charm! • And can be mostly automated • SET to the rescue All rights reserved to Security Art ltd. 2002-2011 9 Wednesday, December 7, 11
  • 45.
    Iftach Ian Amit| November 2011 • eMails, web links, phishing... • Works like a charm! • And can be mostly automated • SET to the rescue All rights reserved to Security Art ltd. 2002-2011 9 Wednesday, December 7, 11
  • 46.
    Iftach Ian Amit| November 2011 And... being nice/nasty/ obnoxious/needy always helps! All rights reserved to Security Art ltd. 2002-2011 10 Wednesday, December 7, 11
  • 47.
    Iftach Ian Amit| November 2011 And... being nice/nasty/ obnoxious/needy always helps! All rights reserved to Security Art ltd. 2002-2011 10 Wednesday, December 7, 11
  • 48.
    Iftach Ian Amit| November 2011 And... being nice/nasty/ obnoxious/needy always helps! All rights reserved to Security Art ltd. 2002-2011 10 Wednesday, December 7, 11
  • 49.
    Iftach Ian Amit| November 2011 And... being nice/nasty/ obnoxious/needy always helps! All rights reserved to Security Art ltd. 2002-2011 10 Wednesday, December 7, 11
  • 50.
    Iftach Ian Amit| November 2011 And... being nice/nasty/ obnoxious/needy always helps! All rights reserved to Security Art ltd. 2002-2011 10 Wednesday, December 7, 11
  • 51.
    Iftach Ian Amit| November 2011 All rights reserved to Security Art ltd. 2002-2011 11 Wednesday, December 7, 11
  • 52.
    Iftach Ian Amit| November 2011 All rights reserved to Security Art ltd. 2002-2011 11 Wednesday, December 7, 11
  • 53.
    Iftach Ian Amit| November 2011 Internet 3rd party You! Target All rights reserved to Security Art ltd. 2002-2011 11 Wednesday, December 7, 11
  • 54.
    Iftach Ian Amit| November 2011 Internet 3rd party You! Target All rights reserved to Security Art ltd. 2002-2011 11 Wednesday, December 7, 11
  • 55.
    Iftach Ian Amit| November 2011 Internet 3rd party You! Target All rights reserved to Security Art ltd. 2002-2011 11 Wednesday, December 7, 11
  • 56.
    Iftach Ian Amit| November 2011 Internet 3rd party You! Target All rights reserved to Security Art ltd. 2002-2011 11 Wednesday, December 7, 11
  • 57.
    Iftach Ian Amit| November 2011 Internet 3rd party You! Target All rights reserved to Security Art ltd. 2002-2011 11 Wednesday, December 7, 11
  • 58.
    Iftach Ian Amit| November 2011 Internet 3rd party You! Target All rights reserved to Security Art ltd. 2002-2011 11 Wednesday, December 7, 11
  • 59.
    Iftach Ian Amit| November 2011 Internet 3rd party You! Target All rights reserved to Security Art ltd. 2002-2011 11 Wednesday, December 7, 11
  • 60.
    Iftach Ian Amit| November 2011 All rights reserved to Security Art ltd. 2002-2011 12 Wednesday, December 7, 11
  • 61.
    Iftach Ian Amit| November 2011 All rights reserved to Security Art ltd. 2002-2011 12 Wednesday, December 7, 11
  • 62.
    Iftach Ian Amit| November 2011 All rights reserved to Security Art ltd. 2002-2011 12 Wednesday, December 7, 11
  • 63.
    Iftach Ian Amit| November 2011 What is the target “willing” to tell about itself? All rights reserved to Security Art ltd. 2002-2011 13 Wednesday, December 7, 11
  • 64.
    Iftach Ian Amit| November 2011 What is the target “willing” to tell about itself? All rights reserved to Security Art ltd. 2002-2011 13 Wednesday, December 7, 11
  • 65.
    Iftach Ian Amit| November 2011 What is the target “willing” to tell about itself? All rights reserved to Security Art ltd. 2002-2011 13 Wednesday, December 7, 11
  • 66.
    Iftach Ian Amit| November 2011 Who’s your daddy? And buddy, and friends, relatives, colleagues... All rights reserved to Security Art ltd. 2002-2011 14 Wednesday, December 7, 11
  • 67.
    Iftach Ian Amit| November 2011 Who’s your daddy? And buddy, and friends, relatives, colleagues... All rights reserved to Security Art ltd. 2002-2011 14 Wednesday, December 7, 11
  • 68.
    Iftach Ian Amit| November 2011 Who’s your daddy? And buddy, and friends, relatives, colleagues... All rights reserved to Security Art ltd. 2002-2011 14 Wednesday, December 7, 11
  • 69.
    Iftach Ian Amit| November 2011 Who’s your daddy? And buddy, and friends, relatives, colleagues... All rights reserved to Security Art ltd. 2002-2011 14 Wednesday, December 7, 11
  • 70.
    Iftach Ian Amit| November 2011 All rights reserved to Security Art ltd. 2002-2011 15 Wednesday, December 7, 11
  • 71.
    Iftach Ian Amit| November 2011 All rights reserved to Security Art ltd. 2002-2011 15 Wednesday, December 7, 11
  • 72.
    Iftach Ian Amit| November 2011 Select your target wisely And then craft your payload :-) All rights reserved to Security Art ltd. 2002-2011 16 Wednesday, December 7, 11
  • 73.
    Iftach Ian Amit| November 2011 All rights reserved to Security Art ltd. 2002-2011 17 Wednesday, December 7, 11
  • 74.
    Iftach Ian Amit| November 2011 All rights reserved to Security Art ltd. 2002-2011 17 Wednesday, December 7, 11
  • 75.
    Iftach Ian Amit| November 2011 All rights reserved to Security Art ltd. 2002-2011 17 Wednesday, December 7, 11
  • 76.
    Iftach Ian Amit| November 2011 All rights reserved to Security Art ltd. 2002-2011 17 Wednesday, December 7, 11
  • 77.
    Iftach Ian Amit| November 2011 All rights reserved to Security Art ltd. 2002-2011 17 Wednesday, December 7, 11
  • 78.
    Iftach Ian Amit| November 2011 • ZeuS: $3000-$5000 • SpyEye: $2500-$4000 • Limbo: $500-$1500 All rights reserved to Security Art ltd. 2002-2011 17 Wednesday, December 7, 11
  • 79.
    Iftach Ian Amit| November 2011 • ZeuS: $3000-$5000 E! RE • SpyEye: $2500-$4000 F • Limbo: $500-$1500 All rights reserved to Security Art ltd. 2002-2011 17 Wednesday, December 7, 11
  • 80.
    Iftach Ian Amit| November 2011 All rights reserved to Security Art ltd. 2002-2011 18 Wednesday, December 7, 11
  • 81.
    Iftach Ian Amit| November 2011 All rights reserved to Security Art ltd. 2002-2011 18 Wednesday, December 7, 11
  • 82.
    Iftach Ian Amit| November 2011 Experienced travelers know the importance of packing properly All rights reserved to Security Art ltd. 2002-2011 18 Wednesday, December 7, 11
  • 83.
    Iftach Ian Amit| November 2011 Experienced travelers know the importance of packing properly All rights reserved to Security Art ltd. 2002-2011 18 Wednesday, December 7, 11
  • 84.
    Iftach Ian Amit| November 2011 • File servers • Databases • File types • Gateways (routes) • Printers All rights reserved to Security Art ltd. 2002-2011 19 Wednesday, December 7, 11
  • 85.
    Iftach Ian Amit| November 2011 Mass infection: APT: 5-6 days before 5-6 months before detection detection All rights reserved to Security Art ltd. 2002-2011 20 Wednesday, December 7, 11
  • 86.
    Iftach Ian Amit| November 2011 Mass infection: APT: 5-6 days before 5-6 months before detection detection All rights reserved to Security Art ltd. 2002-2011 20 Wednesday, December 7, 11
  • 87.
    Iftach Ian Amit| November 2011 Mass infection: APT: 5-6 days before 5-6 months before detection detection Frequent updates No* updates * Almost All rights reserved to Security Art ltd. 2002-2011 20 Wednesday, December 7, 11
  • 88.
    Iftach Ian Amit| November 2011 PATIENCE Mass infection: APT: 5-6 days before 5-6 months before detection detection Frequent updates No* updates * Almost All rights reserved to Security Art ltd. 2002-2011 21 Wednesday, December 7, 11
  • 89.
    Iftach Ian Amit| November 2011 All rights reserved to Security Art ltd. 2002-2011 22 Wednesday, December 7, 11
  • 90.
    Iftach Ian Amit| November 2011 All rights reserved to Security Art ltd. 2002-2011 22 Wednesday, December 7, 11
  • 91.
    Iftach Ian Amit| November 2011 All rights reserved to Security Art ltd. 2002-2011 22 Wednesday, December 7, 11
  • 92.
    Iftach Ian Amit| November 2011 All rights reserved to Security Art ltd. 2002-2011 22 Wednesday, December 7, 11
  • 93.
    Iftach Ian Amit| November 2011 All rights reserved to Security Art ltd. 2002-2011 22 Wednesday, December 7, 11
  • 94.
    Iftach Ian Amit| November 2011 All rights reserved to Security Art ltd. 2002-2011 22 Wednesday, December 7, 11
  • 95.
    Iftach Ian Amit| November 2011 All rights reserved to Security Art ltd. 2002-2011 22 Wednesday, December 7, 11
  • 96.
    Iftach Ian Amit| November 2011 All rights reserved to Security Art ltd. 2002-2011 23 Wednesday, December 7, 11
  • 97.
    Iftach Ian Amit| November 2011 All rights reserved to Security Art ltd. 2002-2011 23 Wednesday, December 7, 11
  • 98.
    Iftach Ian Amit| November 2011 All rights reserved to Security Art ltd. 2002-2011 24 Wednesday, December 7, 11
  • 99.
    Iftach Ian Amit| November 2011 All rights reserved to Security Art ltd. 2002-2011 24 Wednesday, December 7, 11
  • 100.
    Iftach Ian Amit| November 2011 All rights reserved to Security Art ltd. 2002-2011 24 Wednesday, December 7, 11
  • 101.
    Iftach Ian Amit| November 2011 -----BEGIN PGP MESSAGE----- So... Version: GnuPG/MacGPG2 v2.0.14 (Darwin) hQMOA1jQIm6UkL4eEAv/W3r/eYLUmqRNi/Jegt72lK6qdBiBfkg9PZ5YKql9CUZp FGnVk029K3gEVcrA4k7w2aOtP7tYKRF8v4yrZQ9GZ7eXzR7+Tbf1g+7dveH6U8Bf BHo8LRovj5OlGghrvpyKYRPIf/NAgzL2G8dyi/FVB0YB4J7/4x0YFEalQHaLiKyt /gkikyV92njPJ6tPm2sdKUqUHSb20r9AdowZ0VVRrWwdRgUhdNXajjwcbH1BjVuS Gilw8MnmQkmJAT+TAFkTqC9fjiwtnNMNANJbo2Z36RqsAcKbhVh1eMA7ev0pUakp Tm4xN64syk/1DEc0VHFbanAreTV3tCbUUIoPQDFGFpiu3oS6/089oUvRtBBbC5p6 leYKEnDllcGWAomRSiYBFWjTca/DIw43QIW/lmdBnwcWLuQmDCmwr3HuhEaOmqfO hdgaxM4GuVdJCDdwXzwpuaPElCd18weH2XNzudLdeRKN+wjl/4D6bIo+038BcLei SyhWrMFB7mKSmEzQufQUDACFamtMCn9YOo3mgo+YYk505qhIDLNwZXqyVUqOHvIG vu7gzuNwUdY5idLqsGEs0K0xVwYntTKUh61tNS/HDfNTVm4Y3p8M88JHhcg7npY5 gJuhWuHkgp2CTsQT+gRjthm3l3AlnIvAfuC5uWLMsjA4sCw2FRDOARxrN9El8maX /vCxN9aB3dK4S9MSGJ5HhaYpTfpc9CdFkFryzb2sFWfW85nSzNo7dVFCy0jmSr19 o4Jsfj0J0izS3MeGYYz5NSsfBz+6o/IYURL3OXrm4DuJNHY0DvVbYqSQRRx3o2S+ uZekwXwYsqpei/f/sYo875p5NeX3g62zgjy2Vly+n58WaZWoHb5Y0QCxNfpjdcAQ 3tuZQaUvlqrkQeSRxKXD7pxlHdwHDgfvw01RU8NsMkfsBoTZY27BjFvIg5S/pv9O 6IznXaJu9jRWDj6tvSypx8X2iiVgtSHYahlqEUH1RusAMCILkx0DydCvUud/qRbT YcnkVVgA8ojeDoVpp3AabRrSmgEAOwW6M0KvnSuMKniLIKe7kolqGjEuLAx7s5Kg mMHfNki5dYWvQzHv03ID9UG+uW6o54BnsajEVe2EcYTPT+8pg2bCxnMElK0ds9Is qvf2Kx4kqO0qMeJG1II2zfAFqmMiTMtgA2CZ0Y42hA/bQK/CCM8QVo9JcGn3Jf6N 0X1TVob7xDo/fkRROHv74dIh2Kxa0SH8iGdb4kI= =jN3t -----END PGP MESSAGE----- All rights reserved to Security Art ltd. 2002-2011 25 Wednesday, December 7, 11
  • 102.
    Iftach Ian Amit| November 2011 Still “too detectable” All rights reserved to Security Art ltd. 2002-2011 26 Wednesday, December 7, 11
  • 103.
    Iftach Ian Amit| November 2011 Still “too detectable” hQMOA1jQIm6UkL4eEAv/W3r/eYLUmqRNi/Jegt72lK6qdBiBfkg9PZ5YKql9CUZp FGnVk029K3gEVcrA4k7w2aOtP7tYKRF8v4yrZQ9GZ7eXzR7+Tbf1g+7dveH6U8Bf BHo8LRovj5OlGghrvpyKYRPIf/NAgzL2G8dyi/FVB0YB4J7/4x0YFEalQHaLiKyt /gkikyV92njPJ6tPm2sdKUqUHSb20r9AdowZ0VVRrWwdRgUhdNXajjwcbH1BjVuS Gilw8MnmQkmJAT+TAFkTqC9fjiwtnNMNANJbo2Z36RqsAcKbhVh1eMA7ev0pUakp Tm4xN64syk/1DEc0VHFbanAreTV3tCbUUIoPQDFGFpiu3oS6/089oUvRtBBbC5p6 leYKEnDllcGWAomRSiYBFWjTca/DIw43QIW/lmdBnwcWLuQmDCmwr3HuhEaOmqfO hdgaxM4GuVdJCDdwXzwpuaPElCd18weH2XNzudLdeRKN+wjl/4D6bIo+038BcLei SyhWrMFB7mKSmEzQufQUDACFamtMCn9YOo3mgo+YYk505qhIDLNwZXqyVUqOHvIG vu7gzuNwUdY5idLqsGEs0K0xVwYntTKUh61tNS/HDfNTVm4Y3p8M88JHhcg7npY5 gJuhWuHkgp2CTsQT+gRjthm3l3AlnIvAfuC5uWLMsjA4sCw2FRDOARxrN9El8maX /vCxN9aB3dK4S9MSGJ5HhaYpTfpc9CdFkFryzb2sFWfW85nSzNo7dVFCy0jmSr19 o4Jsfj0J0izS3MeGYYz5NSsfBz+6o/IYURL3OXrm4DuJNHY0DvVbYqSQRRx3o2S+ uZekwXwYsqpei/f/sYo875p5NeX3g62zgjy2Vly+n58WaZWoHb5Y0QCxNfpjdcAQ 3tuZQaUvlqrkQeSRxKXD7pxlHdwHDgfvw01RU8NsMkfsBoTZY27BjFvIg5S/pv9O 6IznXaJu9jRWDj6tvSypx8X2iiVgtSHYahlqEUH1RusAMCILkx0DydCvUud/qRbT YcnkVVgA8ojeDoVpp3AabRrSmgEAOwW6M0KvnSuMKniLIKe7kolqGjEuLAx7s5Kg mMHfNki5dYWvQzHv03ID9UG+uW6o54BnsajEVe2EcYTPT+8pg2bCxnMElK0ds9Is qvf2Kx4kqO0qMeJG1II2zfAFqmMiTMtgA2CZ0Y42hA/bQK/CCM8QVo9JcGn3Jf6N 0X1TVob7xDo/fkRROHv74dIh2Kxa0SH8iGdb4kI= =jN3t All rights reserved to Security Art ltd. 2002-2011 26 Wednesday, December 7, 11
  • 104.
    Iftach Ian Amit| November 2011 Much better • Throws in some additional encodings • And an XOR for old time’s sake • And we are good to go... • 0% detection rate All rights reserved to Security Art ltd. 2002-2011 27 Wednesday, December 7, 11
  • 105.
    Iftach Ian Amit| November 2011 Resistance is futile All rights reserved to Security Art ltd. 2002-2011 28 Wednesday, December 7, 11
  • 106.
    Iftach Ian Amit| November 2011 All rights reserved to Security Art ltd. 2002-2011 29 Wednesday, December 7, 11
  • 107.
    Iftach Ian Amit| November 2011 80 53 443 All rights reserved to Security Art ltd. 2002-2011 29 Wednesday, December 7, 11
  • 108.
    Iftach Ian Amit| November 2011 80 53 443 All rights reserved to Security Art ltd. 2002-2011 29 Wednesday, December 7, 11
  • 109.
    Iftach Ian Amit| November 2011 Kill some trees All rights reserved to Security Art ltd. 2002-2011 30 Wednesday, December 7, 11
  • 110.
    Iftach Ian Amit| November 2011 All rights reserved to Security Art ltd. 2002-2011 31 Wednesday, December 7, 11
  • 111.
    Iftach Ian Amit| November 2011 All rights reserved to Security Art ltd. 2002-2011 31 Wednesday, December 7, 11
  • 112.
    Iftach Ian Amit| November 2011 Good ol’e DD... All rights reserved to Security Art ltd. 2002-2011 32 Wednesday, December 7, 11
  • 113.
    Iftach Ian Amit| November 2011 All rights reserved to Security Art ltd. 2002-2011 33 Wednesday, December 7, 11
  • 114.
    Iftach Ian Amit| November 2011 All rights reserved to Security Art ltd. 2002-2011 33 Wednesday, December 7, 11
  • 115.
    Iftach Ian Amit| November 2011 1/2 byte = 16 values 1 0 1 0 All rights reserved to Security Art ltd. 2002-2011 33 Wednesday, December 7, 11
  • 116.
    Iftach Ian Amit| November 2011 1/2 byte = 16 values 1 0 1 0 All rights reserved to Security Art ltd. 2002-2011 33 Wednesday, December 7, 11
  • 117.
    Iftach Ian Amit| November 2011 1/2 byte = 16 values 1 0 1 0 All rights reserved to Security Art ltd. 2002-2011 33 Wednesday, December 7, 11
  • 118.
    Iftach Ian Amit| November 2011 All rights reserved to Security Art ltd. 2002-2011 34 Wednesday, December 7, 11
  • 119.
    Iftach Ian Amit| November 2011 All rights reserved to Security Art ltd. 2002-2011 34 Wednesday, December 7, 11
  • 120.
    Iftach Ian Amit| November 2011 All rights reserved to Security Art ltd. 2002-2011 34 Wednesday, December 7, 11
  • 121.
    Iftach Ian Amit| November 2011 All rights reserved to Security Art ltd. 2002-2011 34 Wednesday, December 7, 11
  • 122.
    Iftach Ian Amit| November 2011 All rights reserved to Security Art ltd. 2002-2011 34 Wednesday, December 7, 11
  • 123.
    Iftach Ian Amit| November 2011 All rights reserved to Security Art ltd. 2002-2011 34 Wednesday, December 7, 11
  • 124.
    Iftach Ian Amit| November 2011 All rights reserved to Security Art ltd. 2002-2011 34 Wednesday, December 7, 11
  • 125.
    Iftach Ian Amit| November 2011 All rights reserved to Security Art ltd. 2002-2011 34 Wednesday, December 7, 11
  • 126.
    Iftach Ian Amit| November 2011 All rights reserved to Security Art ltd. 2002-2011 35 Wednesday, December 7, 11
  • 127.
    Iftach Ian Amit| November 2011 All rights reserved to Security Art ltd. 2002-2011 35 Wednesday, December 7, 11
  • 128.
    Iftach Ian Amit| November 2011 1 0 1 0 All rights reserved to Security Art ltd. 2002-2011 35 Wednesday, December 7, 11
  • 129.
    Iftach Ian Amit| November 2011 DEMO All rights reserved to Security Art ltd. 2002-2011 36 Wednesday, December 7, 11
  • 130.
    Iftach Ian Amit| November 2011 DEMO All rights reserved to Security Art ltd. 2002-2011 36 Wednesday, December 7, 11
  • 131.
    Iftach Ian Amit| November 2011 DEMO All rights reserved to Security Art ltd. 2002-2011 36 Wednesday, December 7, 11
  • 132.
    Iftach Ian Amit| November 2011 DEMO All rights reserved to Security Art ltd. 2002-2011 36 Wednesday, December 7, 11
  • 133.
    Iftach Ian Amit| November 2011 DEMO All rights reserved to Security Art ltd. 2002-2011 36 Wednesday, December 7, 11
  • 134.
    Iftach Ian Amit| November 2011 DEMO All rights reserved to Security Art ltd. 2002-2011 36 Wednesday, December 7, 11
  • 135.
    Iftach Ian Amit| November 2011 All rights reserved to Security Art ltd. 2002-2011 37 Wednesday, December 7, 11
  • 136.
    Iftach Ian Amit| November 2011 Killing paper isn’t nice • Fax it! • Most corporations have email-to-fax services • heard of the address 555-7963@fax.corp.com ? • Just send any document (text, doc, pdf) to it and off you go with the data... All rights reserved to Security Art ltd. 2002-2011 38 Wednesday, December 7, 11
  • 137.
    Iftach Ian Amit| November 2011 Conclusions All rights reserved to Security Art ltd. 2002-2011 39 Wednesday, December 7, 11
  • 138.
    Iftach Ian Amit| November 2011 Conclusions All rights reserved to Security Art ltd. 2002-2011 39 Wednesday, December 7, 11
  • 139.
    Iftach Ian Amit| November 2011 Conclusions All rights reserved to Security Art ltd. 2002-2011 39 Wednesday, December 7, 11
  • 140.
    Iftach Ian Amit| November 2011 Conclusions All rights reserved to Security Art ltd. 2002-2011 39 Wednesday, December 7, 11
  • 141.
    Iftach Ian Amit| November 2011 • Start with the human factor • Then add technology All rights reserved to Security Art ltd. 2002-2011 40 Wednesday, December 7, 11
  • 142.
    Iftach Ian Amit| November 2011 • Start with the human factor • Then add technology All rights reserved to Security Art ltd. 2002-2011 40 Wednesday, December 7, 11
  • 143.
    Iftach Ian Amit| November 2011 • Where people leave data • Hint - spend time with developers. • “Hack” the business process • Test, test again, and then test. Follow with a surprise test! All rights reserved to Security Art ltd. 2002-2011 41 Wednesday, December 7, 11
  • 144.
    Iftach Ian Amit| November 2011 • Where people leave data • Hint - spend time with developers. • “Hack” the business process • Test, test again, and then test. Follow with a surprise test! All rights reserved to Security Art ltd. 2002-2011 41 Wednesday, December 7, 11
  • 145.
    Iftach Ian Amit| November 2011 “be true to yourself, not to what you believe things should look like” Old chinese proverb All rights reserved to Security Art ltd. 2002-2011 42 Wednesday, December 7, 11
  • 146.
    Iftach Ian Amit| November 2011 “be true to yourself, not to what you believe things should look like” Old chinese proverb All rights reserved to Security Art ltd. 2002-2011 42 Wednesday, December 7, 11
  • 147.
    Iftach Ian Amit| November 2011 They are YOUR assets after all No reason to be shy about it... And remember to add honey... All rights reserved to Security Art ltd. 2002-2011 43 Wednesday, December 7, 11
  • 148.
    Iftach Ian Amit| November 2011 All rights reserved to Security Art ltd. 2002-2011 44 Wednesday, December 7, 11
  • 149.
    Iftach Ian Amit| November 2011 All rights reserved to Security Art ltd. 2002-2011 44 Wednesday, December 7, 11
  • 150.
    Iftach Ian Amit| November 2011 All rights reserved to Security Art ltd. 2002-2011 44 Wednesday, December 7, 11
  • 151.
    Iftach Ian Amit| November 2011 TEST SOME MORE For hints/guides see: www.pentest-standard.org All rights reserved to Security Art ltd. 2002-2011 45 Wednesday, December 7, 11
  • 152.
    Iftach Ian Amit| November 2011 Questions? Thank you! Whitepapers: www.security-art.com Data modulation Exfil POC: Too shy to ask now? http://code.google.com/p/ iamit@security-art.com data-sound-poc/ Need your daily chatter? twitter.com/iiamit All rights reserved to Security Art ltd. 2002-2011 46 Wednesday, December 7, 11