SlideShare a Scribd company logo

Introducing (DET) the Data Exfiltration Toolkit

SensePost, profile picture
SensePost

The document presents the Data Exfiltration Toolkit (DET) introduced by Paul Amar at BSides Ljubljana, highlighting its capabilities to exfiltrate data using various protocols like TCP, DNS, and SMTP. It details the toolkit's configuration in JSON format, client-server interaction phases, and the potential for additional plugins, including Tor integration. The presentation also outlines plans for future enhancements such as a complete port to PowerShell and data obfuscation techniques.

Technology
Related topics:
Information Security
1 of 45
Downloaded 39 times
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
Introducing DET (Data Exfiltration Toolkit) Paul Amar - BSides Ljubjana - 09/03/2016
Introducing (DET) the Data Exfiltration Toolkit
100
Introducing (DET) the Data Exfiltration Toolkit
General Approach TCP DNS HTTP ICMP SMTP
General Approach TCP DNS HTTP ICMP SMTP
General Approach TCP DNS HTTP ICMP SMTP
General Approach TCP DNS HTTP ICMP SMTP
General Approach TCP DNS HTTP ICMP SMTP
General Approach TCP DNS HTTP ICMP SMTP
HammerToss (July 2015)
What’s available today?
What’s available today? And many more.. created almost everyday. Not kidding.
Current state TCP DNS HTTP ICMP Twitter DMs SMTP (eg. Gmail)
Introducing DET
Configuration file (JSON format)
File to exfiltrate
Folder to exfiltrate / multi-threaded
Plugin(s) to use
Plugin(s) to exclude
Server mode
Configuration file List all your plugins and their configuration
Configuration file Each plugin has its own configuration (username, pwd, …)
Configuration file Additional configuration (XOR Key, Sleeping time, …)
Let’s dig a bit (Client-side)
“Registration” phase 1/2
“Registration” phase 2/2
Sending the data 1/2
Sending the data 2/2
“End” phase 1/2
“End” phase 2/2
So in few words..
Introducing (DET) the Data Exfiltration Toolkit
Introducing (DET) the Data Exfiltration Toolkit
Introducing (DET) the Data Exfiltration Toolkit
But wait! There’s moar.
Additional plugins (Tor Integration) 1/2 Source: http://foxglovesecurity.com/2015/11/02/hack-like-the-bad-guys-using-tor-for- firewall-evasion-and-anonymous-remote-access/
Additional plugins (Tor Integration) 2/2
“Experimental” plugins
Introducing (DET) the Data Exfiltration Toolkit
What’s next - Port DET *entirely* to PowerShell (With Plugin based) (“Empire”-like) - More plugins! - Data obfuscation layer using Markov Chains - https://github.com/bwall/markovobfuscate
Introducing (DET) the Data Exfiltration Toolkit
Introducing (DET) the Data Exfiltration Toolkit
Installation Get/install it: - git clone https://github.com/sensepost/DET - pip install -r requirements --user (instal dependencies for the local user) Client side: - python det.py -f /etc/passwd -c ./config.json (or PS scripts) Server side: - python det.py -L -c ./config.json
sys.exit(0) Paul Amar (paul@sensepost.com) / @PaulWebSec

More Related Content

PPTX
malware analysis
20CS201AkashR
 
PPTX
DoS or DDoS attack
stollen_fusion
 
PPTX
Malware analysis
Prakashchand Suthar
 
PPTX
Denial of service attack
Ahmed Ghazey
 
PPTX
Basic Malware Analysis
Albert Hui
 
PPTX
Attack on computer
Rabail khan
 
PPTX
Denial of service
garishma bhatia
 
PPT
Trojan Horse Presentation
ikmal91
 
malware analysis
20CS201AkashR
 
DoS or DDoS attack
stollen_fusion
 
Malware analysis
Prakashchand Suthar
 
Denial of service attack
Ahmed Ghazey
 
Basic Malware Analysis
Albert Hui
 
Attack on computer
Rabail khan
 
Denial of service
garishma bhatia
 
Trojan Horse Presentation
ikmal91
 

What's hot (20)

PPT
I P S P O O F I N G
avinashkanchan
 
PPTX
Reverse engineering malware
Cysinfo Cyber Security Community
 
PPTX
Introduction to computer virus
YouQue ™
 
PDF
Anatomy of a cyber attack
Mark Silver
 
PPT
Lecture 12 malicious software
rajakhurram
 
PPTX
Introduction to Malware Detection and Reverse Engineering
intertelinvestigations
 
PPTX
Attack detection and prevention in the cyber
Jahangirnagar University
 
PPTX
Ethical hacking introduction to ethical hacking
MissStevenson1
 
PPTX
Malware
Anoushka Srivastava
 
PPTX
Phishing Incident Response Playbook
Naushad CEH, CHFI, MTA, ITIL
 
PPTX
Ethical hacking ppt
Nitesh Dubey
 
PPTX
Ethical hacking
Devendra Yadav
 
PDF
Cyber security:Tools used in cyber crime
nidhidgowda185
 
PPTX
Rmi architecture
Maulik Desai
 
PPTX
Ip spoofing ppt
Anushakp9
 
PPTX
Computer Malware and its types
Jatin Kumar
 
PPTX
Basics of Denial of Service Attacks
Hansa Nidushan
 
PPTX
Malware ppt final.pptx
LakshayNRReddy
 
PPTX
Ethical hacking - Footprinting.pptx
Nargis Parveen
 
PPTX
Network forensics and investigating logs
anilinvns
 
I P S P O O F I N G
avinashkanchan
 
Reverse engineering malware
Cysinfo Cyber Security Community
 
Introduction to computer virus
YouQue ™
 
Anatomy of a cyber attack
Mark Silver
 
Lecture 12 malicious software
rajakhurram
 
Introduction to Malware Detection and Reverse Engineering
intertelinvestigations
 
Attack detection and prevention in the cyber
Jahangirnagar University
 
Ethical hacking introduction to ethical hacking
MissStevenson1
 
Malware
Anoushka Srivastava
 
Phishing Incident Response Playbook
Naushad CEH, CHFI, MTA, ITIL
 
Ethical hacking ppt
Nitesh Dubey
 
Ethical hacking
Devendra Yadav
 
Cyber security:Tools used in cyber crime
nidhidgowda185
 
Rmi architecture
Maulik Desai
 
Ip spoofing ppt
Anushakp9
 
Computer Malware and its types
Jatin Kumar
 
Basics of Denial of Service Attacks
Hansa Nidushan
 
Malware ppt final.pptx
LakshayNRReddy
 
Ethical hacking - Footprinting.pptx
Nargis Parveen
 
Network forensics and investigating logs
anilinvns
 
Ad

Viewers also liked (20)

PPTX
Improvement in Rogue Access Points - SensePost Defcon 22
SensePost
 
PPTX
ZaCon 2015 - Zombie Mana Attacks
SensePost
 
PDF
Ruler and Liniaal @ Troopers 17
SensePost
 
PDF
Heartbleed Overview
SensePost
 
PPTX
OFFENSIVE: Exploiting DNS servers changes BlackHat Asia 2014
Leonardo Nve Egea
 
PPTX
Threat Hunting with Splunk
Splunk
 
PDF
IOCs Are Dead—Long Live IOCs!
Priyanka Aash
 
PPTX
Container Days Conference Plesk 2016 - How AWS, Docker and Microservices infl...
Plesk
 
PDF
Pour les fans de scènes pornographiques totalement revivifiantes gratis
badloser3825
 
PPTX
Threats to machine clouds
SensePost
 
PPT
Major global information security trends - a summary
SensePost
 
PDF
SNMP : Simple Network Mediated (Cisco) Pwnage
SensePost
 
PDF
Putting the tea back into cyber terrorism
SensePost
 
PPTX
Offence oriented Defence
SensePost
 
PPTX
Wardriving & Kismet Introduction
Lance Howell
 
PDF
How to prevent cyber attack with big data & intelligence(sfis170222)
Yong Suk Kang 姜龙锡
 
PDF
Full_Article_GadgetTrak_Forbes_Reduced
Tripwire
 
PPTX
SplunkLive! Customer Presentation – Virtustream
Splunk
 
PPTX
Threat Hunting with Splunk
Splunk
 
PPTX
Operational Security
Splunk
 
Improvement in Rogue Access Points - SensePost Defcon 22
SensePost
 
ZaCon 2015 - Zombie Mana Attacks
SensePost
 
Ruler and Liniaal @ Troopers 17
SensePost
 
Heartbleed Overview
SensePost
 
OFFENSIVE: Exploiting DNS servers changes BlackHat Asia 2014
Leonardo Nve Egea
 
Threat Hunting with Splunk
Splunk
 
IOCs Are Dead—Long Live IOCs!
Priyanka Aash
 
Container Days Conference Plesk 2016 - How AWS, Docker and Microservices infl...
Plesk
 
Pour les fans de scènes pornographiques totalement revivifiantes gratis
badloser3825
 
Threats to machine clouds
SensePost
 
Major global information security trends - a summary
SensePost
 
SNMP : Simple Network Mediated (Cisco) Pwnage
SensePost
 
Putting the tea back into cyber terrorism
SensePost
 
Offence oriented Defence
SensePost
 
Wardriving & Kismet Introduction
Lance Howell
 
How to prevent cyber attack with big data & intelligence(sfis170222)
Yong Suk Kang 姜龙锡
 
Full_Article_GadgetTrak_Forbes_Reduced
Tripwire
 
SplunkLive! Customer Presentation – Virtustream
Splunk
 
Threat Hunting with Splunk
Splunk
 
Operational Security
Splunk
 
Ad

Similar to Introducing (DET) the Data Exfiltration Toolkit (19)

PDF
Beyond the Pentest: How C2, Internal Pivoting, and Data Exfiltration Show Tru...
Beau Bullock
 
PDF
CTM360 adv-0317-01 dns messenger
Migin Vincent
 
PDF
CTM360 adv-0317-01 dns messenger
CTM360
 
PPTX
BlueHat v17 || Dyre to Trickbot: An Inside Look at TLS-Encrypted Command-And-...
BlueHat Security Conference
 
PPTX
Security intelligence using big data presentation (engineering seminar)
Marco Casassa Mont
 
PPTX
Big Data for Security
Marco Casassa Mont
 
PDF
Goodbye Data, Hello Exfiltration
Itzik Kotler
 
PDF
DNS – Strategies for Reducing Data Leakage & Protecting Online Privacy – Hack...
EC-Council
 
PDF
What Goes In Must Come Out: Egress-Assess and Data Exfiltration
CTruncer
 
PPTX
Become a Threat Hunter by Hamza Beghal
Null Singapore
 
PDF
DNS Data Exfiltration Detection
IRJET Journal
 
PDF
Red Team Methodology - A Naked Look
Jason Lang
 
PPTX
Breaking the cyber kill chain!
Nahidul Kibria
 
PPTX
Career in Ethical Hacking
neosphere
 
PPTX
Botnet and its Detection Techniques
SafiUllah Saikat
 
PPTX
Honeypots.ppt1800363876
Momita Sharma
 
PDF
Is DNS a Part of Your Cyber Security Strategy?
Digital Transformation EXPO Event Series
 
PDF
PHDays 2018 Threat Hunting Hands-On Lab
Teymur Kheirkhabarov
 
PPTX
An Evolving Era of Botnet Empires @ BSides Las Vegas
Andrea Scarfo
 
Beyond the Pentest: How C2, Internal Pivoting, and Data Exfiltration Show Tru...
Beau Bullock
 
CTM360 adv-0317-01 dns messenger
Migin Vincent
 
CTM360 adv-0317-01 dns messenger
CTM360
 
BlueHat v17 || Dyre to Trickbot: An Inside Look at TLS-Encrypted Command-And-...
BlueHat Security Conference
 
Security intelligence using big data presentation (engineering seminar)
Marco Casassa Mont
 
Big Data for Security
Marco Casassa Mont
 
Goodbye Data, Hello Exfiltration
Itzik Kotler
 
DNS – Strategies for Reducing Data Leakage & Protecting Online Privacy – Hack...
EC-Council
 
What Goes In Must Come Out: Egress-Assess and Data Exfiltration
CTruncer
 
Become a Threat Hunter by Hamza Beghal
Null Singapore
 
DNS Data Exfiltration Detection
IRJET Journal
 
Red Team Methodology - A Naked Look
Jason Lang
 
Breaking the cyber kill chain!
Nahidul Kibria
 
Career in Ethical Hacking
neosphere
 
Botnet and its Detection Techniques
SafiUllah Saikat
 
Honeypots.ppt1800363876
Momita Sharma
 
Is DNS a Part of Your Cyber Security Strategy?
Digital Transformation EXPO Event Series
 
PHDays 2018 Threat Hunting Hands-On Lab
Teymur Kheirkhabarov
 
An Evolving Era of Botnet Empires @ BSides Las Vegas
Andrea Scarfo
 

More from SensePost (20)

PDF
objection - runtime mobile exploration
SensePost
 
PPTX
Vulnerabilities in TN3270 based Application
SensePost
 
PDF
Botconf 2013 - DNS-based Botnet C2 Server Detection
SensePost
 
PPTX
Rat a-tat-tat
SensePost
 
PDF
Hacking Z-Wave Home Automation Systems
SensePost
 
PPTX
Inside .NET Smart Card Operating System
SensePost
 
PPT
Its Ok To Get Hacked
SensePost
 
PPT
Web Application Hacking
SensePost
 
PPT
Attacks and Defences
SensePost
 
PDF
Corporate Threat Modeling v2
SensePost
 
PPTX
State of the information security nation
SensePost
 
PPS
OK I'm here, so what's in it for me?
SensePost
 
PPT
Security threats facing SA businessess
SensePost
 
PPT
Security in e-commerce
SensePost
 
PDF
Penetration testing and social engineering
SensePost
 
PDF
Getting punched in the face
SensePost
 
PDF
The jar of joy
SensePost
 
PPTX
Web 2.0 security woes
SensePost
 
PPT
The difference between a duck
SensePost
 
PPT
When good code goes bad
SensePost
 
objection - runtime mobile exploration
SensePost
 
Vulnerabilities in TN3270 based Application
SensePost
 
Botconf 2013 - DNS-based Botnet C2 Server Detection
SensePost
 
Rat a-tat-tat
SensePost
 
Hacking Z-Wave Home Automation Systems
SensePost
 
Inside .NET Smart Card Operating System
SensePost
 
Its Ok To Get Hacked
SensePost
 
Web Application Hacking
SensePost
 
Attacks and Defences
SensePost
 
Corporate Threat Modeling v2
SensePost
 
State of the information security nation
SensePost
 
OK I'm here, so what's in it for me?
SensePost
 
Security threats facing SA businessess
SensePost
 
Security in e-commerce
SensePost
 
Penetration testing and social engineering
SensePost
 
Getting punched in the face
SensePost
 
The jar of joy
SensePost
 
Web 2.0 security woes
SensePost
 
The difference between a duck
SensePost
 
When good code goes bad
SensePost
 

Recently uploaded (20)

PDF
Modernizing your data center with Dell and AMD
Principled Technologies
 
PDF
Per capita expenditure prediction using model stacking based on satellite ima...
IAESIJAI
 
PDF
7 ChatGPT Prompts to Help You Define Your Ideal Customer Profile.pdf
SOFTTECHHUB
 
PDF
Building Integrated photovoltaic BIPV_UPV.pdf
SandeepSingh286037
 
PPTX
VMware vSphere Foundation How to Sell Presentation-Ver1.4-2-14-2024.pptx
blackmambaettijean
 
PPTX
Digital-Transformation-Roadmap-for-Companies.pptx
David Malick Dieng
 
PDF
TokAI - TikTok AI Agent : The First AI Application That Analyzes 10,000+ Vira...
SOFTTECHHUB
 
PDF
The Rise and Fall of 3GPP – Time for a Sabbatical?
3G4G
 
DOCX
The AUB Centre for AI in Media Proposal.docx
GAONE9
 
PPTX
Detection-First SIEM: Rule Types, Dashboards, and Threat-Informed Strategy
ReZa AdineH
 
PPTX
Cloud computing and distributed systems.
kkkkkhan
 
PPT
“AI and Expert System Decision Support & Business Intelligence Systems”
ZubinRadhakrishnan
 
PDF
Advanced methodologies resolving dimensionality complications for autism neur...
IAESIJAI
 
PDF
Reach Out and Touch Someone: Haptics and Empathic Computing
Mark Billinghurst
 
PDF
NewMind AI Monthly Chronicles - July 2025
NewMind AI
 
PDF
KodekX | Application Modernization Development
KodekX
 
PPTX
Understanding_Digital_Forensics_Presentation.pptx
ImranKhan423233
 
PDF
Approach and Philosophy of On baking technology
30anthuong17
 
PPTX
Effective Security Operations Center (SOC) A Modern, Strategic, and Threat-In...
ReZa AdineH
 
PPT
Teaching material agriculture food technology
LiaRayya
 
Modernizing your data center with Dell and AMD
Principled Technologies
 
Per capita expenditure prediction using model stacking based on satellite ima...
IAESIJAI
 
7 ChatGPT Prompts to Help You Define Your Ideal Customer Profile.pdf
SOFTTECHHUB
 
Building Integrated photovoltaic BIPV_UPV.pdf
SandeepSingh286037
 
VMware vSphere Foundation How to Sell Presentation-Ver1.4-2-14-2024.pptx
blackmambaettijean
 
Digital-Transformation-Roadmap-for-Companies.pptx
David Malick Dieng
 
TokAI - TikTok AI Agent : The First AI Application That Analyzes 10,000+ Vira...
SOFTTECHHUB
 
The Rise and Fall of 3GPP – Time for a Sabbatical?
3G4G
 
The AUB Centre for AI in Media Proposal.docx
GAONE9
 
Detection-First SIEM: Rule Types, Dashboards, and Threat-Informed Strategy
ReZa AdineH
 
Cloud computing and distributed systems.
kkkkkhan
 
“AI and Expert System Decision Support & Business Intelligence Systems”
ZubinRadhakrishnan
 
Advanced methodologies resolving dimensionality complications for autism neur...
IAESIJAI
 
Reach Out and Touch Someone: Haptics and Empathic Computing
Mark Billinghurst
 
NewMind AI Monthly Chronicles - July 2025
NewMind AI
 
KodekX | Application Modernization Development
KodekX
 
Understanding_Digital_Forensics_Presentation.pptx
ImranKhan423233
 
Approach and Philosophy of On baking technology
30anthuong17
 
Effective Security Operations Center (SOC) A Modern, Strategic, and Threat-In...
ReZa AdineH
 
Teaching material agriculture food technology
LiaRayya
 

Introducing (DET) the Data Exfiltration Toolkit