See how to install the Cachetalk proof-of-concept tool and make some enhancements.
- [Instructor] We earlier discussed…the ten commandments of exfiltration.…Using these for guidance, researchers from Safe Bridge…have developed a perfect exfiltration mechanism.…to meet the research scenario,…The approach exploits the fact that caching mechanism leaked…the exact time an object was cached.…When a webpage is read by the exfiltrator,…from a server, the page is placed in cache…for a set period of time.…A response message will be sent back…with the expiry time and the request time set…in the response header.…
The collector then reads the same page,…but delayed by a number of seconds.…If the page exists in the cache, it will be returned…with the current expiry time, which will be less than…the full expiry time, by the delay.…If not, it will show the full expiry time.…By having the exfiltrator and collector…monitoring the website cache predetermined times…the collector can determine whether…a page was written or not.…If it's in the cache, this reflects a one, if not, a zero.…
This provides a covert channel for exfiltrating data…
- How tunneling works
- Running a local SSH tunnel
- Dynamic SSH tunneling
- Pivoting with Armitage and Metaspoit
- Exfiltrating using DET and DNS
- Covert exfiltration with Cachetalk
- Using PyExfil to exfiltrate over HTTPS
Skill Level Advanced
Ethical Hacking: Penetration Testingwith Lisa Bock1h 29m Intermediate
Penetration Testing Essential Trainingwith Malcolm Shore2h 29m Intermediate
Penetration Testing: Advanced Kali Linuxwith Malcolm Shore2h 22m Intermediate
1. Preparing the Lab
Next steps1m 38s
- Mark as unwatched
- Mark all as unwatched
Are you sure you want to mark all the videos in this course as unwatched?
This will not affect your course history, your reports, or your certificates of completion for this course.Cancel
Take notes with your new membership!
Type in the entry box, then click Enter to save your note.
1:30Press on any video thumbnail to jump immediately to the timecode shown.
Notes are saved with you account but can also be exported as plain text, MS Word, PDF, Google Doc, or Evernote.