Explore the ten rules for successful exfiltration in this video.
- [Instructor] The Israeli-based firm SafeBreach…researched the problem of exfiltrating…small amounts of sensitive data…in a way that could not be detected.…In other words, perfect exfiltration.…Their scenario was a desktop in a highly secure environment…which has perfect network monitoring systems in place.…These include anomaly detection, packet analysis,…and reputation-based IP address filtering.…The scenario assumptions were as follows.…The first assumption is that monitoring is perfect.…
This means that every packet is scrutinized,…whatever its protocol,…and every anomaly is detected…using advanced techniques such as big data…or machine learning.…The monitoring system should be assumed…to have no weaknesses.…The second assumption…is that monitoring will check destination host reputation.…The third assumption is that encrypted web sessions…are decrypted at the gateway…and inspected for inappropriate content.…
This is known as SSL, or encryption stripping.…Another assumption is that the monitoring…is at a commercial level,…
- How tunneling works
- Running a local SSH tunnel
- Dynamic SSH tunneling
- Pivoting with Armitage and Metaspoit
- Exfiltrating using DET and DNS
- Covert exfiltration with Cachetalk
- Using PyExfil to exfiltrate over HTTPS
Skill Level Advanced
Ethical Hacking: Penetration Testingwith Lisa Bock1h 29m Intermediate
Penetration Testing Essential Trainingwith Malcolm Shore2h 29m Intermediate
Penetration Testing: Advanced Kali Linuxwith Malcolm Shore2h 22m Intermediate
1. Preparing the Lab
Next steps1m 38s
- Mark as unwatched
- Mark all as unwatched
Are you sure you want to mark all the videos in this course as unwatched?
This will not affect your course history, your reports, or your certificates of completion for this course.Cancel
Take notes with your new membership!
Type in the entry box, then click Enter to save your note.
1:30Press on any video thumbnail to jump immediately to the timecode shown.
Notes are saved with you account but can also be exported as plain text, MS Word, PDF, Google Doc, or Evernote.