‘Perfect’ Data Exfiltration Demonstrated by Larry Loeb.
From the post:
…
The 10 Commandments of Exfiltration
Following the experiment, the researchers came up with a technique of exfiltration based on their newly established 10 commandments. According to the SafeBreach presentation, these commandments are:
- No security through obscurity should be used.
- Only Web browsing and derived traffic is allowed.
- Anything that may theoretically be perceived as passing information is forbidden.
- Scrutinize every packet during comprehensive network monitoring.
- Assume TLS/SSL termination at the enterprise level.
- Assume the receiving party has no restrictions.
- Assume no nation-state or third-party site monitoring.
- Enable time synchronization between the communicating parties.
- There’s bonus points for methods that can be implemented manually from the sender side.
- Active disruption by the enterprise is always possible.
…
The technique discussed is criticized as “low bandwidth” but then I think, how much bandwidth does it take to transmit an admin login and password?
Definitely worth a slow read.
Other contenders for similar 10 commandments of exflitration?
As a trivial example, consider a sender who leaves work every day at the same time through a double door. If they exit to their right, it is a 0 and if they exit to their left, it is a 1. Perhaps only on set days of the week or month.
Very low bandwidth but as I said, for admin login/password, it would be sufficient.
How imaginative is your exflitration security?