SlideShare una empresa de Scribd logo
1 de 152
Descargar para leer sin conexión
Iftach Ian Amit | November 2011




               Advanced Data Exfiltration
               The way Q would have done it

               Iftach Ian Amit
               VP Consulting

               DC9723
               CSA-IL Board member
               IL-CERT Visionary

All rights reserved to Security Art ltd. 2002-2011   www.security-art.com
Iftach Ian Amit | November 2011



                                                     whoami




All rights reserved to Security Art ltd. 2002-2011     2
Iftach Ian Amit | November 2011



                                                     whoami




All rights reserved to Security Art ltd. 2002-2011     2
Iftach Ian Amit | November 2011



                                                     whoami




All rights reserved to Security Art ltd. 2002-2011     2
Iftach Ian Amit | November 2011



                                                     whoami




All rights reserved to Security Art ltd. 2002-2011     2
Iftach Ian Amit | November 2011



                                                     whoami




All rights reserved to Security Art ltd. 2002-2011     2
Iftach Ian Amit | November 2011



                                                     whoami




All rights reserved to Security Art ltd. 2002-2011     2
Iftach Ian Amit | November 2011



                                                     whoami




All rights reserved to Security Art ltd. 2002-2011     2
Iftach Ian Amit | November 2011



                                                     whoami




All rights reserved to Security Art ltd. 2002-2011     2
Iftach Ian Amit | November 2011



                                                     whoami




All rights reserved to Security Art ltd. 2002-2011     2
Iftach Ian Amit | November 2011



                                                     whoami




All rights reserved to Security Art ltd. 2002-2011     2
Iftach Ian Amit | November 2011



                                                     whoami




All rights reserved to Security Art ltd. 2002-2011     2
Iftach Ian Amit | November 2011



                                                     Agenda




All rights reserved to Security Art ltd. 2002-2011     3
Iftach Ian Amit | November 2011



                                                     Agenda




All rights reserved to Security Art ltd. 2002-2011     3
Iftach Ian Amit | November 2011



                                                     Agenda




All rights reserved to Security Art ltd. 2002-2011     3
Iftach Ian Amit | November 2011



                                                     Agenda




All rights reserved to Security Art ltd. 2002-2011     3
Iftach Ian Amit | November 2011




All rights reserved to Security Art ltd. 2002-2011   4
Iftach Ian Amit | November 2011




All rights reserved to Security Art ltd. 2002-2011   5
Iftach Ian Amit | November 2011




All rights reserved to Security Art ltd. 2002-2011   5
Iftach Ian Amit | November 2011




All rights reserved to Security Art ltd. 2002-2011   5
Iftach Ian Amit | November 2011




All rights reserved to Security Art ltd. 2002-2011   5
Iftach Ian Amit | November 2011




All rights reserved to Security Art ltd. 2002-2011   5
Iftach Ian Amit | November 2011




All rights reserved to Security Art ltd. 2002-2011   6
Iftach Ian Amit | November 2011




All rights reserved to Security Art ltd. 2002-2011   6
Iftach Ian Amit | November 2011




All rights reserved to Security Art ltd. 2002-2011   6
Iftach Ian Amit | November 2011




All rights reserved to Security Art ltd. 2002-2011   6
Iftach Ian Amit | November 2011




All rights reserved to Security Art ltd. 2002-2011   6
Iftach Ian Amit | November 2011




All rights reserved to Security Art ltd. 2002-2011   6
Iftach Ian Amit | November 2011




All rights reserved to Security Art ltd. 2002-2011   6
Iftach Ian Amit | November 2011




All rights reserved to Security Art ltd. 2002-2011   7
Iftach Ian Amit | November 2011




All rights reserved to Security Art ltd. 2002-2011   7
Iftach Ian Amit | November 2011




All rights reserved to Security Art ltd. 2002-2011   7
Iftach Ian Amit | November 2011




All rights reserved to Security Art ltd. 2002-2011   7
Iftach Ian Amit | November 2011




All rights reserved to Security Art ltd. 2002-2011   7
Iftach Ian Amit | November 2011




All rights reserved to Security Art ltd. 2002-2011   7
Iftach Ian Amit | November 2011




All rights reserved to Security Art ltd. 2002-2011   8
Iftach Ian Amit | November 2011




All rights reserved to Security Art ltd. 2002-2011   8
Iftach Ian Amit | November 2011




All rights reserved to Security Art ltd. 2002-2011   8
Iftach Ian Amit | November 2011




All rights reserved to Security Art ltd. 2002-2011   8
Iftach Ian Amit | November 2011




All rights reserved to Security Art ltd. 2002-2011   9
Iftach Ian Amit | November 2011




                   •      eMails, web links,
                          phishing...




All rights reserved to Security Art ltd. 2002-2011   9
Iftach Ian Amit | November 2011




                   •      eMails, web links,
                          phishing...

                          •      Works like a charm!




All rights reserved to Security Art ltd. 2002-2011     9
Iftach Ian Amit | November 2011




                   •      eMails, web links,
                          phishing...

                          •      Works like a charm!

                   •      And can be mostly
                          automated




All rights reserved to Security Art ltd. 2002-2011     9
Iftach Ian Amit | November 2011




                   •      eMails, web links,
                          phishing...

                          •      Works like a charm!

                   •      And can be mostly
                          automated

                          •      SET to the rescue



All rights reserved to Security Art ltd. 2002-2011     9
Iftach Ian Amit | November 2011




                   •      eMails, web links,
                          phishing...

                          •      Works like a charm!

                   •      And can be mostly
                          automated

                          •      SET to the rescue



All rights reserved to Security Art ltd. 2002-2011     9
Iftach Ian Amit | November 2011




          And... being nice/nasty/
          obnoxious/needy always
          helps!




All rights reserved to Security Art ltd. 2002-2011   10
Iftach Ian Amit | November 2011




          And... being nice/nasty/
          obnoxious/needy always
          helps!




All rights reserved to Security Art ltd. 2002-2011   10
Iftach Ian Amit | November 2011




          And... being nice/nasty/
          obnoxious/needy always
          helps!




All rights reserved to Security Art ltd. 2002-2011   10
Iftach Ian Amit | November 2011




          And... being nice/nasty/
          obnoxious/needy always
          helps!




All rights reserved to Security Art ltd. 2002-2011   10
Iftach Ian Amit | November 2011




          And... being nice/nasty/
          obnoxious/needy always
          helps!




All rights reserved to Security Art ltd. 2002-2011   10
Iftach Ian Amit | November 2011




All rights reserved to Security Art ltd. 2002-2011   11
Iftach Ian Amit | November 2011




All rights reserved to Security Art ltd. 2002-2011   11
Iftach Ian Amit | November 2011




                                                     Internet


                                        3rd party
                                                                You!
                   Target

All rights reserved to Security Art ltd. 2002-2011    11
Iftach Ian Amit | November 2011




                                                     Internet


                                        3rd party
                                                                You!
                   Target

All rights reserved to Security Art ltd. 2002-2011    11
Iftach Ian Amit | November 2011




                                                     Internet


                                        3rd party
                                                                You!
                   Target

All rights reserved to Security Art ltd. 2002-2011    11
Iftach Ian Amit | November 2011




                                                     Internet


                                        3rd party
                                                                You!
                   Target

All rights reserved to Security Art ltd. 2002-2011    11
Iftach Ian Amit | November 2011




                                                     Internet


                                        3rd party
                                                                You!
                   Target

All rights reserved to Security Art ltd. 2002-2011    11
Iftach Ian Amit | November 2011




                                                     Internet


                                        3rd party
                                                                You!
                   Target

All rights reserved to Security Art ltd. 2002-2011    11
Iftach Ian Amit | November 2011




                                                     Internet


                                        3rd party
                                                                You!
                   Target

All rights reserved to Security Art ltd. 2002-2011    11
Iftach Ian Amit | November 2011




All rights reserved to Security Art ltd. 2002-2011   12
Iftach Ian Amit | November 2011




All rights reserved to Security Art ltd. 2002-2011   12
Iftach Ian Amit | November 2011




All rights reserved to Security Art ltd. 2002-2011   12
Iftach Ian Amit | November 2011




       What is the
       target “willing”
       to tell about
       itself?




All rights reserved to Security Art ltd. 2002-2011   13
Iftach Ian Amit | November 2011




       What is the
       target “willing”
       to tell about
       itself?




All rights reserved to Security Art ltd. 2002-2011   13
Iftach Ian Amit | November 2011




       What is the
       target “willing”
       to tell about
       itself?




All rights reserved to Security Art ltd. 2002-2011   13
Iftach Ian Amit | November 2011



                              Who’s your daddy?
                       And buddy, and friends, relatives, colleagues...




All rights reserved to Security Art ltd. 2002-2011   14
Iftach Ian Amit | November 2011



                              Who’s your daddy?
                       And buddy, and friends, relatives, colleagues...




All rights reserved to Security Art ltd. 2002-2011   14
Iftach Ian Amit | November 2011



                              Who’s your daddy?
                       And buddy, and friends, relatives, colleagues...




All rights reserved to Security Art ltd. 2002-2011   14
Iftach Ian Amit | November 2011



                              Who’s your daddy?
                       And buddy, and friends, relatives, colleagues...




All rights reserved to Security Art ltd. 2002-2011   14
Iftach Ian Amit | November 2011




All rights reserved to Security Art ltd. 2002-2011   15
Iftach Ian Amit | November 2011




All rights reserved to Security Art ltd. 2002-2011   15
Iftach Ian Amit | November 2011



               Select your target wisely


                         And then craft your payload :-)




All rights reserved to Security Art ltd. 2002-2011   16
Iftach Ian Amit | November 2011




All rights reserved to Security Art ltd. 2002-2011   17
Iftach Ian Amit | November 2011




All rights reserved to Security Art ltd. 2002-2011   17
Iftach Ian Amit | November 2011




All rights reserved to Security Art ltd. 2002-2011   17
Iftach Ian Amit | November 2011




All rights reserved to Security Art ltd. 2002-2011   17
Iftach Ian Amit | November 2011




All rights reserved to Security Art ltd. 2002-2011   17
Iftach Ian Amit | November 2011




    • ZeuS: $3000-$5000
    • SpyEye: $2500-$4000
    • Limbo: $500-$1500

All rights reserved to Security Art ltd. 2002-2011   17
Iftach Ian Amit | November 2011




    • ZeuS: $3000-$5000
                    E!
                  RE
    • SpyEye: $2500-$4000
                F

    • Limbo: $500-$1500

All rights reserved to Security Art ltd. 2002-2011   17
Iftach Ian Amit | November 2011




All rights reserved to Security Art ltd. 2002-2011   18
Iftach Ian Amit | November 2011




All rights reserved to Security Art ltd. 2002-2011   18
Iftach Ian Amit | November 2011




   Experienced travelers
   know the importance
    of packing properly




All rights reserved to Security Art ltd. 2002-2011   18
Iftach Ian Amit | November 2011




   Experienced travelers
   know the importance
    of packing properly




All rights reserved to Security Art ltd. 2002-2011   18
Iftach Ian Amit | November 2011




                • File servers
                • Databases
                • File types
                • Gateways (routes)
                • Printers
All rights reserved to Security Art ltd. 2002-2011   19
Iftach Ian Amit | November 2011




             Mass infection:                                    APT:
             5-6 days before                              5-6 months before
                detection                                     detection




All rights reserved to Security Art ltd. 2002-2011   20
Iftach Ian Amit | November 2011




             Mass infection:                                    APT:
             5-6 days before                              5-6 months before
                detection                                     detection




All rights reserved to Security Art ltd. 2002-2011   20
Iftach Ian Amit | November 2011




             Mass infection:                                    APT:
             5-6 days before                              5-6 months before
                detection                                     detection


          Frequent updates                                  No* updates
                                                                 * Almost




All rights reserved to Security Art ltd. 2002-2011   20
Iftach Ian Amit | November 2011




                                         PATIENCE
             Mass infection:                                    APT:
             5-6 days before                              5-6 months before
                detection                                     detection


          Frequent updates                                  No* updates
                                                                 * Almost



All rights reserved to Security Art ltd. 2002-2011   21
Iftach Ian Amit | November 2011




All rights reserved to Security Art ltd. 2002-2011   22
Iftach Ian Amit | November 2011




All rights reserved to Security Art ltd. 2002-2011   22
Iftach Ian Amit | November 2011




All rights reserved to Security Art ltd. 2002-2011   22
Iftach Ian Amit | November 2011




All rights reserved to Security Art ltd. 2002-2011   22
Iftach Ian Amit | November 2011




All rights reserved to Security Art ltd. 2002-2011   22
Iftach Ian Amit | November 2011




All rights reserved to Security Art ltd. 2002-2011   22
Iftach Ian Amit | November 2011




All rights reserved to Security Art ltd. 2002-2011   22
Iftach Ian Amit | November 2011




All rights reserved to Security Art ltd. 2002-2011   23
Iftach Ian Amit | November 2011




All rights reserved to Security Art ltd. 2002-2011   23
Iftach Ian Amit | November 2011




All rights reserved to Security Art ltd. 2002-2011   24
Iftach Ian Amit | November 2011




All rights reserved to Security Art ltd. 2002-2011   24
Iftach Ian Amit | November 2011




All rights reserved to Security Art ltd. 2002-2011   24
Iftach Ian Amit | November 2011




                        -----BEGIN PGP MESSAGE-----
                                                           So...
                        Version: GnuPG/MacGPG2 v2.0.14 (Darwin)

                        hQMOA1jQIm6UkL4eEAv/W3r/eYLUmqRNi/Jegt72lK6qdBiBfkg9PZ5YKql9CUZp
                        FGnVk029K3gEVcrA4k7w2aOtP7tYKRF8v4yrZQ9GZ7eXzR7+Tbf1g+7dveH6U8Bf
                        BHo8LRovj5OlGghrvpyKYRPIf/NAgzL2G8dyi/FVB0YB4J7/4x0YFEalQHaLiKyt
                        /gkikyV92njPJ6tPm2sdKUqUHSb20r9AdowZ0VVRrWwdRgUhdNXajjwcbH1BjVuS
                        Gilw8MnmQkmJAT+TAFkTqC9fjiwtnNMNANJbo2Z36RqsAcKbhVh1eMA7ev0pUakp
                        Tm4xN64syk/1DEc0VHFbanAreTV3tCbUUIoPQDFGFpiu3oS6/089oUvRtBBbC5p6
                        leYKEnDllcGWAomRSiYBFWjTca/DIw43QIW/lmdBnwcWLuQmDCmwr3HuhEaOmqfO
                        hdgaxM4GuVdJCDdwXzwpuaPElCd18weH2XNzudLdeRKN+wjl/4D6bIo+038BcLei
                        SyhWrMFB7mKSmEzQufQUDACFamtMCn9YOo3mgo+YYk505qhIDLNwZXqyVUqOHvIG
                        vu7gzuNwUdY5idLqsGEs0K0xVwYntTKUh61tNS/HDfNTVm4Y3p8M88JHhcg7npY5
                        gJuhWuHkgp2CTsQT+gRjthm3l3AlnIvAfuC5uWLMsjA4sCw2FRDOARxrN9El8maX
                        /vCxN9aB3dK4S9MSGJ5HhaYpTfpc9CdFkFryzb2sFWfW85nSzNo7dVFCy0jmSr19
                        o4Jsfj0J0izS3MeGYYz5NSsfBz+6o/IYURL3OXrm4DuJNHY0DvVbYqSQRRx3o2S+
                        uZekwXwYsqpei/f/sYo875p5NeX3g62zgjy2Vly+n58WaZWoHb5Y0QCxNfpjdcAQ
                        3tuZQaUvlqrkQeSRxKXD7pxlHdwHDgfvw01RU8NsMkfsBoTZY27BjFvIg5S/pv9O
                        6IznXaJu9jRWDj6tvSypx8X2iiVgtSHYahlqEUH1RusAMCILkx0DydCvUud/qRbT
                        YcnkVVgA8ojeDoVpp3AabRrSmgEAOwW6M0KvnSuMKniLIKe7kolqGjEuLAx7s5Kg
                        mMHfNki5dYWvQzHv03ID9UG+uW6o54BnsajEVe2EcYTPT+8pg2bCxnMElK0ds9Is
                        qvf2Kx4kqO0qMeJG1II2zfAFqmMiTMtgA2CZ0Y42hA/bQK/CCM8QVo9JcGn3Jf6N
                        0X1TVob7xDo/fkRROHv74dIh2Kxa0SH8iGdb4kI=
                        =jN3t
                        -----END PGP MESSAGE-----

All rights reserved to Security Art ltd. 2002-2011                25
Iftach Ian Amit | November 2011



                         Still “too detectable”




All rights reserved to Security Art ltd. 2002-2011   26
Iftach Ian Amit | November 2011



                         Still “too detectable”
                        hQMOA1jQIm6UkL4eEAv/W3r/eYLUmqRNi/Jegt72lK6qdBiBfkg9PZ5YKql9CUZp
                        FGnVk029K3gEVcrA4k7w2aOtP7tYKRF8v4yrZQ9GZ7eXzR7+Tbf1g+7dveH6U8Bf
                        BHo8LRovj5OlGghrvpyKYRPIf/NAgzL2G8dyi/FVB0YB4J7/4x0YFEalQHaLiKyt
                        /gkikyV92njPJ6tPm2sdKUqUHSb20r9AdowZ0VVRrWwdRgUhdNXajjwcbH1BjVuS
                        Gilw8MnmQkmJAT+TAFkTqC9fjiwtnNMNANJbo2Z36RqsAcKbhVh1eMA7ev0pUakp
                        Tm4xN64syk/1DEc0VHFbanAreTV3tCbUUIoPQDFGFpiu3oS6/089oUvRtBBbC5p6
                        leYKEnDllcGWAomRSiYBFWjTca/DIw43QIW/lmdBnwcWLuQmDCmwr3HuhEaOmqfO
                        hdgaxM4GuVdJCDdwXzwpuaPElCd18weH2XNzudLdeRKN+wjl/4D6bIo+038BcLei
                        SyhWrMFB7mKSmEzQufQUDACFamtMCn9YOo3mgo+YYk505qhIDLNwZXqyVUqOHvIG
                        vu7gzuNwUdY5idLqsGEs0K0xVwYntTKUh61tNS/HDfNTVm4Y3p8M88JHhcg7npY5
                        gJuhWuHkgp2CTsQT+gRjthm3l3AlnIvAfuC5uWLMsjA4sCw2FRDOARxrN9El8maX
                        /vCxN9aB3dK4S9MSGJ5HhaYpTfpc9CdFkFryzb2sFWfW85nSzNo7dVFCy0jmSr19
                        o4Jsfj0J0izS3MeGYYz5NSsfBz+6o/IYURL3OXrm4DuJNHY0DvVbYqSQRRx3o2S+
                        uZekwXwYsqpei/f/sYo875p5NeX3g62zgjy2Vly+n58WaZWoHb5Y0QCxNfpjdcAQ
                        3tuZQaUvlqrkQeSRxKXD7pxlHdwHDgfvw01RU8NsMkfsBoTZY27BjFvIg5S/pv9O
                        6IznXaJu9jRWDj6tvSypx8X2iiVgtSHYahlqEUH1RusAMCILkx0DydCvUud/qRbT
                        YcnkVVgA8ojeDoVpp3AabRrSmgEAOwW6M0KvnSuMKniLIKe7kolqGjEuLAx7s5Kg
                        mMHfNki5dYWvQzHv03ID9UG+uW6o54BnsajEVe2EcYTPT+8pg2bCxnMElK0ds9Is
                        qvf2Kx4kqO0qMeJG1II2zfAFqmMiTMtgA2CZ0Y42hA/bQK/CCM8QVo9JcGn3Jf6N
                        0X1TVob7xDo/fkRROHv74dIh2Kxa0SH8iGdb4kI=
                        =jN3t



All rights reserved to Security Art ltd. 2002-2011       26
Iftach Ian Amit | November 2011



                                                     Much better
                   • Throws in some additional encodings
                   • And an XOR for old time’s sake


                   • And we are good to go...
                    • 0% detection rate
All rights reserved to Security Art ltd. 2002-2011        27
Iftach Ian Amit | November 2011




                                                     Resistance is futile
All rights reserved to Security Art ltd. 2002-2011            28
Iftach Ian Amit | November 2011




All rights reserved to Security Art ltd. 2002-2011   29
Iftach Ian Amit | November 2011




        80
                                                          53
                              443
All rights reserved to Security Art ltd. 2002-2011   29
Iftach Ian Amit | November 2011




        80
                                                          53
                              443
All rights reserved to Security Art ltd. 2002-2011   29
Iftach Ian Amit | November 2011



                                          Kill some trees




All rights reserved to Security Art ltd. 2002-2011   30
Iftach Ian Amit | November 2011




All rights reserved to Security Art ltd. 2002-2011   31
Iftach Ian Amit | November 2011




All rights reserved to Security Art ltd. 2002-2011   31
Iftach Ian Amit | November 2011



                                       Good ol’e DD...




All rights reserved to Security Art ltd. 2002-2011   32
Iftach Ian Amit | November 2011




All rights reserved to Security Art ltd. 2002-2011   33
Iftach Ian Amit | November 2011




All rights reserved to Security Art ltd. 2002-2011   33
Iftach Ian Amit | November 2011




                                                     1/2 byte
                                                         =
                                                     16 values
                                                     1 0 1 0




All rights reserved to Security Art ltd. 2002-2011          33
Iftach Ian Amit | November 2011




                                                     1/2 byte
                                                         =
                                                     16 values
                                                     1 0 1 0




All rights reserved to Security Art ltd. 2002-2011          33
Iftach Ian Amit | November 2011




                                                     1/2 byte
                                                         =
                                                     16 values
                                                     1 0 1 0




All rights reserved to Security Art ltd. 2002-2011          33
Iftach Ian Amit | November 2011




All rights reserved to Security Art ltd. 2002-2011   34
Iftach Ian Amit | November 2011




All rights reserved to Security Art ltd. 2002-2011   34
Iftach Ian Amit | November 2011




All rights reserved to Security Art ltd. 2002-2011   34
Iftach Ian Amit | November 2011




All rights reserved to Security Art ltd. 2002-2011   34
Iftach Ian Amit | November 2011




All rights reserved to Security Art ltd. 2002-2011   34
Iftach Ian Amit | November 2011




All rights reserved to Security Art ltd. 2002-2011   34
Iftach Ian Amit | November 2011




All rights reserved to Security Art ltd. 2002-2011   34
Iftach Ian Amit | November 2011




All rights reserved to Security Art ltd. 2002-2011   34
Iftach Ian Amit | November 2011




All rights reserved to Security Art ltd. 2002-2011   35
Iftach Ian Amit | November 2011




All rights reserved to Security Art ltd. 2002-2011   35
Iftach Ian Amit | November 2011




                                                          1 0 1 0




All rights reserved to Security Art ltd. 2002-2011   35
Iftach Ian Amit | November 2011



                                                     DEMO




All rights reserved to Security Art ltd. 2002-2011    36
Iftach Ian Amit | November 2011



                                                     DEMO




All rights reserved to Security Art ltd. 2002-2011    36
Iftach Ian Amit | November 2011



                                                     DEMO




All rights reserved to Security Art ltd. 2002-2011    36
Iftach Ian Amit | November 2011



                                                     DEMO




All rights reserved to Security Art ltd. 2002-2011    36
Iftach Ian Amit | November 2011



                                                     DEMO




All rights reserved to Security Art ltd. 2002-2011    36
Iftach Ian Amit | November 2011



                                                     DEMO




All rights reserved to Security Art ltd. 2002-2011    36
Iftach Ian Amit | November 2011




All rights reserved to Security Art ltd. 2002-2011   37
Iftach Ian Amit | November 2011



                     Killing paper isn’t nice
                   • Fax it!
                   • Most corporations have email-to-fax
                           services
                          • heard of the address
                                  555-7963@fax.corp.com ?
                   • Just send any document (text, doc, pdf) to it
                           and off you go with the data...

All rights reserved to Security Art ltd. 2002-2011   38
Iftach Ian Amit | November 2011



                                                     Conclusions




All rights reserved to Security Art ltd. 2002-2011        39
Iftach Ian Amit | November 2011



                                                     Conclusions




All rights reserved to Security Art ltd. 2002-2011        39
Iftach Ian Amit | November 2011



                                                     Conclusions




All rights reserved to Security Art ltd. 2002-2011        39
Iftach Ian Amit | November 2011



                                                     Conclusions




All rights reserved to Security Art ltd. 2002-2011        39
Iftach Ian Amit | November 2011




                   • Start with the
                           human factor
                   • Then add
                           technology



All rights reserved to Security Art ltd. 2002-2011   40
Iftach Ian Amit | November 2011




                   • Start with the
                           human factor
                   • Then add
                           technology



All rights reserved to Security Art ltd. 2002-2011   40
Iftach Ian Amit | November 2011




                   • Where people leave data
                    • Hint - spend time with developers.
                   • “Hack” the business process

                   • Test, test again, and then test. Follow with a
                           surprise test!

All rights reserved to Security Art ltd. 2002-2011   41
Iftach Ian Amit | November 2011




                   • Where people leave data
                    • Hint - spend time with developers.
                   • “Hack” the business process

                   • Test, test again, and then test. Follow with a
                           surprise test!

All rights reserved to Security Art ltd. 2002-2011   41
Iftach Ian Amit | November 2011




                                                          “be true to
                                                          yourself, not to
                                                          what you believe
                                                          things should look
                                                          like”
                                                                Old chinese proverb




All rights reserved to Security Art ltd. 2002-2011   42
Iftach Ian Amit | November 2011




                                                          “be true to
                                                          yourself, not to
                                                          what you believe
                                                          things should look
                                                          like”
                                                                Old chinese proverb




All rights reserved to Security Art ltd. 2002-2011   42
Iftach Ian Amit | November 2011




                 They are YOUR assets
                        after all

                          No reason to be
                           shy about it...

                 And remember to add
                       honey...

All rights reserved to Security Art ltd. 2002-2011   43
Iftach Ian Amit | November 2011




All rights reserved to Security Art ltd. 2002-2011   44
Iftach Ian Amit | November 2011




All rights reserved to Security Art ltd. 2002-2011   44
Iftach Ian Amit | November 2011




All rights reserved to Security Art ltd. 2002-2011   44
Iftach Ian Amit | November 2011



               TEST SOME MORE




For hints/guides see: www.pentest-standard.org

All rights reserved to Security Art ltd. 2002-2011   45
Iftach Ian Amit | November 2011



                                                     Questions?
                      Thank you!                                 Whitepapers:
                                                               www.security-art.com

Data modulation Exfil POC:                                       Too shy to ask now?
 http://code.google.com/p/                                    iamit@security-art.com
      data-sound-poc/
                                                              Need your daily chatter?
                                                                twitter.com/iiamit

All rights reserved to Security Art ltd. 2002-2011       46

Más contenido relacionado

Destacado

Advanced (persistent) binary planting
Advanced (persistent) binary plantingAdvanced (persistent) binary planting
Advanced (persistent) binary plantingSource Conference
 
Adam Meyers - Obfuscation And Communications
Adam Meyers - Obfuscation And CommunicationsAdam Meyers - Obfuscation And Communications
Adam Meyers - Obfuscation And CommunicationsSource Conference
 
Forensic Memory Analysis of Android's Dalvik Virtual Machine
Forensic Memory Analysis of Android's Dalvik Virtual MachineForensic Memory Analysis of Android's Dalvik Virtual Machine
Forensic Memory Analysis of Android's Dalvik Virtual MachineSource Conference
 
Extracting Forensic Information From Zeus Derivatives
Extracting Forensic Information From Zeus DerivativesExtracting Forensic Information From Zeus Derivatives
Extracting Forensic Information From Zeus DerivativesSource Conference
 
Nazira Omuralieva - Susan Kaufman - Improving Application Security - Vulnerab...
Nazira Omuralieva - Susan Kaufman - Improving Application Security - Vulnerab...Nazira Omuralieva - Susan Kaufman - Improving Application Security - Vulnerab...
Nazira Omuralieva - Susan Kaufman - Improving Application Security - Vulnerab...Source Conference
 
Sebastian Porst - Reverse-Engineering Flash Files with SWFRETools
Sebastian Porst - Reverse-Engineering Flash Files with SWFREToolsSebastian Porst - Reverse-Engineering Flash Files with SWFRETools
Sebastian Porst - Reverse-Engineering Flash Files with SWFREToolsSource Conference
 
Men in the Server Meet the Man in the Browser
Men in the Server Meet the Man in the BrowserMen in the Server Meet the Man in the Browser
Men in the Server Meet the Man in the BrowserSource Conference
 
Security Goodness with Ruby on Rails
Security Goodness with Ruby on RailsSecurity Goodness with Ruby on Rails
Security Goodness with Ruby on RailsSource Conference
 

Destacado (10)

Advanced (persistent) binary planting
Advanced (persistent) binary plantingAdvanced (persistent) binary planting
Advanced (persistent) binary planting
 
Adam Meyers - Obfuscation And Communications
Adam Meyers - Obfuscation And CommunicationsAdam Meyers - Obfuscation And Communications
Adam Meyers - Obfuscation And Communications
 
Ken Smith - Tokenization
Ken Smith - TokenizationKen Smith - Tokenization
Ken Smith - Tokenization
 
Forensic Memory Analysis of Android's Dalvik Virtual Machine
Forensic Memory Analysis of Android's Dalvik Virtual MachineForensic Memory Analysis of Android's Dalvik Virtual Machine
Forensic Memory Analysis of Android's Dalvik Virtual Machine
 
Extracting Forensic Information From Zeus Derivatives
Extracting Forensic Information From Zeus DerivativesExtracting Forensic Information From Zeus Derivatives
Extracting Forensic Information From Zeus Derivatives
 
Nazira Omuralieva - Susan Kaufman - Improving Application Security - Vulnerab...
Nazira Omuralieva - Susan Kaufman - Improving Application Security - Vulnerab...Nazira Omuralieva - Susan Kaufman - Improving Application Security - Vulnerab...
Nazira Omuralieva - Susan Kaufman - Improving Application Security - Vulnerab...
 
Banking Fraud Evolution
Banking Fraud EvolutionBanking Fraud Evolution
Banking Fraud Evolution
 
Sebastian Porst - Reverse-Engineering Flash Files with SWFRETools
Sebastian Porst - Reverse-Engineering Flash Files with SWFREToolsSebastian Porst - Reverse-Engineering Flash Files with SWFRETools
Sebastian Porst - Reverse-Engineering Flash Files with SWFRETools
 
Men in the Server Meet the Man in the Browser
Men in the Server Meet the Man in the BrowserMen in the Server Meet the Man in the Browser
Men in the Server Meet the Man in the Browser
 
Security Goodness with Ruby on Rails
Security Goodness with Ruby on RailsSecurity Goodness with Ruby on Rails
Security Goodness with Ruby on Rails
 

Similar a Advanced Data Exfiltration The Way Q Would Have Done It

Advanced Data Exfiltration - the way Q would have done it
Advanced Data Exfiltration - the way Q would have done itAdvanced Data Exfiltration - the way Q would have done it
Advanced Data Exfiltration - the way Q would have done itIftach Ian Amit
 
Advanced Data Exfiltration
Advanced Data ExfiltrationAdvanced Data Exfiltration
Advanced Data ExfiltrationIftach Ian Amit
 
Pushing in, leaving a present, and pulling out slowly without anyone noticing
Pushing in, leaving a present, and pulling out slowly without anyone noticingPushing in, leaving a present, and pulling out slowly without anyone noticing
Pushing in, leaving a present, and pulling out slowly without anyone noticingIftach Ian Amit
 
Ian Iftach Amit - Cyber[Crime|War] - Connecting The Dots
Ian Iftach Amit - Cyber[Crime|War] - Connecting The DotsIan Iftach Amit - Cyber[Crime|War] - Connecting The Dots
Ian Iftach Amit - Cyber[Crime|War] - Connecting The DotsSource Conference
 
Cyber [Crime|War] - SourceBoston 2011
Cyber [Crime|War] - SourceBoston 2011Cyber [Crime|War] - SourceBoston 2011
Cyber [Crime|War] - SourceBoston 2011Iftach Ian Amit
 
Cyber[Crime|War] - Brucon
Cyber[Crime|War] - BruconCyber[Crime|War] - Brucon
Cyber[Crime|War] - BruconIftach Ian Amit
 
Cyber Terror ICT Conference
Cyber Terror ICT ConferenceCyber Terror ICT Conference
Cyber Terror ICT ConferenceIftach Ian Amit
 

Similar a Advanced Data Exfiltration The Way Q Would Have Done It (7)

Advanced Data Exfiltration - the way Q would have done it
Advanced Data Exfiltration - the way Q would have done itAdvanced Data Exfiltration - the way Q would have done it
Advanced Data Exfiltration - the way Q would have done it
 
Advanced Data Exfiltration
Advanced Data ExfiltrationAdvanced Data Exfiltration
Advanced Data Exfiltration
 
Pushing in, leaving a present, and pulling out slowly without anyone noticing
Pushing in, leaving a present, and pulling out slowly without anyone noticingPushing in, leaving a present, and pulling out slowly without anyone noticing
Pushing in, leaving a present, and pulling out slowly without anyone noticing
 
Ian Iftach Amit - Cyber[Crime|War] - Connecting The Dots
Ian Iftach Amit - Cyber[Crime|War] - Connecting The DotsIan Iftach Amit - Cyber[Crime|War] - Connecting The Dots
Ian Iftach Amit - Cyber[Crime|War] - Connecting The Dots
 
Cyber [Crime|War] - SourceBoston 2011
Cyber [Crime|War] - SourceBoston 2011Cyber [Crime|War] - SourceBoston 2011
Cyber [Crime|War] - SourceBoston 2011
 
Cyber[Crime|War] - Brucon
Cyber[Crime|War] - BruconCyber[Crime|War] - Brucon
Cyber[Crime|War] - Brucon
 
Cyber Terror ICT Conference
Cyber Terror ICT ConferenceCyber Terror ICT Conference
Cyber Terror ICT Conference
 

Más de Source Conference

iBanking - a botnet on Android
iBanking - a botnet on AndroidiBanking - a botnet on Android
iBanking - a botnet on AndroidSource Conference
 
I want the next generation web here SPDY QUIC
I want the next generation web here SPDY QUICI want the next generation web here SPDY QUIC
I want the next generation web here SPDY QUICSource Conference
 
How to Like Social Media Network Security
How to Like Social Media Network SecurityHow to Like Social Media Network Security
How to Like Social Media Network SecuritySource Conference
 
Wfuzz para Penetration Testers
Wfuzz para Penetration TestersWfuzz para Penetration Testers
Wfuzz para Penetration TestersSource Conference
 
Securty Testing For RESTful Applications
Securty Testing For RESTful ApplicationsSecurty Testing For RESTful Applications
Securty Testing For RESTful ApplicationsSource Conference
 
Adapting To The Age Of Anonymous
Adapting To The Age Of AnonymousAdapting To The Age Of Anonymous
Adapting To The Age Of AnonymousSource Conference
 
Are Agile And Secure Development Mutually Exclusive?
Are Agile And Secure Development Mutually Exclusive?Are Agile And Secure Development Mutually Exclusive?
Are Agile And Secure Development Mutually Exclusive?Source Conference
 
Who should the security team hire next?
Who should the security team hire next?Who should the security team hire next?
Who should the security team hire next?Source Conference
 
The Latest Developments in Computer Crime Law
The Latest Developments in Computer Crime LawThe Latest Developments in Computer Crime Law
The Latest Developments in Computer Crime LawSource Conference
 
Everything you should already know about MS-SQL post-exploitation
Everything you should already know about MS-SQL post-exploitationEverything you should already know about MS-SQL post-exploitation
Everything you should already know about MS-SQL post-exploitationSource Conference
 
Reputation Digital Vaccine: Reinventing Internet Blacklists
Reputation Digital Vaccine: Reinventing Internet BlacklistsReputation Digital Vaccine: Reinventing Internet Blacklists
Reputation Digital Vaccine: Reinventing Internet BlacklistsSource Conference
 
Threat Modeling: Best Practices
Threat Modeling: Best PracticesThreat Modeling: Best Practices
Threat Modeling: Best PracticesSource Conference
 
Geer - Hutton - Shannon - A Pilot Project On The Use Of Prediction Markets I...
Geer -  Hutton - Shannon - A Pilot Project On The Use Of Prediction Markets I...Geer -  Hutton - Shannon - A Pilot Project On The Use Of Prediction Markets I...
Geer - Hutton - Shannon - A Pilot Project On The Use Of Prediction Markets I...Source Conference
 
Matthew Coles - Izar Tarandach - Security Toolbox
Matthew Coles - Izar Tarandach - Security ToolboxMatthew Coles - Izar Tarandach - Security Toolbox
Matthew Coles - Izar Tarandach - Security ToolboxSource Conference
 

Más de Source Conference (18)

Million Browser Botnet
Million Browser BotnetMillion Browser Botnet
Million Browser Botnet
 
iBanking - a botnet on Android
iBanking - a botnet on AndroidiBanking - a botnet on Android
iBanking - a botnet on Android
 
I want the next generation web here SPDY QUIC
I want the next generation web here SPDY QUICI want the next generation web here SPDY QUIC
I want the next generation web here SPDY QUIC
 
How to Like Social Media Network Security
How to Like Social Media Network SecurityHow to Like Social Media Network Security
How to Like Social Media Network Security
 
Wfuzz para Penetration Testers
Wfuzz para Penetration TestersWfuzz para Penetration Testers
Wfuzz para Penetration Testers
 
Securty Testing For RESTful Applications
Securty Testing For RESTful ApplicationsSecurty Testing For RESTful Applications
Securty Testing For RESTful Applications
 
Esteganografia
EsteganografiaEsteganografia
Esteganografia
 
Adapting To The Age Of Anonymous
Adapting To The Age Of AnonymousAdapting To The Age Of Anonymous
Adapting To The Age Of Anonymous
 
Are Agile And Secure Development Mutually Exclusive?
Are Agile And Secure Development Mutually Exclusive?Are Agile And Secure Development Mutually Exclusive?
Are Agile And Secure Development Mutually Exclusive?
 
Who should the security team hire next?
Who should the security team hire next?Who should the security team hire next?
Who should the security team hire next?
 
The Latest Developments in Computer Crime Law
The Latest Developments in Computer Crime LawThe Latest Developments in Computer Crime Law
The Latest Developments in Computer Crime Law
 
JSF Security
JSF SecurityJSF Security
JSF Security
 
Everything you should already know about MS-SQL post-exploitation
Everything you should already know about MS-SQL post-exploitationEverything you should already know about MS-SQL post-exploitation
Everything you should already know about MS-SQL post-exploitation
 
Keynote
KeynoteKeynote
Keynote
 
Reputation Digital Vaccine: Reinventing Internet Blacklists
Reputation Digital Vaccine: Reinventing Internet BlacklistsReputation Digital Vaccine: Reinventing Internet Blacklists
Reputation Digital Vaccine: Reinventing Internet Blacklists
 
Threat Modeling: Best Practices
Threat Modeling: Best PracticesThreat Modeling: Best Practices
Threat Modeling: Best Practices
 
Geer - Hutton - Shannon - A Pilot Project On The Use Of Prediction Markets I...
Geer -  Hutton - Shannon - A Pilot Project On The Use Of Prediction Markets I...Geer -  Hutton - Shannon - A Pilot Project On The Use Of Prediction Markets I...
Geer - Hutton - Shannon - A Pilot Project On The Use Of Prediction Markets I...
 
Matthew Coles - Izar Tarandach - Security Toolbox
Matthew Coles - Izar Tarandach - Security ToolboxMatthew Coles - Izar Tarandach - Security Toolbox
Matthew Coles - Izar Tarandach - Security Toolbox
 

Último

New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024BookNet Canada
 
Emixa Mendix Meetup 11 April 2024 about Mendix Native development
Emixa Mendix Meetup 11 April 2024 about Mendix Native developmentEmixa Mendix Meetup 11 April 2024 about Mendix Native development
Emixa Mendix Meetup 11 April 2024 about Mendix Native developmentPim van der Noll
 
Microsoft 365 Copilot: How to boost your productivity with AI – Part one: Ado...
Microsoft 365 Copilot: How to boost your productivity with AI – Part one: Ado...Microsoft 365 Copilot: How to boost your productivity with AI – Part one: Ado...
Microsoft 365 Copilot: How to boost your productivity with AI – Part one: Ado...Nikki Chapple
 
Long journey of Ruby standard library at RubyConf AU 2024
Long journey of Ruby standard library at RubyConf AU 2024Long journey of Ruby standard library at RubyConf AU 2024
Long journey of Ruby standard library at RubyConf AU 2024Hiroshi SHIBATA
 
Time Series Foundation Models - current state and future directions
Time Series Foundation Models - current state and future directionsTime Series Foundation Models - current state and future directions
Time Series Foundation Models - current state and future directionsNathaniel Shimoni
 
TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024Lonnie McRorey
 
Generative AI - Gitex v1Generative AI - Gitex v1.pptx
Generative AI - Gitex v1Generative AI - Gitex v1.pptxGenerative AI - Gitex v1Generative AI - Gitex v1.pptx
Generative AI - Gitex v1Generative AI - Gitex v1.pptxfnnc6jmgwh
 
UiPath Community: Communication Mining from Zero to Hero
UiPath Community: Communication Mining from Zero to HeroUiPath Community: Communication Mining from Zero to Hero
UiPath Community: Communication Mining from Zero to HeroUiPathCommunity
 
A Journey Into the Emotions of Software Developers
A Journey Into the Emotions of Software DevelopersA Journey Into the Emotions of Software Developers
A Journey Into the Emotions of Software DevelopersNicole Novielli
 
Unleashing Real-time Insights with ClickHouse_ Navigating the Landscape in 20...
Unleashing Real-time Insights with ClickHouse_ Navigating the Landscape in 20...Unleashing Real-time Insights with ClickHouse_ Navigating the Landscape in 20...
Unleashing Real-time Insights with ClickHouse_ Navigating the Landscape in 20...Alkin Tezuysal
 
TrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data PrivacyTrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data PrivacyTrustArc
 
A Deep Dive on Passkeys: FIDO Paris Seminar.pptx
A Deep Dive on Passkeys: FIDO Paris Seminar.pptxA Deep Dive on Passkeys: FIDO Paris Seminar.pptx
A Deep Dive on Passkeys: FIDO Paris Seminar.pptxLoriGlavin3
 
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptx
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptxThe Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptx
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptxLoriGlavin3
 
Connecting the Dots for Information Discovery.pdf
Connecting the Dots for Information Discovery.pdfConnecting the Dots for Information Discovery.pdf
Connecting the Dots for Information Discovery.pdfNeo4j
 
Testing tools and AI - ideas what to try with some tool examples
Testing tools and AI - ideas what to try with some tool examplesTesting tools and AI - ideas what to try with some tool examples
Testing tools and AI - ideas what to try with some tool examplesKari Kakkonen
 
Design pattern talk by Kaya Weers - 2024 (v2)
Design pattern talk by Kaya Weers - 2024 (v2)Design pattern talk by Kaya Weers - 2024 (v2)
Design pattern talk by Kaya Weers - 2024 (v2)Kaya Weers
 
2024 April Patch Tuesday
2024 April Patch Tuesday2024 April Patch Tuesday
2024 April Patch TuesdayIvanti
 
Potential of AI (Generative AI) in Business: Learnings and Insights
Potential of AI (Generative AI) in Business: Learnings and InsightsPotential of AI (Generative AI) in Business: Learnings and Insights
Potential of AI (Generative AI) in Business: Learnings and InsightsRavi Sanghani
 
Scale your database traffic with Read & Write split using MySQL Router
Scale your database traffic with Read & Write split using MySQL RouterScale your database traffic with Read & Write split using MySQL Router
Scale your database traffic with Read & Write split using MySQL RouterMydbops
 
Genislab builds better products and faster go-to-market with Lean project man...
Genislab builds better products and faster go-to-market with Lean project man...Genislab builds better products and faster go-to-market with Lean project man...
Genislab builds better products and faster go-to-market with Lean project man...Farhan Tariq
 

Último (20)

New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
 
Emixa Mendix Meetup 11 April 2024 about Mendix Native development
Emixa Mendix Meetup 11 April 2024 about Mendix Native developmentEmixa Mendix Meetup 11 April 2024 about Mendix Native development
Emixa Mendix Meetup 11 April 2024 about Mendix Native development
 
Microsoft 365 Copilot: How to boost your productivity with AI – Part one: Ado...
Microsoft 365 Copilot: How to boost your productivity with AI – Part one: Ado...Microsoft 365 Copilot: How to boost your productivity with AI – Part one: Ado...
Microsoft 365 Copilot: How to boost your productivity with AI – Part one: Ado...
 
Long journey of Ruby standard library at RubyConf AU 2024
Long journey of Ruby standard library at RubyConf AU 2024Long journey of Ruby standard library at RubyConf AU 2024
Long journey of Ruby standard library at RubyConf AU 2024
 
Time Series Foundation Models - current state and future directions
Time Series Foundation Models - current state and future directionsTime Series Foundation Models - current state and future directions
Time Series Foundation Models - current state and future directions
 
TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024
 
Generative AI - Gitex v1Generative AI - Gitex v1.pptx
Generative AI - Gitex v1Generative AI - Gitex v1.pptxGenerative AI - Gitex v1Generative AI - Gitex v1.pptx
Generative AI - Gitex v1Generative AI - Gitex v1.pptx
 
UiPath Community: Communication Mining from Zero to Hero
UiPath Community: Communication Mining from Zero to HeroUiPath Community: Communication Mining from Zero to Hero
UiPath Community: Communication Mining from Zero to Hero
 
A Journey Into the Emotions of Software Developers
A Journey Into the Emotions of Software DevelopersA Journey Into the Emotions of Software Developers
A Journey Into the Emotions of Software Developers
 
Unleashing Real-time Insights with ClickHouse_ Navigating the Landscape in 20...
Unleashing Real-time Insights with ClickHouse_ Navigating the Landscape in 20...Unleashing Real-time Insights with ClickHouse_ Navigating the Landscape in 20...
Unleashing Real-time Insights with ClickHouse_ Navigating the Landscape in 20...
 
TrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data PrivacyTrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data Privacy
 
A Deep Dive on Passkeys: FIDO Paris Seminar.pptx
A Deep Dive on Passkeys: FIDO Paris Seminar.pptxA Deep Dive on Passkeys: FIDO Paris Seminar.pptx
A Deep Dive on Passkeys: FIDO Paris Seminar.pptx
 
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptx
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptxThe Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptx
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptx
 
Connecting the Dots for Information Discovery.pdf
Connecting the Dots for Information Discovery.pdfConnecting the Dots for Information Discovery.pdf
Connecting the Dots for Information Discovery.pdf
 
Testing tools and AI - ideas what to try with some tool examples
Testing tools and AI - ideas what to try with some tool examplesTesting tools and AI - ideas what to try with some tool examples
Testing tools and AI - ideas what to try with some tool examples
 
Design pattern talk by Kaya Weers - 2024 (v2)
Design pattern talk by Kaya Weers - 2024 (v2)Design pattern talk by Kaya Weers - 2024 (v2)
Design pattern talk by Kaya Weers - 2024 (v2)
 
2024 April Patch Tuesday
2024 April Patch Tuesday2024 April Patch Tuesday
2024 April Patch Tuesday
 
Potential of AI (Generative AI) in Business: Learnings and Insights
Potential of AI (Generative AI) in Business: Learnings and InsightsPotential of AI (Generative AI) in Business: Learnings and Insights
Potential of AI (Generative AI) in Business: Learnings and Insights
 
Scale your database traffic with Read & Write split using MySQL Router
Scale your database traffic with Read & Write split using MySQL RouterScale your database traffic with Read & Write split using MySQL Router
Scale your database traffic with Read & Write split using MySQL Router
 
Genislab builds better products and faster go-to-market with Lean project man...
Genislab builds better products and faster go-to-market with Lean project man...Genislab builds better products and faster go-to-market with Lean project man...
Genislab builds better products and faster go-to-market with Lean project man...
 

Advanced Data Exfiltration The Way Q Would Have Done It

  • 1. Iftach Ian Amit | November 2011 Advanced Data Exfiltration The way Q would have done it Iftach Ian Amit VP Consulting DC9723 CSA-IL Board member IL-CERT Visionary All rights reserved to Security Art ltd. 2002-2011 www.security-art.com
  • 2. Iftach Ian Amit | November 2011 whoami All rights reserved to Security Art ltd. 2002-2011 2
  • 3. Iftach Ian Amit | November 2011 whoami All rights reserved to Security Art ltd. 2002-2011 2
  • 4. Iftach Ian Amit | November 2011 whoami All rights reserved to Security Art ltd. 2002-2011 2
  • 5. Iftach Ian Amit | November 2011 whoami All rights reserved to Security Art ltd. 2002-2011 2
  • 6. Iftach Ian Amit | November 2011 whoami All rights reserved to Security Art ltd. 2002-2011 2
  • 7. Iftach Ian Amit | November 2011 whoami All rights reserved to Security Art ltd. 2002-2011 2
  • 8. Iftach Ian Amit | November 2011 whoami All rights reserved to Security Art ltd. 2002-2011 2
  • 9. Iftach Ian Amit | November 2011 whoami All rights reserved to Security Art ltd. 2002-2011 2
  • 10. Iftach Ian Amit | November 2011 whoami All rights reserved to Security Art ltd. 2002-2011 2
  • 11. Iftach Ian Amit | November 2011 whoami All rights reserved to Security Art ltd. 2002-2011 2
  • 12. Iftach Ian Amit | November 2011 whoami All rights reserved to Security Art ltd. 2002-2011 2
  • 13. Iftach Ian Amit | November 2011 Agenda All rights reserved to Security Art ltd. 2002-2011 3
  • 14. Iftach Ian Amit | November 2011 Agenda All rights reserved to Security Art ltd. 2002-2011 3
  • 15. Iftach Ian Amit | November 2011 Agenda All rights reserved to Security Art ltd. 2002-2011 3
  • 16. Iftach Ian Amit | November 2011 Agenda All rights reserved to Security Art ltd. 2002-2011 3
  • 17. Iftach Ian Amit | November 2011 All rights reserved to Security Art ltd. 2002-2011 4
  • 18. Iftach Ian Amit | November 2011 All rights reserved to Security Art ltd. 2002-2011 5
  • 19. Iftach Ian Amit | November 2011 All rights reserved to Security Art ltd. 2002-2011 5
  • 20. Iftach Ian Amit | November 2011 All rights reserved to Security Art ltd. 2002-2011 5
  • 21. Iftach Ian Amit | November 2011 All rights reserved to Security Art ltd. 2002-2011 5
  • 22. Iftach Ian Amit | November 2011 All rights reserved to Security Art ltd. 2002-2011 5
  • 23. Iftach Ian Amit | November 2011 All rights reserved to Security Art ltd. 2002-2011 6
  • 24. Iftach Ian Amit | November 2011 All rights reserved to Security Art ltd. 2002-2011 6
  • 25. Iftach Ian Amit | November 2011 All rights reserved to Security Art ltd. 2002-2011 6
  • 26. Iftach Ian Amit | November 2011 All rights reserved to Security Art ltd. 2002-2011 6
  • 27. Iftach Ian Amit | November 2011 All rights reserved to Security Art ltd. 2002-2011 6
  • 28. Iftach Ian Amit | November 2011 All rights reserved to Security Art ltd. 2002-2011 6
  • 29. Iftach Ian Amit | November 2011 All rights reserved to Security Art ltd. 2002-2011 6
  • 30. Iftach Ian Amit | November 2011 All rights reserved to Security Art ltd. 2002-2011 7
  • 31. Iftach Ian Amit | November 2011 All rights reserved to Security Art ltd. 2002-2011 7
  • 32. Iftach Ian Amit | November 2011 All rights reserved to Security Art ltd. 2002-2011 7
  • 33. Iftach Ian Amit | November 2011 All rights reserved to Security Art ltd. 2002-2011 7
  • 34. Iftach Ian Amit | November 2011 All rights reserved to Security Art ltd. 2002-2011 7
  • 35. Iftach Ian Amit | November 2011 All rights reserved to Security Art ltd. 2002-2011 7
  • 36. Iftach Ian Amit | November 2011 All rights reserved to Security Art ltd. 2002-2011 8
  • 37. Iftach Ian Amit | November 2011 All rights reserved to Security Art ltd. 2002-2011 8
  • 38. Iftach Ian Amit | November 2011 All rights reserved to Security Art ltd. 2002-2011 8
  • 39. Iftach Ian Amit | November 2011 All rights reserved to Security Art ltd. 2002-2011 8
  • 40. Iftach Ian Amit | November 2011 All rights reserved to Security Art ltd. 2002-2011 9
  • 41. Iftach Ian Amit | November 2011 • eMails, web links, phishing... All rights reserved to Security Art ltd. 2002-2011 9
  • 42. Iftach Ian Amit | November 2011 • eMails, web links, phishing... • Works like a charm! All rights reserved to Security Art ltd. 2002-2011 9
  • 43. Iftach Ian Amit | November 2011 • eMails, web links, phishing... • Works like a charm! • And can be mostly automated All rights reserved to Security Art ltd. 2002-2011 9
  • 44. Iftach Ian Amit | November 2011 • eMails, web links, phishing... • Works like a charm! • And can be mostly automated • SET to the rescue All rights reserved to Security Art ltd. 2002-2011 9
  • 45. Iftach Ian Amit | November 2011 • eMails, web links, phishing... • Works like a charm! • And can be mostly automated • SET to the rescue All rights reserved to Security Art ltd. 2002-2011 9
  • 46. Iftach Ian Amit | November 2011 And... being nice/nasty/ obnoxious/needy always helps! All rights reserved to Security Art ltd. 2002-2011 10
  • 47. Iftach Ian Amit | November 2011 And... being nice/nasty/ obnoxious/needy always helps! All rights reserved to Security Art ltd. 2002-2011 10
  • 48. Iftach Ian Amit | November 2011 And... being nice/nasty/ obnoxious/needy always helps! All rights reserved to Security Art ltd. 2002-2011 10
  • 49. Iftach Ian Amit | November 2011 And... being nice/nasty/ obnoxious/needy always helps! All rights reserved to Security Art ltd. 2002-2011 10
  • 50. Iftach Ian Amit | November 2011 And... being nice/nasty/ obnoxious/needy always helps! All rights reserved to Security Art ltd. 2002-2011 10
  • 51. Iftach Ian Amit | November 2011 All rights reserved to Security Art ltd. 2002-2011 11
  • 52. Iftach Ian Amit | November 2011 All rights reserved to Security Art ltd. 2002-2011 11
  • 53. Iftach Ian Amit | November 2011 Internet 3rd party You! Target All rights reserved to Security Art ltd. 2002-2011 11
  • 54. Iftach Ian Amit | November 2011 Internet 3rd party You! Target All rights reserved to Security Art ltd. 2002-2011 11
  • 55. Iftach Ian Amit | November 2011 Internet 3rd party You! Target All rights reserved to Security Art ltd. 2002-2011 11
  • 56. Iftach Ian Amit | November 2011 Internet 3rd party You! Target All rights reserved to Security Art ltd. 2002-2011 11
  • 57. Iftach Ian Amit | November 2011 Internet 3rd party You! Target All rights reserved to Security Art ltd. 2002-2011 11
  • 58. Iftach Ian Amit | November 2011 Internet 3rd party You! Target All rights reserved to Security Art ltd. 2002-2011 11
  • 59. Iftach Ian Amit | November 2011 Internet 3rd party You! Target All rights reserved to Security Art ltd. 2002-2011 11
  • 60. Iftach Ian Amit | November 2011 All rights reserved to Security Art ltd. 2002-2011 12
  • 61. Iftach Ian Amit | November 2011 All rights reserved to Security Art ltd. 2002-2011 12
  • 62. Iftach Ian Amit | November 2011 All rights reserved to Security Art ltd. 2002-2011 12
  • 63. Iftach Ian Amit | November 2011 What is the target “willing” to tell about itself? All rights reserved to Security Art ltd. 2002-2011 13
  • 64. Iftach Ian Amit | November 2011 What is the target “willing” to tell about itself? All rights reserved to Security Art ltd. 2002-2011 13
  • 65. Iftach Ian Amit | November 2011 What is the target “willing” to tell about itself? All rights reserved to Security Art ltd. 2002-2011 13
  • 66. Iftach Ian Amit | November 2011 Who’s your daddy? And buddy, and friends, relatives, colleagues... All rights reserved to Security Art ltd. 2002-2011 14
  • 67. Iftach Ian Amit | November 2011 Who’s your daddy? And buddy, and friends, relatives, colleagues... All rights reserved to Security Art ltd. 2002-2011 14
  • 68. Iftach Ian Amit | November 2011 Who’s your daddy? And buddy, and friends, relatives, colleagues... All rights reserved to Security Art ltd. 2002-2011 14
  • 69. Iftach Ian Amit | November 2011 Who’s your daddy? And buddy, and friends, relatives, colleagues... All rights reserved to Security Art ltd. 2002-2011 14
  • 70. Iftach Ian Amit | November 2011 All rights reserved to Security Art ltd. 2002-2011 15
  • 71. Iftach Ian Amit | November 2011 All rights reserved to Security Art ltd. 2002-2011 15
  • 72. Iftach Ian Amit | November 2011 Select your target wisely And then craft your payload :-) All rights reserved to Security Art ltd. 2002-2011 16
  • 73. Iftach Ian Amit | November 2011 All rights reserved to Security Art ltd. 2002-2011 17
  • 74. Iftach Ian Amit | November 2011 All rights reserved to Security Art ltd. 2002-2011 17
  • 75. Iftach Ian Amit | November 2011 All rights reserved to Security Art ltd. 2002-2011 17
  • 76. Iftach Ian Amit | November 2011 All rights reserved to Security Art ltd. 2002-2011 17
  • 77. Iftach Ian Amit | November 2011 All rights reserved to Security Art ltd. 2002-2011 17
  • 78. Iftach Ian Amit | November 2011 • ZeuS: $3000-$5000 • SpyEye: $2500-$4000 • Limbo: $500-$1500 All rights reserved to Security Art ltd. 2002-2011 17
  • 79. Iftach Ian Amit | November 2011 • ZeuS: $3000-$5000 E! RE • SpyEye: $2500-$4000 F • Limbo: $500-$1500 All rights reserved to Security Art ltd. 2002-2011 17
  • 80. Iftach Ian Amit | November 2011 All rights reserved to Security Art ltd. 2002-2011 18
  • 81. Iftach Ian Amit | November 2011 All rights reserved to Security Art ltd. 2002-2011 18
  • 82. Iftach Ian Amit | November 2011 Experienced travelers know the importance of packing properly All rights reserved to Security Art ltd. 2002-2011 18
  • 83. Iftach Ian Amit | November 2011 Experienced travelers know the importance of packing properly All rights reserved to Security Art ltd. 2002-2011 18
  • 84. Iftach Ian Amit | November 2011 • File servers • Databases • File types • Gateways (routes) • Printers All rights reserved to Security Art ltd. 2002-2011 19
  • 85. Iftach Ian Amit | November 2011 Mass infection: APT: 5-6 days before 5-6 months before detection detection All rights reserved to Security Art ltd. 2002-2011 20
  • 86. Iftach Ian Amit | November 2011 Mass infection: APT: 5-6 days before 5-6 months before detection detection All rights reserved to Security Art ltd. 2002-2011 20
  • 87. Iftach Ian Amit | November 2011 Mass infection: APT: 5-6 days before 5-6 months before detection detection Frequent updates No* updates * Almost All rights reserved to Security Art ltd. 2002-2011 20
  • 88. Iftach Ian Amit | November 2011 PATIENCE Mass infection: APT: 5-6 days before 5-6 months before detection detection Frequent updates No* updates * Almost All rights reserved to Security Art ltd. 2002-2011 21
  • 89. Iftach Ian Amit | November 2011 All rights reserved to Security Art ltd. 2002-2011 22
  • 90. Iftach Ian Amit | November 2011 All rights reserved to Security Art ltd. 2002-2011 22
  • 91. Iftach Ian Amit | November 2011 All rights reserved to Security Art ltd. 2002-2011 22
  • 92. Iftach Ian Amit | November 2011 All rights reserved to Security Art ltd. 2002-2011 22
  • 93. Iftach Ian Amit | November 2011 All rights reserved to Security Art ltd. 2002-2011 22
  • 94. Iftach Ian Amit | November 2011 All rights reserved to Security Art ltd. 2002-2011 22
  • 95. Iftach Ian Amit | November 2011 All rights reserved to Security Art ltd. 2002-2011 22
  • 96. Iftach Ian Amit | November 2011 All rights reserved to Security Art ltd. 2002-2011 23
  • 97. Iftach Ian Amit | November 2011 All rights reserved to Security Art ltd. 2002-2011 23
  • 98. Iftach Ian Amit | November 2011 All rights reserved to Security Art ltd. 2002-2011 24
  • 99. Iftach Ian Amit | November 2011 All rights reserved to Security Art ltd. 2002-2011 24
  • 100. Iftach Ian Amit | November 2011 All rights reserved to Security Art ltd. 2002-2011 24
  • 101. Iftach Ian Amit | November 2011 -----BEGIN PGP MESSAGE----- So... Version: GnuPG/MacGPG2 v2.0.14 (Darwin) hQMOA1jQIm6UkL4eEAv/W3r/eYLUmqRNi/Jegt72lK6qdBiBfkg9PZ5YKql9CUZp FGnVk029K3gEVcrA4k7w2aOtP7tYKRF8v4yrZQ9GZ7eXzR7+Tbf1g+7dveH6U8Bf BHo8LRovj5OlGghrvpyKYRPIf/NAgzL2G8dyi/FVB0YB4J7/4x0YFEalQHaLiKyt /gkikyV92njPJ6tPm2sdKUqUHSb20r9AdowZ0VVRrWwdRgUhdNXajjwcbH1BjVuS Gilw8MnmQkmJAT+TAFkTqC9fjiwtnNMNANJbo2Z36RqsAcKbhVh1eMA7ev0pUakp Tm4xN64syk/1DEc0VHFbanAreTV3tCbUUIoPQDFGFpiu3oS6/089oUvRtBBbC5p6 leYKEnDllcGWAomRSiYBFWjTca/DIw43QIW/lmdBnwcWLuQmDCmwr3HuhEaOmqfO hdgaxM4GuVdJCDdwXzwpuaPElCd18weH2XNzudLdeRKN+wjl/4D6bIo+038BcLei SyhWrMFB7mKSmEzQufQUDACFamtMCn9YOo3mgo+YYk505qhIDLNwZXqyVUqOHvIG vu7gzuNwUdY5idLqsGEs0K0xVwYntTKUh61tNS/HDfNTVm4Y3p8M88JHhcg7npY5 gJuhWuHkgp2CTsQT+gRjthm3l3AlnIvAfuC5uWLMsjA4sCw2FRDOARxrN9El8maX /vCxN9aB3dK4S9MSGJ5HhaYpTfpc9CdFkFryzb2sFWfW85nSzNo7dVFCy0jmSr19 o4Jsfj0J0izS3MeGYYz5NSsfBz+6o/IYURL3OXrm4DuJNHY0DvVbYqSQRRx3o2S+ uZekwXwYsqpei/f/sYo875p5NeX3g62zgjy2Vly+n58WaZWoHb5Y0QCxNfpjdcAQ 3tuZQaUvlqrkQeSRxKXD7pxlHdwHDgfvw01RU8NsMkfsBoTZY27BjFvIg5S/pv9O 6IznXaJu9jRWDj6tvSypx8X2iiVgtSHYahlqEUH1RusAMCILkx0DydCvUud/qRbT YcnkVVgA8ojeDoVpp3AabRrSmgEAOwW6M0KvnSuMKniLIKe7kolqGjEuLAx7s5Kg mMHfNki5dYWvQzHv03ID9UG+uW6o54BnsajEVe2EcYTPT+8pg2bCxnMElK0ds9Is qvf2Kx4kqO0qMeJG1II2zfAFqmMiTMtgA2CZ0Y42hA/bQK/CCM8QVo9JcGn3Jf6N 0X1TVob7xDo/fkRROHv74dIh2Kxa0SH8iGdb4kI= =jN3t -----END PGP MESSAGE----- All rights reserved to Security Art ltd. 2002-2011 25
  • 102. Iftach Ian Amit | November 2011 Still “too detectable” All rights reserved to Security Art ltd. 2002-2011 26
  • 103. Iftach Ian Amit | November 2011 Still “too detectable” hQMOA1jQIm6UkL4eEAv/W3r/eYLUmqRNi/Jegt72lK6qdBiBfkg9PZ5YKql9CUZp FGnVk029K3gEVcrA4k7w2aOtP7tYKRF8v4yrZQ9GZ7eXzR7+Tbf1g+7dveH6U8Bf BHo8LRovj5OlGghrvpyKYRPIf/NAgzL2G8dyi/FVB0YB4J7/4x0YFEalQHaLiKyt /gkikyV92njPJ6tPm2sdKUqUHSb20r9AdowZ0VVRrWwdRgUhdNXajjwcbH1BjVuS Gilw8MnmQkmJAT+TAFkTqC9fjiwtnNMNANJbo2Z36RqsAcKbhVh1eMA7ev0pUakp Tm4xN64syk/1DEc0VHFbanAreTV3tCbUUIoPQDFGFpiu3oS6/089oUvRtBBbC5p6 leYKEnDllcGWAomRSiYBFWjTca/DIw43QIW/lmdBnwcWLuQmDCmwr3HuhEaOmqfO hdgaxM4GuVdJCDdwXzwpuaPElCd18weH2XNzudLdeRKN+wjl/4D6bIo+038BcLei SyhWrMFB7mKSmEzQufQUDACFamtMCn9YOo3mgo+YYk505qhIDLNwZXqyVUqOHvIG vu7gzuNwUdY5idLqsGEs0K0xVwYntTKUh61tNS/HDfNTVm4Y3p8M88JHhcg7npY5 gJuhWuHkgp2CTsQT+gRjthm3l3AlnIvAfuC5uWLMsjA4sCw2FRDOARxrN9El8maX /vCxN9aB3dK4S9MSGJ5HhaYpTfpc9CdFkFryzb2sFWfW85nSzNo7dVFCy0jmSr19 o4Jsfj0J0izS3MeGYYz5NSsfBz+6o/IYURL3OXrm4DuJNHY0DvVbYqSQRRx3o2S+ uZekwXwYsqpei/f/sYo875p5NeX3g62zgjy2Vly+n58WaZWoHb5Y0QCxNfpjdcAQ 3tuZQaUvlqrkQeSRxKXD7pxlHdwHDgfvw01RU8NsMkfsBoTZY27BjFvIg5S/pv9O 6IznXaJu9jRWDj6tvSypx8X2iiVgtSHYahlqEUH1RusAMCILkx0DydCvUud/qRbT YcnkVVgA8ojeDoVpp3AabRrSmgEAOwW6M0KvnSuMKniLIKe7kolqGjEuLAx7s5Kg mMHfNki5dYWvQzHv03ID9UG+uW6o54BnsajEVe2EcYTPT+8pg2bCxnMElK0ds9Is qvf2Kx4kqO0qMeJG1II2zfAFqmMiTMtgA2CZ0Y42hA/bQK/CCM8QVo9JcGn3Jf6N 0X1TVob7xDo/fkRROHv74dIh2Kxa0SH8iGdb4kI= =jN3t All rights reserved to Security Art ltd. 2002-2011 26
  • 104. Iftach Ian Amit | November 2011 Much better • Throws in some additional encodings • And an XOR for old time’s sake • And we are good to go... • 0% detection rate All rights reserved to Security Art ltd. 2002-2011 27
  • 105. Iftach Ian Amit | November 2011 Resistance is futile All rights reserved to Security Art ltd. 2002-2011 28
  • 106. Iftach Ian Amit | November 2011 All rights reserved to Security Art ltd. 2002-2011 29
  • 107. Iftach Ian Amit | November 2011 80 53 443 All rights reserved to Security Art ltd. 2002-2011 29
  • 108. Iftach Ian Amit | November 2011 80 53 443 All rights reserved to Security Art ltd. 2002-2011 29
  • 109. Iftach Ian Amit | November 2011 Kill some trees All rights reserved to Security Art ltd. 2002-2011 30
  • 110. Iftach Ian Amit | November 2011 All rights reserved to Security Art ltd. 2002-2011 31
  • 111. Iftach Ian Amit | November 2011 All rights reserved to Security Art ltd. 2002-2011 31
  • 112. Iftach Ian Amit | November 2011 Good ol’e DD... All rights reserved to Security Art ltd. 2002-2011 32
  • 113. Iftach Ian Amit | November 2011 All rights reserved to Security Art ltd. 2002-2011 33
  • 114. Iftach Ian Amit | November 2011 All rights reserved to Security Art ltd. 2002-2011 33
  • 115. Iftach Ian Amit | November 2011 1/2 byte = 16 values 1 0 1 0 All rights reserved to Security Art ltd. 2002-2011 33
  • 116. Iftach Ian Amit | November 2011 1/2 byte = 16 values 1 0 1 0 All rights reserved to Security Art ltd. 2002-2011 33
  • 117. Iftach Ian Amit | November 2011 1/2 byte = 16 values 1 0 1 0 All rights reserved to Security Art ltd. 2002-2011 33
  • 118. Iftach Ian Amit | November 2011 All rights reserved to Security Art ltd. 2002-2011 34
  • 119. Iftach Ian Amit | November 2011 All rights reserved to Security Art ltd. 2002-2011 34
  • 120. Iftach Ian Amit | November 2011 All rights reserved to Security Art ltd. 2002-2011 34
  • 121. Iftach Ian Amit | November 2011 All rights reserved to Security Art ltd. 2002-2011 34
  • 122. Iftach Ian Amit | November 2011 All rights reserved to Security Art ltd. 2002-2011 34
  • 123. Iftach Ian Amit | November 2011 All rights reserved to Security Art ltd. 2002-2011 34
  • 124. Iftach Ian Amit | November 2011 All rights reserved to Security Art ltd. 2002-2011 34
  • 125. Iftach Ian Amit | November 2011 All rights reserved to Security Art ltd. 2002-2011 34
  • 126. Iftach Ian Amit | November 2011 All rights reserved to Security Art ltd. 2002-2011 35
  • 127. Iftach Ian Amit | November 2011 All rights reserved to Security Art ltd. 2002-2011 35
  • 128. Iftach Ian Amit | November 2011 1 0 1 0 All rights reserved to Security Art ltd. 2002-2011 35
  • 129. Iftach Ian Amit | November 2011 DEMO All rights reserved to Security Art ltd. 2002-2011 36
  • 130. Iftach Ian Amit | November 2011 DEMO All rights reserved to Security Art ltd. 2002-2011 36
  • 131. Iftach Ian Amit | November 2011 DEMO All rights reserved to Security Art ltd. 2002-2011 36
  • 132. Iftach Ian Amit | November 2011 DEMO All rights reserved to Security Art ltd. 2002-2011 36
  • 133. Iftach Ian Amit | November 2011 DEMO All rights reserved to Security Art ltd. 2002-2011 36
  • 134. Iftach Ian Amit | November 2011 DEMO All rights reserved to Security Art ltd. 2002-2011 36
  • 135. Iftach Ian Amit | November 2011 All rights reserved to Security Art ltd. 2002-2011 37
  • 136. Iftach Ian Amit | November 2011 Killing paper isn’t nice • Fax it! • Most corporations have email-to-fax services • heard of the address 555-7963@fax.corp.com ? • Just send any document (text, doc, pdf) to it and off you go with the data... All rights reserved to Security Art ltd. 2002-2011 38
  • 137. Iftach Ian Amit | November 2011 Conclusions All rights reserved to Security Art ltd. 2002-2011 39
  • 138. Iftach Ian Amit | November 2011 Conclusions All rights reserved to Security Art ltd. 2002-2011 39
  • 139. Iftach Ian Amit | November 2011 Conclusions All rights reserved to Security Art ltd. 2002-2011 39
  • 140. Iftach Ian Amit | November 2011 Conclusions All rights reserved to Security Art ltd. 2002-2011 39
  • 141. Iftach Ian Amit | November 2011 • Start with the human factor • Then add technology All rights reserved to Security Art ltd. 2002-2011 40
  • 142. Iftach Ian Amit | November 2011 • Start with the human factor • Then add technology All rights reserved to Security Art ltd. 2002-2011 40
  • 143. Iftach Ian Amit | November 2011 • Where people leave data • Hint - spend time with developers. • “Hack” the business process • Test, test again, and then test. Follow with a surprise test! All rights reserved to Security Art ltd. 2002-2011 41
  • 144. Iftach Ian Amit | November 2011 • Where people leave data • Hint - spend time with developers. • “Hack” the business process • Test, test again, and then test. Follow with a surprise test! All rights reserved to Security Art ltd. 2002-2011 41
  • 145. Iftach Ian Amit | November 2011 “be true to yourself, not to what you believe things should look like” Old chinese proverb All rights reserved to Security Art ltd. 2002-2011 42
  • 146. Iftach Ian Amit | November 2011 “be true to yourself, not to what you believe things should look like” Old chinese proverb All rights reserved to Security Art ltd. 2002-2011 42
  • 147. Iftach Ian Amit | November 2011 They are YOUR assets after all No reason to be shy about it... And remember to add honey... All rights reserved to Security Art ltd. 2002-2011 43
  • 148. Iftach Ian Amit | November 2011 All rights reserved to Security Art ltd. 2002-2011 44
  • 149. Iftach Ian Amit | November 2011 All rights reserved to Security Art ltd. 2002-2011 44
  • 150. Iftach Ian Amit | November 2011 All rights reserved to Security Art ltd. 2002-2011 44
  • 151. Iftach Ian Amit | November 2011 TEST SOME MORE For hints/guides see: www.pentest-standard.org All rights reserved to Security Art ltd. 2002-2011 45
  • 152. Iftach Ian Amit | November 2011 Questions? Thank you! Whitepapers: www.security-art.com Data modulation Exfil POC: Too shy to ask now? http://code.google.com/p/ iamit@security-art.com data-sound-poc/ Need your daily chatter? twitter.com/iiamit All rights reserved to Security Art ltd. 2002-2011 46