advanced data exfiltration - the way q would have done it
DESCRIPTION
An updated version of my data exfiltration talk. Much more "visual" in nature.Used it at Hashdays, Govcert.NL, SourceBCN, and SecurityZone.TRANSCRIPT
![Page 1: Advanced Data Exfiltration - the way Q would have done it](https://reader034.vdocuments.us/reader034/viewer/2022042813/54b6b6164a7959864a8b45e1/html5/thumbnails/1.jpg)
I f tach Ian Amit | November 2011
www.security-art.comAll rights reserved to Security Art ltd. 2002-2011
Advanced Data ExfiltrationThe way Q would have done it
Iftach Ian AmitVP Consulting
DC9723CSA-IL Board memberIL-CERT Visionary
Wednesday, December 7, 11
![Page 2: Advanced Data Exfiltration - the way Q would have done it](https://reader034.vdocuments.us/reader034/viewer/2022042813/54b6b6164a7959864a8b45e1/html5/thumbnails/2.jpg)
All rights reserved to Security Art ltd. 2002-2011
I f tach Ian Amit | November 2011
whoami
2
Wednesday, December 7, 11
![Page 3: Advanced Data Exfiltration - the way Q would have done it](https://reader034.vdocuments.us/reader034/viewer/2022042813/54b6b6164a7959864a8b45e1/html5/thumbnails/3.jpg)
All rights reserved to Security Art ltd. 2002-2011
I f tach Ian Amit | November 2011
whoami
2
Wednesday, December 7, 11
![Page 4: Advanced Data Exfiltration - the way Q would have done it](https://reader034.vdocuments.us/reader034/viewer/2022042813/54b6b6164a7959864a8b45e1/html5/thumbnails/4.jpg)
All rights reserved to Security Art ltd. 2002-2011
I f tach Ian Amit | November 2011
whoami
2
Wednesday, December 7, 11
![Page 5: Advanced Data Exfiltration - the way Q would have done it](https://reader034.vdocuments.us/reader034/viewer/2022042813/54b6b6164a7959864a8b45e1/html5/thumbnails/5.jpg)
All rights reserved to Security Art ltd. 2002-2011
I f tach Ian Amit | November 2011
whoami
2
Wednesday, December 7, 11
![Page 6: Advanced Data Exfiltration - the way Q would have done it](https://reader034.vdocuments.us/reader034/viewer/2022042813/54b6b6164a7959864a8b45e1/html5/thumbnails/6.jpg)
All rights reserved to Security Art ltd. 2002-2011
I f tach Ian Amit | November 2011
whoami
2
Wednesday, December 7, 11
![Page 7: Advanced Data Exfiltration - the way Q would have done it](https://reader034.vdocuments.us/reader034/viewer/2022042813/54b6b6164a7959864a8b45e1/html5/thumbnails/7.jpg)
All rights reserved to Security Art ltd. 2002-2011
I f tach Ian Amit | November 2011
whoami
2
Wednesday, December 7, 11
![Page 8: Advanced Data Exfiltration - the way Q would have done it](https://reader034.vdocuments.us/reader034/viewer/2022042813/54b6b6164a7959864a8b45e1/html5/thumbnails/8.jpg)
All rights reserved to Security Art ltd. 2002-2011
I f tach Ian Amit | November 2011
whoami
2
Wednesday, December 7, 11
![Page 9: Advanced Data Exfiltration - the way Q would have done it](https://reader034.vdocuments.us/reader034/viewer/2022042813/54b6b6164a7959864a8b45e1/html5/thumbnails/9.jpg)
All rights reserved to Security Art ltd. 2002-2011
I f tach Ian Amit | November 2011
whoami
2
Wednesday, December 7, 11
![Page 10: Advanced Data Exfiltration - the way Q would have done it](https://reader034.vdocuments.us/reader034/viewer/2022042813/54b6b6164a7959864a8b45e1/html5/thumbnails/10.jpg)
All rights reserved to Security Art ltd. 2002-2011
I f tach Ian Amit | November 2011
whoami
2
Wednesday, December 7, 11
![Page 11: Advanced Data Exfiltration - the way Q would have done it](https://reader034.vdocuments.us/reader034/viewer/2022042813/54b6b6164a7959864a8b45e1/html5/thumbnails/11.jpg)
All rights reserved to Security Art ltd. 2002-2011
I f tach Ian Amit | November 2011
whoami
2
Wednesday, December 7, 11
![Page 12: Advanced Data Exfiltration - the way Q would have done it](https://reader034.vdocuments.us/reader034/viewer/2022042813/54b6b6164a7959864a8b45e1/html5/thumbnails/12.jpg)
All rights reserved to Security Art ltd. 2002-2011
I f tach Ian Amit | November 2011
whoami
2
Wednesday, December 7, 11
![Page 13: Advanced Data Exfiltration - the way Q would have done it](https://reader034.vdocuments.us/reader034/viewer/2022042813/54b6b6164a7959864a8b45e1/html5/thumbnails/13.jpg)
All rights reserved to Security Art ltd. 2002-2011
I f tach Ian Amit | November 2011
Agenda
3
Wednesday, December 7, 11
![Page 14: Advanced Data Exfiltration - the way Q would have done it](https://reader034.vdocuments.us/reader034/viewer/2022042813/54b6b6164a7959864a8b45e1/html5/thumbnails/14.jpg)
All rights reserved to Security Art ltd. 2002-2011
I f tach Ian Amit | November 2011
Agenda
3
Wednesday, December 7, 11
![Page 15: Advanced Data Exfiltration - the way Q would have done it](https://reader034.vdocuments.us/reader034/viewer/2022042813/54b6b6164a7959864a8b45e1/html5/thumbnails/15.jpg)
All rights reserved to Security Art ltd. 2002-2011
I f tach Ian Amit | November 2011
Agenda
3
Wednesday, December 7, 11
![Page 16: Advanced Data Exfiltration - the way Q would have done it](https://reader034.vdocuments.us/reader034/viewer/2022042813/54b6b6164a7959864a8b45e1/html5/thumbnails/16.jpg)
All rights reserved to Security Art ltd. 2002-2011
I f tach Ian Amit | November 2011
Agenda
3
Wednesday, December 7, 11
![Page 17: Advanced Data Exfiltration - the way Q would have done it](https://reader034.vdocuments.us/reader034/viewer/2022042813/54b6b6164a7959864a8b45e1/html5/thumbnails/17.jpg)
All rights reserved to Security Art ltd. 2002-2011
I f tach Ian Amit | November 2011
4
Wednesday, December 7, 11
![Page 18: Advanced Data Exfiltration - the way Q would have done it](https://reader034.vdocuments.us/reader034/viewer/2022042813/54b6b6164a7959864a8b45e1/html5/thumbnails/18.jpg)
All rights reserved to Security Art ltd. 2002-2011
I f tach Ian Amit | November 2011
5
Wednesday, December 7, 11
![Page 19: Advanced Data Exfiltration - the way Q would have done it](https://reader034.vdocuments.us/reader034/viewer/2022042813/54b6b6164a7959864a8b45e1/html5/thumbnails/19.jpg)
All rights reserved to Security Art ltd. 2002-2011
I f tach Ian Amit | November 2011
5
Wednesday, December 7, 11
![Page 20: Advanced Data Exfiltration - the way Q would have done it](https://reader034.vdocuments.us/reader034/viewer/2022042813/54b6b6164a7959864a8b45e1/html5/thumbnails/20.jpg)
All rights reserved to Security Art ltd. 2002-2011
I f tach Ian Amit | November 2011
5
Wednesday, December 7, 11
![Page 21: Advanced Data Exfiltration - the way Q would have done it](https://reader034.vdocuments.us/reader034/viewer/2022042813/54b6b6164a7959864a8b45e1/html5/thumbnails/21.jpg)
All rights reserved to Security Art ltd. 2002-2011
I f tach Ian Amit | November 2011
5
Wednesday, December 7, 11
![Page 22: Advanced Data Exfiltration - the way Q would have done it](https://reader034.vdocuments.us/reader034/viewer/2022042813/54b6b6164a7959864a8b45e1/html5/thumbnails/22.jpg)
All rights reserved to Security Art ltd. 2002-2011
I f tach Ian Amit | November 2011
5
Wednesday, December 7, 11
![Page 23: Advanced Data Exfiltration - the way Q would have done it](https://reader034.vdocuments.us/reader034/viewer/2022042813/54b6b6164a7959864a8b45e1/html5/thumbnails/23.jpg)
All rights reserved to Security Art ltd. 2002-2011
I f tach Ian Amit | November 2011
6
Wednesday, December 7, 11
![Page 24: Advanced Data Exfiltration - the way Q would have done it](https://reader034.vdocuments.us/reader034/viewer/2022042813/54b6b6164a7959864a8b45e1/html5/thumbnails/24.jpg)
All rights reserved to Security Art ltd. 2002-2011
I f tach Ian Amit | November 2011
6
Wednesday, December 7, 11
![Page 25: Advanced Data Exfiltration - the way Q would have done it](https://reader034.vdocuments.us/reader034/viewer/2022042813/54b6b6164a7959864a8b45e1/html5/thumbnails/25.jpg)
All rights reserved to Security Art ltd. 2002-2011
I f tach Ian Amit | November 2011
6
Wednesday, December 7, 11
![Page 26: Advanced Data Exfiltration - the way Q would have done it](https://reader034.vdocuments.us/reader034/viewer/2022042813/54b6b6164a7959864a8b45e1/html5/thumbnails/26.jpg)
All rights reserved to Security Art ltd. 2002-2011
I f tach Ian Amit | November 2011
6
Wednesday, December 7, 11
![Page 27: Advanced Data Exfiltration - the way Q would have done it](https://reader034.vdocuments.us/reader034/viewer/2022042813/54b6b6164a7959864a8b45e1/html5/thumbnails/27.jpg)
All rights reserved to Security Art ltd. 2002-2011
I f tach Ian Amit | November 2011
6
Wednesday, December 7, 11
![Page 28: Advanced Data Exfiltration - the way Q would have done it](https://reader034.vdocuments.us/reader034/viewer/2022042813/54b6b6164a7959864a8b45e1/html5/thumbnails/28.jpg)
All rights reserved to Security Art ltd. 2002-2011
I f tach Ian Amit | November 2011
6
Wednesday, December 7, 11
![Page 29: Advanced Data Exfiltration - the way Q would have done it](https://reader034.vdocuments.us/reader034/viewer/2022042813/54b6b6164a7959864a8b45e1/html5/thumbnails/29.jpg)
All rights reserved to Security Art ltd. 2002-2011
I f tach Ian Amit | November 2011
6
Wednesday, December 7, 11
![Page 30: Advanced Data Exfiltration - the way Q would have done it](https://reader034.vdocuments.us/reader034/viewer/2022042813/54b6b6164a7959864a8b45e1/html5/thumbnails/30.jpg)
All rights reserved to Security Art ltd. 2002-2011
I f tach Ian Amit | November 2011
7
Wednesday, December 7, 11
![Page 31: Advanced Data Exfiltration - the way Q would have done it](https://reader034.vdocuments.us/reader034/viewer/2022042813/54b6b6164a7959864a8b45e1/html5/thumbnails/31.jpg)
All rights reserved to Security Art ltd. 2002-2011
I f tach Ian Amit | November 2011
7
Wednesday, December 7, 11
![Page 32: Advanced Data Exfiltration - the way Q would have done it](https://reader034.vdocuments.us/reader034/viewer/2022042813/54b6b6164a7959864a8b45e1/html5/thumbnails/32.jpg)
All rights reserved to Security Art ltd. 2002-2011
I f tach Ian Amit | November 2011
7
Wednesday, December 7, 11
![Page 33: Advanced Data Exfiltration - the way Q would have done it](https://reader034.vdocuments.us/reader034/viewer/2022042813/54b6b6164a7959864a8b45e1/html5/thumbnails/33.jpg)
All rights reserved to Security Art ltd. 2002-2011
I f tach Ian Amit | November 2011
7
Wednesday, December 7, 11
![Page 34: Advanced Data Exfiltration - the way Q would have done it](https://reader034.vdocuments.us/reader034/viewer/2022042813/54b6b6164a7959864a8b45e1/html5/thumbnails/34.jpg)
All rights reserved to Security Art ltd. 2002-2011
I f tach Ian Amit | November 2011
7
Wednesday, December 7, 11
![Page 35: Advanced Data Exfiltration - the way Q would have done it](https://reader034.vdocuments.us/reader034/viewer/2022042813/54b6b6164a7959864a8b45e1/html5/thumbnails/35.jpg)
All rights reserved to Security Art ltd. 2002-2011
I f tach Ian Amit | November 2011
7
Wednesday, December 7, 11
![Page 36: Advanced Data Exfiltration - the way Q would have done it](https://reader034.vdocuments.us/reader034/viewer/2022042813/54b6b6164a7959864a8b45e1/html5/thumbnails/36.jpg)
I f tach Ian Amit | November 2011
All rights reserved to Security Art ltd. 2002-2011 8
Wednesday, December 7, 11
![Page 37: Advanced Data Exfiltration - the way Q would have done it](https://reader034.vdocuments.us/reader034/viewer/2022042813/54b6b6164a7959864a8b45e1/html5/thumbnails/37.jpg)
I f tach Ian Amit | November 2011
All rights reserved to Security Art ltd. 2002-2011 8
Wednesday, December 7, 11
![Page 38: Advanced Data Exfiltration - the way Q would have done it](https://reader034.vdocuments.us/reader034/viewer/2022042813/54b6b6164a7959864a8b45e1/html5/thumbnails/38.jpg)
I f tach Ian Amit | November 2011
All rights reserved to Security Art ltd. 2002-2011 8
Wednesday, December 7, 11
![Page 39: Advanced Data Exfiltration - the way Q would have done it](https://reader034.vdocuments.us/reader034/viewer/2022042813/54b6b6164a7959864a8b45e1/html5/thumbnails/39.jpg)
I f tach Ian Amit | November 2011
All rights reserved to Security Art ltd. 2002-2011 8
Wednesday, December 7, 11
![Page 40: Advanced Data Exfiltration - the way Q would have done it](https://reader034.vdocuments.us/reader034/viewer/2022042813/54b6b6164a7959864a8b45e1/html5/thumbnails/40.jpg)
All rights reserved to Security Art ltd. 2002-2011
I f tach Ian Amit | November 2011
9
Wednesday, December 7, 11
![Page 41: Advanced Data Exfiltration - the way Q would have done it](https://reader034.vdocuments.us/reader034/viewer/2022042813/54b6b6164a7959864a8b45e1/html5/thumbnails/41.jpg)
All rights reserved to Security Art ltd. 2002-2011
I f tach Ian Amit | November 2011
9
• eMails, web links, phishing...
Wednesday, December 7, 11
![Page 42: Advanced Data Exfiltration - the way Q would have done it](https://reader034.vdocuments.us/reader034/viewer/2022042813/54b6b6164a7959864a8b45e1/html5/thumbnails/42.jpg)
All rights reserved to Security Art ltd. 2002-2011
I f tach Ian Amit | November 2011
9
• eMails, web links, phishing...
• Works like a charm!
Wednesday, December 7, 11
![Page 43: Advanced Data Exfiltration - the way Q would have done it](https://reader034.vdocuments.us/reader034/viewer/2022042813/54b6b6164a7959864a8b45e1/html5/thumbnails/43.jpg)
All rights reserved to Security Art ltd. 2002-2011
I f tach Ian Amit | November 2011
9
• eMails, web links, phishing...
• Works like a charm!
• And can be mostly automated
Wednesday, December 7, 11
![Page 44: Advanced Data Exfiltration - the way Q would have done it](https://reader034.vdocuments.us/reader034/viewer/2022042813/54b6b6164a7959864a8b45e1/html5/thumbnails/44.jpg)
All rights reserved to Security Art ltd. 2002-2011
I f tach Ian Amit | November 2011
9
• eMails, web links, phishing...
• Works like a charm!
• And can be mostly automated
• SET to the rescue
Wednesday, December 7, 11
![Page 45: Advanced Data Exfiltration - the way Q would have done it](https://reader034.vdocuments.us/reader034/viewer/2022042813/54b6b6164a7959864a8b45e1/html5/thumbnails/45.jpg)
All rights reserved to Security Art ltd. 2002-2011
I f tach Ian Amit | November 2011
9
• eMails, web links, phishing...
• Works like a charm!
• And can be mostly automated
• SET to the rescue
Wednesday, December 7, 11
![Page 46: Advanced Data Exfiltration - the way Q would have done it](https://reader034.vdocuments.us/reader034/viewer/2022042813/54b6b6164a7959864a8b45e1/html5/thumbnails/46.jpg)
All rights reserved to Security Art ltd. 2002-2011
I f tach Ian Amit | November 2011
10
And... being nice/nasty/obnoxious/needy always helps!
Wednesday, December 7, 11
![Page 47: Advanced Data Exfiltration - the way Q would have done it](https://reader034.vdocuments.us/reader034/viewer/2022042813/54b6b6164a7959864a8b45e1/html5/thumbnails/47.jpg)
All rights reserved to Security Art ltd. 2002-2011
I f tach Ian Amit | November 2011
10
And... being nice/nasty/obnoxious/needy always helps!
Wednesday, December 7, 11
![Page 48: Advanced Data Exfiltration - the way Q would have done it](https://reader034.vdocuments.us/reader034/viewer/2022042813/54b6b6164a7959864a8b45e1/html5/thumbnails/48.jpg)
All rights reserved to Security Art ltd. 2002-2011
I f tach Ian Amit | November 2011
10
And... being nice/nasty/obnoxious/needy always helps!
Wednesday, December 7, 11
![Page 49: Advanced Data Exfiltration - the way Q would have done it](https://reader034.vdocuments.us/reader034/viewer/2022042813/54b6b6164a7959864a8b45e1/html5/thumbnails/49.jpg)
All rights reserved to Security Art ltd. 2002-2011
I f tach Ian Amit | November 2011
10
And... being nice/nasty/obnoxious/needy always helps!
Wednesday, December 7, 11
![Page 50: Advanced Data Exfiltration - the way Q would have done it](https://reader034.vdocuments.us/reader034/viewer/2022042813/54b6b6164a7959864a8b45e1/html5/thumbnails/50.jpg)
All rights reserved to Security Art ltd. 2002-2011
I f tach Ian Amit | November 2011
10
And... being nice/nasty/obnoxious/needy always helps!
Wednesday, December 7, 11
![Page 51: Advanced Data Exfiltration - the way Q would have done it](https://reader034.vdocuments.us/reader034/viewer/2022042813/54b6b6164a7959864a8b45e1/html5/thumbnails/51.jpg)
All rights reserved to Security Art ltd. 2002-2011
I f tach Ian Amit | November 2011
11
Wednesday, December 7, 11
![Page 52: Advanced Data Exfiltration - the way Q would have done it](https://reader034.vdocuments.us/reader034/viewer/2022042813/54b6b6164a7959864a8b45e1/html5/thumbnails/52.jpg)
All rights reserved to Security Art ltd. 2002-2011
I f tach Ian Amit | November 2011
11
Wednesday, December 7, 11
![Page 53: Advanced Data Exfiltration - the way Q would have done it](https://reader034.vdocuments.us/reader034/viewer/2022042813/54b6b6164a7959864a8b45e1/html5/thumbnails/53.jpg)
All rights reserved to Security Art ltd. 2002-2011
I f tach Ian Amit | November 2011
Internet
11
3rd partyYou!
Target
Wednesday, December 7, 11
![Page 54: Advanced Data Exfiltration - the way Q would have done it](https://reader034.vdocuments.us/reader034/viewer/2022042813/54b6b6164a7959864a8b45e1/html5/thumbnails/54.jpg)
All rights reserved to Security Art ltd. 2002-2011
I f tach Ian Amit | November 2011
Internet
11
3rd partyYou!
Target
Wednesday, December 7, 11
![Page 55: Advanced Data Exfiltration - the way Q would have done it](https://reader034.vdocuments.us/reader034/viewer/2022042813/54b6b6164a7959864a8b45e1/html5/thumbnails/55.jpg)
All rights reserved to Security Art ltd. 2002-2011
I f tach Ian Amit | November 2011
Internet
11
3rd partyYou!
Target
Wednesday, December 7, 11
![Page 56: Advanced Data Exfiltration - the way Q would have done it](https://reader034.vdocuments.us/reader034/viewer/2022042813/54b6b6164a7959864a8b45e1/html5/thumbnails/56.jpg)
All rights reserved to Security Art ltd. 2002-2011
I f tach Ian Amit | November 2011
Internet
11
3rd partyYou!
Target
Wednesday, December 7, 11
![Page 57: Advanced Data Exfiltration - the way Q would have done it](https://reader034.vdocuments.us/reader034/viewer/2022042813/54b6b6164a7959864a8b45e1/html5/thumbnails/57.jpg)
All rights reserved to Security Art ltd. 2002-2011
I f tach Ian Amit | November 2011
Internet
11
3rd partyYou!
Target
Wednesday, December 7, 11
![Page 58: Advanced Data Exfiltration - the way Q would have done it](https://reader034.vdocuments.us/reader034/viewer/2022042813/54b6b6164a7959864a8b45e1/html5/thumbnails/58.jpg)
All rights reserved to Security Art ltd. 2002-2011
I f tach Ian Amit | November 2011
Internet
11
3rd partyYou!
Target
Wednesday, December 7, 11
![Page 59: Advanced Data Exfiltration - the way Q would have done it](https://reader034.vdocuments.us/reader034/viewer/2022042813/54b6b6164a7959864a8b45e1/html5/thumbnails/59.jpg)
All rights reserved to Security Art ltd. 2002-2011
I f tach Ian Amit | November 2011
Internet
11
3rd partyYou!
Target
Wednesday, December 7, 11
![Page 60: Advanced Data Exfiltration - the way Q would have done it](https://reader034.vdocuments.us/reader034/viewer/2022042813/54b6b6164a7959864a8b45e1/html5/thumbnails/60.jpg)
All rights reserved to Security Art ltd. 2002-2011
I f tach Ian Amit | November 2011
12
Wednesday, December 7, 11
![Page 61: Advanced Data Exfiltration - the way Q would have done it](https://reader034.vdocuments.us/reader034/viewer/2022042813/54b6b6164a7959864a8b45e1/html5/thumbnails/61.jpg)
All rights reserved to Security Art ltd. 2002-2011
I f tach Ian Amit | November 2011
12
Wednesday, December 7, 11
![Page 62: Advanced Data Exfiltration - the way Q would have done it](https://reader034.vdocuments.us/reader034/viewer/2022042813/54b6b6164a7959864a8b45e1/html5/thumbnails/62.jpg)
All rights reserved to Security Art ltd. 2002-2011
I f tach Ian Amit | November 2011
12
Wednesday, December 7, 11
![Page 63: Advanced Data Exfiltration - the way Q would have done it](https://reader034.vdocuments.us/reader034/viewer/2022042813/54b6b6164a7959864a8b45e1/html5/thumbnails/63.jpg)
All rights reserved to Security Art ltd. 2002-2011
I f tach Ian Amit | November 2011
What is the target “willing” to tell about itself?
13
Wednesday, December 7, 11
![Page 64: Advanced Data Exfiltration - the way Q would have done it](https://reader034.vdocuments.us/reader034/viewer/2022042813/54b6b6164a7959864a8b45e1/html5/thumbnails/64.jpg)
All rights reserved to Security Art ltd. 2002-2011
I f tach Ian Amit | November 2011
What is the target “willing” to tell about itself?
13
Wednesday, December 7, 11
![Page 65: Advanced Data Exfiltration - the way Q would have done it](https://reader034.vdocuments.us/reader034/viewer/2022042813/54b6b6164a7959864a8b45e1/html5/thumbnails/65.jpg)
All rights reserved to Security Art ltd. 2002-2011
I f tach Ian Amit | November 2011
What is the target “willing” to tell about itself?
13
Wednesday, December 7, 11
![Page 66: Advanced Data Exfiltration - the way Q would have done it](https://reader034.vdocuments.us/reader034/viewer/2022042813/54b6b6164a7959864a8b45e1/html5/thumbnails/66.jpg)
All rights reserved to Security Art ltd. 2002-2011
I f tach Ian Amit | November 2011
Who’s your daddy?And buddy, and friends, relatives, colleagues...
14
Wednesday, December 7, 11
![Page 67: Advanced Data Exfiltration - the way Q would have done it](https://reader034.vdocuments.us/reader034/viewer/2022042813/54b6b6164a7959864a8b45e1/html5/thumbnails/67.jpg)
All rights reserved to Security Art ltd. 2002-2011
I f tach Ian Amit | November 2011
Who’s your daddy?And buddy, and friends, relatives, colleagues...
14
Wednesday, December 7, 11
![Page 68: Advanced Data Exfiltration - the way Q would have done it](https://reader034.vdocuments.us/reader034/viewer/2022042813/54b6b6164a7959864a8b45e1/html5/thumbnails/68.jpg)
All rights reserved to Security Art ltd. 2002-2011
I f tach Ian Amit | November 2011
Who’s your daddy?And buddy, and friends, relatives, colleagues...
14
Wednesday, December 7, 11
![Page 69: Advanced Data Exfiltration - the way Q would have done it](https://reader034.vdocuments.us/reader034/viewer/2022042813/54b6b6164a7959864a8b45e1/html5/thumbnails/69.jpg)
All rights reserved to Security Art ltd. 2002-2011
I f tach Ian Amit | November 2011
Who’s your daddy?And buddy, and friends, relatives, colleagues...
14
Wednesday, December 7, 11
![Page 70: Advanced Data Exfiltration - the way Q would have done it](https://reader034.vdocuments.us/reader034/viewer/2022042813/54b6b6164a7959864a8b45e1/html5/thumbnails/70.jpg)
I f tach Ian Amit | November 2011
All rights reserved to Security Art ltd. 2002-2011 15
Wednesday, December 7, 11
![Page 71: Advanced Data Exfiltration - the way Q would have done it](https://reader034.vdocuments.us/reader034/viewer/2022042813/54b6b6164a7959864a8b45e1/html5/thumbnails/71.jpg)
I f tach Ian Amit | November 2011
All rights reserved to Security Art ltd. 2002-2011 15
Wednesday, December 7, 11
![Page 72: Advanced Data Exfiltration - the way Q would have done it](https://reader034.vdocuments.us/reader034/viewer/2022042813/54b6b6164a7959864a8b45e1/html5/thumbnails/72.jpg)
All rights reserved to Security Art ltd. 2002-2011
I f tach Ian Amit | November 2011
Select your target wisely
And then craft your payload :-)
16
Wednesday, December 7, 11
![Page 73: Advanced Data Exfiltration - the way Q would have done it](https://reader034.vdocuments.us/reader034/viewer/2022042813/54b6b6164a7959864a8b45e1/html5/thumbnails/73.jpg)
All rights reserved to Security Art ltd. 2002-2011
I f tach Ian Amit | November 2011
17
Wednesday, December 7, 11
![Page 74: Advanced Data Exfiltration - the way Q would have done it](https://reader034.vdocuments.us/reader034/viewer/2022042813/54b6b6164a7959864a8b45e1/html5/thumbnails/74.jpg)
All rights reserved to Security Art ltd. 2002-2011
I f tach Ian Amit | November 2011
17
Wednesday, December 7, 11
![Page 75: Advanced Data Exfiltration - the way Q would have done it](https://reader034.vdocuments.us/reader034/viewer/2022042813/54b6b6164a7959864a8b45e1/html5/thumbnails/75.jpg)
All rights reserved to Security Art ltd. 2002-2011
I f tach Ian Amit | November 2011
17
Wednesday, December 7, 11
![Page 76: Advanced Data Exfiltration - the way Q would have done it](https://reader034.vdocuments.us/reader034/viewer/2022042813/54b6b6164a7959864a8b45e1/html5/thumbnails/76.jpg)
All rights reserved to Security Art ltd. 2002-2011
I f tach Ian Amit | November 2011
17
Wednesday, December 7, 11
![Page 77: Advanced Data Exfiltration - the way Q would have done it](https://reader034.vdocuments.us/reader034/viewer/2022042813/54b6b6164a7959864a8b45e1/html5/thumbnails/77.jpg)
All rights reserved to Security Art ltd. 2002-2011
I f tach Ian Amit | November 2011
17
Wednesday, December 7, 11
![Page 78: Advanced Data Exfiltration - the way Q would have done it](https://reader034.vdocuments.us/reader034/viewer/2022042813/54b6b6164a7959864a8b45e1/html5/thumbnails/78.jpg)
All rights reserved to Security Art ltd. 2002-2011
I f tach Ian Amit | November 2011
• ZeuS: $3000-$5000
• SpyEye: $2500-$4000
• Limbo: $500-$1500
17
Wednesday, December 7, 11
![Page 79: Advanced Data Exfiltration - the way Q would have done it](https://reader034.vdocuments.us/reader034/viewer/2022042813/54b6b6164a7959864a8b45e1/html5/thumbnails/79.jpg)
All rights reserved to Security Art ltd. 2002-2011
I f tach Ian Amit | November 2011
• ZeuS: $3000-$5000
• SpyEye: $2500-$4000
• Limbo: $500-$1500
17
FREE!
Wednesday, December 7, 11
![Page 80: Advanced Data Exfiltration - the way Q would have done it](https://reader034.vdocuments.us/reader034/viewer/2022042813/54b6b6164a7959864a8b45e1/html5/thumbnails/80.jpg)
All rights reserved to Security Art ltd. 2002-2011
I f tach Ian Amit | November 2011
18
Wednesday, December 7, 11
![Page 81: Advanced Data Exfiltration - the way Q would have done it](https://reader034.vdocuments.us/reader034/viewer/2022042813/54b6b6164a7959864a8b45e1/html5/thumbnails/81.jpg)
All rights reserved to Security Art ltd. 2002-2011
I f tach Ian Amit | November 2011
18
Wednesday, December 7, 11
![Page 82: Advanced Data Exfiltration - the way Q would have done it](https://reader034.vdocuments.us/reader034/viewer/2022042813/54b6b6164a7959864a8b45e1/html5/thumbnails/82.jpg)
All rights reserved to Security Art ltd. 2002-2011
I f tach Ian Amit | November 2011
18
Experienced travelers know the importance of packing properly
Wednesday, December 7, 11
![Page 83: Advanced Data Exfiltration - the way Q would have done it](https://reader034.vdocuments.us/reader034/viewer/2022042813/54b6b6164a7959864a8b45e1/html5/thumbnails/83.jpg)
All rights reserved to Security Art ltd. 2002-2011
I f tach Ian Amit | November 2011
18
Experienced travelers know the importance of packing properly
Wednesday, December 7, 11
![Page 84: Advanced Data Exfiltration - the way Q would have done it](https://reader034.vdocuments.us/reader034/viewer/2022042813/54b6b6164a7959864a8b45e1/html5/thumbnails/84.jpg)
All rights reserved to Security Art ltd. 2002-2011
I f tach Ian Amit | November 2011
• File servers
• Databases
• File types
• Gateways (routes)
• Printers
19
Wednesday, December 7, 11
![Page 85: Advanced Data Exfiltration - the way Q would have done it](https://reader034.vdocuments.us/reader034/viewer/2022042813/54b6b6164a7959864a8b45e1/html5/thumbnails/85.jpg)
All rights reserved to Security Art ltd. 2002-2011
I f tach Ian Amit | November 2011
20
Mass infection:5-6 days before
detection
APT:5-6 months before
detection
Wednesday, December 7, 11
![Page 86: Advanced Data Exfiltration - the way Q would have done it](https://reader034.vdocuments.us/reader034/viewer/2022042813/54b6b6164a7959864a8b45e1/html5/thumbnails/86.jpg)
All rights reserved to Security Art ltd. 2002-2011
I f tach Ian Amit | November 2011
20
Mass infection:5-6 days before
detection
APT:5-6 months before
detection
Wednesday, December 7, 11
![Page 87: Advanced Data Exfiltration - the way Q would have done it](https://reader034.vdocuments.us/reader034/viewer/2022042813/54b6b6164a7959864a8b45e1/html5/thumbnails/87.jpg)
All rights reserved to Security Art ltd. 2002-2011
I f tach Ian Amit | November 2011
20
Mass infection:5-6 days before
detection
APT:5-6 months before
detection
Frequent updates No* updates* Almost
Wednesday, December 7, 11
![Page 88: Advanced Data Exfiltration - the way Q would have done it](https://reader034.vdocuments.us/reader034/viewer/2022042813/54b6b6164a7959864a8b45e1/html5/thumbnails/88.jpg)
All rights reserved to Security Art ltd. 2002-2011
I f tach Ian Amit | November 2011
21
PATIENCEMass infection:5-6 days before
detection
APT:5-6 months before
detection
Frequent updates No* updates* Almost
Wednesday, December 7, 11
![Page 89: Advanced Data Exfiltration - the way Q would have done it](https://reader034.vdocuments.us/reader034/viewer/2022042813/54b6b6164a7959864a8b45e1/html5/thumbnails/89.jpg)
All rights reserved to Security Art ltd. 2002-2011
I f tach Ian Amit | November 2011
22
Wednesday, December 7, 11
![Page 90: Advanced Data Exfiltration - the way Q would have done it](https://reader034.vdocuments.us/reader034/viewer/2022042813/54b6b6164a7959864a8b45e1/html5/thumbnails/90.jpg)
All rights reserved to Security Art ltd. 2002-2011
I f tach Ian Amit | November 2011
22
Wednesday, December 7, 11
![Page 91: Advanced Data Exfiltration - the way Q would have done it](https://reader034.vdocuments.us/reader034/viewer/2022042813/54b6b6164a7959864a8b45e1/html5/thumbnails/91.jpg)
All rights reserved to Security Art ltd. 2002-2011
I f tach Ian Amit | November 2011
22
Wednesday, December 7, 11
![Page 92: Advanced Data Exfiltration - the way Q would have done it](https://reader034.vdocuments.us/reader034/viewer/2022042813/54b6b6164a7959864a8b45e1/html5/thumbnails/92.jpg)
All rights reserved to Security Art ltd. 2002-2011
I f tach Ian Amit | November 2011
22
Wednesday, December 7, 11
![Page 93: Advanced Data Exfiltration - the way Q would have done it](https://reader034.vdocuments.us/reader034/viewer/2022042813/54b6b6164a7959864a8b45e1/html5/thumbnails/93.jpg)
All rights reserved to Security Art ltd. 2002-2011
I f tach Ian Amit | November 2011
22
Wednesday, December 7, 11
![Page 94: Advanced Data Exfiltration - the way Q would have done it](https://reader034.vdocuments.us/reader034/viewer/2022042813/54b6b6164a7959864a8b45e1/html5/thumbnails/94.jpg)
All rights reserved to Security Art ltd. 2002-2011
I f tach Ian Amit | November 2011
22
Wednesday, December 7, 11
![Page 95: Advanced Data Exfiltration - the way Q would have done it](https://reader034.vdocuments.us/reader034/viewer/2022042813/54b6b6164a7959864a8b45e1/html5/thumbnails/95.jpg)
All rights reserved to Security Art ltd. 2002-2011
I f tach Ian Amit | November 2011
22
Wednesday, December 7, 11
![Page 96: Advanced Data Exfiltration - the way Q would have done it](https://reader034.vdocuments.us/reader034/viewer/2022042813/54b6b6164a7959864a8b45e1/html5/thumbnails/96.jpg)
All rights reserved to Security Art ltd. 2002-2011
I f tach Ian Amit | November 2011
23
Wednesday, December 7, 11
![Page 97: Advanced Data Exfiltration - the way Q would have done it](https://reader034.vdocuments.us/reader034/viewer/2022042813/54b6b6164a7959864a8b45e1/html5/thumbnails/97.jpg)
All rights reserved to Security Art ltd. 2002-2011
I f tach Ian Amit | November 2011
23
Wednesday, December 7, 11
![Page 98: Advanced Data Exfiltration - the way Q would have done it](https://reader034.vdocuments.us/reader034/viewer/2022042813/54b6b6164a7959864a8b45e1/html5/thumbnails/98.jpg)
All rights reserved to Security Art ltd. 2002-2011
I f tach Ian Amit | November 2011
24
Wednesday, December 7, 11
![Page 99: Advanced Data Exfiltration - the way Q would have done it](https://reader034.vdocuments.us/reader034/viewer/2022042813/54b6b6164a7959864a8b45e1/html5/thumbnails/99.jpg)
All rights reserved to Security Art ltd. 2002-2011
I f tach Ian Amit | November 2011
24
Wednesday, December 7, 11
![Page 100: Advanced Data Exfiltration - the way Q would have done it](https://reader034.vdocuments.us/reader034/viewer/2022042813/54b6b6164a7959864a8b45e1/html5/thumbnails/100.jpg)
All rights reserved to Security Art ltd. 2002-2011
I f tach Ian Amit | November 2011
24
Wednesday, December 7, 11
![Page 101: Advanced Data Exfiltration - the way Q would have done it](https://reader034.vdocuments.us/reader034/viewer/2022042813/54b6b6164a7959864a8b45e1/html5/thumbnails/101.jpg)
All rights reserved to Security Art ltd. 2002-2011
I f tach Ian Amit | November 2011
So...
25
-----BEGIN PGP MESSAGE-----Version: GnuPG/MacGPG2 v2.0.14 (Darwin)
hQMOA1jQIm6UkL4eEAv/W3r/eYLUmqRNi/Jegt72lK6qdBiBfkg9PZ5YKql9CUZpFGnVk029K3gEVcrA4k7w2aOtP7tYKRF8v4yrZQ9GZ7eXzR7+Tbf1g+7dveH6U8BfBHo8LRovj5OlGghrvpyKYRPIf/NAgzL2G8dyi/FVB0YB4J7/4x0YFEalQHaLiKyt/gkikyV92njPJ6tPm2sdKUqUHSb20r9AdowZ0VVRrWwdRgUhdNXajjwcbH1BjVuSGilw8MnmQkmJAT+TAFkTqC9fjiwtnNMNANJbo2Z36RqsAcKbhVh1eMA7ev0pUakpTm4xN64syk/1DEc0VHFbanAreTV3tCbUUIoPQDFGFpiu3oS6/089oUvRtBBbC5p6leYKEnDllcGWAomRSiYBFWjTca/DIw43QIW/lmdBnwcWLuQmDCmwr3HuhEaOmqfOhdgaxM4GuVdJCDdwXzwpuaPElCd18weH2XNzudLdeRKN+wjl/4D6bIo+038BcLeiSyhWrMFB7mKSmEzQufQUDACFamtMCn9YOo3mgo+YYk505qhIDLNwZXqyVUqOHvIGvu7gzuNwUdY5idLqsGEs0K0xVwYntTKUh61tNS/HDfNTVm4Y3p8M88JHhcg7npY5gJuhWuHkgp2CTsQT+gRjthm3l3AlnIvAfuC5uWLMsjA4sCw2FRDOARxrN9El8maX/vCxN9aB3dK4S9MSGJ5HhaYpTfpc9CdFkFryzb2sFWfW85nSzNo7dVFCy0jmSr19o4Jsfj0J0izS3MeGYYz5NSsfBz+6o/IYURL3OXrm4DuJNHY0DvVbYqSQRRx3o2S+uZekwXwYsqpei/f/sYo875p5NeX3g62zgjy2Vly+n58WaZWoHb5Y0QCxNfpjdcAQ3tuZQaUvlqrkQeSRxKXD7pxlHdwHDgfvw01RU8NsMkfsBoTZY27BjFvIg5S/pv9O6IznXaJu9jRWDj6tvSypx8X2iiVgtSHYahlqEUH1RusAMCILkx0DydCvUud/qRbTYcnkVVgA8ojeDoVpp3AabRrSmgEAOwW6M0KvnSuMKniLIKe7kolqGjEuLAx7s5KgmMHfNki5dYWvQzHv03ID9UG+uW6o54BnsajEVe2EcYTPT+8pg2bCxnMElK0ds9Isqvf2Kx4kqO0qMeJG1II2zfAFqmMiTMtgA2CZ0Y42hA/bQK/CCM8QVo9JcGn3Jf6N0X1TVob7xDo/fkRROHv74dIh2Kxa0SH8iGdb4kI==jN3t-----END PGP MESSAGE-----
Wednesday, December 7, 11
![Page 102: Advanced Data Exfiltration - the way Q would have done it](https://reader034.vdocuments.us/reader034/viewer/2022042813/54b6b6164a7959864a8b45e1/html5/thumbnails/102.jpg)
All rights reserved to Security Art ltd. 2002-2011
I f tach Ian Amit | November 2011
Still “too detectable”
26
Wednesday, December 7, 11
![Page 103: Advanced Data Exfiltration - the way Q would have done it](https://reader034.vdocuments.us/reader034/viewer/2022042813/54b6b6164a7959864a8b45e1/html5/thumbnails/103.jpg)
All rights reserved to Security Art ltd. 2002-2011
I f tach Ian Amit | November 2011
Still “too detectable”
26
hQMOA1jQIm6UkL4eEAv/W3r/eYLUmqRNi/Jegt72lK6qdBiBfkg9PZ5YKql9CUZpFGnVk029K3gEVcrA4k7w2aOtP7tYKRF8v4yrZQ9GZ7eXzR7+Tbf1g+7dveH6U8BfBHo8LRovj5OlGghrvpyKYRPIf/NAgzL2G8dyi/FVB0YB4J7/4x0YFEalQHaLiKyt/gkikyV92njPJ6tPm2sdKUqUHSb20r9AdowZ0VVRrWwdRgUhdNXajjwcbH1BjVuSGilw8MnmQkmJAT+TAFkTqC9fjiwtnNMNANJbo2Z36RqsAcKbhVh1eMA7ev0pUakpTm4xN64syk/1DEc0VHFbanAreTV3tCbUUIoPQDFGFpiu3oS6/089oUvRtBBbC5p6leYKEnDllcGWAomRSiYBFWjTca/DIw43QIW/lmdBnwcWLuQmDCmwr3HuhEaOmqfOhdgaxM4GuVdJCDdwXzwpuaPElCd18weH2XNzudLdeRKN+wjl/4D6bIo+038BcLeiSyhWrMFB7mKSmEzQufQUDACFamtMCn9YOo3mgo+YYk505qhIDLNwZXqyVUqOHvIGvu7gzuNwUdY5idLqsGEs0K0xVwYntTKUh61tNS/HDfNTVm4Y3p8M88JHhcg7npY5gJuhWuHkgp2CTsQT+gRjthm3l3AlnIvAfuC5uWLMsjA4sCw2FRDOARxrN9El8maX/vCxN9aB3dK4S9MSGJ5HhaYpTfpc9CdFkFryzb2sFWfW85nSzNo7dVFCy0jmSr19o4Jsfj0J0izS3MeGYYz5NSsfBz+6o/IYURL3OXrm4DuJNHY0DvVbYqSQRRx3o2S+uZekwXwYsqpei/f/sYo875p5NeX3g62zgjy2Vly+n58WaZWoHb5Y0QCxNfpjdcAQ3tuZQaUvlqrkQeSRxKXD7pxlHdwHDgfvw01RU8NsMkfsBoTZY27BjFvIg5S/pv9O6IznXaJu9jRWDj6tvSypx8X2iiVgtSHYahlqEUH1RusAMCILkx0DydCvUud/qRbTYcnkVVgA8ojeDoVpp3AabRrSmgEAOwW6M0KvnSuMKniLIKe7kolqGjEuLAx7s5KgmMHfNki5dYWvQzHv03ID9UG+uW6o54BnsajEVe2EcYTPT+8pg2bCxnMElK0ds9Isqvf2Kx4kqO0qMeJG1II2zfAFqmMiTMtgA2CZ0Y42hA/bQK/CCM8QVo9JcGn3Jf6N0X1TVob7xDo/fkRROHv74dIh2Kxa0SH8iGdb4kI==jN3t
Wednesday, December 7, 11
![Page 104: Advanced Data Exfiltration - the way Q would have done it](https://reader034.vdocuments.us/reader034/viewer/2022042813/54b6b6164a7959864a8b45e1/html5/thumbnails/104.jpg)
All rights reserved to Security Art ltd. 2002-2011
I f tach Ian Amit | November 2011
Much better• Throws in some additional encodings
• And an XOR for old time’s sake
• And we are good to go...
• 0% detection rate
27
Wednesday, December 7, 11
![Page 105: Advanced Data Exfiltration - the way Q would have done it](https://reader034.vdocuments.us/reader034/viewer/2022042813/54b6b6164a7959864a8b45e1/html5/thumbnails/105.jpg)
I f tach Ian Amit | November 2011
All rights reserved to Security Art ltd. 2002-2011 28
Resistance is futile
Wednesday, December 7, 11
![Page 106: Advanced Data Exfiltration - the way Q would have done it](https://reader034.vdocuments.us/reader034/viewer/2022042813/54b6b6164a7959864a8b45e1/html5/thumbnails/106.jpg)
All rights reserved to Security Art ltd. 2002-2011
I f tach Ian Amit | November 2011
29
Wednesday, December 7, 11
![Page 107: Advanced Data Exfiltration - the way Q would have done it](https://reader034.vdocuments.us/reader034/viewer/2022042813/54b6b6164a7959864a8b45e1/html5/thumbnails/107.jpg)
All rights reserved to Security Art ltd. 2002-2011
I f tach Ian Amit | November 2011
29
80
44353
Wednesday, December 7, 11
![Page 108: Advanced Data Exfiltration - the way Q would have done it](https://reader034.vdocuments.us/reader034/viewer/2022042813/54b6b6164a7959864a8b45e1/html5/thumbnails/108.jpg)
All rights reserved to Security Art ltd. 2002-2011
I f tach Ian Amit | November 2011
29
80
44353
Wednesday, December 7, 11
![Page 109: Advanced Data Exfiltration - the way Q would have done it](https://reader034.vdocuments.us/reader034/viewer/2022042813/54b6b6164a7959864a8b45e1/html5/thumbnails/109.jpg)
All rights reserved to Security Art ltd. 2002-2011
I f tach Ian Amit | November 2011
Kill some trees
30
Wednesday, December 7, 11
![Page 110: Advanced Data Exfiltration - the way Q would have done it](https://reader034.vdocuments.us/reader034/viewer/2022042813/54b6b6164a7959864a8b45e1/html5/thumbnails/110.jpg)
All rights reserved to Security Art ltd. 2002-2011
I f tach Ian Amit | November 2011
31
Wednesday, December 7, 11
![Page 111: Advanced Data Exfiltration - the way Q would have done it](https://reader034.vdocuments.us/reader034/viewer/2022042813/54b6b6164a7959864a8b45e1/html5/thumbnails/111.jpg)
All rights reserved to Security Art ltd. 2002-2011
I f tach Ian Amit | November 2011
31
Wednesday, December 7, 11
![Page 112: Advanced Data Exfiltration - the way Q would have done it](https://reader034.vdocuments.us/reader034/viewer/2022042813/54b6b6164a7959864a8b45e1/html5/thumbnails/112.jpg)
I f tach Ian Amit | November 2011
All rights reserved to Security Art ltd. 2002-2011
Good ol’e DD...
32
Wednesday, December 7, 11
![Page 113: Advanced Data Exfiltration - the way Q would have done it](https://reader034.vdocuments.us/reader034/viewer/2022042813/54b6b6164a7959864a8b45e1/html5/thumbnails/113.jpg)
All rights reserved to Security Art ltd. 2002-2011
I f tach Ian Amit | November 2011
33
Wednesday, December 7, 11
![Page 114: Advanced Data Exfiltration - the way Q would have done it](https://reader034.vdocuments.us/reader034/viewer/2022042813/54b6b6164a7959864a8b45e1/html5/thumbnails/114.jpg)
All rights reserved to Security Art ltd. 2002-2011
I f tach Ian Amit | November 2011
33
Wednesday, December 7, 11
![Page 115: Advanced Data Exfiltration - the way Q would have done it](https://reader034.vdocuments.us/reader034/viewer/2022042813/54b6b6164a7959864a8b45e1/html5/thumbnails/115.jpg)
All rights reserved to Security Art ltd. 2002-2011
I f tach Ian Amit | November 2011
33
1 0 1 0
1/2 byte=
16 values
Wednesday, December 7, 11
![Page 116: Advanced Data Exfiltration - the way Q would have done it](https://reader034.vdocuments.us/reader034/viewer/2022042813/54b6b6164a7959864a8b45e1/html5/thumbnails/116.jpg)
All rights reserved to Security Art ltd. 2002-2011
I f tach Ian Amit | November 2011
33
1 0 1 0
1/2 byte=
16 values
Wednesday, December 7, 11
![Page 117: Advanced Data Exfiltration - the way Q would have done it](https://reader034.vdocuments.us/reader034/viewer/2022042813/54b6b6164a7959864a8b45e1/html5/thumbnails/117.jpg)
All rights reserved to Security Art ltd. 2002-2011
I f tach Ian Amit | November 2011
33
1 0 1 0
1/2 byte=
16 values
Wednesday, December 7, 11
![Page 118: Advanced Data Exfiltration - the way Q would have done it](https://reader034.vdocuments.us/reader034/viewer/2022042813/54b6b6164a7959864a8b45e1/html5/thumbnails/118.jpg)
All rights reserved to Security Art ltd. 2002-2011
I f tach Ian Amit | November 2011
34
Wednesday, December 7, 11
![Page 119: Advanced Data Exfiltration - the way Q would have done it](https://reader034.vdocuments.us/reader034/viewer/2022042813/54b6b6164a7959864a8b45e1/html5/thumbnails/119.jpg)
All rights reserved to Security Art ltd. 2002-2011
I f tach Ian Amit | November 2011
34
Wednesday, December 7, 11
![Page 120: Advanced Data Exfiltration - the way Q would have done it](https://reader034.vdocuments.us/reader034/viewer/2022042813/54b6b6164a7959864a8b45e1/html5/thumbnails/120.jpg)
All rights reserved to Security Art ltd. 2002-2011
I f tach Ian Amit | November 2011
34
Wednesday, December 7, 11
![Page 121: Advanced Data Exfiltration - the way Q would have done it](https://reader034.vdocuments.us/reader034/viewer/2022042813/54b6b6164a7959864a8b45e1/html5/thumbnails/121.jpg)
All rights reserved to Security Art ltd. 2002-2011
I f tach Ian Amit | November 2011
34
Wednesday, December 7, 11
![Page 122: Advanced Data Exfiltration - the way Q would have done it](https://reader034.vdocuments.us/reader034/viewer/2022042813/54b6b6164a7959864a8b45e1/html5/thumbnails/122.jpg)
All rights reserved to Security Art ltd. 2002-2011
I f tach Ian Amit | November 2011
34
Wednesday, December 7, 11
![Page 123: Advanced Data Exfiltration - the way Q would have done it](https://reader034.vdocuments.us/reader034/viewer/2022042813/54b6b6164a7959864a8b45e1/html5/thumbnails/123.jpg)
All rights reserved to Security Art ltd. 2002-2011
I f tach Ian Amit | November 2011
34
Wednesday, December 7, 11
![Page 124: Advanced Data Exfiltration - the way Q would have done it](https://reader034.vdocuments.us/reader034/viewer/2022042813/54b6b6164a7959864a8b45e1/html5/thumbnails/124.jpg)
All rights reserved to Security Art ltd. 2002-2011
I f tach Ian Amit | November 2011
34
Wednesday, December 7, 11
![Page 125: Advanced Data Exfiltration - the way Q would have done it](https://reader034.vdocuments.us/reader034/viewer/2022042813/54b6b6164a7959864a8b45e1/html5/thumbnails/125.jpg)
All rights reserved to Security Art ltd. 2002-2011
I f tach Ian Amit | November 2011
34
Wednesday, December 7, 11
![Page 126: Advanced Data Exfiltration - the way Q would have done it](https://reader034.vdocuments.us/reader034/viewer/2022042813/54b6b6164a7959864a8b45e1/html5/thumbnails/126.jpg)
I f tach Ian Amit | November 2011
All rights reserved to Security Art ltd. 2002-2011 35
Wednesday, December 7, 11
![Page 127: Advanced Data Exfiltration - the way Q would have done it](https://reader034.vdocuments.us/reader034/viewer/2022042813/54b6b6164a7959864a8b45e1/html5/thumbnails/127.jpg)
I f tach Ian Amit | November 2011
All rights reserved to Security Art ltd. 2002-2011 35
Wednesday, December 7, 11
![Page 128: Advanced Data Exfiltration - the way Q would have done it](https://reader034.vdocuments.us/reader034/viewer/2022042813/54b6b6164a7959864a8b45e1/html5/thumbnails/128.jpg)
I f tach Ian Amit | November 2011
All rights reserved to Security Art ltd. 2002-2011 35
1 0 1 0
Wednesday, December 7, 11
![Page 129: Advanced Data Exfiltration - the way Q would have done it](https://reader034.vdocuments.us/reader034/viewer/2022042813/54b6b6164a7959864a8b45e1/html5/thumbnails/129.jpg)
All rights reserved to Security Art ltd. 2002-2011
I f tach Ian Amit | November 2011
DEMO
36
Wednesday, December 7, 11
![Page 130: Advanced Data Exfiltration - the way Q would have done it](https://reader034.vdocuments.us/reader034/viewer/2022042813/54b6b6164a7959864a8b45e1/html5/thumbnails/130.jpg)
All rights reserved to Security Art ltd. 2002-2011
I f tach Ian Amit | November 2011
DEMO
36
Wednesday, December 7, 11
![Page 131: Advanced Data Exfiltration - the way Q would have done it](https://reader034.vdocuments.us/reader034/viewer/2022042813/54b6b6164a7959864a8b45e1/html5/thumbnails/131.jpg)
All rights reserved to Security Art ltd. 2002-2011
I f tach Ian Amit | November 2011
DEMO
36
Wednesday, December 7, 11
![Page 132: Advanced Data Exfiltration - the way Q would have done it](https://reader034.vdocuments.us/reader034/viewer/2022042813/54b6b6164a7959864a8b45e1/html5/thumbnails/132.jpg)
All rights reserved to Security Art ltd. 2002-2011
I f tach Ian Amit | November 2011
DEMO
36
Wednesday, December 7, 11
![Page 133: Advanced Data Exfiltration - the way Q would have done it](https://reader034.vdocuments.us/reader034/viewer/2022042813/54b6b6164a7959864a8b45e1/html5/thumbnails/133.jpg)
All rights reserved to Security Art ltd. 2002-2011
I f tach Ian Amit | November 2011
DEMO
36
Wednesday, December 7, 11
![Page 134: Advanced Data Exfiltration - the way Q would have done it](https://reader034.vdocuments.us/reader034/viewer/2022042813/54b6b6164a7959864a8b45e1/html5/thumbnails/134.jpg)
All rights reserved to Security Art ltd. 2002-2011
I f tach Ian Amit | November 2011
DEMO
36
Wednesday, December 7, 11
![Page 135: Advanced Data Exfiltration - the way Q would have done it](https://reader034.vdocuments.us/reader034/viewer/2022042813/54b6b6164a7959864a8b45e1/html5/thumbnails/135.jpg)
All rights reserved to Security Art ltd. 2002-2011
I f tach Ian Amit | November 2011
37
Wednesday, December 7, 11
![Page 136: Advanced Data Exfiltration - the way Q would have done it](https://reader034.vdocuments.us/reader034/viewer/2022042813/54b6b6164a7959864a8b45e1/html5/thumbnails/136.jpg)
All rights reserved to Security Art ltd. 2002-2011
I f tach Ian Amit | November 2011
Killing paper isn’t nice• Fax it!
• Most corporations have email-to-fax services
• heard of the address [email protected] ?
• Just send any document (text, doc, pdf) to it and off you go with the data...
38
Wednesday, December 7, 11
![Page 137: Advanced Data Exfiltration - the way Q would have done it](https://reader034.vdocuments.us/reader034/viewer/2022042813/54b6b6164a7959864a8b45e1/html5/thumbnails/137.jpg)
All rights reserved to Security Art ltd. 2002-2011
I f tach Ian Amit | November 2011
Conclusions
39
Wednesday, December 7, 11
![Page 138: Advanced Data Exfiltration - the way Q would have done it](https://reader034.vdocuments.us/reader034/viewer/2022042813/54b6b6164a7959864a8b45e1/html5/thumbnails/138.jpg)
All rights reserved to Security Art ltd. 2002-2011
I f tach Ian Amit | November 2011
Conclusions
39
Wednesday, December 7, 11
![Page 139: Advanced Data Exfiltration - the way Q would have done it](https://reader034.vdocuments.us/reader034/viewer/2022042813/54b6b6164a7959864a8b45e1/html5/thumbnails/139.jpg)
All rights reserved to Security Art ltd. 2002-2011
I f tach Ian Amit | November 2011
Conclusions
39
Wednesday, December 7, 11
![Page 140: Advanced Data Exfiltration - the way Q would have done it](https://reader034.vdocuments.us/reader034/viewer/2022042813/54b6b6164a7959864a8b45e1/html5/thumbnails/140.jpg)
All rights reserved to Security Art ltd. 2002-2011
I f tach Ian Amit | November 2011
Conclusions
39
Wednesday, December 7, 11
![Page 141: Advanced Data Exfiltration - the way Q would have done it](https://reader034.vdocuments.us/reader034/viewer/2022042813/54b6b6164a7959864a8b45e1/html5/thumbnails/141.jpg)
All rights reserved to Security Art ltd. 2002-2011
I f tach Ian Amit | November 2011
• Start with the human factor
• Then add technology
40
Wednesday, December 7, 11
![Page 142: Advanced Data Exfiltration - the way Q would have done it](https://reader034.vdocuments.us/reader034/viewer/2022042813/54b6b6164a7959864a8b45e1/html5/thumbnails/142.jpg)
All rights reserved to Security Art ltd. 2002-2011
I f tach Ian Amit | November 2011
• Start with the human factor
• Then add technology
40
Wednesday, December 7, 11
![Page 143: Advanced Data Exfiltration - the way Q would have done it](https://reader034.vdocuments.us/reader034/viewer/2022042813/54b6b6164a7959864a8b45e1/html5/thumbnails/143.jpg)
All rights reserved to Security Art ltd. 2002-2011
I f tach Ian Amit | November 2011
• Where people leave data
• Hint - spend time with developers.
• “Hack” the business process
• Test, test again, and then test. Follow with a surprise test!
41
Wednesday, December 7, 11
![Page 144: Advanced Data Exfiltration - the way Q would have done it](https://reader034.vdocuments.us/reader034/viewer/2022042813/54b6b6164a7959864a8b45e1/html5/thumbnails/144.jpg)
All rights reserved to Security Art ltd. 2002-2011
I f tach Ian Amit | November 2011
• Where people leave data
• Hint - spend time with developers.
• “Hack” the business process
• Test, test again, and then test. Follow with a surprise test!
41
Wednesday, December 7, 11
![Page 145: Advanced Data Exfiltration - the way Q would have done it](https://reader034.vdocuments.us/reader034/viewer/2022042813/54b6b6164a7959864a8b45e1/html5/thumbnails/145.jpg)
I f tach Ian Amit | November 2011
All rights reserved to Security Art ltd. 2002-2011 42
“be true to yourself, not to what you believe things should look like”
Old chinese proverb
Wednesday, December 7, 11
![Page 146: Advanced Data Exfiltration - the way Q would have done it](https://reader034.vdocuments.us/reader034/viewer/2022042813/54b6b6164a7959864a8b45e1/html5/thumbnails/146.jpg)
I f tach Ian Amit | November 2011
All rights reserved to Security Art ltd. 2002-2011 42
“be true to yourself, not to what you believe things should look like”
Old chinese proverb
Wednesday, December 7, 11
![Page 147: Advanced Data Exfiltration - the way Q would have done it](https://reader034.vdocuments.us/reader034/viewer/2022042813/54b6b6164a7959864a8b45e1/html5/thumbnails/147.jpg)
I f tach Ian Amit | November 2011
All rights reserved to Security Art ltd. 2002-2011 43
They are YOUR assetsafter all
No reason to beshy about it...
And remember to add honey...
Wednesday, December 7, 11
![Page 148: Advanced Data Exfiltration - the way Q would have done it](https://reader034.vdocuments.us/reader034/viewer/2022042813/54b6b6164a7959864a8b45e1/html5/thumbnails/148.jpg)
All rights reserved to Security Art ltd. 2002-2011
I f tach Ian Amit | November 2011
44
Wednesday, December 7, 11
![Page 149: Advanced Data Exfiltration - the way Q would have done it](https://reader034.vdocuments.us/reader034/viewer/2022042813/54b6b6164a7959864a8b45e1/html5/thumbnails/149.jpg)
All rights reserved to Security Art ltd. 2002-2011
I f tach Ian Amit | November 2011
44
Wednesday, December 7, 11
![Page 150: Advanced Data Exfiltration - the way Q would have done it](https://reader034.vdocuments.us/reader034/viewer/2022042813/54b6b6164a7959864a8b45e1/html5/thumbnails/150.jpg)
All rights reserved to Security Art ltd. 2002-2011
I f tach Ian Amit | November 2011
44
Wednesday, December 7, 11
![Page 151: Advanced Data Exfiltration - the way Q would have done it](https://reader034.vdocuments.us/reader034/viewer/2022042813/54b6b6164a7959864a8b45e1/html5/thumbnails/151.jpg)
I f tach Ian Amit | November 2011
All rights reserved to Security Art ltd. 2002-2011 45
TEST SOME MORE
For hints/guides see: www.pentest-standard.org
Wednesday, December 7, 11
![Page 152: Advanced Data Exfiltration - the way Q would have done it](https://reader034.vdocuments.us/reader034/viewer/2022042813/54b6b6164a7959864a8b45e1/html5/thumbnails/152.jpg)
I f tach Ian Amit | November 2011
All rights reserved to Security Art ltd. 2002-2011
Questions?
46
Thank you! Whitepapers:www.security-art.com
Too shy to ask [email protected]
Need your daily chatter?twitter.com/iiamit
Data modulation Exfil POC:http://code.google.com/p/
data-sound-poc/
Wednesday, December 7, 11