The advanced persistent threat (APT) actor known as ToddyCat has been linked to a new set of malicious tools that are designed for data exfiltration, offering a deeper insight into the hacking crew’s tactics and capabilities. The findings come from Kaspersky, which first shed light on the adversary last year, linking it to attacks against […]
As part of Checkmarx’s mission to help organizations develop and deploy secure software, the Security Research team started looking at the security posture of major car manufacturers. Porsche has a well-established Vulnerability Reporting Policy (Disclosure Policy)[1], it was considered in scope for our research, so we decided to start there, and see what we could […]
Threat actors associated with the Vice Society ransomware gang have been observed using a bespoke PowerShell-based tool to fly under the radar and automate the process of exfiltrating data from compromised networks. “Threat actors (TAs) using built-in data exfiltration methods like [living off the land binaries and scripts] negate the need to bring in external […]
Ransomware is the de facto threat organizations have faced over the past few years. Threat actors were making easy money by exploiting the high valuation of cryptocurrencies and their victims’ lack of adequate preparation. Think about bad security policies, untested backups, patch management practices not up-to-par, and so forth. It resulted in easy growth for […]
Defining Data Exfiltration Also referred to as data theft or exportation, data exfiltration is when an unauthorized transfer of data occurs from one device to another. This can be done manually by anyone with physical access to the computer or device, or it can be done through malicious programs over a network such as the […]
In the process of identifying and exploiting vulnerabilities, it is sometimes necessary to resort to Out of Band (OOB) techniques in order to exfiltrate information through DNS resolutions or HTTP requests. To address this kind of situation the faster and simpler solution can be the use of a Burp Collaborator instance or a online service […]
Emotet Malware re-emerging to perform mass email exfiltration with a new form of infection capabilities to steal sensitive Email data directly from victims Email Client. The US-Cert team already issued an alert for an advanced Emotet malware attack that targets governments, private and public sectors in the most destructive way to steal various sensitive information. […]
PacketWhisper – Stealthily Transfer Data & Defeat Attribution Using DNS Queries & Text-Based Steganography, without the need for attacker-controlled Name Servers or domains Evade DLP/MLS Devices; Defeat Data- & DNS Name Server Whitelisting Controls. Convert any file type (e.g. executables, Office, Zip, images) into a list of Fully Qualified Domain Names (FQDNs), use DNS queries […]
Powershell-RAT is a Python-based Gmail exfiltration RAT that can be used a Windows backdoor to send screenshots or other data as an e-mail attachment. This RAT will help you during red team engagements to backdoor any Windows machines. It tracks the user activity using screen capture and sends the information to an attacker as an […]
DNSteal is a python based tool that allows you to stealthily extract files from a victim machine through DNS requests. Features: Support for multiple files Gzip compression supported Supports the customization of subdomains and bytes per subdomain and the length of the filename. Usage: Usage: python dnsteal.py [listen_address] [options] Options: -z Unzip incoming files. -v […]
DNSExfiltrator allows for transfering (exfiltrate) a file over a DNS request covert channel. This is basically a data leak testing tool allowing to exfiltrate data over a covert channel. DNSExfiltrator has two sides: The server side, coming as a single python script (dnsexfiltrator.py), which acts as a custom DNS server, receiving the file The client side (victim’s side), […]
CloakifyFactory & the Cloakify Toolset – Data Exfiltration & Infiltration In Plain Sight; Evade DLP/MLS Devices; Social Engineering of Analysts; Defeat Data Whitelisting Controls; Evade AV Detection. Text-based steganography usings lists. Convert any file type (e.g. executables, Office, Zip, images) into a list of everyday strings. Very simple tools, powerful concept, limited only by your […]
DET (is provided AS IS), is a proof of concept to perform Data Exfiltration using either single or multiple channel(s) at the same time. This is a Proof of Concept aimed at identifying possible DLP failures. This should never be used to exfiltrate sensitive/live data (say on an assessment) The idea was to create a […]
Security researcher MalwareHunterTeam discovered today a new malware family that can infect computers and allow crooks to take control of these PCs using commands sent via an IRC channel. Named GhostAdmin, this threat is part of the “botnet malware” category. According to current information, the malware is already distributed and deployed in live attacks, being […]
Businesses today pride themselves on responding quickly to changing conditions. Unfortunately, cybercriminals aren’t any different. A newly discovered malware family hitting point-of-sale (PoS) systems has been found which emphasizes speed in how the information is stolen and sent back to attackers. We called this attack FastPOS, due to the speed and efficiency of its credit card theft […]