Overview
Explore data exfiltration techniques using DNS in this 53-minute conference talk from the Hack In The Box Security Conference. Delve into the development of a unique protocol for transferring files across networks, addressing limitations of existing tools and bypassing next-generation firewalls. Learn about innovative "Hidden In Plain Sight" tactics for pushing files out of secure environments. Presented by Emilio Couto, an experienced security consultant, the talk covers DNS file exfiltration concepts, detection avoidance strategies, the DFEX algorithm, control and data flow diagrams, packet examples, and a demonstration of the MACCHERONI infrastructure. Examine performance metrics, discuss limitations, and gain insights into cutting-edge post-exploitation techniques in network security.
Syllabus
Intro
DNS File Exfiltration?
Avoiding Detection
DFEX Algorithm
Diagram: Control Flow
Diagram: Data Flow
Packet Example
Demo Infra (MACCHERONI)
Performance
Limitations
Conclusion
Taught by
Hack In The Box Security Conference