Upload
iftach-ian-amit
View
775
Download
1
Tags:
Embed Size (px)
DESCRIPTION
An updated version of my data exfiltration talk. Much more "visual" in nature.Used it at Hashdays, Govcert.NL, SourceBCN, and SecurityZone.
Citation preview
I f tach Ian Amit | November 2011
www.security-art.comAll rights reserved to Security Art ltd. 2002-2011
Advanced Data ExfiltrationThe way Q would have done it
Iftach Ian AmitVP Consulting
DC9723CSA-IL Board memberIL-CERT Visionary
Wednesday, December 7, 11
All rights reserved to Security Art ltd. 2002-2011
I f tach Ian Amit | November 2011
whoami
2
Wednesday, December 7, 11
All rights reserved to Security Art ltd. 2002-2011
I f tach Ian Amit | November 2011
whoami
2
Wednesday, December 7, 11
All rights reserved to Security Art ltd. 2002-2011
I f tach Ian Amit | November 2011
whoami
2
Wednesday, December 7, 11
All rights reserved to Security Art ltd. 2002-2011
I f tach Ian Amit | November 2011
whoami
2
Wednesday, December 7, 11
All rights reserved to Security Art ltd. 2002-2011
I f tach Ian Amit | November 2011
whoami
2
Wednesday, December 7, 11
All rights reserved to Security Art ltd. 2002-2011
I f tach Ian Amit | November 2011
whoami
2
Wednesday, December 7, 11
All rights reserved to Security Art ltd. 2002-2011
I f tach Ian Amit | November 2011
whoami
2
Wednesday, December 7, 11
All rights reserved to Security Art ltd. 2002-2011
I f tach Ian Amit | November 2011
whoami
2
Wednesday, December 7, 11
All rights reserved to Security Art ltd. 2002-2011
I f tach Ian Amit | November 2011
whoami
2
Wednesday, December 7, 11
All rights reserved to Security Art ltd. 2002-2011
I f tach Ian Amit | November 2011
whoami
2
Wednesday, December 7, 11
All rights reserved to Security Art ltd. 2002-2011
I f tach Ian Amit | November 2011
whoami
2
Wednesday, December 7, 11
All rights reserved to Security Art ltd. 2002-2011
I f tach Ian Amit | November 2011
Agenda
3
Wednesday, December 7, 11
All rights reserved to Security Art ltd. 2002-2011
I f tach Ian Amit | November 2011
Agenda
3
Wednesday, December 7, 11
All rights reserved to Security Art ltd. 2002-2011
I f tach Ian Amit | November 2011
Agenda
3
Wednesday, December 7, 11
All rights reserved to Security Art ltd. 2002-2011
I f tach Ian Amit | November 2011
Agenda
3
Wednesday, December 7, 11
All rights reserved to Security Art ltd. 2002-2011
I f tach Ian Amit | November 2011
4
Wednesday, December 7, 11
All rights reserved to Security Art ltd. 2002-2011
I f tach Ian Amit | November 2011
5
Wednesday, December 7, 11
All rights reserved to Security Art ltd. 2002-2011
I f tach Ian Amit | November 2011
5
Wednesday, December 7, 11
All rights reserved to Security Art ltd. 2002-2011
I f tach Ian Amit | November 2011
5
Wednesday, December 7, 11
All rights reserved to Security Art ltd. 2002-2011
I f tach Ian Amit | November 2011
5
Wednesday, December 7, 11
All rights reserved to Security Art ltd. 2002-2011
I f tach Ian Amit | November 2011
5
Wednesday, December 7, 11
All rights reserved to Security Art ltd. 2002-2011
I f tach Ian Amit | November 2011
6
Wednesday, December 7, 11
All rights reserved to Security Art ltd. 2002-2011
I f tach Ian Amit | November 2011
6
Wednesday, December 7, 11
All rights reserved to Security Art ltd. 2002-2011
I f tach Ian Amit | November 2011
6
Wednesday, December 7, 11
All rights reserved to Security Art ltd. 2002-2011
I f tach Ian Amit | November 2011
6
Wednesday, December 7, 11
All rights reserved to Security Art ltd. 2002-2011
I f tach Ian Amit | November 2011
6
Wednesday, December 7, 11
All rights reserved to Security Art ltd. 2002-2011
I f tach Ian Amit | November 2011
6
Wednesday, December 7, 11
All rights reserved to Security Art ltd. 2002-2011
I f tach Ian Amit | November 2011
6
Wednesday, December 7, 11
All rights reserved to Security Art ltd. 2002-2011
I f tach Ian Amit | November 2011
7
Wednesday, December 7, 11
All rights reserved to Security Art ltd. 2002-2011
I f tach Ian Amit | November 2011
7
Wednesday, December 7, 11
All rights reserved to Security Art ltd. 2002-2011
I f tach Ian Amit | November 2011
7
Wednesday, December 7, 11
All rights reserved to Security Art ltd. 2002-2011
I f tach Ian Amit | November 2011
7
Wednesday, December 7, 11
All rights reserved to Security Art ltd. 2002-2011
I f tach Ian Amit | November 2011
7
Wednesday, December 7, 11
All rights reserved to Security Art ltd. 2002-2011
I f tach Ian Amit | November 2011
7
Wednesday, December 7, 11
I f tach Ian Amit | November 2011
All rights reserved to Security Art ltd. 2002-2011 8
Wednesday, December 7, 11
I f tach Ian Amit | November 2011
All rights reserved to Security Art ltd. 2002-2011 8
Wednesday, December 7, 11
I f tach Ian Amit | November 2011
All rights reserved to Security Art ltd. 2002-2011 8
Wednesday, December 7, 11
I f tach Ian Amit | November 2011
All rights reserved to Security Art ltd. 2002-2011 8
Wednesday, December 7, 11
All rights reserved to Security Art ltd. 2002-2011
I f tach Ian Amit | November 2011
9
Wednesday, December 7, 11
All rights reserved to Security Art ltd. 2002-2011
I f tach Ian Amit | November 2011
9
• eMails, web links, phishing...
Wednesday, December 7, 11
All rights reserved to Security Art ltd. 2002-2011
I f tach Ian Amit | November 2011
9
• eMails, web links, phishing...
• Works like a charm!
Wednesday, December 7, 11
All rights reserved to Security Art ltd. 2002-2011
I f tach Ian Amit | November 2011
9
• eMails, web links, phishing...
• Works like a charm!
• And can be mostly automated
Wednesday, December 7, 11
All rights reserved to Security Art ltd. 2002-2011
I f tach Ian Amit | November 2011
9
• eMails, web links, phishing...
• Works like a charm!
• And can be mostly automated
• SET to the rescue
Wednesday, December 7, 11
All rights reserved to Security Art ltd. 2002-2011
I f tach Ian Amit | November 2011
9
• eMails, web links, phishing...
• Works like a charm!
• And can be mostly automated
• SET to the rescue
Wednesday, December 7, 11
All rights reserved to Security Art ltd. 2002-2011
I f tach Ian Amit | November 2011
10
And... being nice/nasty/obnoxious/needy always helps!
Wednesday, December 7, 11
All rights reserved to Security Art ltd. 2002-2011
I f tach Ian Amit | November 2011
10
And... being nice/nasty/obnoxious/needy always helps!
Wednesday, December 7, 11
All rights reserved to Security Art ltd. 2002-2011
I f tach Ian Amit | November 2011
10
And... being nice/nasty/obnoxious/needy always helps!
Wednesday, December 7, 11
All rights reserved to Security Art ltd. 2002-2011
I f tach Ian Amit | November 2011
10
And... being nice/nasty/obnoxious/needy always helps!
Wednesday, December 7, 11
All rights reserved to Security Art ltd. 2002-2011
I f tach Ian Amit | November 2011
10
And... being nice/nasty/obnoxious/needy always helps!
Wednesday, December 7, 11
All rights reserved to Security Art ltd. 2002-2011
I f tach Ian Amit | November 2011
11
Wednesday, December 7, 11
All rights reserved to Security Art ltd. 2002-2011
I f tach Ian Amit | November 2011
11
Wednesday, December 7, 11
All rights reserved to Security Art ltd. 2002-2011
I f tach Ian Amit | November 2011
Internet
11
3rd partyYou!
Target
Wednesday, December 7, 11
All rights reserved to Security Art ltd. 2002-2011
I f tach Ian Amit | November 2011
Internet
11
3rd partyYou!
Target
Wednesday, December 7, 11
All rights reserved to Security Art ltd. 2002-2011
I f tach Ian Amit | November 2011
Internet
11
3rd partyYou!
Target
Wednesday, December 7, 11
All rights reserved to Security Art ltd. 2002-2011
I f tach Ian Amit | November 2011
Internet
11
3rd partyYou!
Target
Wednesday, December 7, 11
All rights reserved to Security Art ltd. 2002-2011
I f tach Ian Amit | November 2011
Internet
11
3rd partyYou!
Target
Wednesday, December 7, 11
All rights reserved to Security Art ltd. 2002-2011
I f tach Ian Amit | November 2011
Internet
11
3rd partyYou!
Target
Wednesday, December 7, 11
All rights reserved to Security Art ltd. 2002-2011
I f tach Ian Amit | November 2011
Internet
11
3rd partyYou!
Target
Wednesday, December 7, 11
All rights reserved to Security Art ltd. 2002-2011
I f tach Ian Amit | November 2011
12
Wednesday, December 7, 11
All rights reserved to Security Art ltd. 2002-2011
I f tach Ian Amit | November 2011
12
Wednesday, December 7, 11
All rights reserved to Security Art ltd. 2002-2011
I f tach Ian Amit | November 2011
12
Wednesday, December 7, 11
All rights reserved to Security Art ltd. 2002-2011
I f tach Ian Amit | November 2011
What is the target “willing” to tell about itself?
13
Wednesday, December 7, 11
All rights reserved to Security Art ltd. 2002-2011
I f tach Ian Amit | November 2011
What is the target “willing” to tell about itself?
13
Wednesday, December 7, 11
All rights reserved to Security Art ltd. 2002-2011
I f tach Ian Amit | November 2011
What is the target “willing” to tell about itself?
13
Wednesday, December 7, 11
All rights reserved to Security Art ltd. 2002-2011
I f tach Ian Amit | November 2011
Who’s your daddy?And buddy, and friends, relatives, colleagues...
14
Wednesday, December 7, 11
All rights reserved to Security Art ltd. 2002-2011
I f tach Ian Amit | November 2011
Who’s your daddy?And buddy, and friends, relatives, colleagues...
14
Wednesday, December 7, 11
All rights reserved to Security Art ltd. 2002-2011
I f tach Ian Amit | November 2011
Who’s your daddy?And buddy, and friends, relatives, colleagues...
14
Wednesday, December 7, 11
All rights reserved to Security Art ltd. 2002-2011
I f tach Ian Amit | November 2011
Who’s your daddy?And buddy, and friends, relatives, colleagues...
14
Wednesday, December 7, 11
I f tach Ian Amit | November 2011
All rights reserved to Security Art ltd. 2002-2011 15
Wednesday, December 7, 11
I f tach Ian Amit | November 2011
All rights reserved to Security Art ltd. 2002-2011 15
Wednesday, December 7, 11
All rights reserved to Security Art ltd. 2002-2011
I f tach Ian Amit | November 2011
Select your target wisely
And then craft your payload :-)
16
Wednesday, December 7, 11
All rights reserved to Security Art ltd. 2002-2011
I f tach Ian Amit | November 2011
17
Wednesday, December 7, 11
All rights reserved to Security Art ltd. 2002-2011
I f tach Ian Amit | November 2011
17
Wednesday, December 7, 11
All rights reserved to Security Art ltd. 2002-2011
I f tach Ian Amit | November 2011
17
Wednesday, December 7, 11
All rights reserved to Security Art ltd. 2002-2011
I f tach Ian Amit | November 2011
17
Wednesday, December 7, 11
All rights reserved to Security Art ltd. 2002-2011
I f tach Ian Amit | November 2011
17
Wednesday, December 7, 11
All rights reserved to Security Art ltd. 2002-2011
I f tach Ian Amit | November 2011
• ZeuS: $3000-$5000
• SpyEye: $2500-$4000
• Limbo: $500-$1500
17
Wednesday, December 7, 11
All rights reserved to Security Art ltd. 2002-2011
I f tach Ian Amit | November 2011
• ZeuS: $3000-$5000
• SpyEye: $2500-$4000
• Limbo: $500-$1500
17
FREE!
Wednesday, December 7, 11
All rights reserved to Security Art ltd. 2002-2011
I f tach Ian Amit | November 2011
18
Wednesday, December 7, 11
All rights reserved to Security Art ltd. 2002-2011
I f tach Ian Amit | November 2011
18
Wednesday, December 7, 11
All rights reserved to Security Art ltd. 2002-2011
I f tach Ian Amit | November 2011
18
Experienced travelers know the importance of packing properly
Wednesday, December 7, 11
All rights reserved to Security Art ltd. 2002-2011
I f tach Ian Amit | November 2011
18
Experienced travelers know the importance of packing properly
Wednesday, December 7, 11
All rights reserved to Security Art ltd. 2002-2011
I f tach Ian Amit | November 2011
• File servers
• Databases
• File types
• Gateways (routes)
• Printers
19
Wednesday, December 7, 11
All rights reserved to Security Art ltd. 2002-2011
I f tach Ian Amit | November 2011
20
Mass infection:5-6 days before
detection
APT:5-6 months before
detection
Wednesday, December 7, 11
All rights reserved to Security Art ltd. 2002-2011
I f tach Ian Amit | November 2011
20
Mass infection:5-6 days before
detection
APT:5-6 months before
detection
Wednesday, December 7, 11
All rights reserved to Security Art ltd. 2002-2011
I f tach Ian Amit | November 2011
20
Mass infection:5-6 days before
detection
APT:5-6 months before
detection
Frequent updates No* updates* Almost
Wednesday, December 7, 11
All rights reserved to Security Art ltd. 2002-2011
I f tach Ian Amit | November 2011
21
PATIENCEMass infection:5-6 days before
detection
APT:5-6 months before
detection
Frequent updates No* updates* Almost
Wednesday, December 7, 11
All rights reserved to Security Art ltd. 2002-2011
I f tach Ian Amit | November 2011
22
Wednesday, December 7, 11
All rights reserved to Security Art ltd. 2002-2011
I f tach Ian Amit | November 2011
22
Wednesday, December 7, 11
All rights reserved to Security Art ltd. 2002-2011
I f tach Ian Amit | November 2011
22
Wednesday, December 7, 11
All rights reserved to Security Art ltd. 2002-2011
I f tach Ian Amit | November 2011
22
Wednesday, December 7, 11
All rights reserved to Security Art ltd. 2002-2011
I f tach Ian Amit | November 2011
22
Wednesday, December 7, 11
All rights reserved to Security Art ltd. 2002-2011
I f tach Ian Amit | November 2011
22
Wednesday, December 7, 11
All rights reserved to Security Art ltd. 2002-2011
I f tach Ian Amit | November 2011
22
Wednesday, December 7, 11
All rights reserved to Security Art ltd. 2002-2011
I f tach Ian Amit | November 2011
23
Wednesday, December 7, 11
All rights reserved to Security Art ltd. 2002-2011
I f tach Ian Amit | November 2011
23
Wednesday, December 7, 11
All rights reserved to Security Art ltd. 2002-2011
I f tach Ian Amit | November 2011
24
Wednesday, December 7, 11
All rights reserved to Security Art ltd. 2002-2011
I f tach Ian Amit | November 2011
24
Wednesday, December 7, 11
All rights reserved to Security Art ltd. 2002-2011
I f tach Ian Amit | November 2011
24
Wednesday, December 7, 11
All rights reserved to Security Art ltd. 2002-2011
I f tach Ian Amit | November 2011
So...
25
-----BEGIN PGP MESSAGE-----Version: GnuPG/MacGPG2 v2.0.14 (Darwin)
hQMOA1jQIm6UkL4eEAv/W3r/eYLUmqRNi/Jegt72lK6qdBiBfkg9PZ5YKql9CUZpFGnVk029K3gEVcrA4k7w2aOtP7tYKRF8v4yrZQ9GZ7eXzR7+Tbf1g+7dveH6U8BfBHo8LRovj5OlGghrvpyKYRPIf/NAgzL2G8dyi/FVB0YB4J7/4x0YFEalQHaLiKyt/gkikyV92njPJ6tPm2sdKUqUHSb20r9AdowZ0VVRrWwdRgUhdNXajjwcbH1BjVuSGilw8MnmQkmJAT+TAFkTqC9fjiwtnNMNANJbo2Z36RqsAcKbhVh1eMA7ev0pUakpTm4xN64syk/1DEc0VHFbanAreTV3tCbUUIoPQDFGFpiu3oS6/089oUvRtBBbC5p6leYKEnDllcGWAomRSiYBFWjTca/DIw43QIW/lmdBnwcWLuQmDCmwr3HuhEaOmqfOhdgaxM4GuVdJCDdwXzwpuaPElCd18weH2XNzudLdeRKN+wjl/4D6bIo+038BcLeiSyhWrMFB7mKSmEzQufQUDACFamtMCn9YOo3mgo+YYk505qhIDLNwZXqyVUqOHvIGvu7gzuNwUdY5idLqsGEs0K0xVwYntTKUh61tNS/HDfNTVm4Y3p8M88JHhcg7npY5gJuhWuHkgp2CTsQT+gRjthm3l3AlnIvAfuC5uWLMsjA4sCw2FRDOARxrN9El8maX/vCxN9aB3dK4S9MSGJ5HhaYpTfpc9CdFkFryzb2sFWfW85nSzNo7dVFCy0jmSr19o4Jsfj0J0izS3MeGYYz5NSsfBz+6o/IYURL3OXrm4DuJNHY0DvVbYqSQRRx3o2S+uZekwXwYsqpei/f/sYo875p5NeX3g62zgjy2Vly+n58WaZWoHb5Y0QCxNfpjdcAQ3tuZQaUvlqrkQeSRxKXD7pxlHdwHDgfvw01RU8NsMkfsBoTZY27BjFvIg5S/pv9O6IznXaJu9jRWDj6tvSypx8X2iiVgtSHYahlqEUH1RusAMCILkx0DydCvUud/qRbTYcnkVVgA8ojeDoVpp3AabRrSmgEAOwW6M0KvnSuMKniLIKe7kolqGjEuLAx7s5KgmMHfNki5dYWvQzHv03ID9UG+uW6o54BnsajEVe2EcYTPT+8pg2bCxnMElK0ds9Isqvf2Kx4kqO0qMeJG1II2zfAFqmMiTMtgA2CZ0Y42hA/bQK/CCM8QVo9JcGn3Jf6N0X1TVob7xDo/fkRROHv74dIh2Kxa0SH8iGdb4kI==jN3t-----END PGP MESSAGE-----
Wednesday, December 7, 11
All rights reserved to Security Art ltd. 2002-2011
I f tach Ian Amit | November 2011
Still “too detectable”
26
Wednesday, December 7, 11
All rights reserved to Security Art ltd. 2002-2011
I f tach Ian Amit | November 2011
Still “too detectable”
26
hQMOA1jQIm6UkL4eEAv/W3r/eYLUmqRNi/Jegt72lK6qdBiBfkg9PZ5YKql9CUZpFGnVk029K3gEVcrA4k7w2aOtP7tYKRF8v4yrZQ9GZ7eXzR7+Tbf1g+7dveH6U8BfBHo8LRovj5OlGghrvpyKYRPIf/NAgzL2G8dyi/FVB0YB4J7/4x0YFEalQHaLiKyt/gkikyV92njPJ6tPm2sdKUqUHSb20r9AdowZ0VVRrWwdRgUhdNXajjwcbH1BjVuSGilw8MnmQkmJAT+TAFkTqC9fjiwtnNMNANJbo2Z36RqsAcKbhVh1eMA7ev0pUakpTm4xN64syk/1DEc0VHFbanAreTV3tCbUUIoPQDFGFpiu3oS6/089oUvRtBBbC5p6leYKEnDllcGWAomRSiYBFWjTca/DIw43QIW/lmdBnwcWLuQmDCmwr3HuhEaOmqfOhdgaxM4GuVdJCDdwXzwpuaPElCd18weH2XNzudLdeRKN+wjl/4D6bIo+038BcLeiSyhWrMFB7mKSmEzQufQUDACFamtMCn9YOo3mgo+YYk505qhIDLNwZXqyVUqOHvIGvu7gzuNwUdY5idLqsGEs0K0xVwYntTKUh61tNS/HDfNTVm4Y3p8M88JHhcg7npY5gJuhWuHkgp2CTsQT+gRjthm3l3AlnIvAfuC5uWLMsjA4sCw2FRDOARxrN9El8maX/vCxN9aB3dK4S9MSGJ5HhaYpTfpc9CdFkFryzb2sFWfW85nSzNo7dVFCy0jmSr19o4Jsfj0J0izS3MeGYYz5NSsfBz+6o/IYURL3OXrm4DuJNHY0DvVbYqSQRRx3o2S+uZekwXwYsqpei/f/sYo875p5NeX3g62zgjy2Vly+n58WaZWoHb5Y0QCxNfpjdcAQ3tuZQaUvlqrkQeSRxKXD7pxlHdwHDgfvw01RU8NsMkfsBoTZY27BjFvIg5S/pv9O6IznXaJu9jRWDj6tvSypx8X2iiVgtSHYahlqEUH1RusAMCILkx0DydCvUud/qRbTYcnkVVgA8ojeDoVpp3AabRrSmgEAOwW6M0KvnSuMKniLIKe7kolqGjEuLAx7s5KgmMHfNki5dYWvQzHv03ID9UG+uW6o54BnsajEVe2EcYTPT+8pg2bCxnMElK0ds9Isqvf2Kx4kqO0qMeJG1II2zfAFqmMiTMtgA2CZ0Y42hA/bQK/CCM8QVo9JcGn3Jf6N0X1TVob7xDo/fkRROHv74dIh2Kxa0SH8iGdb4kI==jN3t
Wednesday, December 7, 11
All rights reserved to Security Art ltd. 2002-2011
I f tach Ian Amit | November 2011
Much better• Throws in some additional encodings
• And an XOR for old time’s sake
• And we are good to go...
• 0% detection rate
27
Wednesday, December 7, 11
I f tach Ian Amit | November 2011
All rights reserved to Security Art ltd. 2002-2011 28
Resistance is futile
Wednesday, December 7, 11
All rights reserved to Security Art ltd. 2002-2011
I f tach Ian Amit | November 2011
29
Wednesday, December 7, 11
All rights reserved to Security Art ltd. 2002-2011
I f tach Ian Amit | November 2011
29
80
44353
Wednesday, December 7, 11
All rights reserved to Security Art ltd. 2002-2011
I f tach Ian Amit | November 2011
29
80
44353
Wednesday, December 7, 11
All rights reserved to Security Art ltd. 2002-2011
I f tach Ian Amit | November 2011
Kill some trees
30
Wednesday, December 7, 11
All rights reserved to Security Art ltd. 2002-2011
I f tach Ian Amit | November 2011
31
Wednesday, December 7, 11
All rights reserved to Security Art ltd. 2002-2011
I f tach Ian Amit | November 2011
31
Wednesday, December 7, 11
I f tach Ian Amit | November 2011
All rights reserved to Security Art ltd. 2002-2011
Good ol’e DD...
32
Wednesday, December 7, 11
All rights reserved to Security Art ltd. 2002-2011
I f tach Ian Amit | November 2011
33
Wednesday, December 7, 11
All rights reserved to Security Art ltd. 2002-2011
I f tach Ian Amit | November 2011
33
Wednesday, December 7, 11
All rights reserved to Security Art ltd. 2002-2011
I f tach Ian Amit | November 2011
33
1 0 1 0
1/2 byte=
16 values
Wednesday, December 7, 11
All rights reserved to Security Art ltd. 2002-2011
I f tach Ian Amit | November 2011
33
1 0 1 0
1/2 byte=
16 values
Wednesday, December 7, 11
All rights reserved to Security Art ltd. 2002-2011
I f tach Ian Amit | November 2011
33
1 0 1 0
1/2 byte=
16 values
Wednesday, December 7, 11
All rights reserved to Security Art ltd. 2002-2011
I f tach Ian Amit | November 2011
34
Wednesday, December 7, 11
All rights reserved to Security Art ltd. 2002-2011
I f tach Ian Amit | November 2011
34
Wednesday, December 7, 11
All rights reserved to Security Art ltd. 2002-2011
I f tach Ian Amit | November 2011
34
Wednesday, December 7, 11
All rights reserved to Security Art ltd. 2002-2011
I f tach Ian Amit | November 2011
34
Wednesday, December 7, 11
All rights reserved to Security Art ltd. 2002-2011
I f tach Ian Amit | November 2011
34
Wednesday, December 7, 11
All rights reserved to Security Art ltd. 2002-2011
I f tach Ian Amit | November 2011
34
Wednesday, December 7, 11
All rights reserved to Security Art ltd. 2002-2011
I f tach Ian Amit | November 2011
34
Wednesday, December 7, 11
All rights reserved to Security Art ltd. 2002-2011
I f tach Ian Amit | November 2011
34
Wednesday, December 7, 11
I f tach Ian Amit | November 2011
All rights reserved to Security Art ltd. 2002-2011 35
Wednesday, December 7, 11
I f tach Ian Amit | November 2011
All rights reserved to Security Art ltd. 2002-2011 35
Wednesday, December 7, 11
I f tach Ian Amit | November 2011
All rights reserved to Security Art ltd. 2002-2011 35
1 0 1 0
Wednesday, December 7, 11
All rights reserved to Security Art ltd. 2002-2011
I f tach Ian Amit | November 2011
DEMO
36
Wednesday, December 7, 11
All rights reserved to Security Art ltd. 2002-2011
I f tach Ian Amit | November 2011
DEMO
36
Wednesday, December 7, 11
All rights reserved to Security Art ltd. 2002-2011
I f tach Ian Amit | November 2011
DEMO
36
Wednesday, December 7, 11
All rights reserved to Security Art ltd. 2002-2011
I f tach Ian Amit | November 2011
DEMO
36
Wednesday, December 7, 11
All rights reserved to Security Art ltd. 2002-2011
I f tach Ian Amit | November 2011
DEMO
36
Wednesday, December 7, 11
All rights reserved to Security Art ltd. 2002-2011
I f tach Ian Amit | November 2011
DEMO
36
Wednesday, December 7, 11
All rights reserved to Security Art ltd. 2002-2011
I f tach Ian Amit | November 2011
37
Wednesday, December 7, 11
All rights reserved to Security Art ltd. 2002-2011
I f tach Ian Amit | November 2011
Killing paper isn’t nice• Fax it!
• Most corporations have email-to-fax services
• heard of the address [email protected] ?
• Just send any document (text, doc, pdf) to it and off you go with the data...
38
Wednesday, December 7, 11
All rights reserved to Security Art ltd. 2002-2011
I f tach Ian Amit | November 2011
Conclusions
39
Wednesday, December 7, 11
All rights reserved to Security Art ltd. 2002-2011
I f tach Ian Amit | November 2011
Conclusions
39
Wednesday, December 7, 11
All rights reserved to Security Art ltd. 2002-2011
I f tach Ian Amit | November 2011
Conclusions
39
Wednesday, December 7, 11
All rights reserved to Security Art ltd. 2002-2011
I f tach Ian Amit | November 2011
Conclusions
39
Wednesday, December 7, 11
All rights reserved to Security Art ltd. 2002-2011
I f tach Ian Amit | November 2011
• Start with the human factor
• Then add technology
40
Wednesday, December 7, 11
All rights reserved to Security Art ltd. 2002-2011
I f tach Ian Amit | November 2011
• Start with the human factor
• Then add technology
40
Wednesday, December 7, 11
All rights reserved to Security Art ltd. 2002-2011
I f tach Ian Amit | November 2011
• Where people leave data
• Hint - spend time with developers.
• “Hack” the business process
• Test, test again, and then test. Follow with a surprise test!
41
Wednesday, December 7, 11
All rights reserved to Security Art ltd. 2002-2011
I f tach Ian Amit | November 2011
• Where people leave data
• Hint - spend time with developers.
• “Hack” the business process
• Test, test again, and then test. Follow with a surprise test!
41
Wednesday, December 7, 11
I f tach Ian Amit | November 2011
All rights reserved to Security Art ltd. 2002-2011 42
“be true to yourself, not to what you believe things should look like”
Old chinese proverb
Wednesday, December 7, 11
I f tach Ian Amit | November 2011
All rights reserved to Security Art ltd. 2002-2011 42
“be true to yourself, not to what you believe things should look like”
Old chinese proverb
Wednesday, December 7, 11
I f tach Ian Amit | November 2011
All rights reserved to Security Art ltd. 2002-2011 43
They are YOUR assetsafter all
No reason to beshy about it...
And remember to add honey...
Wednesday, December 7, 11
All rights reserved to Security Art ltd. 2002-2011
I f tach Ian Amit | November 2011
44
Wednesday, December 7, 11
All rights reserved to Security Art ltd. 2002-2011
I f tach Ian Amit | November 2011
44
Wednesday, December 7, 11
All rights reserved to Security Art ltd. 2002-2011
I f tach Ian Amit | November 2011
44
Wednesday, December 7, 11
I f tach Ian Amit | November 2011
All rights reserved to Security Art ltd. 2002-2011 45
TEST SOME MORE
For hints/guides see: www.pentest-standard.org
Wednesday, December 7, 11
I f tach Ian Amit | November 2011
All rights reserved to Security Art ltd. 2002-2011
Questions?
46
Thank you! Whitepapers:www.security-art.com
Too shy to ask [email protected]
Need your daily chatter?twitter.com/iiamit
Data modulation Exfil POC:http://code.google.com/p/
data-sound-poc/
Wednesday, December 7, 11