"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
Iftach Ian Amit Advanced Data Exfiltration
1. Iftach Ian Amit | November 2011
Advanced Data Exfiltration
The way Q would have done it
Iftach Ian Amit
VP Consulting
DC9723
CSA-IL Board member
IL-CERT Visionary
All rights reserved to Security Art ltd. 2002-2011 www.security-art.com
Wednesday, December 7, 11
2. Iftach Ian Amit | November 2011
whoami
All rights reserved to Security Art ltd. 2002-2011 2
Wednesday, December 7, 11
3. Iftach Ian Amit | November 2011
whoami
All rights reserved to Security Art ltd. 2002-2011 2
Wednesday, December 7, 11
4. Iftach Ian Amit | November 2011
whoami
All rights reserved to Security Art ltd. 2002-2011 2
Wednesday, December 7, 11
5. Iftach Ian Amit | November 2011
whoami
All rights reserved to Security Art ltd. 2002-2011 2
Wednesday, December 7, 11
6. Iftach Ian Amit | November 2011
whoami
All rights reserved to Security Art ltd. 2002-2011 2
Wednesday, December 7, 11
7. Iftach Ian Amit | November 2011
whoami
All rights reserved to Security Art ltd. 2002-2011 2
Wednesday, December 7, 11
8. Iftach Ian Amit | November 2011
whoami
All rights reserved to Security Art ltd. 2002-2011 2
Wednesday, December 7, 11
9. Iftach Ian Amit | November 2011
whoami
All rights reserved to Security Art ltd. 2002-2011 2
Wednesday, December 7, 11
10. Iftach Ian Amit | November 2011
whoami
All rights reserved to Security Art ltd. 2002-2011 2
Wednesday, December 7, 11
11. Iftach Ian Amit | November 2011
whoami
All rights reserved to Security Art ltd. 2002-2011 2
Wednesday, December 7, 11
12. Iftach Ian Amit | November 2011
whoami
All rights reserved to Security Art ltd. 2002-2011 2
Wednesday, December 7, 11
13. Iftach Ian Amit | November 2011
Agenda
All rights reserved to Security Art ltd. 2002-2011 3
Wednesday, December 7, 11
14. Iftach Ian Amit | November 2011
Agenda
All rights reserved to Security Art ltd. 2002-2011 3
Wednesday, December 7, 11
15. Iftach Ian Amit | November 2011
Agenda
All rights reserved to Security Art ltd. 2002-2011 3
Wednesday, December 7, 11
16. Iftach Ian Amit | November 2011
Agenda
All rights reserved to Security Art ltd. 2002-2011 3
Wednesday, December 7, 11
17. Iftach Ian Amit | November 2011
All rights reserved to Security Art ltd. 2002-2011 4
Wednesday, December 7, 11
18. Iftach Ian Amit | November 2011
All rights reserved to Security Art ltd. 2002-2011 5
Wednesday, December 7, 11
19. Iftach Ian Amit | November 2011
All rights reserved to Security Art ltd. 2002-2011 5
Wednesday, December 7, 11
20. Iftach Ian Amit | November 2011
All rights reserved to Security Art ltd. 2002-2011 5
Wednesday, December 7, 11
21. Iftach Ian Amit | November 2011
All rights reserved to Security Art ltd. 2002-2011 5
Wednesday, December 7, 11
22. Iftach Ian Amit | November 2011
All rights reserved to Security Art ltd. 2002-2011 5
Wednesday, December 7, 11
23. Iftach Ian Amit | November 2011
All rights reserved to Security Art ltd. 2002-2011 6
Wednesday, December 7, 11
24. Iftach Ian Amit | November 2011
All rights reserved to Security Art ltd. 2002-2011 6
Wednesday, December 7, 11
25. Iftach Ian Amit | November 2011
All rights reserved to Security Art ltd. 2002-2011 6
Wednesday, December 7, 11
26. Iftach Ian Amit | November 2011
All rights reserved to Security Art ltd. 2002-2011 6
Wednesday, December 7, 11
27. Iftach Ian Amit | November 2011
All rights reserved to Security Art ltd. 2002-2011 6
Wednesday, December 7, 11
28. Iftach Ian Amit | November 2011
All rights reserved to Security Art ltd. 2002-2011 6
Wednesday, December 7, 11
29. Iftach Ian Amit | November 2011
All rights reserved to Security Art ltd. 2002-2011 6
Wednesday, December 7, 11
30. Iftach Ian Amit | November 2011
All rights reserved to Security Art ltd. 2002-2011 7
Wednesday, December 7, 11
31. Iftach Ian Amit | November 2011
All rights reserved to Security Art ltd. 2002-2011 7
Wednesday, December 7, 11
32. Iftach Ian Amit | November 2011
All rights reserved to Security Art ltd. 2002-2011 7
Wednesday, December 7, 11
33. Iftach Ian Amit | November 2011
All rights reserved to Security Art ltd. 2002-2011 7
Wednesday, December 7, 11
34. Iftach Ian Amit | November 2011
All rights reserved to Security Art ltd. 2002-2011 7
Wednesday, December 7, 11
35. Iftach Ian Amit | November 2011
All rights reserved to Security Art ltd. 2002-2011 7
Wednesday, December 7, 11
36. Iftach Ian Amit | November 2011
All rights reserved to Security Art ltd. 2002-2011 8
Wednesday, December 7, 11
37. Iftach Ian Amit | November 2011
All rights reserved to Security Art ltd. 2002-2011 8
Wednesday, December 7, 11
38. Iftach Ian Amit | November 2011
All rights reserved to Security Art ltd. 2002-2011 8
Wednesday, December 7, 11
39. Iftach Ian Amit | November 2011
All rights reserved to Security Art ltd. 2002-2011 8
Wednesday, December 7, 11
40. Iftach Ian Amit | November 2011
All rights reserved to Security Art ltd. 2002-2011 9
Wednesday, December 7, 11
41. Iftach Ian Amit | November 2011
• eMails, web links,
phishing...
All rights reserved to Security Art ltd. 2002-2011 9
Wednesday, December 7, 11
42. Iftach Ian Amit | November 2011
• eMails, web links,
phishing...
• Works like a charm!
All rights reserved to Security Art ltd. 2002-2011 9
Wednesday, December 7, 11
43. Iftach Ian Amit | November 2011
• eMails, web links,
phishing...
• Works like a charm!
• And can be mostly
automated
All rights reserved to Security Art ltd. 2002-2011 9
Wednesday, December 7, 11
44. Iftach Ian Amit | November 2011
• eMails, web links,
phishing...
• Works like a charm!
• And can be mostly
automated
• SET to the rescue
All rights reserved to Security Art ltd. 2002-2011 9
Wednesday, December 7, 11
45. Iftach Ian Amit | November 2011
• eMails, web links,
phishing...
• Works like a charm!
• And can be mostly
automated
• SET to the rescue
All rights reserved to Security Art ltd. 2002-2011 9
Wednesday, December 7, 11
46. Iftach Ian Amit | November 2011
And... being nice/nasty/
obnoxious/needy always
helps!
All rights reserved to Security Art ltd. 2002-2011 10
Wednesday, December 7, 11
47. Iftach Ian Amit | November 2011
And... being nice/nasty/
obnoxious/needy always
helps!
All rights reserved to Security Art ltd. 2002-2011 10
Wednesday, December 7, 11
48. Iftach Ian Amit | November 2011
And... being nice/nasty/
obnoxious/needy always
helps!
All rights reserved to Security Art ltd. 2002-2011 10
Wednesday, December 7, 11
49. Iftach Ian Amit | November 2011
And... being nice/nasty/
obnoxious/needy always
helps!
All rights reserved to Security Art ltd. 2002-2011 10
Wednesday, December 7, 11
50. Iftach Ian Amit | November 2011
And... being nice/nasty/
obnoxious/needy always
helps!
All rights reserved to Security Art ltd. 2002-2011 10
Wednesday, December 7, 11
51. Iftach Ian Amit | November 2011
All rights reserved to Security Art ltd. 2002-2011 11
Wednesday, December 7, 11
52. Iftach Ian Amit | November 2011
All rights reserved to Security Art ltd. 2002-2011 11
Wednesday, December 7, 11
53. Iftach Ian Amit | November 2011
Internet
3rd party
You!
Target
All rights reserved to Security Art ltd. 2002-2011 11
Wednesday, December 7, 11
54. Iftach Ian Amit | November 2011
Internet
3rd party
You!
Target
All rights reserved to Security Art ltd. 2002-2011 11
Wednesday, December 7, 11
55. Iftach Ian Amit | November 2011
Internet
3rd party
You!
Target
All rights reserved to Security Art ltd. 2002-2011 11
Wednesday, December 7, 11
56. Iftach Ian Amit | November 2011
Internet
3rd party
You!
Target
All rights reserved to Security Art ltd. 2002-2011 11
Wednesday, December 7, 11
57. Iftach Ian Amit | November 2011
Internet
3rd party
You!
Target
All rights reserved to Security Art ltd. 2002-2011 11
Wednesday, December 7, 11
58. Iftach Ian Amit | November 2011
Internet
3rd party
You!
Target
All rights reserved to Security Art ltd. 2002-2011 11
Wednesday, December 7, 11
59. Iftach Ian Amit | November 2011
Internet
3rd party
You!
Target
All rights reserved to Security Art ltd. 2002-2011 11
Wednesday, December 7, 11
60. Iftach Ian Amit | November 2011
All rights reserved to Security Art ltd. 2002-2011 12
Wednesday, December 7, 11
61. Iftach Ian Amit | November 2011
All rights reserved to Security Art ltd. 2002-2011 12
Wednesday, December 7, 11
62. Iftach Ian Amit | November 2011
All rights reserved to Security Art ltd. 2002-2011 12
Wednesday, December 7, 11
63. Iftach Ian Amit | November 2011
What is the
target “willing”
to tell about
itself?
All rights reserved to Security Art ltd. 2002-2011 13
Wednesday, December 7, 11
64. Iftach Ian Amit | November 2011
What is the
target “willing”
to tell about
itself?
All rights reserved to Security Art ltd. 2002-2011 13
Wednesday, December 7, 11
65. Iftach Ian Amit | November 2011
What is the
target “willing”
to tell about
itself?
All rights reserved to Security Art ltd. 2002-2011 13
Wednesday, December 7, 11
66. Iftach Ian Amit | November 2011
Who’s your daddy?
And buddy, and friends, relatives, colleagues...
All rights reserved to Security Art ltd. 2002-2011 14
Wednesday, December 7, 11
67. Iftach Ian Amit | November 2011
Who’s your daddy?
And buddy, and friends, relatives, colleagues...
All rights reserved to Security Art ltd. 2002-2011 14
Wednesday, December 7, 11
68. Iftach Ian Amit | November 2011
Who’s your daddy?
And buddy, and friends, relatives, colleagues...
All rights reserved to Security Art ltd. 2002-2011 14
Wednesday, December 7, 11
69. Iftach Ian Amit | November 2011
Who’s your daddy?
And buddy, and friends, relatives, colleagues...
All rights reserved to Security Art ltd. 2002-2011 14
Wednesday, December 7, 11
70. Iftach Ian Amit | November 2011
All rights reserved to Security Art ltd. 2002-2011 15
Wednesday, December 7, 11
71. Iftach Ian Amit | November 2011
All rights reserved to Security Art ltd. 2002-2011 15
Wednesday, December 7, 11
72. Iftach Ian Amit | November 2011
Select your target wisely
And then craft your payload :-)
All rights reserved to Security Art ltd. 2002-2011 16
Wednesday, December 7, 11
73. Iftach Ian Amit | November 2011
All rights reserved to Security Art ltd. 2002-2011 17
Wednesday, December 7, 11
74. Iftach Ian Amit | November 2011
All rights reserved to Security Art ltd. 2002-2011 17
Wednesday, December 7, 11
75. Iftach Ian Amit | November 2011
All rights reserved to Security Art ltd. 2002-2011 17
Wednesday, December 7, 11
76. Iftach Ian Amit | November 2011
All rights reserved to Security Art ltd. 2002-2011 17
Wednesday, December 7, 11
77. Iftach Ian Amit | November 2011
All rights reserved to Security Art ltd. 2002-2011 17
Wednesday, December 7, 11
78. Iftach Ian Amit | November 2011
• ZeuS: $3000-$5000
• SpyEye: $2500-$4000
• Limbo: $500-$1500
All rights reserved to Security Art ltd. 2002-2011 17
Wednesday, December 7, 11
79. Iftach Ian Amit | November 2011
• ZeuS: $3000-$5000
E!
RE
• SpyEye: $2500-$4000
F
• Limbo: $500-$1500
All rights reserved to Security Art ltd. 2002-2011 17
Wednesday, December 7, 11
80. Iftach Ian Amit | November 2011
All rights reserved to Security Art ltd. 2002-2011 18
Wednesday, December 7, 11
81. Iftach Ian Amit | November 2011
All rights reserved to Security Art ltd. 2002-2011 18
Wednesday, December 7, 11
82. Iftach Ian Amit | November 2011
Experienced travelers
know the importance
of packing properly
All rights reserved to Security Art ltd. 2002-2011 18
Wednesday, December 7, 11
83. Iftach Ian Amit | November 2011
Experienced travelers
know the importance
of packing properly
All rights reserved to Security Art ltd. 2002-2011 18
Wednesday, December 7, 11
84. Iftach Ian Amit | November 2011
• File servers
• Databases
• File types
• Gateways (routes)
• Printers
All rights reserved to Security Art ltd. 2002-2011 19
Wednesday, December 7, 11
85. Iftach Ian Amit | November 2011
Mass infection: APT:
5-6 days before 5-6 months before
detection detection
All rights reserved to Security Art ltd. 2002-2011 20
Wednesday, December 7, 11
86. Iftach Ian Amit | November 2011
Mass infection: APT:
5-6 days before 5-6 months before
detection detection
All rights reserved to Security Art ltd. 2002-2011 20
Wednesday, December 7, 11
87. Iftach Ian Amit | November 2011
Mass infection: APT:
5-6 days before 5-6 months before
detection detection
Frequent updates No* updates
* Almost
All rights reserved to Security Art ltd. 2002-2011 20
Wednesday, December 7, 11
88. Iftach Ian Amit | November 2011
PATIENCE
Mass infection: APT:
5-6 days before 5-6 months before
detection detection
Frequent updates No* updates
* Almost
All rights reserved to Security Art ltd. 2002-2011 21
Wednesday, December 7, 11
89. Iftach Ian Amit | November 2011
All rights reserved to Security Art ltd. 2002-2011 22
Wednesday, December 7, 11
90. Iftach Ian Amit | November 2011
All rights reserved to Security Art ltd. 2002-2011 22
Wednesday, December 7, 11
91. Iftach Ian Amit | November 2011
All rights reserved to Security Art ltd. 2002-2011 22
Wednesday, December 7, 11
92. Iftach Ian Amit | November 2011
All rights reserved to Security Art ltd. 2002-2011 22
Wednesday, December 7, 11
93. Iftach Ian Amit | November 2011
All rights reserved to Security Art ltd. 2002-2011 22
Wednesday, December 7, 11
94. Iftach Ian Amit | November 2011
All rights reserved to Security Art ltd. 2002-2011 22
Wednesday, December 7, 11
95. Iftach Ian Amit | November 2011
All rights reserved to Security Art ltd. 2002-2011 22
Wednesday, December 7, 11
96. Iftach Ian Amit | November 2011
All rights reserved to Security Art ltd. 2002-2011 23
Wednesday, December 7, 11
97. Iftach Ian Amit | November 2011
All rights reserved to Security Art ltd. 2002-2011 23
Wednesday, December 7, 11
98. Iftach Ian Amit | November 2011
All rights reserved to Security Art ltd. 2002-2011 24
Wednesday, December 7, 11
99. Iftach Ian Amit | November 2011
All rights reserved to Security Art ltd. 2002-2011 24
Wednesday, December 7, 11
100. Iftach Ian Amit | November 2011
All rights reserved to Security Art ltd. 2002-2011 24
Wednesday, December 7, 11
101. Iftach Ian Amit | November 2011
-----BEGIN PGP MESSAGE-----
So...
Version: GnuPG/MacGPG2 v2.0.14 (Darwin)
hQMOA1jQIm6UkL4eEAv/W3r/eYLUmqRNi/Jegt72lK6qdBiBfkg9PZ5YKql9CUZp
FGnVk029K3gEVcrA4k7w2aOtP7tYKRF8v4yrZQ9GZ7eXzR7+Tbf1g+7dveH6U8Bf
BHo8LRovj5OlGghrvpyKYRPIf/NAgzL2G8dyi/FVB0YB4J7/4x0YFEalQHaLiKyt
/gkikyV92njPJ6tPm2sdKUqUHSb20r9AdowZ0VVRrWwdRgUhdNXajjwcbH1BjVuS
Gilw8MnmQkmJAT+TAFkTqC9fjiwtnNMNANJbo2Z36RqsAcKbhVh1eMA7ev0pUakp
Tm4xN64syk/1DEc0VHFbanAreTV3tCbUUIoPQDFGFpiu3oS6/089oUvRtBBbC5p6
leYKEnDllcGWAomRSiYBFWjTca/DIw43QIW/lmdBnwcWLuQmDCmwr3HuhEaOmqfO
hdgaxM4GuVdJCDdwXzwpuaPElCd18weH2XNzudLdeRKN+wjl/4D6bIo+038BcLei
SyhWrMFB7mKSmEzQufQUDACFamtMCn9YOo3mgo+YYk505qhIDLNwZXqyVUqOHvIG
vu7gzuNwUdY5idLqsGEs0K0xVwYntTKUh61tNS/HDfNTVm4Y3p8M88JHhcg7npY5
gJuhWuHkgp2CTsQT+gRjthm3l3AlnIvAfuC5uWLMsjA4sCw2FRDOARxrN9El8maX
/vCxN9aB3dK4S9MSGJ5HhaYpTfpc9CdFkFryzb2sFWfW85nSzNo7dVFCy0jmSr19
o4Jsfj0J0izS3MeGYYz5NSsfBz+6o/IYURL3OXrm4DuJNHY0DvVbYqSQRRx3o2S+
uZekwXwYsqpei/f/sYo875p5NeX3g62zgjy2Vly+n58WaZWoHb5Y0QCxNfpjdcAQ
3tuZQaUvlqrkQeSRxKXD7pxlHdwHDgfvw01RU8NsMkfsBoTZY27BjFvIg5S/pv9O
6IznXaJu9jRWDj6tvSypx8X2iiVgtSHYahlqEUH1RusAMCILkx0DydCvUud/qRbT
YcnkVVgA8ojeDoVpp3AabRrSmgEAOwW6M0KvnSuMKniLIKe7kolqGjEuLAx7s5Kg
mMHfNki5dYWvQzHv03ID9UG+uW6o54BnsajEVe2EcYTPT+8pg2bCxnMElK0ds9Is
qvf2Kx4kqO0qMeJG1II2zfAFqmMiTMtgA2CZ0Y42hA/bQK/CCM8QVo9JcGn3Jf6N
0X1TVob7xDo/fkRROHv74dIh2Kxa0SH8iGdb4kI=
=jN3t
-----END PGP MESSAGE-----
All rights reserved to Security Art ltd. 2002-2011 25
Wednesday, December 7, 11
102. Iftach Ian Amit | November 2011
Still “too detectable”
All rights reserved to Security Art ltd. 2002-2011 26
Wednesday, December 7, 11
103. Iftach Ian Amit | November 2011
Still “too detectable”
hQMOA1jQIm6UkL4eEAv/W3r/eYLUmqRNi/Jegt72lK6qdBiBfkg9PZ5YKql9CUZp
FGnVk029K3gEVcrA4k7w2aOtP7tYKRF8v4yrZQ9GZ7eXzR7+Tbf1g+7dveH6U8Bf
BHo8LRovj5OlGghrvpyKYRPIf/NAgzL2G8dyi/FVB0YB4J7/4x0YFEalQHaLiKyt
/gkikyV92njPJ6tPm2sdKUqUHSb20r9AdowZ0VVRrWwdRgUhdNXajjwcbH1BjVuS
Gilw8MnmQkmJAT+TAFkTqC9fjiwtnNMNANJbo2Z36RqsAcKbhVh1eMA7ev0pUakp
Tm4xN64syk/1DEc0VHFbanAreTV3tCbUUIoPQDFGFpiu3oS6/089oUvRtBBbC5p6
leYKEnDllcGWAomRSiYBFWjTca/DIw43QIW/lmdBnwcWLuQmDCmwr3HuhEaOmqfO
hdgaxM4GuVdJCDdwXzwpuaPElCd18weH2XNzudLdeRKN+wjl/4D6bIo+038BcLei
SyhWrMFB7mKSmEzQufQUDACFamtMCn9YOo3mgo+YYk505qhIDLNwZXqyVUqOHvIG
vu7gzuNwUdY5idLqsGEs0K0xVwYntTKUh61tNS/HDfNTVm4Y3p8M88JHhcg7npY5
gJuhWuHkgp2CTsQT+gRjthm3l3AlnIvAfuC5uWLMsjA4sCw2FRDOARxrN9El8maX
/vCxN9aB3dK4S9MSGJ5HhaYpTfpc9CdFkFryzb2sFWfW85nSzNo7dVFCy0jmSr19
o4Jsfj0J0izS3MeGYYz5NSsfBz+6o/IYURL3OXrm4DuJNHY0DvVbYqSQRRx3o2S+
uZekwXwYsqpei/f/sYo875p5NeX3g62zgjy2Vly+n58WaZWoHb5Y0QCxNfpjdcAQ
3tuZQaUvlqrkQeSRxKXD7pxlHdwHDgfvw01RU8NsMkfsBoTZY27BjFvIg5S/pv9O
6IznXaJu9jRWDj6tvSypx8X2iiVgtSHYahlqEUH1RusAMCILkx0DydCvUud/qRbT
YcnkVVgA8ojeDoVpp3AabRrSmgEAOwW6M0KvnSuMKniLIKe7kolqGjEuLAx7s5Kg
mMHfNki5dYWvQzHv03ID9UG+uW6o54BnsajEVe2EcYTPT+8pg2bCxnMElK0ds9Is
qvf2Kx4kqO0qMeJG1II2zfAFqmMiTMtgA2CZ0Y42hA/bQK/CCM8QVo9JcGn3Jf6N
0X1TVob7xDo/fkRROHv74dIh2Kxa0SH8iGdb4kI=
=jN3t
All rights reserved to Security Art ltd. 2002-2011 26
Wednesday, December 7, 11
104. Iftach Ian Amit | November 2011
Much better
• Throws in some additional encodings
• And an XOR for old time’s sake
• And we are good to go...
• 0% detection rate
All rights reserved to Security Art ltd. 2002-2011 27
Wednesday, December 7, 11
105. Iftach Ian Amit | November 2011
Resistance is futile
All rights reserved to Security Art ltd. 2002-2011 28
Wednesday, December 7, 11
106. Iftach Ian Amit | November 2011
All rights reserved to Security Art ltd. 2002-2011 29
Wednesday, December 7, 11
107. Iftach Ian Amit | November 2011
80
53
443
All rights reserved to Security Art ltd. 2002-2011 29
Wednesday, December 7, 11
108. Iftach Ian Amit | November 2011
80
53
443
All rights reserved to Security Art ltd. 2002-2011 29
Wednesday, December 7, 11
109. Iftach Ian Amit | November 2011
Kill some trees
All rights reserved to Security Art ltd. 2002-2011 30
Wednesday, December 7, 11
110. Iftach Ian Amit | November 2011
All rights reserved to Security Art ltd. 2002-2011 31
Wednesday, December 7, 11
111. Iftach Ian Amit | November 2011
All rights reserved to Security Art ltd. 2002-2011 31
Wednesday, December 7, 11
112. Iftach Ian Amit | November 2011
Good ol’e DD...
All rights reserved to Security Art ltd. 2002-2011 32
Wednesday, December 7, 11
113. Iftach Ian Amit | November 2011
All rights reserved to Security Art ltd. 2002-2011 33
Wednesday, December 7, 11
114. Iftach Ian Amit | November 2011
All rights reserved to Security Art ltd. 2002-2011 33
Wednesday, December 7, 11
115. Iftach Ian Amit | November 2011
1/2 byte
=
16 values
1 0 1 0
All rights reserved to Security Art ltd. 2002-2011 33
Wednesday, December 7, 11
116. Iftach Ian Amit | November 2011
1/2 byte
=
16 values
1 0 1 0
All rights reserved to Security Art ltd. 2002-2011 33
Wednesday, December 7, 11
117. Iftach Ian Amit | November 2011
1/2 byte
=
16 values
1 0 1 0
All rights reserved to Security Art ltd. 2002-2011 33
Wednesday, December 7, 11
118. Iftach Ian Amit | November 2011
All rights reserved to Security Art ltd. 2002-2011 34
Wednesday, December 7, 11
119. Iftach Ian Amit | November 2011
All rights reserved to Security Art ltd. 2002-2011 34
Wednesday, December 7, 11
120. Iftach Ian Amit | November 2011
All rights reserved to Security Art ltd. 2002-2011 34
Wednesday, December 7, 11
121. Iftach Ian Amit | November 2011
All rights reserved to Security Art ltd. 2002-2011 34
Wednesday, December 7, 11
122. Iftach Ian Amit | November 2011
All rights reserved to Security Art ltd. 2002-2011 34
Wednesday, December 7, 11
123. Iftach Ian Amit | November 2011
All rights reserved to Security Art ltd. 2002-2011 34
Wednesday, December 7, 11
124. Iftach Ian Amit | November 2011
All rights reserved to Security Art ltd. 2002-2011 34
Wednesday, December 7, 11
125. Iftach Ian Amit | November 2011
All rights reserved to Security Art ltd. 2002-2011 34
Wednesday, December 7, 11
126. Iftach Ian Amit | November 2011
All rights reserved to Security Art ltd. 2002-2011 35
Wednesday, December 7, 11
127. Iftach Ian Amit | November 2011
All rights reserved to Security Art ltd. 2002-2011 35
Wednesday, December 7, 11
128. Iftach Ian Amit | November 2011
1 0 1 0
All rights reserved to Security Art ltd. 2002-2011 35
Wednesday, December 7, 11
129. Iftach Ian Amit | November 2011
DEMO
All rights reserved to Security Art ltd. 2002-2011 36
Wednesday, December 7, 11
130. Iftach Ian Amit | November 2011
DEMO
All rights reserved to Security Art ltd. 2002-2011 36
Wednesday, December 7, 11
131. Iftach Ian Amit | November 2011
DEMO
All rights reserved to Security Art ltd. 2002-2011 36
Wednesday, December 7, 11
132. Iftach Ian Amit | November 2011
DEMO
All rights reserved to Security Art ltd. 2002-2011 36
Wednesday, December 7, 11
133. Iftach Ian Amit | November 2011
DEMO
All rights reserved to Security Art ltd. 2002-2011 36
Wednesday, December 7, 11
134. Iftach Ian Amit | November 2011
DEMO
All rights reserved to Security Art ltd. 2002-2011 36
Wednesday, December 7, 11
135. Iftach Ian Amit | November 2011
All rights reserved to Security Art ltd. 2002-2011 37
Wednesday, December 7, 11
136. Iftach Ian Amit | November 2011
Killing paper isn’t nice
• Fax it!
• Most corporations have email-to-fax
services
• heard of the address
555-7963@fax.corp.com ?
• Just send any document (text, doc, pdf) to it
and off you go with the data...
All rights reserved to Security Art ltd. 2002-2011 38
Wednesday, December 7, 11
137. Iftach Ian Amit | November 2011
Conclusions
All rights reserved to Security Art ltd. 2002-2011 39
Wednesday, December 7, 11
138. Iftach Ian Amit | November 2011
Conclusions
All rights reserved to Security Art ltd. 2002-2011 39
Wednesday, December 7, 11
139. Iftach Ian Amit | November 2011
Conclusions
All rights reserved to Security Art ltd. 2002-2011 39
Wednesday, December 7, 11
140. Iftach Ian Amit | November 2011
Conclusions
All rights reserved to Security Art ltd. 2002-2011 39
Wednesday, December 7, 11
141. Iftach Ian Amit | November 2011
• Start with the
human factor
• Then add
technology
All rights reserved to Security Art ltd. 2002-2011 40
Wednesday, December 7, 11
142. Iftach Ian Amit | November 2011
• Start with the
human factor
• Then add
technology
All rights reserved to Security Art ltd. 2002-2011 40
Wednesday, December 7, 11
143. Iftach Ian Amit | November 2011
• Where people leave data
• Hint - spend time with developers.
• “Hack” the business process
• Test, test again, and then test. Follow with a
surprise test!
All rights reserved to Security Art ltd. 2002-2011 41
Wednesday, December 7, 11
144. Iftach Ian Amit | November 2011
• Where people leave data
• Hint - spend time with developers.
• “Hack” the business process
• Test, test again, and then test. Follow with a
surprise test!
All rights reserved to Security Art ltd. 2002-2011 41
Wednesday, December 7, 11
145. Iftach Ian Amit | November 2011
“be true to
yourself, not to
what you believe
things should look
like”
Old chinese proverb
All rights reserved to Security Art ltd. 2002-2011 42
Wednesday, December 7, 11
146. Iftach Ian Amit | November 2011
“be true to
yourself, not to
what you believe
things should look
like”
Old chinese proverb
All rights reserved to Security Art ltd. 2002-2011 42
Wednesday, December 7, 11
147. Iftach Ian Amit | November 2011
They are YOUR assets
after all
No reason to be
shy about it...
And remember to add
honey...
All rights reserved to Security Art ltd. 2002-2011 43
Wednesday, December 7, 11
148. Iftach Ian Amit | November 2011
All rights reserved to Security Art ltd. 2002-2011 44
Wednesday, December 7, 11
149. Iftach Ian Amit | November 2011
All rights reserved to Security Art ltd. 2002-2011 44
Wednesday, December 7, 11
150. Iftach Ian Amit | November 2011
All rights reserved to Security Art ltd. 2002-2011 44
Wednesday, December 7, 11
151. Iftach Ian Amit | November 2011
TEST SOME MORE
For hints/guides see: www.pentest-standard.org
All rights reserved to Security Art ltd. 2002-2011 45
Wednesday, December 7, 11
152. Iftach Ian Amit | November 2011
Questions?
Thank you! Whitepapers:
www.security-art.com
Data modulation Exfil POC: Too shy to ask now?
http://code.google.com/p/ iamit@security-art.com
data-sound-poc/
Need your daily chatter?
twitter.com/iiamit
All rights reserved to Security Art ltd. 2002-2011 46
Wednesday, December 7, 11