Data Exfiltration

Welcome to Data Exfiltration

Cybercriminals use various internet attacks against companies for different purposes. In most cases, many of these attacks end in data breaches, where threat actors steal sensitive data to sell it on the dark web or publish it online.

Someone may ask: how does a threat actor transfer stolen data from a company's network to the outside, also known as a data breach, without being detected? The answer varies. There are many techniques that a threat actor can perform, including data exfiltration. 

Data exfiltration is a non-traditional approach for copying and transferring data from a compromised to an attacker's machine. The data exfiltration technique is used to emulate the normal network activities, and It relies on network protocols such as DNS, HTTP, SSH, etc. Data Exfiltration over common protocols is challenging to detect and distinguish between legitimate and malicious traffic.

Some protocols are not designed to carry data over them. However, threat actors find ways to abuse these protocols to bypass network-based security products such as a firewall. Using these techniques as a red teamer is essential to avoid being detected.

Learning Objectives

This room introduces the data exfiltration types and showcases the techniques used to transfer data over various protocols.

• What is Data exfiltration?
• Understand data exfiltration types and how they can be used.
  
• Practice data exfiltration over protocols: Sockets, SSH, ICMP, HTTP(s), and DNS.
• Practice C2 communications over various protocols.
• Practice establishing Tunneling over DNS and HTTP.

Room Prerequisites

• Introductory Networking
  
• Protocols and Servers
  
• DNS in Detail
• Using tmux or similar tools! (for multiple sessions on single SSH login)