GET A Grip on Your Hustle: Glassdoor Exfil Toolkit

DerbyCon 4.0 - Family Rootz

Presented by: Chris Hodges (g11tch), Parker Schmitt, Kyle Stone
Date: Friday September 26, 2014
Time: 15:00 - 15:50
Location: Track 4

How do you tunnel data past a nextgen firewall? Advanced IDS- DLP- or evensession heuristics? When simple reverse shells and DNS exfiltration wont justdo? We plan on exploring many ways that you can tunnel out while automatingthe process thereby making a nearly undetectable egress and yet maintaininga persistent connection into a network. By mimicking user behavior- usinguncommon exfiltration techniques and non-standard encoding methods- we willdemo our new framework. Announcing GET- the interactive and command-linetoolkit that allows one to try multiple exfiltration paths on the fly. We willdemo- three unique exfiltration methods with our framework- including httpstego- voip FSK and NTP tunneling in plain sight.

Parker Schmitt

Kyle Stone

Chris Hodges


KhanFu - Mobile schedules for INFOSEC conferences.
Mobile interface | Alternate Formats