Abusing Normality - Data Exfiltration in Plain Site

Explore innovative data exfiltration techniques in this 48-minute LASCON conference talk. Delve into the world of stealthy attacker methods that leverage seemingly innocuous system components to hide malicious activities. Learn how attackers can exploit normal-looking files, legitimate software, and common system objects to establish covert communication channels and exfiltrate sensitive data. Discover techniques involving Symantec virus definition files, Wikipedia-based command and control, Word dictionary files, Outlook email headers, and more. Examine various hiding spots, including prefetch files, Search Index, event logs, Recent Documents, free disk space, and Excel templates. Gain insights into detecting these subtle attack vectors and understand why traditional monitoring methods may overlook such threats. Through live demonstrations and practical examples, enhance your understanding of advanced data exfiltration techniques and improve your ability to defend against sophisticated cyber attacks.

Introduction
Requirements
Demo
Stack Overflow
PowerShell Demo
War Document Demo
User Info Demo
Wireless History Demo
Stealing Documents
Dumping the elses
Passwords
Password Vault
Find Password Vault
Live Demo