Felipe Espósito (Pr0teus), é formado em Tecnologia em Informática pela UNICAMP, Mestrado em Engenharia de Sistemas e Computação pela COPPE-UFRJ, Analista de Segurança no Tribunal de Justiça do Estado do Rio de janeiro. Com mais de 10 anos de experiência na área de Ciência da Computação, com ênfase em monitoramento de ataques, redes de computadores, Visualização de Informação, e segurança da informação. Seus interesses de pesquisa são sobre: testes de intrusão, malwares, visualização de informação, canais encobertos e técnicas de extração de dados. Membro fundador do Rio HackerSpace, já tendo palestrado em eventos como Hackers 2 Hackers Conference, BHACK, BSIDES, FISL e Ações e Diretrizes de Segurança da Rede.

Network Data Exfiltration: A Top Down Approach

Usually, the main objective of an attacker is steal information and to not get caught in the other hand Network security is always working hard to deploy counter measures, firewall, ips and DLP to detect and prevent the theft of information. For us, as penetration testers or attackers, exfiltrate data from an network without been knowledged is essential. Better yet, is to keep access as long as necessary. In this context, network covert channels subvert network protocols and allow someone inside a network stealthy fetch information to and from outside.

 

From the user level like social networks, throught application protocols such as HTTP and DNS even lower layers at OSI model like TCP/UDP, ICMP, IP, Ethernet and even throught the air with 802.11, the hability to use network covert channels tp allow two entities exchange information without bring attention, manipulating those protocol characteristics is essential to stay under the radar.

 

During the talk we are going to understand those techniques, play with some public avaiable tools and how they work and perhaps get some ideas in how we can design and our own network covert channel.