2-DAY TRAINING 12 – In & Out: Network Data Exfiltration Techniques

• Learn how to bypass Linux and Windows local security restrictions and command line arguments detections by using obfuscation and Living Off The Land Binaries And Scripts
• Generate and run different, encrypted types of TCP/UDP reverse and bind shells across Windows and Linux systems, pivot to the next subnets, configure port forwarding & proxying, change a transport on the fly and find what the network traffic artifacts of such actions are.
• Manually generate suspicious network events from Python, ex. saturate a DHCP Server, establish a C2 connection by using QUIC, HTTP2, NTP, flood the network service, run a brute force attack, etc.
• Simulate DNS DGA traffic, run a DNS tunnels and remote shells, exfiltrate and hide data transfer using DNS-over-HTTPS and explain how to gain the Internet connection on the plane or in the hotel for free through captive portal bypassing.
• Use different HTTP techniques, headers and methods for stealing the data with combination of web application injection techniques (OOB) + walk through the world of web shells
• Run, detect and understand a TLS/SSL-based anomalies and exfiltration methods
• Run a cmd.exe and deliver compressed and encrypted, in-memory offensive Powershell scripts during a post-exploitation stage for leaking the data and bypassing AV / EDR / AMSI
• Clone, armor and phish popular websites and use them for covert channel
• Create CDN domain fronting setup and punch holes in the NAT
• Achieve a big file ICMP packet dripping covert channel and monitor ICMP traffic
• Cheat security platforms by running internal WMI, Websockets, WinRM or P2P covert channels
• Hide a stolen data in binary file, WAV file, Image file or exfiltrate data from the air-gapped system using hops and bad USB
• Configure the station to connect to anonymizers like external VPN, TOR, Open proxy and ‘ping’ to the IP/domains tagged on the globally recognized security feeds, rules or phishy lists
• Use a popular cloud-based services for C2 communication and data stealing, ex. Pastebin, Twitter, AWS, Dropbox, etc.
• Replay malicious PCAP files and in terms of network behaviour and analyze the malware samples using Cuckoo
• Describe the syntax of signature-based rules works, how Suricata or Bro IDS can help you detect suspicious events and what are the differences between these two IDS engines
• Understand values of automated attackers simulations
• Run verification actions for IT security products and providers during PoC / PoV
• And a combination of many more.

Through hands-on lab exfiltration, this training delivers you a bigger picture of what you really need to care about when thinking initially or improving lately your SOC environment or Red and Blue team skills, your SIEM deployments, your DLP/IDS/IPS installations or Machine-Learning and anomaly detection security solutions.

All the above training description is based on pure hands-on laboratory where student will run every single action or chained scenarios on his own in the dedicated virtual-lab network. This class will focus on x86/x64 architecture, IPv4/IPv6 networks and target Linux and Windows environments.

In terms of IDS/IPS/Data Leakage Protection and for better understanding the current status of your network security posture, the training experience will help you understand risks, identify network security blind spots and unexpected, uncovered spaces by simulating a real, offensive cyber adversary network behavior. Become confident that your SOC / network security really works!

I guarantee, that your overall Linux, Windows and “feeling the network security” skills will also increase significantly.