PyExfil

Abstract

This started as a PoC project but has later turned into something a bit more. Currently, it’s an Alpha-Alpha stage package, not yet tested (and will appreciate any feedbacks and commits) designed to show several techniques of data exfiltration is real-world scenarios. Currently here are what the package supports and what is allowed is:

• Network
  • DNS query.
  • HTTP Cookie.
  • ICMP (8).
  • NTP requests.
  • BGP Open.
  • HTTPS Replace Certificate.
  • QUIC – No Certificate.
  • Slack Exfiltration.
  • POP3 Authentication (as a password) – Idea thanks to Itzik Kotler
  • FTP MKDIR technique – Idea thanks to Itzik Kotler
  • DB-LSP (Broadcast or Unicast).
  • Source IP-based Exfiltration
• Physical
  • Audio
  • QR Codes
  • WiFi – On Payload
• Steganography
  • Binary Offset
  • Video Transcript to Dictionary

Tutorial

Copyright (c) 2014 Yuval tisf Nativ

Source: https://github.com/ytisf/