π Overview
What it is: The unauthorized transfer of sensitive information from a target network to an attacker-controlled system. Target Phase: attack postexploitation Operating System: Cross-platform
βοΈ Core Methods
- HTTPS/Web Services: High-speed, encrypted, and blends with standard web traffic.
- DNS Tunneling: Using tools like
dnscat2oriodine. Extremely stealthy but very low bandwidth. - ICMP Tunneling: Hiding data inside βPingβ packets. Often blocked by firewalls but useful if ICMP is allowed outbound.
- Cloud Storage: Uploading data directly to legitimate services (S3 buckets, Dropbox) to bypass domain-based filtering.
π» Common CLItool options
| Tool | Protocol | Note |
|---|---|---|
curl / wget | HTTP/S | Used to POST data to a remote server. |
dnscat2 | DNS | High stealth, low speed. |
rclone | Multiple | Syncs data to cloud providers; very common in ransomware attacks. |
π·οΈ Tags
attack postexploitation Exfiltration NetworkSecurity DataDiscovery PenTestPlus CLItool