book

Python for Cybersecurity

by Howard E. Poston, III

March 2022

Intermediate to advanced

240 pages

5h 13m

English

Wiley

Read now

Unlock full access

How This Book Is OrganizedTools You Will NeedFrom Here
Active ScanningSearch Open Technical DatabasesSummarySuggested Exercises
Valid AccountsReplication Through Removable MediaSummarySuggested Exercises
Windows Management InstrumentationScheduled Task/JobSummarySuggested Exercises
Boot or Logon Autostart ExecutionHijack Execution FlowSummarySuggested Exercises
Boot or Logon Initialization ScriptsHijack Execution FlowSummarySuggested Exercises
Impair DefensesHide ArtifactsSummarySuggested Exercises
Credentials from Password StoresNetwork SniffingSummarySuggested Exercises

Account DiscoveryFile and Directory DiscoverySummarySuggested Exercises
Remote ServicesUse Alternative Authentication MaterialSummarySuggested Exercises
Clipboard DataEmail CollectionSummarySuggested Exercises
Encrypted ChannelProtocol TunnelingSummarySuggested Exercises
Alternative ProtocolsNon-Application Layer ProtocolsSummarySuggested Exercises
Data Encrypted for ImpactAccount Access RemovalSummarySuggested Exercises
Acknowledgments

Content preview from Python for Cybersecurity

CHAPTER 12Exfiltrating Data

Data theft is a major—if not the primary—goal of many cyberattack campaigns. In previous chapters, we have talked about ways to collect a significant amount of data that can be valuable to an attacker.

However, having access to data inside a target network is not the same as having the ability to get that data out of the network without detection. This is the focus of the Exfiltration tactic of the MITRE ATT&CK framework, which is shown in Figure 12.1.

Snapshot of MITRE ATT&CK: Exfiltration — Figure 12.1: MITRE ATT&CK: Exfiltration

Data exfiltration can occur in a few different ways, and there is significant overlap between these and the command-and-control channels from the previous chapter. In this chapter, we will explore the use of Python for data exfiltration via Alternative Protocols and Non-Application Layer Protocols.

The code sample archive for this chapter can be found at https://www.wiley.com/go/pythonforcybersecurity and contains the following sample code files:

DNSExfiltrationClient.py
DNSExfiltrationServer.py
DetectAlternativeProtocol.py
NonApplicationClient.py
NonApplicationServer.py
DetectNonApplicationProtocol.py

Alternative Protocols

Network protocols are designed to serve different purposes. Some, like HTTP and SMTP, are designed to carry data between systems, making them a logical choice for data exfiltration. Others, such as ICMP and DNS, are intended to make ...