|
|
|
|
|
|
by DrScientist
379 days ago
|
|
|
Yep - bottom line you just use a protocol you know the firewall won't/can't block. In theory you don't even need anything in the payload - you could put information in the timing of the DNS requests a la morse code.... HTTP is the obvious other one - with much more options for somebody to exfiltrate data - you can think of ways where you don't even need an evil domain. For example - you could exfilrate data via hackernews comments! As far as I can see, the only thing you can do in the end is to make it harder to do easily, and then monitor unusual activity - and hope that is enough to stop large scale exfiltration, as small scale is impossible to stop. |
|
|