A Logo

Feel free to include my content in your page via my
RSS feed

Help Irongeek.com pay for
bandwidth and research equipment:

Search Irongeek.com:

Affiliates:
Irongeek Button
Social-engineer-training Button

Help Irongeek.com pay for bandwidth and research equipment:

paypalpixle


Piercing the Air Gap: Network Steganography for Everyone - John Ventura GrrCON 2016 (Hacking Illustrated Series InfoSec Tutorial Videos)

Piercing the Air Gap: Network Steganography for Everyone
John Ventura
GrrCON 2016

Steganographic communication systems subvert common expectations for how network based communication is supposed to work and offer surprising advantages to computer security enthusiasts. Network protocols typically store data within the 'payload section' of a packet. However, utilizing IP, TCP, UDP, and ICMP headers for what would otherwise be 'in band' data transmission yields tangible benefits, including resistance to detection and enhanced privacy. The tool developed during the research for this talk sends innocent looking data to a server while hiding its true datagrams where most analysts will not be able to find it. While in ?TCP mode?, it submits an ?in band? HTTP GET request with its real data hidden within pseudo-random values found in IP headers. ?ICMP mode? gives users an ICMP based control channel that is nearly identical to ordinary ping requests that users might initiate from a command line. In both of these cases, monitoring software will see traffic that mimics common network transmissions. These techniques also offer an added benefit of allowing remote control and data transmissions that bypass access control list security protections. Even if evasion isn?t a primary goal, network based steganography can enable control channels over ICMP or by using TCP ports that are already listening for otherwise legitimate purposes. This talk will provide real world guidance for the creation of these systems, including lessons learned and practical applications.

Back to GrrCON 2016 video list

Printable version of this article

15 most recent posts on Irongeek.com:


If you would like to republish one of the articles from this site on your webpage or print journal please contact IronGeek.

Copyright 2016, IronGeek
Louisville / Kentuckiana Information Security Enthusiast