DET (extensible) Data Exfiltration Toolkit

DET (is provided AS IS) serves as a proof of concept designed to demonstrate Data Exfiltration capabilities. It can operate using either a single channel or multiple channels simultaneously.

The goal was to develop a versatile toolkit that can integrate any type of protocol or service. This toolkit is designed to test the configuration of implemented Network Monitoring and Data Leakage Prevention (DLP) solutions against various data exfiltration techniques. The slides for DET were presented at BSides Ljubljana on March 9, 2016, and they will be accessible here. You can find the slides available here. Example Usage (ICMP Plugin) Server-side: Client-side: Usage for Combining Two Channels (Gmail/Twitter) Server-side: Client-side: Requirements: 1. Keep all technical terms and concepts exactly as they are 2. Make the language clearer and more accessible 3. Keep the same content structure and format 4. Do not add or remove any information 5. Maintain similar length; if the content is very short, add a little more detail.

To begin, clone the repository by using the following command: git clone https://github.com/PaulSec/DET.git

pip install -r requirements.txt --user Configuration In order to use DET, you will need to configure it and add your proper settings (eg. SMTP/IMAP, AES256 encryption passphrase, proxies and so on). A configuration example file has been provided and is called: config-sample.json { "plugins": { "http": { "target": "192.168.0.12", "port": 8080, "proxies": ["192.168.0.13", "192.168.0.14"] }, "google_docs": { "target": "conchwaiter.uk.plak.cc"