Data Exfiltration Techniques

by c0d3inj3cT
Oct. 7, 2017 0 comments INFOSEC Institute Encryption & Authentication

In this article we will see how malware encode or encrypt data that’s exfiltrated to the Command and Control Server from infected machines. This is often done using a custom encoding or encryption algorithm. It is becoming increasingly common these days to see malware using this technique to prevent Security Analysts from understanding the type of data that is being exchanged between the malware and its Server. Similarly, these algorithms can also be used for randomizing the artifact details such as names of the files or registry keys created on the infected machine. In all such cases, Behavioral Analysis of the malware is not sufficient. Only after analyzing the code used by the malware can these algorithms be understood.