How would you generally exfilt data (specefically from postgresql databases) when the network is heavily monitored?
-
XSS.stack #1 – первый литературный журнал от юзеров форума
help about data exfiltration
- Автор темы xhinz
- Дата начала
For example:
Use an out-of-band communication channel: If you have access to an out-of-band communication channel that is not being monitored , you could try transferring the data over this channel.
Or use an intermediary: You could try transferring the data to another machine on the same network, and then using that machine to exfiltrate the data.
In theory you could also use encryption: You could try encrypting the data before transferring it, in order to make it more difficult for an attacker to intercept and read the data.
Use an out-of-band communication channel: If you have access to an out-of-band communication channel that is not being monitored , you could try transferring the data over this channel.
Or use an intermediary: You could try transferring the data to another machine on the same network, and then using that machine to exfiltrate the data.
In theory you could also use encryption: You could try encrypting the data before transferring it, in order to make it more difficult for an attacker to intercept and read the data.
Exfiltration, Tactic TA0010 - Enterprise | MITRE ATT&CK®
attack.mitre.org
Heres a nice resource I like to use as reference for a large amount of the cyber kill chain, they have a whole section on exfiltration.
The main thing I, myself would try doing would definitely be trying to find out as much about the network as possible. Things like:
- what sorts of network actions arise attention
- what logging/monitoring service they use
- etc.
Having a larger knowledge base on your target/victim will allow you to detect and exploit vulnerabilities much more efficiently.
The PostgreSQL database may be a bit tricky to exfiltrate due to the size, i would say try to split it up (if you don't find any major holes in their infrastructure, that is).
Also the commenter above me had a good idea with utilizing an intermediary, lateral movement can be very helpful.
- Автор темы
- Добавить закладку
- #5
yeah that made total sense, thanks for the help
- Автор темы
- Добавить закладку
- #6
Thanks!! I really appreciate your helpExfiltration, Tactic TA0010 - Enterprise | MITRE ATT&CK®
Heres a nice resource I like to use as reference for a large amount of the cyber kill chain, they have a whole section on exfiltration.
The main thing I, myself would try doing would definitely be trying to find out as much about the network as possible. Things like:
- what sorts of network actions arise attention
- what logging/monitoring service they use
- etc.
Having a larger knowledge base on your target/victim will allow you to detect and exploit vulnerabilities much more efficiently.
The PostgreSQL database may be a bit tricky to exfiltrate due to the size, i would say try to split it up (if you don't find any major holes in their infrastructure, that is).