SecDocs Feed for tag covert channel

[Video] Auto-adapting Stealth Communication Channels

Tue, 14 Feb 2012 22:30:12 +0100

Authors: Daniel Burroughs
Tags: covert channel
Event: DEFCON 13

[Slides] Auto-adapting Stealth Communication Channels

Tue, 14 Feb 2012 22:27:21 +0100

Authors: Daniel Burroughs
Tags: covert channel
Event: DEFCON 13

[Audio] Auto-adapting Stealth Communication Channels

Tue, 14 Feb 2012 22:26:08 +0100

Authors: Daniel Burroughs
Tags: covert channel
Event: DEFCON 13

[Slides] Side Channel Analysis on Embedded Systems. Impact and Countermeasures

Fri, 27 Jan 2012 06:49:56 +0100

Authors: Job de Haas
Tags: covert channel
Event: Black Hat EU 2008

[Slides] The Keys to the Kingdom – Understanding Covert Channels

Sun, 11 Dec 2011 06:45:12 +0100

Authors: Russ Rogers
Tags: covert channel
Event: Black Hat EU 2004

[Slides] Nobody’s Anonymous—Tracking Spam and Covert Channels

Wed, 30 Nov 2011 06:37:57 +0100

Authors: Curtis Kret
Tags: covert channel
Event: Black Hat USA 2004

[Slides] Information Hiding in Executable Binaries

Tue, 29 Nov 2011 06:29:57 +0100

Authors: Rakan El-Khalil
Tags: covert channel
Event: Black Hat USA 2004

[Audio] The Keys to the Kingdom: Understanding Covert Channels of Communication

Sun, 27 Nov 2011 06:51:45 +0100

Authors: Russ Rogers
Tags: covert channel
Event: Black Hat Asia 2004

[Slides] The Keys to the Kingdom: Understanding Covert Channels of Communication

Sun, 27 Nov 2011 06:51:45 +0100

Authors: Russ Rogers
Tags: covert channel
Event: Black Hat Asia 2004

[Paper] PSUDP: A Passive Approach to Network-Wide Covert Communication

Mon, 05 Sep 2011 22:29:56 +0200

Authors: Kenton Born
Tags: covert channel
Event: Black Hat USA 2010
Abstract: This presentation analyzes a novel approach to covert communication over DNS by introducing PSUDP, a program demonstrating passive network-wide covert communication. While several high-bandwidth DNS tunnel implementations are freely available, they all use similar strategies. Storage channels are created in DNS requests by encoding data in subdomain labels, while responses take many forms such as TXT, NULL, and CNAME resource record types to complete the bi-directional link. However, these tunnels may be detected when examining subdomains and irregular resource records in responses. Additionally, these tunnels only provide communication through the active generation of traffic. The method and tool discussed in this paper allows a network of computers to participate in passive covert communication by piggy-backing on legitimate network DNS traffic. While low-bandwidth passive tunnels have been built using techniques such as timing channels and field manipulation, no passive high-bandwidth DNS tunnels exist. A novel approach is used to provide significantly higher bandwidth in network-wide covert communication by manipulating legitimate DNS traffic. It is also shown how, in certain scenarios, this method may be used for both covert data exfiltration and as a replacement for existing DNS tunnels. Additionally, it will be shown how a similar method can be applied to many other protocols, not being limited to DNS traffic. In addition to PSUDP, this presentation will briefly cover a few other recent findings I have had in DNS tunnel creation and detection. Firstly, I will show how bi-directional DNS tunnels may be created using a browser and fine-grained JavaScript manipulation. Secondly, I will show my work in detecting DNS tunnels using n-gram frequency analysis.

[Slides] PSUDP: A Passive Approach to Network-Wide Covert Communication

Mon, 05 Sep 2011 22:29:40 +0200

[Slides] Extrusion and Web Hacking

Sat, 16 Apr 2011 12:42:19 +0200

Authors: Laurent Oudot
Tags: covert channel
Event: Black Hat Abu Dhabi 2010
Abstract: This technical talk will focus on web attackers and how they try to handle extrusion issues. Indeed, when intruders get an illegal access on a web resource, it might become complex for them to keep a stealth and remote control without being caught. They usually try to create easy channels that allow them to get the very best from their target. But sometimes, they need to improve those concepts, especially against a hardened or monitored network. Based on real technical examples, we will describe how web attackers can anonymously talk to web backdoors, either by playing with HTTP issues or by finding secret paths to bounce out of DMZ (cover channels, etc). For this presentation to be accurate, we will also propose solutions, so that the defenders might detect or contain those attacks on their sensitive networks.

[Paper] Extrusion and Web Hacking

Sat, 16 Apr 2011 12:41:54 +0200

[Slides] Side Channel Analysis on Embedded Systems

Wed, 15 Sep 2010 10:00:00 +0200

Authors: Job de Haas
Tags: covert channel
Event: Hack In The Box 2009 Malaysia

[Audio] Reverse DNS Tunneling Shellcode

Wed, 21 Jul 2010 12:19:00 +0200

Authors: Ty Miller
Tags: covert channel
Event: Black Hat USA 2008

[Slides] Reverse DNS Tunneling Shellcode

Wed, 21 Jul 2010 12:19:00 +0200

Authors: Ty Miller
Tags: covert channel
Event: Black Hat USA 2008

[Video] Reverse DNS Tunneling Shellcode

Wed, 21 Jul 2010 12:19:00 +0200

Authors: Ty Miller
Tags: covert channel
Event: Black Hat USA 2008

[Video] Cross Site Scripting Anonymous Browser 2.0

Sun, 09 May 2010 06:03:30 +0200

Authors: Jeff Yestrumskas Matt Flick
Tags: covert channel
Event: DEFCON 17

[Slides] Cross Site Scripting Anonymous Browser 2.0

Sun, 09 May 2010 06:03:29 +0200

Authors: Jeff Yestrumskas Matt Flick
Tags: covert channel
Event: DEFCON 17

[Audio] Cross Site Scripting Anonymous Browser 2.0

Sun, 09 May 2010 06:03:27 +0200

Authors: Jeff Yestrumskas Matt Flick
Tags: covert channel
Event: DEFCON 17

[Audio] Catching DNS Tunnels with AI - A Talk About Artificial Intelligence, Geometry and Malicious Network Traffic

Sat, 27 Mar 2010 11:43:00 +0100

Tags: covert channel
Event: DEFCON 17

[Slides] Catching DNS Tunnels with AI - A Talk About Artificial Intelligence, Geometry and Malicious Network Traffic

Sat, 27 Mar 2010 11:43:00 +0100

Tags: covert channel
Event: DEFCON 17

[Video] Catching DNS Tunnels with AI - A Talk About Artificial Intelligence, Geometry and Malicious Network Traffic

Sat, 27 Mar 2010 11:43:00 +0100

Tags: covert channel
Event: DEFCON 17

[Video] Introducing Heyoka: DNS Tunneling 2.0

Mon, 15 Feb 2010 06:10:08 +0100

Authors: Nico Leidecker Alberto Revelli
Tags: covert channel
Event: Confidence 2009 Krakow

[Video] Covert Channels using IPv6/ICMPv6

Tue, 12 Jan 2010 06:15:57 +0100

Tags: covert channel
Event: DEFCON 14

[Slides] Covert Channels using IPv6/ICMPv6

Mon, 11 Jan 2010 06:11:16 +0100

Tags: covert channel
Event: DEFCON 14

[Audio] Covert Channels using IPv6/ICMPv6

Mon, 11 Jan 2010 06:11:15 +0100

Tags: covert channel
Event: DEFCON 14

[Video] SOCIAL MESSAGE RELAY: Using existing social networks to transmit covert messages in public

Tue, 22 Dec 2009 06:11:55 +0100

Authors: Strom Carlson
Tags: covert channel
Event: DEFCON 14

[Audio] SOCIAL MESSAGE RELAY: Using existing social networks to transmit covert messages in public

Tue, 22 Dec 2009 06:11:53 +0100

Authors: Strom Carlson
Tags: covert channel
Event: DEFCON 14

[Audio] SQL injection and out-of-band channeling

Fri, 11 Dec 2009 22:03:09 +0100

Authors: Patrik Karlsson
Tags: covert channel
Event: DEFCON 15

[Slides] Introducing Heyoka: DNS Tunneling 2.0

Mon, 22 Jun 2009 00:34:00 +0200

Authors: Nico Leidecker Alberto Revelli
Tags: covert channel
Event: Confidence 2009 Krakow

[Video] SQL injection and out-of-band channeling

Wed, 17 Jun 2009 03:15:00 +0200

Authors: Patrik Karlsson
Tags: covert channel
Event: DEFCON 15

[Slides] SQL injection and out-of-band channeling

Wed, 17 Jun 2009 03:07:00 +0200

Authors: Patrik Karlsson
Tags: covert channel
Event: DEFCON 15

[Slides] Introducing Heyoka: DNS Tunneling 2.0

Tue, 14 Apr 2009 22:47:00 +0200

Authors: Alberto Revelli Nico Leidecker
Tags: covert channel
Event: Source Conference Boston 2009

[Paper] Surviving DDoS Attacks

Wed, 16 Jul 2008 12:19:00 +0200

Tags: covert channel
Abstract: Distributed denial of service (DDoS) attacks aim to disrupt the service of information systems by overwhelming the processing capacity of systems or by flooding the network bandwidth of the targeted business. Recently, these attacks have been used to deny service to commercial web sites that rely on a constant Internet presence for their business. The attacks differ from traditional DDoS attacks in the targeted nature and shear number of attacking hosts. Even hardened Internet companies such as the SCO group and Microsoft are not immune to attack, and historically high-profile e-tailers such as eBay have had their services disrupted. The threat from the latest attacks has become greater due to the political and financial agendas of those instigating them, particularly the involvement of international organised crime in protection extortion attempts. There is no simple solution to mitigate the risk of these attacks, but there are strategies that can help minimize the impact of a large-scale attack.

[Paper] Virtual Hidden Networks

Sun, 13 Apr 2008 14:37:00 +0200

Tags: covert channel