Detecting Data Exfiltration

preview_player
Показать описание

  1. TechTual Chatter
Рекомендации по теме
Data Exfiltration | 0:01:44

Data Exfiltration | Data Exfiltration DETECTION & MITIGATION

How Does DNS 0:01:33

How Does DNS Exfiltration Work?

Detecting Data Exfiltration 0:00:38

Detecting Data Exfiltration

What Is Data 0:01:45

What Is Data Exfiltration In Cyber Security? - CountyOffice.org

How To Detect 0:02:11

How To Detect Data Exfiltration? - SecurityFirstCorp.com

APT Attack| DATA 0:02:14

APT Attack| DATA EXFILTRATION STAGES| Data Exfiltration METHODS |Advanced Persistent Threats,Infosec

Data Exfiltration Techniques 0:20:12

Data Exfiltration Techniques | DNS Exfiltration | TryHackMe

Preventing, detecting, and 0:05:07

Preventing, detecting, and fixing data exfiltration on G Suite

Exploit + Reverse 0:02:16

Exploit + Reverse Shell VS Adrenaline CryptoSentinel

Use Case: Data 0:04:09

Use Case: Data Exfiltration

#Hacktivity2021 // How 0:37:44

#Hacktivity2021 // How to Bypass Data Exfiltration Detection with Malicious Cryptography Techniques

Detecting Data Exfiltration 0:11:41

Detecting Data Exfiltration with Nuix Adaptive Security

PAYLOAD: ICMP Data 0:03:30

PAYLOAD: ICMP Data Exfiltration - USB Rubber Ducky/Exfiltration [PAYLOAD MINUTE]

VIDEO Data Exfiltration 0:01:18

VIDEO Data Exfiltration Hacking Principle

DNS Exfiltration Quick 0:00:18

DNS Exfiltration Quick Demo

CyberSecurity Definitions | 0:00:24

CyberSecurity Definitions | Exfiltration

Detecting DNS Exfiltration 0:01:08

Detecting DNS Exfiltration

What is a 0:04:58

What is a data exfiltration attack?

MITRE 'Exfiltration' explained 0:00:54

MITRE 'Exfiltration' explained under 1 minute

[BSL2022] Perfect data 0:42:54

[BSL2022] Perfect data exfiltration techniques - Éric Filiol

Data Exfiltration Techniques 0:20:52

Data Exfiltration Techniques | HTTP & HTTPS | TryHackMe

Quick Data Exfiltration 0:02:23

Quick Data Exfiltration Test: Check your risk of data theft via DNS

Fortscale Use Case 0:00:43

Fortscale Use Case #1 - Suspected Data Exfiltration

How to use 0:04:10

How to use BigQuery Data Exfiltration

Комментарии
Автор

Network traffic, physical equipment, and/or eavesdropping.

A security analyst or AI can search for unusual domain requests, or requests for unusual domains=DNS tunneling. Threat actors may use C2 scripts, Tasks, etc… in set intervals to avoid unusual detection, and use TTPs to encrypt DNS traffic and avoid firewalls, IPS, and IDS. IOT devices CVEs include DDoS attacks, so firewall policies to check the DNS request frequency and alerts outliers can help detect exfiltration. Terminating encryption at the firewall and scanning ingress packets with IDS and IPS may help detect exfiltration that used DNS tunneling. It’s an expensive solution and slows network speed; especially if redundancy is necessary and/or due to the network topology.

Note: Zero-trust models adhering to AAA principles may use 2FA to have the user authenticate the usual traffic. End users that log into VPN outside of their shift our have to authenticate more frequently than during business hours since security policies send alerts about the “unusual traffic”.

Key-logger malware in the form of SSD or USB storage devices may be used for physical exfiltration by an insider threat actor. Key-logger malware may also be virtual and hidden as a Task, program, or .exe that exfiltrations egress network packets using DNS, HTTP, HTTPS, IMAP, FTP and SCP protocols. End point detection tools and access control policies may help prevent key-logger malware execution and exfiltration.
Active Directory, Group Policies, RBAC, file permissions, IAM policies, and least privilege are access control policies that may help or prevent key-logger exfiltration.

Eavesdropping by an inside threat actor or outsider ( i.e. CCTV or IP livestream ) may be detected by implementing firewall policies and router/switch switchport configuration that authorize and measure integrity of DHCP lease times, router/switch arp and MAC address tables, destination IP address, and TCP reverse shells.

Kooldudedon
Автор

HELLO! I've recently started studying to become a Cybersecurity Analyst and am proud to know how to answer this question

A large part of maintaining the security of your organization is monitoring the data coming in and out of it. If you're getting log-in pings from places that are new and have never been apart of your network traffic, then that's very suspect. If your company is in Maryland and you're getting ping from Nambia, shit's probably sus. Also, if you monitor your network traffic and notice that an abnormal amount of data is being sent out of the company, it's worth looking into any potential password that could be compromised. From there authentification, configuration changes and outright credential deletion according to procedures are possible. This method cuts down on MTTI and MTTC which saves your company's asses.

Now, how did I do? Would I get the job?

AviaryAssassin