Data Exfiltration: Difference between revisions
Jump to navigation
Jump to search
Line 9: | Line 9: | ||
* [https://enlacehacktivista.org/index.php?title=Pronico#Video_Timeline Guacamaya] (42:45 - Exfiltrating files) | * [https://enlacehacktivista.org/index.php?title=Pronico#Video_Timeline Guacamaya] (42:45 - Exfiltrating files) | ||
* Zip up a directory quickly for easy exfiltration: https://github.com/thoemmi/7Zip4Powershell | * Zip up a directory quickly for easy exfiltration: https://github.com/thoemmi/7Zip4Powershell | ||
* Rclone: https://rclone | * Rclone: https://github.com/rclone/rclone | ||
* WinSCP: https://github.com/winscp/winscp | * WinSCP: https://github.com/winscp/winscp | ||
* Windows Exfiltration Blog: https://www.ired.team/offensive-security/exfiltration | * Windows Exfiltration Blog: https://www.ired.team/offensive-security/exfiltration |
Latest revision as of 20:40, 31 July 2023
There are many different ways to exfiltrate data using many different protocols and tools. Your objective should be to exfiltrate as much as possible without being seen by the blue team/sysadmins.
Microsoft Exchange
- Export all mailboxes:
foreach ($mbx in (Get-Mailbox)){New-MailboxExportRequest -mailbox $mbx.alias -FilePath "\\127.0.0.1\C$\Folder\$($mbx.Alias).pst"}
- Using the Exchange 2010 Mailbox Export features for Mass Exports to PST files: https://www.allabout365.com/2010/07/using-the-exchange-2010-sp1-mailbox-export-features-for-mass-exports-to-pst
Tools and Resources
- Exfiltration techniques: https://book.hacktricks.xyz/generic-methodologies-and-resources/exfiltration
- Guacamaya (42:45 - Exfiltrating files)
- Zip up a directory quickly for easy exfiltration: https://github.com/thoemmi/7Zip4Powershell
- Rclone: https://github.com/rclone/rclone
- WinSCP: https://github.com/winscp/winscp
- Windows Exfiltration Blog: https://www.ired.team/offensive-security/exfiltration