search

alphasoc / flightsim

A utility to safely generate malicious network traffic patterns and evaluate controls.
https://alphasoc.com
Other
1.25k stars 132 forks source link

New module: base64-dns #20

Open chrisforce1 opened 4 years ago

chrisforce1 commented 4 years ago

As per https://github.com/krmaxwell/dns-exfiltration we should synthesize Base64 encoding and exfiltration of data to hostnames under base64.alphasoc.xyz, as below:

  1. Generate a long random binary value from /dev/random or similar
  2. Chop the value into pieces and encode each with Base64
  3. Ship each piece out over DNS (e.g. AAAAAAAAAAAxMjM0NTY3OA==.base64.alphasoc.xyz)

Module description for the table in the documentation as below.

Module Description
base64-dns Exfiltrates Base64-encoded data over DNS to *.base64.alphasoc.xyz

We should probably rename sandbox.alphasoc.xyz to tunnel.alphasoc.xyz too. Thoughts?

chrisforce1 commented 3 years ago

This is a lower priority as it is blocked by https://github.com/alphasoc/riswiz/issues/321.