FloCon 2018 has ended
Tucson, AZ – January 8-11, 2018


Watch this space for details on the technical program for FloCon 2018. In the meantime, see the FloCon website at www.cert.org/flocon.
Back To Schedule
Tuesday, January 9 • 3:30pm - 4:00pm
May the data stay with you! - Network Data Exfiltration Techniques

Sign up or log in to save this to your schedule, view media, leave feedback and see who's attending!

Feedback form is now closed.
Data exfiltration is a process of transmitting data from pwned or infected networks back to the attacker while trying to minimize detection.

During this presentation, we will go through different network exfiltration methods and techniques (DNS, ICMP, TCP, UDP, HTTP, RDP, Cloud-app based and others). I will explain how they work, how easy is to run them and what differences you can find between them from the perspective of different OSI layers. It is a highly interactive presentation (I have dozen short demo's already prepared) where you will be guided through the use of a set of Open Source tools powered by a short-fast theory. The main goal of this presentation, however, is to show you that without:
  • Excellent Network Visibility Based on Multiple Collectors (PH, DNS, TLS, HTTP, Logs, SNMP, Netflows, others)
  • Network Behavior Analytics powered by Hybrid Supervised/Unsupervised Anomaly Detection
  • Active Response Module supporting all your existing security HW/SW you are doing your Network Security just wrong.

May the data stay with you!

Attendees Will Learn: They will learn what kind of Data Exfiltration techniques exist, how easy is to use them. They will learn on the other side how to detect and block such movements and actions. They will learn that only combination of different data sources collection and analytics can give you a real network behavior. They will learn as well that Machine Learning techniques should be connected to active response module - there is not too much time for decisions when ransomware is coming. Basically a nice demo-based combination: defensive vs offensive.

avatar for Leszek Mis

Leszek Mis

VP of Cyber Security / IT Security Architect, Collective Sense / Defensive Security
Leszek Miś has over 12 years of experience in IT security technology supporting the largest companies and institutions for implementation, consulting and technical training. Next to that, he has 8 years of experience in teaching and transferring a technical knowledge and experience... Read More →

Tuesday January 9, 2018 3:30pm - 4:00pm MST
Presidio III, IV, V