Adam Crompton (@3nc0d3r) and Tyler Robinson (@tyler_robinson) from Inguardians came by to fill in for my co-host this week. We talk about things a company should do to protect themselves against data exfil.
Adam then shows us a tool he's created to help automate data exfil out of an environment. It's called 'Naisho', and if you're taking the 'Powershell for Pentesters' class at DerbyCon, you'll be seeing this again, as Adam will be co-teaching this class with Mick Douglas (@bettersafetynet).
Tyler tells us about using Cobalt Strike for creating persistent connections that are more easily hidden when you are on an engagement.
Adam's demo can be found on our YouTube channel: https://youtu.be/rj--BfCvacY
Tyler's demo of Throwback and using Cobalt Strike can be found on our YouTube Channel:
Direct Link: http://traffic.libsyn.com/brakeingsecurity/2016-026-exfiltration_techniques-redteaming_vs_pentesting-and-gaining_persistence.mp3
Comments, Questions, Feedback: firstname.lastname@example.org
Support Brakeing Down Security Podcast on #Patreon: https://www.patreon.com/bds_podcast
#Twitter: @brakesec @boettcherpwned @bryanbrake
#Stitcher Network: http://www.stitcher.com/s?fid=80546&refid=stpr
#TuneIn Radio App: http://tunein.com/radio/Brakeing-Down-Security-Podcast-p801582/