flightsim icon indicating copy to clipboard operation
flightsim copied to clipboard
verified publisher icon alphasoc

New module: base64-dns

Open chrisforce1 opened this issue 5 years ago • 1 comments

As per https://github.com/krmaxwell/dns-exfiltration we should synthesize Base64 encoding and exfiltration of data to hostnames under base64.alphasoc.xyz, as below:

  1. Generate a long random binary value from /dev/random or similar
  2. Chop the value into pieces and encode each with Base64
  3. Ship each piece out over DNS (e.g. AAAAAAAAAAAxMjM0NTY3OA==.base64.alphasoc.xyz)

Module description for the table in the documentation as below.

Module Description
base64-dns Exfiltrates Base64-encoded data over DNS to *.base64.alphasoc.xyz

We should probably rename sandbox.alphasoc.xyz to tunnel.alphasoc.xyz too. Thoughts?

chrisforce1 avatar May 04 '20 03:05 chrisforce1

This is a lower priority as it is blocked by https://github.com/alphasoc/riswiz/issues/321.

chrisforce1 avatar Aug 31 '21 15:08 chrisforce1