DET – Data Exfiltration Toolkit


Data exfiltration is to move and send sensitive information from targeted network to a remote system controlled by attacker. all local network will have firewalls and routers but they usually allow standard connection to not block users from conducting usual tasks. stopping this type of attack is possible by adding data leakage prevention solution on the endpoint or network firewalls and to encrypt sensitive information which will make it hard for attacker to decrypt it and read the content. If you are looking to test data exfiltration you can check DET.

DET is a proof of concept to perform Data Exfiltration using either single or multiple channel(s) at the same time. This is a Proof of Concept aimed at identifying possible DLP failures. This should never be used to exfiltrate sensitive/live data (say on an assessment) The idea was to create a generic toolkit to plug any kind of protocol/service to test implmented Network Monitoring and Data Leakage Prevention (DLP) solutions configuration, against different data exfiltration techniques.

DET - Data Exfiltration Toolkit

DET – Data Exfiltration Toolkit

The tool support many channels whcih will make it suitable for any network. DET supports multiple protocols, listed here:

  • HTTP(S)
  • ICMP
  • DNS
  • SMTP/IMAP (eg. Gmail)
  • Raw TCP
  • PowerShell implementation (HTTP, DNS, ICMP, SMTP (used with Gmail))

There is support for Google Docs and Twitter direct message. you will have 2 instance one act as server which will be listening to the incoming traffic and receive files and client that will send required data.

You can read more and download thi tool over here: