Éric Filiol How to Bypass Data Exfiltration Detection with Malicious Cryptography Techniques

This presentation was held at #Hacktivity2021 IT security conference on 8th October 2021.

The recent evolution of malware attack includes more and more data exfiltration. Then the attacker has to face several critical issues than can trigger alert and block the exfiltration :
– I1. Data may be analyzed so semantic detection (keywords) can be enforced
– I2. Encrypting data before exfiltration is likely to be detected by a simple entropy profile test (however it is rarely in place)
– I3. Encryption means a secret key that can be recovered during statuc or dynamic analysis of the malware or the process performing the data exfiltration
– I4. All outbound traffic may encrypted automatically and this encryption it outofcontrol for this attacker (this is the case in military networks for instance)

This talk intends to show how an attacker could exfiltrate sensitive data while bypassing all these issues by using different innovative malicious cryptography techniques. These techniques may also be considered by malware designers to make malware/ransomware techniques evolve in a more critical way.


#HACKTIVITY is the biggest event of its kind in Central & Eastern Europe. About 1000 visitors are coming from all around the globe every year to learn more about the latest trends of cybersecurity, get inspired by people with similar interest and develop themselves via comprehensive workshops and training sessions.

https://www.hacktivity.com