zlacker

[parent] [thread] 8 comments
1. theluk+(OP)[view] [source] 2017-02-28 05:20:17
When connecting a corporate device to any non-corporate network (including the employee wifi) you can't go anywhere until the vpn is connected. The vpn routes you through all the same inspection points as being on premise.
replies(3): >>semi-e+i2 >>buzer+E2 >>deatha+N5
2. semi-e+i2[view] [source] 2017-02-28 05:56:33
>>theluk+(OP)
Is both SSH and USB key / USB DVD burner usage completely disabled on your corporate devices? If not, obvious workaround is obvious.
replies(2): >>rocqua+Md >>ptaipa+3h
3. buzer+E2[view] [source] 2017-02-28 06:01:36
>>theluk+(OP)
So you cannot access the portal page that quite a few more or less public wifi networks require you to access in order to gain internet access?
replies(1): >>ptaipa+1h
4. deatha+N5[view] [source] 2017-02-28 06:48:51
>>theluk+(OP)
And how can your inspection points verify that data isn't being exfiltrated? Arbitrary pipes can be made over SSH, over DNS, and I don't really consider these advanced. How do you handle techniques like chaffing and winnowing, steganography, or someone who knows how to transmit an arbitrary number of bits using only two bits?
replies(1): >>vidarh+di
◧◩
5. rocqua+Md[view] [source] [discussion] 2017-02-28 08:46:36
>>semi-e+i2
Even a full mitm solution doesn't MitM the sneakernet.
replies(1): >>Interm+1n
◧◩
6. ptaipa+1h[view] [source] [discussion] 2017-02-28 09:35:11
>>buzer+E2
The VPN clients offer a "hotspot login" or such functionality so that you can open the access. It doesn't work for other use, just opening that VPN so that your company computer can connect to company network.
◧◩
7. ptaipa+3h[view] [source] [discussion] 2017-02-28 09:36:15
>>semi-e+i2
That obvious workaround doesn't give you a 24/7 hole from the Internet. To copy information, you need a person to knowingly do it. This decreases the attack surface tremendously.
◧◩
8. vidarh+di[view] [source] [discussion] 2017-02-28 09:56:20
>>deatha+N5
DNS is my favourite hack in that respect because so few people are aware of it.

For those who don't know, there are even full IP proxies that uses DNS [1], but you can hack up a primitive one using shell script by basically setting up a nameserver for a domain, turning on all query logging and using a shell script that splits your file up, encodes it into valid DNS labels and requests [some encoded segment].[yourdomain]. Now your file will be sitting in pieces in your DNS query log and all you need is a simple script to re-assemble it.

Best of all is that it works even if it passes through intermediary DNS servers, such as a corporate proxy, unless it's heavily filtered (e.g. whitelisting domains) or too rate limited to be useful.

◧◩◪
9. Interm+1n[view] [source] [discussion] 2017-02-28 11:10:43
>>rocqua+Md
Ah yes, but a literal MitM solution could!
[go to top]