312-50V13 · Question #150
You work for Acme Corporation as Sales Manager. The company has tight network security restrictions. You are trying to steal data from the company's Sales database (Sales.xls) and transfer them to you
The correct answer is C. You can conceal the Sales.xls database in another file like photo.jpg or other files and send it out. To exfiltrate data without raising suspicion when traffic is filtered and monitored, concealing the data within another seemingly innocuous file type is an effective steganographic technique.
Question
Options
- AEncrypt the Sales.xls using PGP and e-mail it to your personal gmail account
- BPackage the Sales.xls using Trojan wrappers and telnet them back your home computer
- CYou can conceal the Sales.xls database in another file like photo.jpg or other files and send it out
- DChange the extension of Sales.xls to sales.txt and upload them as attachment to your hotmail
How the community answered
(19 responses)- A5% (1)
- B5% (1)
- C74% (14)
- D16% (3)
Why each option
To exfiltrate data without raising suspicion when traffic is filtered and monitored, concealing the data within another seemingly innocuous file type is an effective steganographic technique.
Encrypting the file and emailing it may still raise suspicion as email attachments are often scanned, and the presence of encrypted content can be flagged by security systems for further inspection, especially if it's unusual for the user.
Using Trojan wrappers and telnetting the data back is highly suspicious; telnet is an unencrypted protocol often blocked, and Trojan activity is typically detected by antivirus and intrusion detection systems.
Concealing the Sales.xls database within another file like a photo (steganography) makes it difficult for traditional traffic monitoring and filtering systems to detect the malicious data. The altered file retains the appearance and metadata of the cover file, allowing it to bypass detection mechanisms that look for specific file types or content signatures.
Changing the file extension from .xls to .txt does not alter the actual file content or metadata, making it easily detectable by deep packet inspection or content-aware filters as an Excel file being masqueraded.
Concept tested: Data exfiltration techniques (Steganography)
Source: https://learn.microsoft.com/en-us/security/compass/steganography
Topics
Community Discussion
No community discussion yet for this question.