As @_py suggested, I have decided to adopt a new article format to show the progress of my project, allowing you to have a better understanding of the technical choices during the development process as well as a better overview of the work accomplished.
This new series concerns a new open source project known as unDLP.
As you probably already know, industrial spying cost millions of dollars to companies every year through data exfiltration, data stealing, etc. In order to protect themselves against this bane, companies invested into DLP technologies, allowing to protect sensitive information from hackers and malicious employees. A few existing solutions allow bypassing such security measures. However, none of them are flawless, discrete, or efficient enough to guarantee success. That is why unDLP was born.
Firstly, let me introduce the concept of DLP (Data Loss Protection). DLP technologies help to protect sensitive information by detecting potential data leakage at several points of failure:
- The network
- The end user machine (USB data transfers, emails, etc.)
- Instant messaging software
- Multiple services (FTP, etc.)
Once an alert is triggered, and according to its level of severity, the DLP in place warns the user and displays a preventative message (indicating that the information seized is confidential) or simply blocks the current user.
DLPs are quite similar to anti-virus software and use the same detection methods such as regular expressions, hashes, and signatures. Indeed, during the configuration phase, the DLP software will classify any critical data, allowing it to detect suspicious activities. Moreover, they implement standard regexs in order to detect the transfer of personal information like credit card or bank account numbers.
However, despite the large coverage of these technologies, they are incapable of detecting data exfiltration through steganography and this is the flaw exploited by unDLP.
Discreetly exfiltrate information via the ICMP protocol.
unDLP will follow a standard client-server architecture, allowing to easily retrieve the exfiltrated data.
unDLP will certainly be developed in Perl. But why Perl?
First, I never created a tool of such scale with Perl. Second, it is quite easy to convert a Perl script to a Windows executable. Finally, the most important criteria, it sounds fun!
- Data encryption
- Public key retrieval
- Transfer speed
Keep in mind that this project is still just an idea and that the development process has not started yet so any feedback or ideas are welcome.
I hope you enjoyed this reading.