This short write up follows my previous article, keeping you updated on the progress of unDLP.
As I mentioned before, unDLP was mainly focused on data exfiltration through the ICMP protocol. However, after some research and debates on IRC (thanks @suser), I decided to reconsider the project as a whole in order to find the best way to reach my goals, providing the most efficient approach to discreetly exfiltrate information.
It appears that forging ICMP packets and sending them over a raw socket requires being rooted, fact which was non-compatible with the original idea of unDLP. Indeed, who needs an exfiltration method to extract data if you already own the machine? Consequently, I made the decision to pivot, giving new objectives to unDLP as well as a new defined and functional architecture.
- Data exfiltration using the HTTP protocol over SSL
- Data encryption
- Transfer speed customisable
- Block size customisable
- Modular architecture, allowing to easily add covert channels such as DNS leakage, RTCP exfiltration, etc
Pivoting when a project is intended to fail or showed himself being shaky and not clearly defined is crucial. Indeed, nothing is worse than spending time into a project that will not work as expected and prove to be useless. In order to not miss this step, it is mandatory to take into consideration any inputs from colleagues, friends, etc, as well as trying to put oneself into the skin of the user, allowing to better identify the needs that you are trying to fill.
P.S: Fortunately, I hadn't really started the development process yet, which saved me plenty of times
That's all for today.
Stay tuned, the release is coming !