Browser-Based Covert Data Exfiltration

Details Browser-Based Covert Data Exfiltration Browser-Based Covert Data Exfiltration

2010-04-25

arxiv.org/abs/1004.4357v1

Computer Science

Cryptography and Security

In Proceedings of the 9th Annual Security Conference, Las Vegas, NV, April 7-8, 2010

Scientific paper

Current best practices heavily control user permissions on network systems. This effectively mitigates many insider threats regarding the collection and exfiltration of data. Many methods of covert communication involve crafting custom packets, typically requiring both the necessary software and elevated privileges on the system. By exploiting the functionality of a browser, covert channels for data exfiltration may be created without additional software or user privileges. This paper explores novel methods of using a browser's JavaScript engine to exfiltrate documents over the Domain Name System (DNS) protocol without sending less covert Hypertext Transfer Protocol (HTTP) requests.

Affiliated with

Also associated with

No associations

Rating

Browser-Based Covert Data Exfiltration does not yet have a rating. At this time, there are no reviews or comments for this scientific paper.

If you have personal experience with Browser-Based Covert Data Exfiltration, we encourage you to share that experience with our LandOfFree.com community. Your opinion is very important and Browser-Based Covert Data Exfiltration will most certainly appreciate the feedback.

Rate now

Comments { 0 }

Profile ID: LFWR-SCP-O-186533