All Projects → TryCatchHCF → Cloakify

TryCatchHCF / Cloakify

Licence: mit
CloakifyFactory - Data Exfiltration & Infiltration In Plain Sight; Convert any filetype into list of everyday strings, using Text-Based Steganography; Evade DLP/MLS Devices, Defeat Data Whitelisting Controls, Social Engineering of Analysts, Evade AV Detection

Programming Languages

python
139335 projects - #7 most used programming language

Projects that are alternatives of or similar to Cloakify

Dumpsterfire
"Security Incidents In A Box!" A modular, menu-driven, cross-platform tool for building customized, time-delayed, distributed security events. Easily create custom event chains for Blue- & Red Team drills and sensor / alert mapping. Red Teams can create decoy incidents, distractions, and lures to support and scale their operations. Build event sequences ("narratives") to simulate realistic scenarios and generate corresponding network and filesystem artifacts.
Stars: ✭ 775 (-31.78%)
Mutual labels:  hacking, security-tools, pentesting, pentest, infosec, hacking-tool, pentest-tool, red-team
Stegcloak
Hide secrets with invisible characters in plain text securely using passwords 🧙🏻‍♂️⭐
Stars: ✭ 2,379 (+109.42%)
Mutual labels:  hacking, security-tools, cryptography, privacy, infosec, hacking-tool, steganography, cipher
Packetwhisper
PacketWhisper: Stealthily exfiltrate data and defeat attribution using DNS queries and text-based steganography. Avoid the problems associated with typical DNS exfiltration methods. Transfer data between systems without the communicating devices directly connecting to each other or to a common endpoint. No need to control a DNS Name Server.
Stars: ✭ 405 (-64.35%)
Mutual labels:  hacking, security-tools, cryptography, pentesting, pentest-tool, red-team, steganography
Sippts
Set of tools to audit SIP based VoIP Systems
Stars: ✭ 116 (-89.79%)
Mutual labels:  hacking, security-tools, pentesting, pentest, hacking-tool, pentest-tool
Pentesting toolkit
🏴‍☠️ Tools for pentesting, CTFs & wargames. 🏴‍☠️
Stars: ✭ 1,268 (+11.62%)
Mutual labels:  hacking, cryptography, pentesting, infosec, steganography
Thc Archive
All releases of the security research group (a.k.a. hackers) The Hacker's Choice
Stars: ✭ 474 (-58.27%)
Mutual labels:  hacking, pentesting, pentest, hacking-tool, pentest-tool
Hacker Container
Container with all the list of useful tools/commands while hacking and pentesting Kubernetes Clusters
Stars: ✭ 105 (-90.76%)
Mutual labels:  hacking, security-tools, pentesting, pentest, infosec
Habu
Hacking Toolkit
Stars: ✭ 635 (-44.1%)
Mutual labels:  hacking, security-tools, pentesting, pentest, pentest-tool
Crithit
Takes a single wordlist item and tests it one by one over a large collection of websites before moving onto the next. Create signatures to cross-check vulnerabilities over multiple hosts.
Stars: ✭ 182 (-83.98%)
Mutual labels:  hacking, security-tools, pentesting, infosec, hacking-tool
Dirsearch
Web path scanner
Stars: ✭ 7,246 (+537.85%)
Mutual labels:  hacking, pentesting, infosec, hacking-tool, pentest-tool
Cameradar
Cameradar hacks its way into RTSP videosurveillance cameras
Stars: ✭ 2,775 (+144.28%)
Mutual labels:  hacking, security-tools, pentesting, infosec, hacking-tool
Evillimiter
Tool that monitors, analyzes and limits the bandwidth of devices on the local network without administrative access.
Stars: ✭ 764 (-32.75%)
Mutual labels:  hacking, security-tools, pentesting, hacking-tool, pentest-tool
Diamorphine
LKM rootkit for Linux Kernels 2.6.x/3.x/4.x/5.x (x86/x86_64 and ARM64)
Stars: ✭ 725 (-36.18%)
Mutual labels:  hacking, security-tools, pentesting, pentest, hacking-tool
Xattacker
X Attacker Tool ☣ Website Vulnerability Scanner & Auto Exploiter
Stars: ✭ 897 (-21.04%)
Mutual labels:  hacking, security-tools, pentest, hacking-tool
Ciphey
⚡ Automatically decrypt encryptions without knowing the key or cipher, decode encodings, and crack hashes ⚡
Stars: ✭ 9,116 (+702.46%)
Mutual labels:  hacking, cryptography, pentesting, cipher
Resources
A Storehouse of resources related to Bug Bounty Hunting collected from different sources. Latest guides, tools, methodology, platforms tips, and tricks curated by us.
Stars: ✭ 62 (-94.54%)
Mutual labels:  hacking, security-tools, pentesting, infosec
Yasuo
A ruby script that scans for vulnerable & exploitable 3rd-party web applications on a network
Stars: ✭ 517 (-54.49%)
Mutual labels:  security-tools, pentesting, hacking-tool, pentest-tool
Security Tools
Collection of small security tools, mostly in Bash and Python. CTFs, Bug Bounty and other stuff.
Stars: ✭ 509 (-55.19%)
Mutual labels:  hacking, security-tools, pentesting, infosec
Red Teaming Toolkit
This repository contains cutting-edge open-source security tools (OST) for a red teamer and threat hunter.
Stars: ✭ 5,615 (+394.28%)
Mutual labels:  hacking, pentesting, infosec, red-team
Sn1per
Attack Surface Management Platform | Sn1perSecurity LLC
Stars: ✭ 4,897 (+331.07%)
Mutual labels:  hacking-tool, pentest-tool, pentesting, security-tools

CloakifyFactory

CloakifyFactory & the Cloakify Toolset - Data Exfiltration & Infiltration In Plain Sight; Evade DLP/MLS Devices; Social Engineering of Analysts; Defeat Data Whitelisting Controls; Evade AV Detection. Text-based steganography using lists. Convert any file type (e.g. executables, Office, Zip, images) into a list of everyday strings. Very simple tools, powerful concept, limited only by your imagination.

(Update 05/27/2020: Yes, I'll be migrating all of my Github projects to Python3 over the summer of 2020.)

Author

Joe Gervais (TryCatchHCF)

Why

DLP systems, MLS devices, and SecOps analysts know what data to look for: So transform that data into something they're not looking for:

Tutorial

See my DEF CON 24 slides (included in project) from Crypto & Privacy Village workshop and DemoLabs session. Complete tutorial on what the Cloakify Toolset can do, specific use cases, and more. (The examples in the presentation use the standalone scripts, I recommend using the new CloakifyFactory to streamline your efforts.)

For a quick start on CloakifyFactory, see the cleverly titled file "README_GETTING_STARTED.txt" in the project for a walkthrough.

Overview

CloakifyFactory transforms any filetype (e.g. .zip, .exe, .xls, etc.) into a list of harmless-looking strings. This lets you hide the file in plain sight, and transfer the file without triggering alerts. The fancy term for this is "text-based steganography", hiding data by making it look like other data. For example, you can transform a .zip file into a list of Pokemon creatures or Top 100 Websites. You then transfer the cloaked file however you choose, and then decloak the exfiltrated file back into its original form.

With your payload cloaked, you can transfer data across a secure network’s perimeter without triggering alerts. You can also defeat data whitelisting controls - is there a security device that only allows IP addresses to leave or enter a network? Turn your payload into IP addresses, problem solved. Additionaly, you can derail the security analyst’s review via social engineering attacks against their workflows. And as a final bonus, cloaked files defeat signature-based malware detection tools.

The pre-packaged ciphers are designed to appear like harmless / ignorable lists, though some (like MD5 password hashes) are specifically meant as distracting bait.

CloakifyFactory is also a great way to introduce people to crypto and steganography concepts. It's simple to use, guides the user through the process, and according to our kids is also fun!

Requires

Python 2.7.x

Run Cloakify Factory

$ python cloakifyFactory.py

Description

CloakifyFactory is a menu-driven tool that leverages Cloakify Toolset scripts. When you choose to Cloakify a file, the scripts first Base64-encode the payload, then apply a cipher to generate a list of strings that encodes the Base64 payload. You then transfer the file however you wish to its desired destination. Once exfiltrated, choose Decloakify with the same cipher to decode the payload.

NOTE: Cloakify is not a secure encryption scheme. It's vulnerable to frequency analysis attacks. Use the 'Add Noise' option to add entropy when cloaking a payload to help degrade frequency analysis attacks. Be sure to encrypt the file prior to cloaking if secrecy is needed.

The supporting scripts (cloakify.py and decloakify.py) can be used as standalone scripts. Very small, simple, clean, portable. For scenarios where infiltrating the full toolset is impractical, you can quickly type the standalone script into a target’s local shell, generate a cipher in place, and cloakify -> exfiltrate.

Use py2exe if Windows target lacks Python. (http://www.py2exe.org/)

Prepackaged ciphers include lists of:

  • Amphibians (scientific names)
  • Belgian Beers
  • Desserts in English, Arabic, Thai, Russian, Hindi, Chinese, Persian, and Muppet (Swedish Chef)
  • Emoji
  • evadeAV (smallest cipher space, x3 payload size)
  • GeoCoords World Capitals (Lat/Lon)
  • GeoCaching Coordinates (w/ Site Names)
  • IPv4 Addresses of Popular Websites
  • MD5 Password Hashes
  • PokemonGo Monsters
  • Shortened URLs pointing to different Youtube videos of Rick Astley's "Never Gonna Give You Up"
  • Ski Resorts
  • Status Codes (generic)
  • Star Trek characters
  • Top 100 Websites
  • World Beaches
  • World Cup Teams

Prepackaged scripts for adding noise / entropy to your cloaked payloads:

  • prependEmoji.py: Adds a randomize emoji to each line
  • prependID.py: Adds a randomized ID tag to each line
  • prependLatLonCoords.py: Adds randomized LatLong coordinates to each line
  • prependTimestamps.py: Adds timestamps (log file style) to each line

See comments in each script for details on how to tailor the Noise Generators for your own needs

Create Your Own Cipers

Cloakify Factory is at its best when you're using your own customized ciphers. The default ciphers may work for most needs, but in a unique exfiltration scenario you may need to build your own. At the very least, you can copy a prepackaged cipher and randomize the order.

Creating a Cipher:

  • Generate a list of at least 66 unique words / phrases / symbols (Unicode allowed)
  • Remove all duplicate entries and all blank lines
  • Randomize the list order
  • Place in the "ciphers/" subdirectory
  • Re-run CloakifyFactory and it will automatically load your new cipher as an option
  • Test cloaking / decloaking with new cipher before using operationally

Sample Cipher Gallery

Standalone Scripts

Some of you may prefer to use the Cloakify Toolset scripts in standalone mode. The toolset is designed to support that.

cloakify.py Example

decloakify.py Example

Adding Entropy via Standalone Scripts

Add noise to degrade frequency analysis attacks against your cloaked payloads. Here we use the 'pokemonGo' cipher, then use the 'prependLatLonCoords.py' script to generate random geocoords in a 10x10 mile grid. Strip noise from the file before decloaking, using the 'removeNoise.py' script.

Or of course: $ cat cloakedAndNoisy.txt | cut -d" " -f3- > cloakedNoiseStripped.txt

Note that the project description data, including the texts, logos, images, and/or trademarks, for each open source project belongs to its rightful owner. If you wish to add or remove any projects, please contact us at [email protected].