This workshop introduces real-world uses of text-based steganography to cloak your communications from the omnipresent web of machines and their human collaborators. Attendees will learn techniques to simply and repeatably bypass DLP controls and defeat data whitelisting enforced by Multi Level Security (MLS) devices. You will also learn methods for generating social engineering attacks against SecOps analysts and censors who may review your communications, plus techniques to counter frequency analysis attacks against your cloaked communications. All of this is accomplished using only simple Python scripts and text-based ciphers of your choosing. Attendees will then use the toolset to generate their own custom ciphers and social engineering attacks as we work through scenarios together.
TryCatchHCF / Joe Gervais is the Principal InfoSec Engineer & Lead Pentester at LifeLock, and author of the Cloakify exfiltration toolset. He has 25+ years of security- and software engineering experience, mostly in US gov't/DoD sectors, and served as an Intelligence Analyst and Counterintelligence Specialist in the United States Marine Corps. Education includes a bachelors degree in Cognitive Science, and a masters degree in Information Assurance. https://github.com/TryCatchHCF