search

Egress-Assess

Egress-Assess is a tool used to test egress data detection capabilities

Source: https://github.com/FortyNorthSecurity/Egress-Assessarrow-up-right

Source 2: https://www.christophertruncer.com/egress-assess-testing-egress-data-detection-capabilities/arrow-up-right

"Egress-Assess can act as both the client and the server for the protocol you wish to simulate. It supports exfiltration testing over HTTP, HTTPS, and FTP".

hashtag
How to extract files

If you're going to use HTTPs, you need to generate a server certificate:

openssl req -new -x509 -keyout server.pem -out server.pem -days 365 -nodes
Open a server on the Attacker
Server HTTPS opened
Send the file you want
Shadow extracted
PoC - /etc/shadow file
Wireshark Results

  • We can also transfer files over FTP or HTTP

We can specify the port with --server-port <port>

HTTP server

And for FTP, we can specify a user and password as follows:

FTP server
PreviousSSFNextLigolo-ng

Last updated