Training
Featured CourseView All Courses
Get a free hour of SANS training

Experience SANS training through course previews.

Learn More
Learning Paths
FeaturedView all Focus Areas
Cloud Security Training, Courses, and Resources
Can't find what you are looking for?

Let us help.

Contact us
Community Resources

SANS Community Benefits

Connect, learn, and share with other cybersecurity professionals

AI Risk & Readiness

Explore expert-driven guidance, training, and tools to help defend against AI-powered threats and adopt AI securely.

Join the SANS Community

Become a member for instant access to our free resources.

Sign Up
For Organizations

Public Sector

Mission-focused cybersecurity training for government, defense, and education

Partnerships

Explore industry-specific programming and customized training solutions

Sponsorship Opportunities

Sponsor a SANS event or research paper

Interested in developing a training plan to fit your organization’s needs?

We're here to help.

Contact Us
Talk With an Expert
Talk With an Expert

Covert Channels Over Social Networks

Download File
Covert Channels Over Social Networks (PDF, 3.12MB)Published: 04 Jun, 2012
Created by:
Jose Selvi

There are many ways to embed data into unused fields of some network protocols like IP, TCP, etc in order to send and receive data in a hidden way. Nowadays, malware coders are hiding their communications using https, but techniques such as DNS sinkhole can help network administrators to stop some of them. The following step in Covert Channels is to embed data into known applications such as, for instance, social networks. Since it uses known domain names, it is difficult to detect the difference between real communications and evil ones. In this paper, we review some ways to embed data into these social networks, and how this can affect to corporate and personal security. As a proof of concept, we have released a tool called 'facecat' (FaceBook Cat). With this tool we can relay ports using a FaceBook Wall as a Pipe, so it can be used through proxies and other network protections.