SEC595: Applied Data Science and AI/Machine Learning for Cybersecurity Professionals

Experience SANS training through course previews.
Learn MoreLet us help.
Contact usBecome a member for instant access to our free resources.
Sign UpWe're here to help.
Contact UsThere are many ways to embed data into unused fields of some network protocols like IP, TCP, etc in order to send and receive data in a hidden way. Nowadays, malware coders are hiding their communications using https, but techniques such as DNS sinkhole can help network administrators to stop some of them. The following step in Covert Channels is to embed data into known applications such as, for instance, social networks. Since it uses known domain names, it is difficult to detect the difference between real communications and evil ones. In this paper, we review some ways to embed data into these social networks, and how this can affect to corporate and personal security. As a proof of concept, we have released a tool called 'facecat' (FaceBook Cat). With this tool we can relay ports using a FaceBook Wall as a Pipe, so it can be used through proxies and other network protections.