I’ve submitted my CFP to this year’s BlackHat; I got a new technique and tool for DNS based exfiltration dubbed DDT.
Since it is under wrap for now, I’m not going to go into details. However, I got a full working client & server; and all the necessary test runs in a prod environment. I also sketched up already the slides, so I can focus on the tool to be better and efficient. Regardless, I’ll release the tool here if I don’t make it in (planning to submit to DefCon as well, but for there, I want to submit the supporting files with nice clear screenshots) Defenders will definitely hate this tool, as it is geared towards being stealthy vs. compact.