Dictionary-based Data Transfer (DDT) on GitHub

19 Jun 2018

Good evening,

I’ve put my DDT client-server script on GitHub, so that everyone can benefit from it if someone choose to use it. DDT stands for Dictionary-based Data Transfer, a form of substitution based data exfiltration technique and a proof-of-concept tool.


The main goal is to use the victims’ network recursive DNS resolver to move a file from the source to the destination without raising suspicion based off the type of query-response traffic that we generate. The key is to use dictionary / substitution based subdomain lookups, any this could even work with the good-old nslookup on the compromised OS (Win or Linux or etc).

While this is no silver bullet, depending on the quality of your dictionary, it may suit the needs where stealth is more important than speed or instant-volume of exfiltration.

Get it at https://github.com/Th3R3g3nt/DDT

Example screenshot is below as:

Python Client Screenshot

Python Server Screenshot