* Data Exfiltration In Plain Sight
* Evade DLP/MLS Devices
* Social Engineering of Analysts
* Evade AV Detection
* Text-based steganography usings lists.
Python scripts to cloak / uncloak payloads using list-based ciphers (text-based steganography). Allows you to transfer data across a secure network’s perimeter without triggering alerts, defeating data whitelisting controls, and derailing analyst’s review via social engineering attacks against their workflows. As a bonus, cloaked files defeat signature-based malware detection tools.
Cloakify first Base64-encodes the payload, then applies a cipher to generate a list of strings that encodes the Base64 payload. Once exfiltrated, use Decloakify with the same cipher to decode the payload.
Not a secure encryption scheme (vulnerable to frequency analysis attacks). Encrypt data separately prior to processing to keep secure (if needed).
Very small, simple, clean, portable – written in Python. Can quickly type into a target’s local shell session if needed.
Use py2exe if Windows target lacks Python. (http://www.py2exe.org/)
Prepackaged ciphers include lists of:
* Desserts in English, Arabic, Thai, Russian, Hindi, Chinese, Persian, and Muppet (Swedish Chef)
* IPv4 Addresses of Popular Websites
* GeoCoords World Capitals (Lat/Lon)
* MD5 Password Hashes
* Amphibians (scientific names)
* GeoCaching Coordinates (w/ Site Names)
* Star Trek characters
* evadeAV (smallest cipher space – x3 payload size – purely to evade AV detection)
To create your own cipher
* Generate a list of at least 66 unique words / phrases / symbols (Unicode accepted)
* Randomize the list order
* Remove all duplicate entries and all blank lines
Pass the new file as the cipher argument to cloakify / decloakify
Download from Github.
git clone https://github.com/trycatchhcf/cloakify