PaulDotCom mailing list archives
Bypassing Vontu
From: lonervamp at gmail.com (Michael Dickey)
Date: Thu, 22 Oct 2009 11:52:17 -0500
Encrypt your email going out. Either using internal technologies (if your company has any implemented [zix, ironport, etc]) or set up your own (such as PGP). Or just encrypt your data yourself with something. Simpler the better. ROT13? Rather than just email, try to save the file out on your network shares, or a USB key, or burned to a CD. Try to upload to an SSL-enabled site that you control. If you have an Excel file or something, try playing with the columns and splitting up fields that may trigger the detections, like SSN or CC# before sending it to yourself out in the world. If you're really having some trouble, start looking into tunneling traffic (http, dns?) or stego. Stego the files or otherwise scramble them and try to use your USB stick. Or an encrypted one. Or boot into a livecd and harvest straight from your disk. DLP vendors love when you mention anything to do with SSL or encryption. :) My typical opinion of DLP is that it is a good idea, but it is worthless without several other controls such as physical access, device access, local admin rights, web proxies, egress firewalling, etc. Otherwise it suffers the same issues many accuse AV of: pattern and signature matching limitations. If you throw it something proprietary or strange, it'll be defeated. On Thu, Oct 22, 2009 at 10:44 AM, Monkey Daemon < monkeywebdaemon at googlemail.com> wrote:
2009/10/22 Brian Schultz <theconqueror at gmail.com>: > Our security department is testing out Symantec's Vontu and I am playing theguinea pig and have to try and get documents out of our company's environment. I have a really basic understanding of how it works. It hasaspan port sitting and listening to all outgoing web traffic and there is also an agent that sits on desktops and watches to see if any sensitive information leaves via USB drive or e-mail. Does anyone have any whitepapers or info regarding how it actually worksorany tactics I should try?Switch off the box, open the case and walk out with the disk in your briefcase/laptop bag? MWD _______________________________________________ Pauldotcom mailing list Pauldotcom at mail.pauldotcom.com http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom Main Web Site: http://pauldotcom.com
-------------- next part -------------- An HTML attachment was scrubbed... URL: http://mail.pauldotcom.com/pipermail/pauldotcom/attachments/20091022/86efea9f/attachment.htm
Current thread:
- Bypassing Vontu Brian Schultz (Oct 22)
- Bypassing Vontu Monkey Daemon (Oct 22)
- Bypassing Vontu James Costello (Oct 22)
- Bypassing Vontu Michael Boyd (Oct 22)
- Bypassing Vontu Jason Jones (Oct 22)
- Bypassing Vontu Dan Baxter (Oct 22)
- Bypassing Vontu Nathan Sweaney (Oct 22)
- Bypassing Vontu PJ McGarvey (Oct 22)
- Bypassing Vontu Michael Dickey (Oct 22)
- Bypassing Vontu Robin Wood (Oct 22)
- Bypassing Vontu Chris Merkel (Oct 22)
- Bypassing Vontu Jim Halfpenny (Oct 22)
- Bypassing Vontu Ron Gula (Oct 22)
- Bypassing Vontu Raffi Jamgotchian (Oct 22)
- Bypassing Vontu Allen Deryke (Oct 22)
- Bypassing Vontu John Strand (Oct 22)
- Bypassing Vontu xgermx (Oct 22)
- Bypassing Vontu Chris Merkel (Oct 22)
- Bypassing Vontu johnemiller at gmail.com (Oct 22)
- Bypassing Vontu Chris Merkel (Oct 22)
(Thread continues...)
- Bypassing Vontu Monkey Daemon (Oct 22)