PaulDotCom mailing list archives

Bypassing Vontu

From: strandjs at gmail.com (John Strand)
Date: Fri, 23 Oct 2009 02:04:06 +0900

Print it....

Walk out.

john

On Fri, Oct 23, 2009 at 1:27 AM, Allen Deryke <allen.deryke at hushmail.com>wrote:

Things I'de try:
 - Send it over https (SSL out ftw)
 - Common Image stego tools, embed that secret recipe right in the
company logo
 - Change formats, does it detect the word doc but not the jpeg
screen shot of said doc?

 Do all this using only the tools availible to your users, go out an
download encryption tools from a production build, bypass your proxy.

  I try not to judge a tool based on it's capablity but the value it
adds to your environment. You may find that in order for that product
to add value you may have to implement other controls.

   Encryption, Encodeing, and Stego are my perfered DLP product
attack vectors.

-- Allen Deryke

On Oct 22, 2009, at 11:38 AM, Brian Schultz <theconqueror at gmail.com>
wrote:

Our security department is testing out Symantec's Vontu and I am
playing the guinea pig and have to try and get documents out of our
company's environment. I have a really basic understanding of how it
works. It has a span port sitting and listening to all outgoing web
traffic and there is also an agent that sits on desktops and watches
to see if any sensitive information leaves via USB drive or e-mail.

Does anyone have any whitepapers or info regarding how it actually
works or any tactics I should try?
_______________________________________________
Pauldotcom mailing list
Pauldotcom at mail.pauldotcom.com
http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom
Main Web Site: http://pauldotcom.com


_______________________________________________
Pauldotcom mailing list
Pauldotcom at mail.pauldotcom.com
http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom
Main Web Site: http://pauldotcom.com

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mail.pauldotcom.com/pipermail/pauldotcom/attachments/20091023/de05ca6f/attachment.htm

Current thread:

Bypassing Vontu, (continued)
- - Bypassing Vontu Dan Baxter (Oct 22)
  - Bypassing Vontu Nathan Sweaney (Oct 22)
    - Bypassing Vontu PJ McGarvey (Oct 22)
  - Bypassing Vontu Michael Dickey (Oct 22)
- Bypassing Vontu Robin Wood (Oct 22)
- Bypassing Vontu Chris Merkel (Oct 22)
- Bypassing Vontu Jim Halfpenny (Oct 22)
- Bypassing Vontu Ron Gula (Oct 22)
- Bypassing Vontu Raffi Jamgotchian (Oct 22)
- Bypassing Vontu Allen Deryke (Oct 22)
  - Bypassing Vontu John Strand (Oct 22)
- Bypassing Vontu xgermx (Oct 22)
  - Bypassing Vontu Chris Merkel (Oct 22)
    - Bypassing Vontu johnemiller at gmail.com (Oct 22)
    - Bypassing Vontu John Strand (Oct 22)
    - Bypassing Vontu Chris Merkel (Oct 22)
    - Bypassing Vontu Justin Andrusk (Oct 22)
  - Bypassing Vontu Dan McGinn-Combs (Oct 22)
- Bypassing Vontu allen.deryke at hushmail.com (Oct 22)
  - Bypassing Vontu Duncan Alderson (Oct 23)
    - Bypassing Vontu Shawn Bernard (Oct 23)

(Thread continues...)