Red Edition

In & Out

Network Data Exfiltration Techniques.

Learn more


This training class has been designed to present students with modern and emerging tools and techniques available for network data exfiltration, testing and bypassing DLP/IDS/IPS/FW systems, protocol tunneling, hiding, pivoting and generating malicious network events. This highly technical content and only a hands-on practical approach guarantees that the usage of this transferred knowledge & technologies in real production environments will be easy, smooth and repeatable.

Using an available set of tools, the student will play one by one with well-prepared exfiltration, pivoting and tunneling use-cases to generate the true network symptoms of a modern attacker’s behavior. Great content for SIEM / SOC team validation.


  • Introduction:
    • ATT&CK Framework API.
    • Caldera
    • MAEC
    • TTP, Kill chain & defense in depth
  • Modern RAT’s implementation and popular APT&C2 malware communication design
    → real use cases
  • TCP/UDP bind and reverse shells.
  • Bypassing, exfiltration, tunneling, pivoting, proxying and C2 techniques.
  • Cloud-based exfiltration and C2 channels.
  • Windows & Powershell exfiltration tools.
  • Just a Browser Exfiltration.
  • Hoping from air-gapped networks.
  • USB attacks and network exfiltration combo.
  • The art of data hiding → steganography examples.
  • Signature-based event analytics, rule bypassing & malicious network traffic
  • Adversary simulation moves, actions, tools & automated platforms.
  • Summary → recommended defensive/protection tactics, tools and platforms.

Time Duration

3 days (9:00am - 5:00pm)

Who should attend

  • Red and Blue team members
  • Security / Data Analytics
  • CIRT / Incident Response Specialists
  • Network Security Engineers
  • SOC members and SIEM Engineers
  • AI / Machine Learning Developers
  • Chief Security Officers and IT Security Directors

TRAINER: Leszek Miś

Leszek Miś is the Founder of Defensive Security, Principal Trainer and Security Researcher with over 15 years of experience in Cyber Security and Open Source Security Solutions market. He went through the full path of the infosec carrier positions: from OSS researcher, Linux administrator and system developer, Solution Engineer, DevOps and CI, through penetration tester and security consultant delivering hardening services and training for the biggest players in the European market, to become finally an IT Security Architect / SOC Security Analyst with deep non-vendor focus on Network Security attack and detection. He’s got deep knowledge about finding blind spots and security gaps in corporate environments. Perfectly understands technology and business values from delivering structured, automated adversary simulation platform.

Recognized speaker and trainer: BruCON, Black Hat US, OWASP Appsec US, FloCon US, Hack In The Box DBX/AMS, Infosec in the City SG, Nanosec Asia, Confidence PL, PLNOG, Open Source Day PL, Red Hat Roadshow. Member of OWASP Poland Chapter.

Holds many certifications: OSCP, RHCA, RHCSS, Splunk Certified Architect.

His areas of interest include network “features” extraction, OS internals and forensics. Constantly tries to figure out “what da **ck” the AI/ML Network Security vendors try to sell. In free time he likes to break into “IoT world” just for fun.

Still learning hard every single day.


Register at Brucon 0x0a in Belgium or Hack In The Box 2018 in Dubai on days 1-3 Sep 2018 and 25-26 Nov respectively. If interested in dedicated, closed training for your SOC team let us know too. We love delivering on-site training sessions!