Subscribe to the RSS Feed

Subscribe to the RSS Feed

In & Out – Network Data Exfiltration Techniques

Early Bird Registration: $975 USD (Ends May 1st, 2019)
Standard Registration: $1250 (Ends May 18th, 2019)
On-site Registration: $1600 USD

Training Registration

Head over to the Registration page for more details or click below to register directly via Universe:

Get Tickets


This course is designed to present modern and emerging tools and techniques for network data exfiltration, testing and bypassing DLP/IDS/IPS/FW systems, protocol tunneling, hiding, pivoting and generating malicious network events. Highly technical content and only a hands-on practical approach guarantees that the usage of this transferred knowledge & technologies in real production environments will be easy, smooth, and repeatable.

This course covers the latest APT-style campaigns using malware samples, analyze the top C2 network communication techniques seen in the wild and map findings directly to ATT&CK Framework, kill chain methodology and defense/offense in depth strategy. We will also learn through the importance of network baselining, memory forensics, automated malware analysis solutions. Students will focus on the real threat simulation tactics that are the key aspect of this training.

Students will deep dive into the individual network protocols, services and post exploitation techniques commonly in use by adversaries in corporate networks and discuss the security detection features. Using the available set of tools, students will play one by one with well-prepared exfiltration, pivoting, tunneling and protocol anomalies use-cases to generate the true network symptoms of modern attacker behavior.

Topics covered in this training:

  • Running a DNS AXFR Payload Delivery Channel
  • DNS Tunnelling and Remote Shells
  • DNS Security Checks
  • Simulating DNS DGA Traffic
  • Exfiltrating and Hiding Data Transfer Using DNS-over-HTTPS
  • HTTP Exfiltration and Covert Channels
  • Stealing data with web application injection techniques
  • Clone, Armor & Phish Popular Websites for use as a Covert Channel
  • Local Network Recon via Compromised OS/Browsers
  • Looping, Port Forwarding, Pivoting & Routing Tricks
  • Generating Network Events with Linux ELF In-Memory Code Execution
  • C2 Reverse proxying with valid TLS/SSL
  • Domain Fronting & Web Categorization
  • SSH Tunneling Tips & Tricks
  • Socat Tips & Tricks
  • C2 Channels in Cloud Infrastructure
  • LDAP as a C2 / Payload Delivery Channel
  • Post-Exploitation & Lateral Movement Tools & Techniques
  • Generating Unseen Network Events

Who Should Take This Course?

This course is intended for red teams, blue teams, penetration testers, incident response personnel, security analysts, security administrators, network administrators, SOC personnel, and anyone else interested in learning about data exfiltration techniques used by red teams and black hats. This course is appropriate for beginner to intermediate skill levels.

Student Requirements

Students should have the following:

  • A laptop with admin access, 20GB+ free disk space, 8GB+ RAM, and VirtualBox installed.
  • Intermediate level of command line syntax experience using Linux and Windows
  • Fundamental knowledge of TCP/IP networking
  • Penetration testing experience performing enumeration, exploiting, and lateral movement is beneficial, but not required
  • Basic programming skills is a plus, but not essential

What Will Students Be Provided With?

Attendees of this training will be provided: slides in paper & electronic formats, lab instructions, VM images for lab work, dedicated VPS access per student, and Slack channel access for discussions with the trainer.


Leszek Miś is the founder of Defensive Security (, a principal trainer and security researcher with over 15 years of experience in Cyber Security and Open Source Security Solutions market. He went through the full path of the infosec carrier positions: from OSS researcher, Linux administrator and system developer, Solution Engineer, DevOps and CI, through penetration tester and security consultant delivering hardening services and training for the biggest players in the European market, to become finally an IT Security Architect / SOC Security Analyst with deep non-vendor focus on Network Security attack and detection. He’s got a deep knowledge about finding blind spots and security gaps in corporate environments. Perfectly understands technology and business values from delivering structured, automated adversary simulation platform.

Return to the Trainings page.