Comment by thedougd

9 hours ago

I've done this exact approach before. It's a good way to exfiltrate data. Post the software on GitHub pages, or a popular CDN that co-hosts other shared libraries and you've got a very difficult to block method.

Really goes to show that it's very difficult to stop a motivated and informed actor.

4 comments

thedougd

Reply
skinfaxi  8 hours ago

If you can connect to Github pages couldn't you exfil that way? This takes 2 mins for 100KB.

  • thedougd  6 hours ago

    Not quietly. Uploads are commonly monitored by data loss prevention (DLP) solutions, especially when MITM is being used for corporate proxy.

    Downloading a tiny JS from a CDN, or accessing a GitHub page is mostly noise, especially if obfuscated well.

skeptic_ai  7 hours ago

Npm install qr-made-up-name Can show qr in console. How do you stop that?

  • thedougd  5 hours ago

    I'm likely being overly specific, but blocking npm downloads, installation on corporate devices, etc is trivial in a restrictive corporate environment.