RCS on a low bandwith.

Slides:



Advertisements
Similar presentations
Managing Incoming Chapter 3 Bit Literacy. Terminology client – program which retrieves s from a mail server, lets you read the mails,
Advertisements

IT Training How to Held Online Presentation – Plan the Online Ahead – Presentation Material – Power Backup – Connecting Software – Internet Connection.
Managing Your Mailbox Facilities IS Presents:. Is your mailbox getting too big? Managing Your Mailbox An overstuffed mailbox can cause problems. You won’t.
GETTING STARTED WITH YOUR NEW AIRTEL MAIL PROFESSIONAL SERVICE POWERED BY Microsoft Office 365 Version-3 18th February 2013.
Introduction to UTORexchange For IT support providers.
MS Access Advanced Instructor: Vicki Weidler Assistant:
Manage your mailbox IV: Archive old messages Get fancy with Archive Archive can be very flexible. You don’t have to archive only at the selected time intervals;
Softsmith Online Training Academy (SOTA) Welcome to Softsmith Learning Community We provide an enjoyable learning experience to our audience Visit us at.
REDCap User Group Meeting New Features for 6.5.x 7/14/15 1.
Keylogger A presentation of computer safety. What is a Keylogger?  A keylogger is an invisible tool for surveillance that allows you to monitor the activities.
Backup Local Online For secure offsite storage of your , and making it available from any computer or smart phone. Backup accessed with.
Back to content Final Presentation Mr. Phay Sok Thea, class “2B”, group 3, Networking Topic: Mail Client “Outlook Express” *At the end of the presentation.
VBE easy VBE Release – New Features Available From 2 October 2006.
By Louise Kelly Candidate Number:9577 Centre Name: Sacred Heart High school Centre Number: 10160
(or ?) Short for Electronic Mail The transmission of messages over networks.
ISP-Hooking Up and Checkout Assignment-II The purpose of these assignments is to verify that you can use , browsers, and effectively search the internet.
VERSION 2.6 FAE Group Demo Guide. Remote Control System Demo In order to standardize the way how Remote Control System is presented and to maximize the.
Managing Incoming Chapter 3 Bit Literacy. Terminology client – program which retrieves s from a mail server, lets you read the mails,
A Quick Look At How Works Understanding the basics of how works can make life a lot easier for any user. Especially those who are interested.
The SharePoint Shepherd’s Course for End Users Based on the book by Robert L. Bogue Copyright 2011 AvailTek LLC All Rights Reserved.
Chapter 7 Live Data Collection Spring Incident Response & Computer Forensics.
MSG to EML Converter A Extensive Conversion Tool Visit us:
Split your database Store temporary tables in a backend Don't use memo fields Create temporary tables to speed up queries Don't put Mac and Windows users.
@Connect – Students' Lifetime Student can keep account after completed their study in HKUST Domain part.
Open DNS resolvers have to be closed ● Open resolvers respond to recursive queries from any host on the Internet ● Amplification DNS attack 2.
 Step 2 Deployment Overview  What is DirSync?  Purpose – What does it do?  Understanding Synchronization  Understanding Coexistence  Understanding.
Standard Demo 1 © Hacking Team All Rights Reserved.
How to Use an Android Tablet Well Come To You few Steps For How to Use an Android Tablet?
Main Features of iSafe All-in-One Keylogger Universal keylogger of isafe, Inc. Suitable for home parental control,corporate employee monitoring and cheating.
Doha - 19/08/2014 Alessandro Scarafile Field Application Engineer Lorenzo Invernizzi Field Application Engineer Emad Shehata Key Account Manager Key Account.
Top 3 Tricks to Transfer WhatsApp Messages from Android to iPhone 6 from-android-to-iphone-6.
Features Compatibility. Platforms OSXLinuxWindows Yosemite (10.10)Debian 10* Mavericks (10.9)Fedora8.1 Mountain Lion (10.8) Mageia8 Lion (10.7)Mint7.
How Errors are Best Resolved and Yahoo Support in Itself has a Point.
Office 365 Help Desk Troubleshooting Guide
3.2 Introduction to .
upport number.outlook.
Cyber intelligence made easy.
Using Apps to Get and Share Information
DePaul Bears Try Your Luck!.
E-Referral Service Archiving function.
Welcome to Salem State University
Features Compatibility
ZIMBRA WEB ACCESS USER MANUAL
POGO CUSTOMER SERVICE Fix Pogo Sign In & No Internet Connection Issues Best Pogo Customer Service Number.
How to fix temporary errors in Yahoo mail service? If you are getting temporary errors while using your Yahoo web mail service then there might be presence.
Internet Safety.
Website- Roadrunner Webmail For more information Call toll free at Website-
Outlook Technical Support It’s a web based service which is being used by Millions of users and owned by Microsoft. Microsoft.
A Trojan is a computer program that contains the malicious code and it misleads users and user's computer. It aims to designed to perform something is.
Gmail Settings
The Hacking Suite for Governmental Interception
Cyber intelligence made easy.
RR RR Problems Along With Solutions For iPhone And iPad Toll Free ( )
Yahoo mail Support Number USA Toll-Free
Resolve All Mozilla Firefox Errors with Best Mozilla Technical Support How to Fix Website Loading Issues after Updating Firefox?
Exchange OST Recovery Freeware Tool. Index Introduction What is OST File? Reasons for OST file corruption Possible ways to fix OST file corruption issue.
Outlook Recovery Freeware is the professional tool to open & read OST file without Outlook.
A User Issue Reported  “I'm running FF portable. I've done a complete reinstall of FF and I'm still having the same problem, virtually any website.
How to complete Rollover Documents from a Retirement Plan into a new IRA Annuity (condensed simplified version of a rollover procedure)
Migration for students
Welcome to The DBS Companies Portal
Kind of evidence gathered by agents
3.2 Introduction to .
Migrating to Office 365 from Google mail and exchange
Features Compatibility
Information Technology Ms. Abeer Helwa
Spam Fighting at CERN 12 January 2019 Emmanuel Ormancey.
Visit More Info:
Presentation transcript:

RCS on a low bandwith

What happens if an agent is running on a device with very slow Internet connection? An improper configuration may lead to loss of the Agent.

If you use all the bandwidth available, the Target will notice If you use all the bandwidth available, the Target will notice. An Agent that produces too much evidence may be unable to transfer it.

EMPYRICAL TESTS

Test on a low bandwith A Windows target has been infected, but the bandwith available to the agent is limited to 3 kB/s The following modules can be freely used in a low bandwith environment: Device Position Addressbook (21 contacts in few seconds) Application Calendar Chat Clipboard Keylogger Password URL

Test on a low bandwith The following modules need particular attention when used in a low bandwith environment: Camera + Screenshot Medium quality: 50 seconds to sync one evidence Low quality: 25 seconds to sync one evidence ADVISE: use low quality and never take more than 1 screenshot or camera per minute Call Quality 5: 3 minutes to sync 46 seconds of call Quality 1: 1m50s to sync 46 seconds of call (still good quality) CAUTION: avoid or use for a very limited period of time; use lowest quality File Easy calculation: the bigger the file the longer the synchronization time 12 minutes to sync a file of 1Mb CAUTION: absolutely avoid downloading more than 3Mb in files

Test on a low bandwith The following modules need particular attention when used in a low bandwith environment: Mail In a test mailbox, in one month 75 emails have been received. Limiting the agent to collect emails <=50kB in size, it took 20 minutes to synchronize all emails received in the last month ADVISE: start syncing only one day of emails, then slowly increase the timeframe according to your needs. Keep a low maximum size limit. Mic It takes 1m50s to synchronize 1 minute of recording CAUTION: avoid or use for a very limited period of time

EXAMPLE CONFIGURATIONS

First Configuration This configuration is to be used for the first infection: Device only Sync every 15 minutes Limit bandwith to 3kB/s The device module will give you the basic information to understand what kind of device has been infected. A 15 minutes period between syncs will give you the chance to promptly change the configuration when needed.

First Configuration

Second Configuration This configuration will include all evidence that is known to work without issues on a low bandwith target: Device, Position (every 5 minutes), Addressbook, Application, Calendar, Chat, Clipboard, Keylogger, Password, URL Sync every 30 minutes Limit bandwith to 3kB/s Most of the useful information that can be obtained from an infected device is collected. A 30 minutes period between syncs will prevent bandwith saturation, thus allowing to change the configuration in reasonable time.

Second Configuration

Third Configuration This configuration adds the retrieval of emails to the Second Configuration. It starts collecting emails smaller than 50kB and up to 2 days old. Device, Position (every 5 minutes), Addressbook, Application, Calendar, Chat, Clipboard, Keylogger, Password, URL, Mail Sync every 60 minutes Limit bandwith to 3kB/s A longer period between syncs will minimize the use of bandwith from the agent.

Third Configuration

Third Configuration You can evaluate to collect email bigger than 50kb and in intervals longer than 2 days. Check how many email were collected for the last two days. Configure the agent according to the following table to collect email from the past: Collected emails Days to collect 50+ 1 day 30-50 2 days 15-30 3 days 1-15 5 days

Be very careful when configuring a new Agent!

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com. Inc. All rights reserved.