Presentation is loading. Please wait.

Presentation is loading. Please wait.

RCS on a low bandwith.

Published byLeony Agusalim Modified over 6 years ago

Similar presentations

Presentation on theme: "RCS on a low bandwith."— Presentation transcript:

1 RCS on a low bandwith

2 What happens if an agent is running on a device with very slow Internet connection? An improper configuration may lead to loss of the Agent.

3 If you use all the bandwidth available, the Target will notice
If you use all the bandwidth available, the Target will notice. An Agent that produces too much evidence may be unable to transfer it.

4 EMPYRICAL TESTS

5 Test on a low bandwith A Windows target has been infected, but the bandwith available to the agent is limited to 3 kB/s The following modules can be freely used in a low bandwith environment: Device Position Addressbook (21 contacts in few seconds) Application Calendar Chat Clipboard Keylogger Password URL

6 Test on a low bandwith The following modules need particular attention when used in a low bandwith environment: Camera + Screenshot Medium quality: 50 seconds to sync one evidence Low quality: 25 seconds to sync one evidence ADVISE: use low quality and never take more than 1 screenshot or camera per minute Call Quality 5: 3 minutes to sync 46 seconds of call Quality 1: 1m50s to sync 46 seconds of call (still good quality) CAUTION: avoid or use for a very limited period of time; use lowest quality File Easy calculation: the bigger the file the longer the synchronization time 12 minutes to sync a file of 1Mb CAUTION: absolutely avoid downloading more than 3Mb in files

7 Test on a low bandwith The following modules need particular attention when used in a low bandwith environment: Mail In a test mailbox, in one month 75 s have been received. Limiting the agent to collect s <=50kB in size, it took 20 minutes to synchronize all s received in the last month ADVISE: start syncing only one day of s, then slowly increase the timeframe according to your needs. Keep a low maximum size limit. Mic It takes 1m50s to synchronize 1 minute of recording CAUTION: avoid or use for a very limited period of time

8 EXAMPLE CONFIGURATIONS

9 First Configuration This configuration is to be used for the first infection: Device only Sync every 15 minutes Limit bandwith to 3kB/s The device module will give you the basic information to understand what kind of device has been infected. A 15 minutes period between syncs will give you the chance to promptly change the configuration when needed.

10 First Configuration

11 Second Configuration This configuration will include all evidence that is known to work without issues on a low bandwith target: Device, Position (every 5 minutes), Addressbook, Application, Calendar, Chat, Clipboard, Keylogger, Password, URL Sync every 30 minutes Limit bandwith to 3kB/s Most of the useful information that can be obtained from an infected device is collected. A 30 minutes period between syncs will prevent bandwith saturation, thus allowing to change the configuration in reasonable time.

12 Second Configuration

13 Third Configuration This configuration adds the retrieval of s to the Second Configuration. It starts collecting s smaller than 50kB and up to 2 days old. Device, Position (every 5 minutes), Addressbook, Application, Calendar, Chat, Clipboard, Keylogger, Password, URL, Mail Sync every 60 minutes Limit bandwith to 3kB/s A longer period between syncs will minimize the use of bandwith from the agent.

14 Third Configuration

15 Third Configuration You can evaluate to collect bigger than 50kb and in intervals longer than 2 days. Check how many were collected for the last two days. Configure the agent according to the following table to collect from the past: Collected s Days to collect 50+ 1 day 30-50 2 days 15-30 3 days 1-15 5 days

16 Be very careful when configuring a new Agent!

Download ppt "RCS on a low bandwith."

Similar presentations

Managing Incoming Email Chapter 3 Bit Literacy. Terminology Email client – program which retrieves emails from a mail server, lets you read the mails,

Managing Incoming Chapter 3 Bit Literacy. Terminology client – program which retrieves s from a mail server, lets you read the mails,
IT Training How to Held Online Presentation – Plan the Online Ahead – Presentation Material – Power Backup – Connecting Software – Internet Connection.

IT Training How to Held Online Presentation – Plan the Online Ahead – Presentation Material – Power Backup – Connecting Software – Internet Connection.
Managing Your Mailbox Facilities IS Presents:. Is your mailbox getting too big? Managing Your Mailbox An overstuffed mailbox can cause problems. You won’t.

Managing Your Mailbox Facilities IS Presents:. Is your mailbox getting too big? Managing Your Mailbox An overstuffed mailbox can cause problems. You won’t.
GETTING STARTED WITH YOUR NEW AIRTEL MAIL PROFESSIONAL EMAIL SERVICE POWERED BY Microsoft Office 365 Version-3 18th February 2013.

GETTING STARTED WITH YOUR NEW AIRTEL MAIL PROFESSIONAL SERVICE POWERED BY Microsoft Office 365 Version-3 18th February 2013.
Introduction to UTORexchange For IT support providers.

Introduction to UTORexchange For IT support providers.
MS Access Advanced Instructor: Vicki Weidler Assistant:

MS Access Advanced Instructor: Vicki Weidler Assistant:
Manage your mailbox IV: Archive old messages Get fancy with Archive Archive can be very flexible. You don’t have to archive only at the selected time intervals;

Manage your mailbox IV: Archive old messages Get fancy with Archive Archive can be very flexible. You don’t have to archive only at the selected time intervals;
Softsmith Online Training Academy (SOTA) Welcome to Softsmith Learning Community We provide an enjoyable learning experience to our audience Visit us at.

Softsmith Online Training Academy (SOTA) Welcome to Softsmith Learning Community We provide an enjoyable learning experience to our audience Visit us at.
REDCap User Group Meeting New Features for 6.5.x 7/14/15 1.

REDCap User Group Meeting New Features for 6.5.x 7/14/15 1.
Keylogger A presentation of computer safety. What is a Keylogger?  A keylogger is an invisible tool for surveillance that allows you to monitor the activities.

Keylogger A presentation of computer safety. What is a Keylogger?  A keylogger is an invisible tool for surveillance that allows you to monitor the activities.
Backup Local Email Online For secure offsite storage of your e-mail, and making it available from any computer or smart phone. Backup e-mail accessed with.

Backup Local Online For secure offsite storage of your , and making it available from any computer or smart phone. Backup accessed with.
Back to content Final Presentation Mr. Phay Sok Thea, class “2B”, group 3, Networking Topic: Mail Client “Outlook Express” *At the end of the presentation.

Back to content Final Presentation Mr. Phay Sok Thea, class “2B”, group 3, Networking Topic: Mail Client “Outlook Express” *At the end of the presentation.
VBE easy VBE 5.5.1 Release – New Features Available From 2 October 2006.

VBE easy VBE Release – New Features Available From 2 October 2006.
By Louise Kelly Candidate Number:9577 Centre Name: Sacred Heart High school Centre Number: 10160

By Louise Kelly Candidate Number:9577 Centre Name: Sacred Heart High school Centre Number: 10160
Email (or E-mail ?) Short for Electronic Mail The transmission of messages over networks.

(or ?) Short for Electronic Mail The transmission of messages over networks.
ISP-Hooking Up and Checkout Assignment-II The purpose of these assignments is to verify that you can use Email, browsers, and effectively search the internet.

ISP-Hooking Up and Checkout Assignment-II The purpose of these assignments is to verify that you can use , browsers, and effectively search the internet.
VERSION 2.6 FAE Group Demo Guide. Remote Control System Demo In order to standardize the way how Remote Control System is presented and to maximize the.

VERSION 2.6 FAE Group Demo Guide. Remote Control System Demo In order to standardize the way how Remote Control System is presented and to maximize the.
Managing Incoming Email Chapter 3 Bit Literacy. Terminology Email client – program which retrieves emails from a mail server, lets you read the mails,

Managing Incoming Chapter 3 Bit Literacy. Terminology client – program which retrieves s from a mail server, lets you read the mails,
A Quick Look At How Email Works Understanding the basics of how email works can make life a lot easier for any email user. Especially those who are interested.

A Quick Look At How Works Understanding the basics of how works can make life a lot easier for any user. Especially those who are interested.
The SharePoint Shepherd’s Course for End Users Based on the book by Robert L. Bogue Copyright 2011 AvailTek LLC All Rights Reserved.

The SharePoint Shepherd’s Course for End Users Based on the book by Robert L. Bogue Copyright 2011 AvailTek LLC All Rights Reserved.

Similar presentations

Ads by Google