The Adventures of AV and the Leaky Sandbox By Black Hat July 25-27 2017
In this presentation, we describe and demonstrate a novel technique for exfiltrating data from highly secure enterprises whose endpoints have no direct Internet connection, or whose endpoints’ connection to the Internet is restricted to hosts used by their legitimately installed software. Assuming the endpoint has a cloud-enhanced antivirus product installed, we show that if the anti-virus product employs an Internet-connected sandbox in its cloud, it in fact facilitates such exfiltration.
By Itzik Kotler & Amit Klein
Full Abstract & Presentation Materials: