The Hunters Hut
The Hunters Hut

Shell-Company/QRExfil

Article Excerpt

This tool is a command line utility that allows you to convert any binary file into a QRcode GIF. The data can then be reassembled visually allowing exfiltration of data in air gapped systems.

property
value
tags
offensive-tradecraft,tactic-exfiltration,technique-data-encoding,tradecraft-tool
url
https://github.com/Shell-Company/QRExfil
original_word_count
384

Long Summary

QRExfiltrate is a command line utility that allows users to covert any binary file into a QRcode GIF. This allows data to be exfiltrated without detection from most DLP systems. To use QRExfiltrate, open a command line and navigate to the directory containing the QRExfiltrate scripts. Then, run the command ./encode.sh to convert the binary file into a GIF file. The GIF file can then be transferred and reassembled using any standard QR code reader.

QRExfiltrate requires the prerequisites qrencode and ffmpeg. It is limited by the size of the source data, as qrencoding per frame has been capped to 64 bytes. Additionally, the conversion to QR code results in a lot of storage overhead, making the resulting GIF file 50x larger than the original. Finally, QRExfiltrate is limited by the capabilities of the QR code reader. If the reader is not able to detect the QR codes from the GIF, the data will not be able to be reassembled.

QRExfiltrate is a powerful tool that can be used to bypass DLP systems and exfiltrate data in air gapped networks. However, it should be used with caution and only in situations where the risk of detection is low. The decoder script has been intentionally omitted to ensure the security of the data.

In conclusion, QRExfiltrate is a useful tool for exfiltrating data in air gapped networks, but it should be used with caution and only in low-risk situations. It is limited by the size of the source data, the storage overhead of the conversion to QR code, and the capabilities of the QR code reader.

Short Summary

šŸ““ Shell-Company/QRExfil

šŸ‘‰šŸ½ This tool is a command line utility that allows you to convert any binary file into a QRcode GIF. The data can then be reassembled visually allowing exfiltration of data in air gapped systems. šŸ‘‰šŸ½ QRExfiltrate is a command line utility šŸ‘‰šŸ½ It converts binary files into QRcode GIFs šŸ‘‰šŸ½ It allows for data to be exfiltrated undetected from DLP systems šŸ‘‰šŸ½ To use QRExfiltrate, navigate to its directory and run the command šŸ‘‰šŸ½ QRExfiltrate requires qrencode and ffmpeg šŸ‘‰šŸ½ qrencoding per frame is capped at 64 bytes šŸ‘‰šŸ½ The resulting GIF file is 50x larger than the original šŸ‘‰šŸ½ It can bypass air-gapped networks šŸ‘‰šŸ½ Use with caution and only in low-risk situations šŸ‘‰šŸ½ The decoder script has been omitted to ensure data security.

šŸ”— source link: https://github.com/Shell-Company/QRExfil

šŸ”— summarized content: https://hut.threathunterz.com/battlefield-intel/tradecraft-tools/shell-companyqrexfil

#QRExfiltrate #DataExfiltration #DLPBypass #QRCodeGIF #AirGappedNetworks

LinkedIn

ThreatHunterz.com