During an internal engagement, a penetration tester must quietly exfiltrate several PDF reports to an external server but wants the traffic to blend in with routine connectivity diagnostics that system administrators regularly perform. Which technique would BEST achieve this goal?
Set up an HTTPS reverse proxy and send the files through the encrypted tunnel
Encapsulate the files inside ICMP echo-request and echo-reply payloads
Deploy a disguised Trojan that periodically uploads the data over TCP port 80
Encode the documents into subdomain labels inside outbound DNS queries
ICMP echo requests and replies underpin the ping utility that administrators use every day to verify reachability. By embedding file data in those payloads, the tester's traffic resembles ordinary ping traffic and is often ignored by basic monitoring. HTTPS tunnels, DNS subdomain encoding, and a Trojan over TCP all move data, but none mimic the short, stateless diagnostic traffic generated by ping as closely as ICMP echo tunneling does.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What are echo requests and replies?
Open an interactive chat with Bash
Why are monitoring tools less likely to detect hidden files in echo traffic?
Open an interactive chat with Bash
What makes session-based encrypted tunnels less effective for covert file transfers in this scenario?