It’s been quite some time since there’s been an Egress-Assess update and multiple developers have contributed code that helped expand its capabilities. We use Egress-Assess almost every assessment our testers are on: it helps us simulate different methods that attackers use to sneak data out of a network, without actually sending sensitive data. It allows blue teams to very quickly identify gaps in defenses or detections and deploy new configurations or technologies that help close that gap.
Without any further delay, let’s dig into the updates.
Egress-Asess and Luhn Checks
Originally, Egress-Assess generated random numbers for credit cards and simply put them in a “format” similar to credit cards. If a DLP (data loss prevention) device was inspecting web traffic via simple regex searches, then it would likely find and flag on this traffic. However, these were just random numbers, i.e. they did not pass the Luhn Check. Any device that actually attempted to see if any “credit card number” passed the Luhn check would find that they did not, except in the event of some rare collision.
However, with the help of this post, we could quickly adapt the public code for creating credit card numbers that pass Luhn Checks. This way, we ensure that valid (but fake) credit card numbers are easily generated and sent out of a network via your favorite protocol.
UK National Insurance Numbers
While the UK National Insurance Numbers feature was added quite some time ago, we never talked about it, so why not now? Egress-Assess has largely stuck with generating fake credit cards or social security numbers, but that’s been largely the only “sensitive data” generated by the tool. Thankfully, @RastaMouse submitted code to Egress-Assess that now allows the tool to easily generate UK National Insurance Numbers!
Egress-Assess Bug Fixes
Bug fixes are another priority we are always happy to fix. Harley LeBeau was able to identify and fix a bug with Egress-Assess’s credit card generation functionality, while Steve Borosh reviewed it and merged it in.
There’s more planned for Egress-Assess in the future. Therefore, be sure to watch for more updates and, in case you missed it, check out our last Egress-Assess post. You might just think of new features you’d like to see, in which case we’ll be excited to hear your requests. Also, don’t forget that we are offering our Intrusion Operations course at BlackHat USA 2019 this summer! Be sure to come to Vegas and join us!