In a previous blog post, I detailed a convention I developed in order to use Markov models in order obfuscate data. In this blog post, I will talk about a script, mtunnel, which acts as both ends of a SOCKS tunneling proxy where the transport between the two ends is obfuscated using MarkovObfuscation. MarkovObfuscation in a tunneling SOCKS Proxy After I saw folks appeared interested in the MarkovObfuscation blog post, I decided I needed a proof of concept that actually did something.
Machine learning methods, simple and complex, can be used in almost all aspects of our digital lives. Interestingly enough, it is rarely observed in the offensive side of information security. When I was thinking about the number of ways an attacker can exfiltrate data past a firewall, I decided to try out an old favorite, Markov chains, in order to build the next generation of “book ciphers”. UPDATE A Github repository has been created for this project: markovobfuscate Markov Chains as a Keyed Obfuscation Method This is a project that has been sitting in my private git repository for a long while, and after I was recently reminded of it, I’ve decided to write it up and do an initial release.