Hidden Data Exfiltration Using Time- Literally-0

 

I was looking at my watch last week and my attention was moved towards the seconds over at the right of the watch face, incrementing nicely along as you’d expect. Now, I don’t know if I’d just spent too long staring at a debugger screen or if it was something in the air, but an idea dawned on me, related to all things command and control, data exfiltration, etc. When I saw “41,” I saw “A,” which is the hexadecimal representation for it, “42” being “B” and so on – a lot of pentesters will relate. You know what… I theorised, these seconds of the time could be used to represent data, in a form we already have, ASCII.