A penetration tester is trying to execute a post-exploitation activity and creates the follow script:
Which of the following best describes the tester ' s objective?
To download data from an API endpoint
To download data from a cloud storage
To exfiltrate data over alternate data streams
To exfiltrate data to cloud storage
The script shows:
Use of BlobServiceClient.from_connection_string() — this is Azure Blob Storage interaction.
It opens a local file in binary mode (with open(file_path, " rb " )).
Calls blob_client.upload_blob(data) — clearly indicating uploading the local file to cloud storage.
This matches data exfiltration activity, where stolen or sensitive local files are sent to an external system (cloud storage).
Why not the others?
A. API endpoint: The code uses Azure Blob storage SDK, not a REST API endpoint.
B. Download data from cloud storage: Code uploads, not downloads.
C. Alternate data streams (ADS): That’s a Windows NTFS feature, unrelated to cloud storage.
CompTIA PT0-003 Objective Mapping:
Domain 3.0 Attacks and Exploits
3.2: Post-exploitation techniques (data exfiltration, cloud storage use).
Submit