Bypassed enterprise DLP (Netskope) using only native Windows CMD and a PNG file — full writeup with mitigation
This research documents a technique to bypass Netskope enterprise DLP by embedding sensitive data three layers deep inside a PPTX file: a text file zipped, appended to a PNG image via Windows CMD binary copy, then embedded in the PPTX. Netskope's default inspection recursion depth is less than three, so it fails to detect the hidden data. The technique requires only native Windows tools and no admin rights. Detection can be improved by increasing recursion depth or using metadata anomaly rules. A coordinated detection approach using SentinelOne EDR behavioral alerts on CMD binary copy commands combined with Netskope metadata inspection is recommended. The technique applies to all Microsoft Office file formats using ZIP-based structures.
AI Analysis
Technical Summary
The technique exploits Netskope's default recursion depth limitation in content inspection, which is less than three levels. Sensitive data (secret.txt) is zipped, appended to a PNG image using Windows CMD's binary copy command, and then embedded into a PPTX file. Netskope inspects the PPTX as a ZIP and finds the PNG image but does not recurse into the appended ZIP inside the PNG, allowing data exfiltration without detection. The appended ZIP is a non-standard corrupt archive that native Windows tools cannot extract, requiring forensic tools like binwalk for extraction. Metadata anomalies (.txtux and .ux extensions) appear in the PNG metadata and can be used for detection without increasing recursion depth. Mitigations include increasing Netskope's recursion depth, creating metadata anomaly DLP rules, and deploying SentinelOne behavioral rules to alert on suspicious CMD binary concatenation commands. Combining SentinelOne endpoint alerts with Netskope network inspection creates a coordinated detection strategy.
Potential Impact
Sensitive data such as PII, credentials, or internal documents can be exfiltrated from managed corporate endpoints without triggering Netskope DLP alerts under default configurations. The technique requires no additional software installation or admin rights on the source machine and works across all Microsoft Office file formats that use ZIP-based structures. This bypass could lead to undetected data leakage through standard channels like email or web uploads.
Mitigation Recommendations
Mitigations have been proposed and documented by the researcher and reported internally. Recommended actions include: 1) Increasing Netskope's inspection recursion depth beyond three levels to detect deeply nested files, acknowledging potential performance impacts; 2) Implementing Netskope DLP rules targeting anomalous metadata extensions (.txtux, .ux) to detect this technique without deeper recursion; 3) Deploying SentinelOne EDR behavioral rules to alert on CMD commands performing binary file concatenation (copy /b), enabling endpoint detection of steganographic file preparation; 4) Correlating SentinelOne alerts with Netskope network inspection to create a coordinated detection and response workflow. Blocking cmd.exe is not advised due to legitimate operational use; monitoring and alerting is preferred. Patch status is not applicable as this is a detection and configuration issue rather than a software vulnerability.
Bypassed enterprise DLP (Netskope) using only native Windows CMD and a PNG file — full writeup with mitigation
Description
This research documents a technique to bypass Netskope enterprise DLP by embedding sensitive data three layers deep inside a PPTX file: a text file zipped, appended to a PNG image via Windows CMD binary copy, then embedded in the PPTX. Netskope's default inspection recursion depth is less than three, so it fails to detect the hidden data. The technique requires only native Windows tools and no admin rights. Detection can be improved by increasing recursion depth or using metadata anomaly rules. A coordinated detection approach using SentinelOne EDR behavioral alerts on CMD binary copy commands combined with Netskope metadata inspection is recommended. The technique applies to all Microsoft Office file formats using ZIP-based structures.
Reddit Discussion
Documented a data exfiltration technique that bypasses Netskope's default inspection by exploiting recursion depth limitations via file nesting.
The chain: secret.txt → zipped → binary appended into PNG via copy /b → embedded into PPTX. Three layers deep — beyond Netskope's default inspection threshold. No additional software needed on the source machine, no admin rights required.
Also found a low-cost detection path — anomalous metadata extensions (.txtux, .ux) surface during standard inspection without increasing recursion depth.
Full writeup with reproduction steps, binwalk forensics, and a dual-layer mitigation using SentinelOne behavioral rules + Netskope metadata rules.
https://github.com/YuvaBhargav/DLP-Bypass-Research
Happy to answer questions or get torn apart — genuinely want to know if there are gaps in the mitigation logic?
Links cited in this discussion
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
The technique exploits Netskope's default recursion depth limitation in content inspection, which is less than three levels. Sensitive data (secret.txt) is zipped, appended to a PNG image using Windows CMD's binary copy command, and then embedded into a PPTX file. Netskope inspects the PPTX as a ZIP and finds the PNG image but does not recurse into the appended ZIP inside the PNG, allowing data exfiltration without detection. The appended ZIP is a non-standard corrupt archive that native Windows tools cannot extract, requiring forensic tools like binwalk for extraction. Metadata anomalies (.txtux and .ux extensions) appear in the PNG metadata and can be used for detection without increasing recursion depth. Mitigations include increasing Netskope's recursion depth, creating metadata anomaly DLP rules, and deploying SentinelOne behavioral rules to alert on suspicious CMD binary concatenation commands. Combining SentinelOne endpoint alerts with Netskope network inspection creates a coordinated detection strategy.
Potential Impact
Sensitive data such as PII, credentials, or internal documents can be exfiltrated from managed corporate endpoints without triggering Netskope DLP alerts under default configurations. The technique requires no additional software installation or admin rights on the source machine and works across all Microsoft Office file formats that use ZIP-based structures. This bypass could lead to undetected data leakage through standard channels like email or web uploads.
Mitigation Recommendations
Mitigations have been proposed and documented by the researcher and reported internally. Recommended actions include: 1) Increasing Netskope's inspection recursion depth beyond three levels to detect deeply nested files, acknowledging potential performance impacts; 2) Implementing Netskope DLP rules targeting anomalous metadata extensions (.txtux, .ux) to detect this technique without deeper recursion; 3) Deploying SentinelOne EDR behavioral rules to alert on CMD commands performing binary file concatenation (copy /b), enabling endpoint detection of steganographic file preparation; 4) Correlating SentinelOne alerts with Netskope network inspection to create a coordinated detection and response workflow. Blocking cmd.exe is not advised due to legitimate operational use; monitoring and alerting is preferred. Patch status is not applicable as this is a detection and configuration issue rather than a software vulnerability.
Technical Details
- Source Type
- Subreddit
- blueteamsec+AskNetsec+Information_Security
- Reddit Score
- 0
- Discussion Level
- minimal
- Content Source
- reddit_link_post
- Post Type
- link
- Domain
- null
- Newsworthiness Assessment
- {"score":27,"reasons":["external_link","established_author","very_recent"],"isNewsworthy":true,"foundNewsworthy":[],"foundNonNewsworthy":[]}
- Has External Source
- true
- Trusted Domain
- false
Threat ID: 6a25c789e29bf47b5017a43b
Added to database: 6/7/2026, 7:33:29 PM
Last enriched: 6/7/2026, 7:33:41 PM
Last updated: 6/8/2026, 4:57:00 AM
Views: 12
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.