Description
Exfiltrates all files within a specified directory that match a given filename filter by uploading them via the SpecterInsight exfil API.
Invoke-DirectoryExfiltration
Detailed Description
Invoke-DirectoryExfiltration enumerates all files within a target directory that match a specified wildcard filter and exfiltrates each matching file using the SpecterInsight Exfiltrate-Document (exfil) API. Unlike single-file exfiltration, this script operates at the directory level, making it suitable for bulk collection of artifacts such as logs, documents, or configuration files.
Each file is passed to the exfil cmdlet using the -File parameter set, which reads the file’s raw bytes and posts them to the connected SpecterInsight C2 server via connection.PostDocuments(). The script outputs one PSObject per successfully exfiltrated file, containing the filename and byte size, and does not rely on any external executables.
Parameters
| Parameter | Type | Mandatory | Default | Description |
|---|---|---|---|---|
Path |
String | Yes | — | Absolute or relative path to the directory from which files will be exfiltrated. |
Filter |
String | No | * |
Wildcard pattern used to match files within the directory (e.g. *.txt, *.log, secret_*). Defaults to all files. |
Example Output
[
{
"Filename": "passwords.txt",
"Size": 2048
},
{
"Filename": "credentials.log",
"Size": 10921
},
{
"Filename": "config.xml",
"Size": 4372
}
]