Skip to content

Clipboard Bypass and Evasion Tests (DM-CLIPBYPASS)

Adversarial clipboard tests focusing on multi-format payloads, file-list types, transform evasion, chunking strategies, fuzzing, and race conditions.

Objectives

  • Deny file-list and non-text formats even when text is allowed.
  • Prevent reassembly of exfiltrated data across small transfers and formats.

Preconditions

  • runtime.dataMotion.settings.clipboard.enabled: true and deny-by-default posture for outbound.

Controls Under Test

  • runtime.dataMotion.rules[] with channel: "clipboard" and format-aware matching (MIME, CF_HDROP, etc.).
  • Rate limiting and size caps; processing pipelines (e.g., builtin.stripFormats, htmlSanitize).

Test Scenarios

IDScenarioProcedureExpected Outcome
DM-CLIPBYPASS-01CF_HDROP / FileListCopy file list (e.g., multiple files) and attempt paste on host.Denied; channel: "clipboard", mime: file-list; action deny.
DM-CLIPBYPASS-02RTF/HTML OLE & data URIsCopy rich text with embedded OLE object or data: URIs; paste to host editor.Denied or transformed; process with stripFormats/htmlSanitize results; no payload leakage.
DM-CLIPBYPASS-03Polyglot PayloadsSet CF_TEXT (benign) and CF_HDROP (malicious) simultaneously; paste to a target supporting both.Sandbox prefers safest format; CF_HDROP is stripped/denied; only text passes.
DM-CLIPBYPASS-04Chunked Copy/ReassemblyCopy small chunks sequentially and recombine on host.Rate limit/deny triggers; cumulative size policy prevents reassembly.
DM-CLIPBYPASS-05Encrypted Payload in TextBase64 ciphertext with known host key; attempt decode on host.Denied per onUnknownClassification: "deny" for opaque content.
DM-CLIPBYPASS-06Clipboard Managers/HistoryUse a manager to recall blocked payload; attempt host paste.Inbound denies prevent re-exposure; audit shows inbound deny.
DM-CLIPBYPASS-07MIME Type FuzzingScript flood of 50+ rare MIME types (e.g., Embed Source, Object Descriptor) to clipboard.All undefined types denied by default; audit log records 50+ specific deny events.
DM-CLIPBYPASS-08Race Conditions (TOCTOU)Rapidly toggle clipboard between 'Safe' and 'Classified' strings (e.g., 10ms intervals); paste continuously.Monitor evaluates state at access; no classified data leaks; potentially triggers rate limiting.
DM-CLIPBYPASS-09Unicode Surrogates/HomoglyphsUse homoglyphs and surrogate pairs to conceal keywords in text; attempt paste to host DLP bypass.Denied or normalized to plain text and re-evaluated; audit shows transform and no leakage.
DM-CLIPBYPASS-10Structured JSON Disguised as RTFEmbed JSON in RTF/HTML; attempt to pass via text-only fallbacks.Transforms strip rich formats; JSON analyzed as text and policy denies if classified indicators present.
DM-CLIPBYPASS-11Cumulative Rate-Limit EvasionSend 100 small pastes spaced to avoid per-event limits; recombine on host.Cumulative quota triggers deny; audit shows cumulativeBytes and rate-limit fields.
DM-CLIPBYPASS-12Image Crop/Resize EvasionCrop a large image to just below the imageMegapixels threshold (e.g., 0.24 MP when limit is 0.25 MP); attempt outbound paste.Allowed at boundary; verify megapixel calculation is exact (width × height ÷ 1 000 000). Audit: metrics.image.megapixels confirms decoded value, not file-size estimate.
DM-CLIPBYPASS-13Format Conversion EvasionConvert an image between formats (PNG → BMP → DIB) and place each on the clipboard; attempt outbound paste of each.Decoded dimensions are reported consistently regardless of clipboard format. All formats produce the same metrics.image.megapixels and metrics.image.widthPx/heightPx.
DM-CLIPBYPASS-14Dimension Spoof via Aspect RatioCreate a tall, narrow image (e.g., 100 × 20000 px = 2.0 MP) that fits width constraints but exceeds height. Attempt outbound paste with imageDimensions.height.max: 1440.Denied; height check catches the oversized dimension even though width is within limits. Audit: action: "deny", metrics.image.heightPx: 20000.
DM-CLIPBYPASS-15Tiled Screenshot ReassemblyCapture multiple small screenshots (each under MP and dimension thresholds) in rapid succession; attempt reassembly on host.Individual pastes may be allowed (each under threshold). Combined with rate limiting (DM-CLIP-08), cumulative image data triggers deny. Audit shows progressive cumulativeBytes and rate-limit signals.

Evidence Requirements

  • Audit category: dataMotion with channel: "clipboard", direction, action, outcome, rule.id, and content type (MIME or format).
  • When processing: include transforms (e.g., stripFormats).
  • When rate-limited: include rate-limit fields and cumulative bytes.

Troubleshooting

  • Confirm rule priority and format detection (CF_HDROP vs MIME); ensure defaultAction is deny.
  • Verify pipelines are configured correctly and do not re-encode back to risky formats.