If you can connect to Github pages couldn't you exfil that way? This takes 2 mins for 100KB.
replyNot quietly. Uploads are commonly monitored by data loss prevention (DLP) solutions, especially when MITM is being used for corporate proxy.
replyDownloading a tiny JS from a CDN, or accessing a GitHub page is mostly noise, especially if obfuscated well.
Npm install qr-made-up-name
Can show qr in console. How do you stop that?
replyI'm likely being overly specific, but blocking npm downloads, installation on corporate devices, etc is trivial in a restrictive corporate environment.
reply