Description
Overview
The concept of “data bouncing” via a third-party web server provides an extremely stealthy method of bypassing traditional network safeguards. By directing web requests to certain domains that process hostnames in headers, you can relay small pieces of data to your DNS listener, allowing you to collect and reconstruct data, be it strings, files, or any other type of data.
The discovery of this technique has received minimal publicity, which seems to be partly attributable to the unfamiliar use of familiar services, and partly to a lack of easy to use tooling. This talk aims to rectify both of these by providing a clear explanation of the concept and presenting a new tool to allow the exfiltration to be carried out easily.
Agenda
Introduction:
-whoami
-What will I be talking about?
History of Data Exfiltration:
-Quick recap of older techniques
-Coverage of the reasons for data exfiltration
HTTP and DNS Lookups Overview:
-Short explanation of what's going on when lookups happen
Discovery of Data Bouncing
-The original discovery of the issue (by accident) during a pen test
How Does this Work and What Does it Mean?:
-The technique and how ir can be used
-Coverage of uses for almost undectable data exfiltration, C2 heartbeat, etc.
Putting it to Use:
-Tool demo
Conclusion
Optional: Speaker / convener biography
I'm a former secure software developer, turned penetration tester and developer of hacking tools and scripts. My work and interests include tool development, code security review, machine learning and secure software development practices.
| Length | 45 minutes |
|---|