Data Exfiltration Techniques: DNS Exfiltration | TryHackMe
An overview of data exfiltration methods focusing on DNS exfiltration techniques, with additional resources for cybersecurity certification notes and cheat sheets.
Motasem Hamdan
13.9K views • Sep 7, 2022
About this video
🚀 Cyber Security Certification Notes
https://shop.motasem-notes.net/collections/cyber-security-study-notes
🚀OR Certification Notes with Cheat Sheets
https://buymeacoffee.com/notescatalog/extras
💡Cyber Security Notes | Membership Access
https://buymeacoffee.com/notescatalog/membership
🔥Download FREE Cyber Security 101 Study Notes
https://buymeacoffee.com/notescatalog/e/290985
***
In this video walk-through, we covered Data Exfiltration through DNS protocol and performed C2 through DNS as well.
**********
Receive Cyber Security Field Notes and Special Training Videos
https://www.youtube.com/channel/UCNSdU_1ehXtGclimTVckHmQ/join
*******
Writeup
https://motasem-notes.net/dns-tunneling-explained-tryhackme-dns-data-exfiltration/
TryHackMe Data Exfiltration
https://tryhackme.com/r/room/dataxexfilt
*****
Store
https://buymeacoffee.com/notescatalog/extras
Patreon
https://www.patreon.com/motasemhamdan
LinkedIn
[1]: https://www.linkedin.com/in/motasem-hamdan-7673289b/
[2]: https://www.linkedin.com/in/motasem-eldad-ha-bb42481b2/
Instagram
https://www.instagram.com/motasem.hamdan.official/
Google Profile
https://maps.app.goo.gl/eLotQQb7Dm6aiL8z6
Twitter
https://twitter.com/ManMotasem
Facebook
https://www.facebook.com/motasemhamdantty/
***
0:00 - Introduction to Data Exfiltration over DNS
0:32 - Why Use DNS for Exfiltration?
1:16 - How Data Moves Through Subdomains
2:35 - Key Limitations of DNS Exfiltration
5:11 - Example: Exfiltrating Credit Card Data
5:46 - Requirements for DNS Exfiltration
6:09 - Setting Up a Domain for Exfiltration
8:03 - Configuring a DNS Server
8:27 - Live Scenario: Setting Up the Attacker Machine
10:07 - Opening a Listener on the Attacker Machine
11:09 - Preparing the Victim Machine
12:14 - Converting Data to Base64
14:08 - Splitting Base64 Data for Subdomains
16:22 - Sending DNS Requests with Data
17:06 - Receiving and Decoding Data on the Attacker Side
17:41 - Command and Control (C2) Communication via DNS
18:14 - Creating Text Records for C2 Commands
19:23 - Final Task: Using DNS for Flag Retrieval
20:00 - Summary and Additional Resources
https://shop.motasem-notes.net/collections/cyber-security-study-notes
🚀OR Certification Notes with Cheat Sheets
https://buymeacoffee.com/notescatalog/extras
💡Cyber Security Notes | Membership Access
https://buymeacoffee.com/notescatalog/membership
🔥Download FREE Cyber Security 101 Study Notes
https://buymeacoffee.com/notescatalog/e/290985
***
In this video walk-through, we covered Data Exfiltration through DNS protocol and performed C2 through DNS as well.
**********
Receive Cyber Security Field Notes and Special Training Videos
https://www.youtube.com/channel/UCNSdU_1ehXtGclimTVckHmQ/join
*******
Writeup
https://motasem-notes.net/dns-tunneling-explained-tryhackme-dns-data-exfiltration/
TryHackMe Data Exfiltration
https://tryhackme.com/r/room/dataxexfilt
*****
Store
https://buymeacoffee.com/notescatalog/extras
Patreon
https://www.patreon.com/motasemhamdan
[1]: https://www.linkedin.com/in/motasem-hamdan-7673289b/
[2]: https://www.linkedin.com/in/motasem-eldad-ha-bb42481b2/
https://www.instagram.com/motasem.hamdan.official/
Google Profile
https://maps.app.goo.gl/eLotQQb7Dm6aiL8z6
https://twitter.com/ManMotasem
https://www.facebook.com/motasemhamdantty/
***
0:00 - Introduction to Data Exfiltration over DNS
0:32 - Why Use DNS for Exfiltration?
1:16 - How Data Moves Through Subdomains
2:35 - Key Limitations of DNS Exfiltration
5:11 - Example: Exfiltrating Credit Card Data
5:46 - Requirements for DNS Exfiltration
6:09 - Setting Up a Domain for Exfiltration
8:03 - Configuring a DNS Server
8:27 - Live Scenario: Setting Up the Attacker Machine
10:07 - Opening a Listener on the Attacker Machine
11:09 - Preparing the Victim Machine
12:14 - Converting Data to Base64
14:08 - Splitting Base64 Data for Subdomains
16:22 - Sending DNS Requests with Data
17:06 - Receiving and Decoding Data on the Attacker Side
17:41 - Command and Control (C2) Communication via DNS
18:14 - Creating Text Records for C2 Commands
19:23 - Final Task: Using DNS for Flag Retrieval
20:00 - Summary and Additional Resources
Tags and Topics
Browse our collection to discover more content in these categories.
Video Information
Views
13.9K
Likes
167
Duration
20:13
Published
Sep 7, 2022
User Reviews
4.4
(2) Related Trending Topics
LIVE TRENDSRelated trending topics. Click any trend to explore more videos.
No specific trending topics match this video yet.
Explore All Trends