🚀 Cyber Security Certification Notes
https://shop.motasem-notes.net/collections/cyber-security-study-notes
🚀OR Certification Notes with Cheat Sheets
https://buymeacoffee.com/notescatalog/extras
💡Cyber Security Notes | Membership Access
https://buymeacoffee.com/notescatalog/membership
🔥Download FREE Cyber Security 101 Study Notes
https://buymeacoffee.com/notescatalog/e/290985
****
The video discusses data exfiltration techniques using the HTTP protocol, explaining why HTTP is one of the stealthiest methods for exfiltrating data. It covers post-exploitation techniques and demonstrates them in a practical lab setup.
**********
Receive Cyber Security Field Notes and Special Training Videos
https://buymeacoffee.com/notescatalog/membership
Writeup
https://motasem-notes.net/data-exfiltration-techniques-http-https-tryhackme
*******
Store
https://buymeacoffee.com/notescatalog/extras
Patreon
https://www.patreon.com/motasemhamdan
LinkedIn
[1]: https://www.linkedin.com/in/motasem-hamdan-7673289b/
[2]: https://www.linkedin.com/in/motasem-eldad-ha-bb42481b2/
Instagram
https://www.instagram.com/motasem.hamdan.official/
Google Profile
https://maps.app.goo.gl/eLotQQb7Dm6aiL8z6
Twitter
https://twitter.com/ManMotasem
Facebook
https://www.facebook.com/motasemhamdantty/
****
00:00 Introduction to Data Exfiltration via HTTP
00:06 Why HTTP is Used for Data Exfiltration
00:21 Advantages of HTTP-Based Exfiltration
00:36 Using HTTP POST Requests for Exfiltration
01:02 Attack Setup: Victim & Attacker Machines
01:26 Setting Up an HTTP Exfiltration Server
02:08 Using HTTPS for Secure Exfiltration
02:28 HTTP Tunneling for Covert Data Transfer
03:03 Setting Up an HTTP Tunnel
03:24 Tools for HTTP Tunneling (Neo-reGeorg)
03:40 Practical Demonstration: Setting Up Exfiltration
04:04 Connecting to the Jump Box
04:29 Checking Apache Server Logs for POST Requests
05:01 Why POST Requests are Preferred for Exfiltration
06:06 Extracting Flag from Base64 Encoded Data
06:42 Sending Data via HTTP POST Requests
07:34 Configuring the Victim Machine
08:17 Identifying Data to Exfiltrate
09:00 Encoding and Sending Data as a POST Request
10:06 Verifying Data Reception on Attacker Machine
10:50 Fixing URL Encoding Issues in Received Data
11:51 Decoding and Extracting Exfiltrated Data
12:37 Introduction to HTTP Tunneling
13:00 Setting Up an HTTP Tunnel Server
13:38 Generating an Encrypted Tunneling Client
14:22 Uploading the Tunnel Client to Victim Machine
15:26 Establishing Connection to Tunnel Server
16:57 Using HTTP Tunnel for Internal Network Access
18:01 Accessing Hidden Web Resources via Tunneling
19:03 Extracting Internal Server Flags
20:25 Retrieving the First Flag
20:38 Retrieving the Second Flag
20:48 Conclusion and Final Thoughts