Data Exfiltration Techniques Using HTTP & HTTPS | TryHackMe
An overview of data exfiltration methods leveraging HTTP and HTTPS protocols, aligned with TryHackMe exercises and cybersecurity certification notes.

Motasem Hamdan
9.2K views • Sep 2, 2022

About this video
🚀 Cyber Security Certification Notes
https://shop.motasem-notes.net/collections/cyber-security-study-notes
🚀OR Certification Notes with Cheat Sheets
https://buymeacoffee.com/notescatalog/extras
💡Cyber Security Notes | Membership Access
https://buymeacoffee.com/notescatalog/membership
🔥Download FREE Cyber Security 101 Study Notes
https://buymeacoffee.com/notescatalog/e/290985
****
The video discusses data exfiltration techniques using the HTTP protocol, explaining why HTTP is one of the stealthiest methods for exfiltrating data. It covers post-exploitation techniques and demonstrates them in a practical lab setup.
**********
Receive Cyber Security Field Notes and Special Training Videos
https://buymeacoffee.com/notescatalog/membership
Writeup
https://motasem-notes.net/data-exfiltration-techniques-http-https-tryhackme
*******
Store
https://buymeacoffee.com/notescatalog/extras
Patreon
https://www.patreon.com/motasemhamdan
LinkedIn
[1]: https://www.linkedin.com/in/motasem-hamdan-7673289b/
[2]: https://www.linkedin.com/in/motasem-eldad-ha-bb42481b2/
Instagram
https://www.instagram.com/motasem.hamdan.official/
Google Profile
https://maps.app.goo.gl/eLotQQb7Dm6aiL8z6
Twitter
https://twitter.com/ManMotasem
Facebook
https://www.facebook.com/motasemhamdantty/
****
00:00 Introduction to Data Exfiltration via HTTP
00:06 Why HTTP is Used for Data Exfiltration
00:21 Advantages of HTTP-Based Exfiltration
00:36 Using HTTP POST Requests for Exfiltration
01:02 Attack Setup: Victim & Attacker Machines
01:26 Setting Up an HTTP Exfiltration Server
02:08 Using HTTPS for Secure Exfiltration
02:28 HTTP Tunneling for Covert Data Transfer
03:03 Setting Up an HTTP Tunnel
03:24 Tools for HTTP Tunneling (Neo-reGeorg)
03:40 Practical Demonstration: Setting Up Exfiltration
04:04 Connecting to the Jump Box
04:29 Checking Apache Server Logs for POST Requests
05:01 Why POST Requests are Preferred for Exfiltration
06:06 Extracting Flag from Base64 Encoded Data
06:42 Sending Data via HTTP POST Requests
07:34 Configuring the Victim Machine
08:17 Identifying Data to Exfiltrate
09:00 Encoding and Sending Data as a POST Request
10:06 Verifying Data Reception on Attacker Machine
10:50 Fixing URL Encoding Issues in Received Data
11:51 Decoding and Extracting Exfiltrated Data
12:37 Introduction to HTTP Tunneling
13:00 Setting Up an HTTP Tunnel Server
13:38 Generating an Encrypted Tunneling Client
14:22 Uploading the Tunnel Client to Victim Machine
15:26 Establishing Connection to Tunnel Server
16:57 Using HTTP Tunnel for Internal Network Access
18:01 Accessing Hidden Web Resources via Tunneling
19:03 Extracting Internal Server Flags
20:25 Retrieving the First Flag
20:38 Retrieving the Second Flag
20:48 Conclusion and Final Thoughts
https://shop.motasem-notes.net/collections/cyber-security-study-notes
🚀OR Certification Notes with Cheat Sheets
https://buymeacoffee.com/notescatalog/extras
💡Cyber Security Notes | Membership Access
https://buymeacoffee.com/notescatalog/membership
🔥Download FREE Cyber Security 101 Study Notes
https://buymeacoffee.com/notescatalog/e/290985
****
The video discusses data exfiltration techniques using the HTTP protocol, explaining why HTTP is one of the stealthiest methods for exfiltrating data. It covers post-exploitation techniques and demonstrates them in a practical lab setup.
**********
Receive Cyber Security Field Notes and Special Training Videos
https://buymeacoffee.com/notescatalog/membership
Writeup
https://motasem-notes.net/data-exfiltration-techniques-http-https-tryhackme
*******
Store
https://buymeacoffee.com/notescatalog/extras
Patreon
https://www.patreon.com/motasemhamdan
[1]: https://www.linkedin.com/in/motasem-hamdan-7673289b/
[2]: https://www.linkedin.com/in/motasem-eldad-ha-bb42481b2/
https://www.instagram.com/motasem.hamdan.official/
Google Profile
https://maps.app.goo.gl/eLotQQb7Dm6aiL8z6
https://twitter.com/ManMotasem
https://www.facebook.com/motasemhamdantty/
****
00:00 Introduction to Data Exfiltration via HTTP
00:06 Why HTTP is Used for Data Exfiltration
00:21 Advantages of HTTP-Based Exfiltration
00:36 Using HTTP POST Requests for Exfiltration
01:02 Attack Setup: Victim & Attacker Machines
01:26 Setting Up an HTTP Exfiltration Server
02:08 Using HTTPS for Secure Exfiltration
02:28 HTTP Tunneling for Covert Data Transfer
03:03 Setting Up an HTTP Tunnel
03:24 Tools for HTTP Tunneling (Neo-reGeorg)
03:40 Practical Demonstration: Setting Up Exfiltration
04:04 Connecting to the Jump Box
04:29 Checking Apache Server Logs for POST Requests
05:01 Why POST Requests are Preferred for Exfiltration
06:06 Extracting Flag from Base64 Encoded Data
06:42 Sending Data via HTTP POST Requests
07:34 Configuring the Victim Machine
08:17 Identifying Data to Exfiltrate
09:00 Encoding and Sending Data as a POST Request
10:06 Verifying Data Reception on Attacker Machine
10:50 Fixing URL Encoding Issues in Received Data
11:51 Decoding and Extracting Exfiltrated Data
12:37 Introduction to HTTP Tunneling
13:00 Setting Up an HTTP Tunnel Server
13:38 Generating an Encrypted Tunneling Client
14:22 Uploading the Tunnel Client to Victim Machine
15:26 Establishing Connection to Tunnel Server
16:57 Using HTTP Tunnel for Internal Network Access
18:01 Accessing Hidden Web Resources via Tunneling
19:03 Extracting Internal Server Flags
20:25 Retrieving the First Flag
20:38 Retrieving the Second Flag
20:48 Conclusion and Final Thoughts
Tags and Topics
Browse our collection to discover more content in these categories.
Video Information
Views
9.2K
Likes
137
Duration
20:52
Published
Sep 2, 2022
User Reviews
4.5
(1) Related Trending Topics
LIVE TRENDSRelated trending topics. Click any trend to explore more videos.
No specific trending topics match this video yet.
Explore All Trends