EP3 - Live Bug hunting (SSRF + Blind RCE + DNS Exfiltration) with Mr. Dhreeraj Madukar | RESETHACKER
RESETHACKER has taken the initiative to promote pen-testing and improve bug hunting. it'll give a rise to hacking as a career in India.
EP 3 : RESETHACKER is pleased to invite Dheeraj Madhuka to deliver a webinar on DNS Exfiltration attack.
0. SSRF + Blind RCE + DNS Exfiltration. (Practical)
1. We will learn how to create DNS (centOS 8).
2. Enable BIND logs to view queries.
3. Final exploitation for exfiltration.
Dheeraj Madhukar is an Application Security Engineer, Linux server engineer, corporate trainer, founder, and CEO of technolegends.
"There is just one way to do security: Together"
You can follow him on:
Twitter: /Dheerajmadhukar
Linkedin: /dheerajtechnolegends
Instagram: @me_dheeraj
RESETHACKER is India's crowdsourcing community of action for Ethical hackers, researchers, students, and hobbyists interested in learning, sharing & collaborating.
Be Social with #RESETHACKER
https://linktr.ee/RESETHACKERTeam & Contributor of Monthly webinar(#RESETBOUNTY) :
From Next Month HOST: Satya Prakash
YT Manager & Moderators: Vijay
Event Managers : Anugrah SR & Tushar Varma.
Community Co-ordinator: Sourabh Bagh
Community Content Director : Attr1b.
✅ What is DNS Exfiltration?
According to Wikipedia, DNS data exfiltration is a way to exchange data between two computers without any direct connection. The data is exchanged through the DNS protocol on intermediate DNS servers. During the exfiltration phase, the client makes a DNS resolution request to an external DNS server address.
✅ Why do Bug Hunters need to learn about Data Exfiltration Attack?
- Increase the probability to get your bug report triaged.
- Less risk to get duplicate as compared to other vulnerability.
1. Exfiltrate and mutate repository and project data through injected templated service.
Reported by Jobert
$11,000 Rewarded by Gitlab
https://hackerone.com/reports/4465852. Server-Side Request Forgery using Javascript allows to exfill data from Google Metadata -
Reported : Nahamsec
$4000 Rewarded by Snapchat
https://hackerone.com/reports/530974...
https://www.youtube.com/watch?v=jL0_uyqIbAg