00
DataBouncing

⠙⠁⠞⠁ ⠃⠕⠥⠝⠉⠊⠝⠛

Nam imperdiet enim elit, accumsan tincidunt ligula dapibu

Latest...

Example

Bouncing with Email

  • date published:
  • reading-time: 1 min read
  • authors:
Using email signup pages can be gamed for databouncing too

Guide

Surgeon Script

  • date published:
  • reading-time: 3 min read
  • authors:
Working with specific parameters within web requests to Databounce

Action

Cloudflare

  • date published:
  • reading-time: 1 min read
  • authors:
"cloudflare is going public with an analysis of this as well" - we'd love to see it.

Data

Top 15 Million Technology Observations

  • date published:
  • reading-time: 2 min read
  • authors:
Top 15 Million Server Technology Observations.

Why create this site?

When Dave and I originally published the article on the 5th of November 2023, we assumed that people would 'get it' and it would stimulate conversations about using this idea whether it was in headers, email addresses, link previews, resource fetches, etc. We thought it would blow up, and while some people really got it, we recognised that the learning curve requires a certain amount of understanding of how the internet works, and how not only looking up a host can be abused but how to do it in a way that is out of reach from enterprise-grade defences and threat intelligence.

We let the post simmer for a while; the offensive tier of Infosec appreciated the method, but the defensive side has mostly avoided it. Thus, the goal here is to draw more attention in more detail to find the right way to say to people, 'you need to recognise this.'

So far, vendor responses have been disappointing, and that’s not to say there isn’t an answer, but the ones we’ve received seem defeatist. If we’re hitting the roof on 'domain-based trusts', then it’s dark times for defenders as this method is available in many places, as you’ll learn by exploring the site or joining the chatter.

What are we expecting?

We want this method to be acknowledged as an exfiltration method that has become normalised, because of how difficult it is to defend against. We think this will happen through offensive demonstrations, C2 comms, exfil tooling, and adoption.

So, to all you Red Teamers and penetration testers, you owe it to your clients to use data bouncing so they can pressure the right people to force change. The tooling that our friends have done so far can be found in the tools section, and if you stay close, there will be C2 capabilities in the coming future.

Surgeon Script

  • date published:
  • reading-time: 3 min read
  • authors: JC
Working with specific parameters within web requests to Databounce

Top 15 Million Technology Observations

  • date published:
  • reading-time: 2 min read
  • authors: JC
Top 15 Million Server Technology Observations.

Bouncing with Email

  • date published:
  • reading-time: 1 min read
  • authors: JC
Using email signup pages can be gamed for databouncing too

Cellular Edition

  • date published:
  • reading-time:
  • authors: JC

Don't Lookup

  • date published:
  • reading-time: 1 min read
  • authors: JC
The Plan is and always will be to force response and improvements.

Web Headers (HLD)

  • date published:
  • reading-time: 1 min read
  • authors: JC
Mermaid Diagram Journey of Databouncing with HTTP Web Headers via trusted web servers and ultimately handed over to the exfil DNS

Data Bouncing With Jakoby

  • date published:
  • reading-time: 2 min read
  • authors: JC
Data Bouncing - PowerShell Version via Jakoby (Unit-259) - this version uses Hex in the hostname and defaults to a public interactsh (so you dont need your own DNS listener)

Cloudflare

  • date published:
  • reading-time: 1 min read
  • authors: JC
"cloudflare is going public with an analysis of this as well" - we'd love to see it.

Help / To-Do

  • date published:
  • reading-time: 1 min read
  • authors: JC
Here's a load of things we're aiming to get done with DataBouncing in the future, feel free to join in

Identifying Candidates

  • date published:
  • reading-time: 2 min read
  • authors: JC
Example One is a glimpse into what is needed to identify DataBouncing Candidates Recruiter - Send stuff Interactsh - Listen for stuff Target List - Stuff to be sent