My key takeaways
- Analogie:
- north = ingress traffic
- south = outgress traffic
- east-west = lateral movement
- HTTP is born in 1996
- HTTP status code 418: "I’m a teapot"
-
The HTTP 418 I’m a teapot client error response code indicates that the server refuses to brew coffee because it is, permanently, a teapot. A combined coffee/tea pot that is temporarily out of coffee should instead return 503. This error is a reference to Hyper Text Coffee Pot Control Protocol defined in April Fools’ jokes in 1998 and 2014.
Some websites use this response for requests they do not wish to handle, such as automated queries.
-
- Status code 402 "Payment required" = COMPfun malware
- ICMP packets leave a lot of space for data
- Even ICMP can be used as C2 channels
- labels in DNS store 64 chars
- 32 bytes to send data
- responses are time outs
- dns is not case sensitive but if cases should be preserved
- can also be used as binary communication channel
- be aware that tools might have flaws too and not showing the raw data
- example Zeek and Shellshock
Env
- Provided by Wild West Hackin’ Fest
- Presenter:
additional links
User comments
- FACEsalad — heute um 19:27 Uhr
100: Hold on; 200: Here you go; 300:Go Away; 400:You F@#k up; 500:I F@#K up
- Man0nTh3M00n — heute um 19:54 Uhr
Dns data exfiltration could reach 200 kbit/s , so enough to get few sensitive data put
- Cactus — heute um 19:58 Uhr
Keep in mind that the PCAPS may also trigger Windows Defender et al