Mind Blowing 🤯 Reverse Shell Demo with DNS data bouncing exfiltration!
Big thanks to Brilliant for sponsoring this video! Get started with a free 30 day trial and 20% discount: Brilliant.org/DavidBombal
The First 200 people that sign up will get a special discount.
Disclaimer: This video is for educational purposes only.
// Jakoby’s SOCIAL//
KZhead: / iamjakoby
LinkedIn: / i-am-jakoby
X: x.com/i_am_jakoby
Instagram: / i_am_jakoby
GitHub: github.com/I-Am-Jakoby
TikTok: / i_am_jakoby
// KZhead Video REFERENCE //
Next Gen Hacker?: • Next Gen Hacker?
The best Hacking Courses & Certs? Your 2024 roadmap to Pentester success: • The best Hacking Cours...
// David's SOCIAL //
Discord: / discord
X: / davidbombal
Instagram: / davidbombal
LinkedIn: / davidbombal
Facebook: / davidbombal.co
TikTok: / davidbombal
KZhead: / @davidbombal
// MY STUFF //
www.amazon.com/shop/davidbombal
// SPONSORS //
Interested in sponsoring my videos? Reach out to my team here: sponsors@davidbombal.com
// MENU //
00:00 - Coming Up
00:57 - Sponsored Section
03:01 - Intro
03:19 - Power Shell Gallery
05:05 - Modules
06:28 - Microsoft Patch
08:04 - Consulting with the Cybersecurity Community
08:58 - Microsoft Honeypot
10:09 - Models by Jakoby
11:33 - Running Models
12:01 - How Models Function
13:43 - The Vulnerability of The Site
15:30 - Ransomware
18:20 - Owning Models
19:13 - Bug Bounty Program
22:23 - Reverse Shell Generator
29:25 - Methods For Execution
31:49 - How To Solve
33:47 - Engage with the Ethical Hackers
34:20 - Exfiltration Data Bouncing
39:12 - Demo
39:56 - Capture DNS Traffic
41:01 - Running Vanish
50:05 - Running A lot of Testing, No Man’s Land
52:29 - Get ahold of IamJakoby
54:08 - Hak5 Payload
55:57 - Imposter Syndrome
57:41 - Background Story into Hacking
01:07:27 - Stationed in Hawaii
01:10:00 - Conclusion
Disclaimer: This video is for educational purposes only.
Please note that links listed may be affiliate links and provide me with a small percentage/kickback should you use them to purchase any of the items listed or recommended. Thank you for supporting me and this channel!
#hak5 #cybersecurity #microsoft
Big thanks to Brilliant for sponsoring this video! Get started with a free 30 day trial and 20% discount: Brilliant.org/DavidBombal The First 200 people that sign up will get a special discount. Disclaimer: This video is for educational purposes only. // Jakoby’s SOCIAL// KZhead: kzhead.info LinkedIn: www.linkedin.com/in/i-am-jakoby X: x.com/i_am_jakoby Instagram: instagram.com/i_am_jakoby/ GitHub: github.com/I-Am-Jakoby TikTok: www.tiktok.com/@i_am_jakoby // KZhead Video REFERENCE // Next Gen Hacker?: kzhead.info/sun/ac6qept_mGd5on0/bejne.html The best Hacking Courses & Certs? Your 2024 roadmap to Pentester success: kzhead.info/sun/ZJSJZMWnj5aOh4E/bejne.html // David's SOCIAL // Discord: discord.com/invite/usKSyzb X: twitter.com/davidbombal Instagram: instagram.com/davidbombal LinkedIn: www.linkedin.com/in/davidbombal Facebook: facebook.com/davidbombal.co TikTok: tiktok.com/@davidbombal KZhead: www.youtube.com/@davidbombal // MY STUFF // www.amazon.com/shop/davidbombal // SPONSORS // Interested in sponsoring my videos? Reach out to my team here: sponsors@davidbombal.com // MENU // 00:00 - Coming Up 00:57 - Sponsored Section 03:01 - Intro 03:19 - Power Shell Gallery 05:05 - Modules 06:28 - Microsoft Patch 08:04 - Consulting with the Cybersecurity Community 08:58 - Microsoft Honeypot 10:09 - Models by Jakoby 11:33 - Running Models 12:01 - How Models Function 13:43 - The Vulnerability of The Site 15:30 - Ransomware 18:20 - Owning Models 19:13 - Bug Bounty Program 22:23 - Reverse Shell Generator 29:25 - Methods For Execution 31:49 - How To Solve 33:47 - Engage with the Ethical Hackers 34:20 - Exfiltration Data Bouncing 39:12 - Demo 39:56 - Capture DNS Traffic 41:01 - Running Vanish 50:05 - Running A lot of Testing, No Man’s Land 52:29 - Get ahold of IamJakoby 54:08 - Hak5 Payload 55:57 - Imposter Syndrome 57:41 - Background Story into Hacking 01:07:27 - Stationed in Hawaii 01:10:00 - Conclusion Disclaimer: This video is for educational purposes only. Please note that links listed may be affiliate links and provide me with a small percentage/kickback should you use them to purchase any of the items listed or recommended. Thank you for supporting me and this channel! #hak5 #cybersecurity #microsoft
thanks for the premium trial....
you leaked the ip in the obfuscated code he generates, just deobfuscate and its in plain text. maybe blur 25:38
I have some concerns about the coverage here, it seems looking at the github for the project InfosecREDD was deliberately removed from all credits by Jakoby despite working on this project.
This was brilliant!
The fact bro here is still doing the right thing after taking the shaft on huge bags speaks volumes to his character. The bazaar will gladly offer fair value for your work ❤
Exactly. We need Ethical Hackers in this world to help better protect us. And companies need to look after the good people like Jakoby.
He was a marine sniper, served his country and disrespected big time. The man is a prince.
what huge bag
@@swoodcwhat he spoke of towards the start of this video was a pretty huge exploit, that he made Microsoft aware of, they *tried* to patch it. He worked around it in 10 mins, he finally spoke to someone directly and disclosed it again, with some of his own suggestions. He never even heard a word back from Microsoft but when they "patched" it again he said at best Microsoft looked directly at some of his code in his GitHub, and used it on their patch. Again he heard nothing back from Microsoft and they kinda bit some of his own code in the patch. Anyway an exploit of this level at Microsoft, especially with how many machines this can affect and the permission they would get. This is a $100k bounty that Microsoft didn't pay him out. He is still trying to get the actual credit for the disclosure so he can earn his bounty. He could have sold this on the black market, he could have just dumped it on the Internet but he understood how much damage that could do. He is trying to do the right thing by helping Microsoft by doing responsible disclosures, and because this work takes time and because companies know that other people would pay money for these exploits. Many companies offer "bug bounties" for responsible disclosures of bugs that their software/web sites have. That is the money others are talking about.
@@swoodcDidn't get his rightfully earned bug bounties.
Great video thanks David! Jakoby did an excellent job of explaining Data Bouncing. We have submitted a CFP to Defcon for the rest of the research we have been doing in this space so fingers crossed that gets accepted. It's awesome to see Data Bouncing being absorbed and built on by the community.
Jakoby, you are born to tell stories. Thank you for sharing yours.
This comment warmed my heart to read, I appreciate you 😊
The dns exfiltration is crazy! Thanks for sharing and shame to Microsoft
Jakoby is legit a one-man army!! If Michelangelo were alive today, he'd be Jakoby. This is a guy I wanna learn from!
❤❤❤
im amazed that jakoby has the right set of morals and doesnt allow the fact that he was screwed by the bounty, and is still fighting the good fight. godspeed jakoby.
The only thing it takes for evil to succeed is for good men to do nothing. This world is full of people I care about and want them to have the best lives possible
@@IamJakoby just wanted to let you know that your attitude and perseverance is inspiring. Keep it up.
Thx for sharing Jakoby, you got your heart and passion in the right place !
I understood about 1% of this but I cannot quit watching your videos.
Amazing video David as always! I'm curious to know about how it would hold up against ThreatLocker and the heuristic-based detection.
Great show.. love these really simple callouts. It was eye opening seeing those modules which could be made by anyone. MS is going to have a headache grabbing control back of all those modules.. but now that they are out, they will need to change Powershell and UAC as well to fix this. Man.. Anyway, great guest and show today!
Glad you enjoyed the video! Jakoby is doing amazing work!
Great video. Thanks David and Jakoby !!!
This guy deserves more appreciation.
Thanks for the heads up. Scary 😮 and bad from MS to not compensate for the support they receive from people like IamJakoby. And thanks David to give them the time sharing the risks.
Heyyy nice to see you guys together!! I'm psyched to watch!
Jakoby is amazing!
he's the fucking man@@davidbombal
Powerful stuff David...good job man
Epic! I've learned a ton! Thanks for sharing your expertise! 👑
we LOVE jakoby! thanks for having him on david!
Ooh wee, I'm learning so much... ❤ instantly hooked
Such an interesting video for a student who’s studying IT security, even though I probably only understood about 50% of the things mentioned in this video haha. Thank you for sharing this and letting us find out about Jakoby!
Thank you for the interview. I am speechless.
:O WOW. So many amazing factors! Bounty very deserved.. Kinda scary providing the public even this much information in a video like this lol
How about making a map of the all sites like adobe that support that, and send the chunks of a file to the all sites, an then just listen the response from all of them and combine the chunks in the order of the mapped sites? Man, this is insane, this video is in the list of the best ever in my opinion. Congrats Jakoby brilliant mind, thanks David!
Yuuuup so that ls what the team I was working with did actually. Its pretty much all sites that use akamai And then yup you can just blast it across as many domains as you would like and rebuild from there
This guy is my mentor even though I am far older than you. I will be in the state for cyber security course and I will be looking for you. Greetings from Ghana
Jakoby is amazing! We can all learn from him :)
Thank you for your service. ❤
Heyyy happy to see him here!! 🎉
I'm sure, especially in this community, it's incredibly hard to share the personal experiences that inspired people down this path. Very much appreciated and inspiring in return. Thanks for bringing both the technical (which I barely understand enough to follow along), and some much needed humanity. Theoretically, it's the only thing that separates us from AI at this point, right? 😅
DNA data bouncing is the worm hole for the clear web.
@DavidBombay & Jakoby, Curious about possibly making this even stealthier using something other than TXT records, hint: dig | grep ad
Yuuuuuuup potential is pretty insane
@@csexecutiveservicesEXACTLY. You are headed in the right direction
Este sujeto es increíble. La realidad es que me quede por detrás, si bien entiendo superficialmente lo que dice, también siento que no entendí nada haha Agradezco que esta clase de persona quieran defender al resto de personas honestas. Realmente lo aprecio muchísimo y me encantaría seguir viendo videos de Jakoby
Wow! This cool educational information! Thank you!
This is amazing content thanks so much for sharing
That’s crazy I’m a junior majoring in cybersecurity and I live in Waipahu! Crazy small world thank you for sharing your stories your demonstrations on reverse shell was mind blowing and I’m excited to get into the cybersecurity field
I miss Hawaii sooooo very much 😢
Thank you , David
I like old-fashioned hackers, with phrases, and colors on their terminals, what good times.
I am a terminal diva ha
I first saw iamjakoby here a few weeks ago when i built a pico rubber ducky. Amazing to see the guy himself, never thought to look up his name on anything except the ducky script repository.
Congrats on your build and I'm happy I could help in some way 😊
There you go Michael. Way to get on David Bombals' channel. Great collaboration
Thank you Very motivating. Imposter syndrom is hard to get over at times. I especially was happy to hear that there is good people out there, That something I need to hear more of due to all the evil people in the world. Thank you both again
Thank you David💯👍🏽
You're welcome!
Great video David Jack is a great guest
Woohoo!!!! Jakoby love your name brother love your work keep it up!!!
Jakoby is the man!
What an amazing story. I would also say he's definitely on the right path!
That intro was awesome.
Hi david would love to see stuff on defensive tools and solutions e.g YARA rules, EDR systems. Thanks again for the OSCP course on Udemy!
man this helped me so much thank you ..
THANKS
i can say this guy is brilliant /genius....
Polymorphic reverse shell...thats amazing
Thank you kind sirrr 😊
Genius. Great and inspiring video. Thank you.
Glad you enjoyed it!
Happy Easter!
When youre a bricklayer but started your comp sci degree last years and understand every term mentioned in the sponsor segement 😃🥳
Messaged some guys at Microsoft that I grew up with. Well played on the ethical hacking. I pray I messaged the right people for you.
Its like looking at the stern of a boat. Green is starboard, red is port.
Dude is AMAZING!
Thanks
Interesting thanks 💯
I hope you enjoyed the video!
This dude is something else
jakoby is the man.
He is on another level!
what an inspiration
AWS paid a bounty I saw when I was there, that to me wasn't really warranted but they paid it anyway. I respect that. Micro$oft you are going to produce black hats onto you than whitehats
I love jakoby.❤
OMG, what a fantastic guy!
David these are fantastic topics but can we get a 1 or 2 minutes at the start of the video explaining core concepts quickly so we can be same page or have general idea what video is about? many people may not even know what powershell is
Great suggestion - difficult with some of these more advanced videos. This is one of those advanced topics.
bro took words out of my mouth well said
I like where this comment was going but how does someone even watch this channel without knowing what power shell is 😂
I know people always say this and now I finally will. I have been in the industry for 30 years. This guy is great. So tired of fakers on the web. It's refreshing to see real talent. Keep pushing bro! Saving the world one shell at a time.🔥🏴☠
It's really refreshing to read a comment like this. Social media has been getting oversaturated with fake or really watered down cybersecurity content. I appreciate your appreciation
Do you have a tool that can be used to scan for vulnerabilities on the reflection sites so those sites can be added to a blacklist?
This was absolutely AMAZING! Jakobi 1000% needs a bounty award for this, and Microsoft should be kissing his ass and hiring him for whatever salary he desires lol. Also, everyone should be made aware how sh1tty MS is being by making everyone so vulnerable.
If he reported a vulnerability that meets the criteria set up by Microsoft's bug bounty program yes he should get a reward, otherwise not. From what I understand Microsoft did not think whatever he reported was worthy a bounty and from the video I don't see why they would be wrong.
I guess, if you support the letter of the law, rather than the spirit of the law (obviously we're not talking about "laws",but in principle). If someone made MS aware how vulnerable their SW is, they should be kneeling down to him. I did an internship with someone who was pretty instrumental with creating UAC for MS, and he always stated how bad MS code is in terms of just accepting bad code and moving on without addressing the underlying bad code, due to how many things would break as a result of trying to fix it. @@definitelyno
@@definitelynoalso, MS is the primary SW of nearly all users of computers; they should be VERY concerned and want to address the issue, and reward the whistleblower.
@@scottspa74Still, what is the issue.
1:11:35 I have to be that guy about the semantic expressions being used wherefore the focus of developers in the cybersecurity space is 'how COULD this be broken' to sanitize or use some other weak security measure to set up the best digital reaction to a cyber threat. Ethical hacking or generally all hacking is about the 'how WILL I destroy this system'.
as always the best it channel
Thank you!
How would I explain something that's happening just like this to people or customer service who don't believe it's possible?
Very useful ❤
Glad you think so!
What a great video about such an interesting topic 😊 i can literally imagine how it was to think hours in sleepless nights about such a challenge. After the cryptophones topic became public, I was fascinated of the idea to construct a secure data exchange method which is using a bunch of alternating channels like social media platforms and others. Even if I am not a hacker, the idea of chunking up the data and either include meta data or being able to link it felt like a lottery win 😊
Would be nice to see a metamorphic shell.
Genius
Thanks god he is in our side 😂
This is nice
insane
GOOD VIDEO🎉
Thank you sir i am working in dns reverse shell by using powershell so this video is so important to me thank you.your are great teacher thank you.god bles you❤❤❤❤❤❤❤i am suppoting you
@David Bombal & @Jakoby - Is it worth the time to block "Powershell Gallery" in the Windows "hosts" file? Or will this do nothing?
The PSGallery is no more a vector for malware than the entire Internet is a vector for malware. On your personal systems, use the PSGallery as much as you want. In a corporate environment, Allow for specific whitelisted PCs and then Deny All for all other PCs.
Yea that guy pretty much nailed it. There will always be vectors to look out for its just learning about mitigating the risk.
David, Microsoft is evil in what they did to Jakoby. Great video. Thanks.
Glad you enjoyed the video! I hope that Microsoft rewards Jakoby for his hard work!
@@davidbombal Me Too! He is Brilliant. I learned a lot.
Big ups David for supporting the hacker community and for helping to give people like Jakoby a voice!
Jacobys shellsync git repo iss empty how can I use that
hydra: error while loading shared libraries: libx264.so.164: cannot enable executable stack as shared object requires: Permission denied While starting hydra this error is shown in non rooted nethunter also tried sudo but still not working
Geez do Fidelity, Schwab or Robinhood use Akamai. What about spoofing NTP?
Hi David sir
Wow, even his facial jewelry looks Reverse Engineered!
Microsoft needs to add this man to the payroll all he is trying to do is help….
They dont need his help.
Hol' up. Did homie just imply that you can plant potentially incriminating files on remote systems?
Yes that is correct, it's just you have to do some extra recon on your target to see what else could interest with these packets
Sounds like a supervillain origin story. They screwed you over. I’m not saying “Go Get ‘Em…” but if you diiiiiiiiiid…many of us would understand 👍🏾
davidbomball looks so worried lol.
DNS filtering that can parse these queries would act as a notifier? Yes/No?
Potentially yes, they are just really hard to detect unless you have a very clearly defined white list
should alias whoami to "echo 'Ghost in the Shell'" instead - or better yet: if your goal is to piss off hackers who get into your machine and run that command just alias it to `exit` lmao
Lol exactly Now you are in the spirit
bro it took me 3 sites to visit and total 6 minutes to understand the title 😮💨
This is a more advanced topic. But a lot of it is explained in the video. People complain that I only show basic stuff in videos.... well... here is something more advanced :)
OK I laughed at this comment a lot. I can relate
⭐️⭐️
Sir, discuss .xz please !!
47:51 🤣
Oh Microsoft, you are so funny...
Anyone please tell me which AI course is best to learn with ethical hacking
I hope I'm not the only guy trying to find a video in my history for one of my lady friends and then these sexy videos pop up and then I'm trying to scroll faster without popping a whilly before they see that I viewed a bunch of lady outfit videos and I haven't bought them any outfits. I blame Jared because of his badass bikes and girlfriend.