Data Bouncing: How HTTP Headers Leak Data | The Cyber Security Podcast

Threat Talks - Your Gateway to Cybersecurity Insights

09/09/2025 21 min

Listen "Data Bouncing: How HTTP Headers Leak Data | The Cyber Security Podcast"

Descargar episodio Ver en sitio original

Episode Synopsis

Your tools say “secure.” Your headers say “leaking.”In this Threat Talks Deep Dive, ON2IT’s Luca Cipriano (CTI & Red Team Lead) exposes Data Bouncing—a stealthy exfiltration trick that hides inside HTTP headers and abuses DNS lookups through trusted third parties. We show the demo, decode the psychology of the attack, and translate it into Zero Trust moves you can deploy today.(00:00) - – Why your defenses aren’t enough

(00:11) - – What is Data Bouncing?

(01:22) - – How attackers exfiltrate data via DNS & headers

(05:20) - – Live demo: DNS lookups & Burp Suite interception

(10:48) - – Reassembling stolen files undetected

(15:24) - – Can you defend against Data Bouncing?

(19:20) - – Testing it in your own environment

(21:00) - – Key takeaways & call to action
Key Topics Covered• How Data Bouncing enables covert data exfiltration• Abuse of headers like X-Forwarded-For to bypass firewalls• Live demo: attacker vs. victim scenario• Defensive measures: decryption, inspection, Zero Trust, and SOC awarenessAdditional Resources• ON2IT Threat Talks Podcast: https://www.on2it.net/threat-talks• Zero Trust Resources: https://www.on2it.net/zero-trust/Guest & Host Links:• Luca Cipriano, Cyber Threat Intelligence Program Lead, ON2IT: https://www.linkedin.com/in/luca-c-914973124/• Rob Maas, Field CTO, ON2IT: https://www.linkedin.com/in/robmaas83/ Click here to view the episode transcript.
🔔 Follow and Support our channel! 🔔=== ► YOUTUBE: https://youtube.com/@ThreatTalks► SPOTIFY: https://open.spotify.com/show/1SXUyUEndOeKYREvlAeD7E► APPLE: https://podcasts.apple.com/us/podcast/threat-talks-your-gateway-to-cybersecurity-insights/id1725776520👕 Receive your Threat Talks T-shirthttps://threat-talks.com/🗺️ Explore the Hack's Route in Detail 🗺️https://threat-talks.com🕵️ Threat Talks is a podcast created in collaboration with ON2IT and AMS-IX. Each episode features leading cybersecurity experts sharing real-world insights on emerging threats, trends, and defense strategies — helping organizations stay secure in today’s rapidly evolving digital world.ON2IT website: https://on2it.net/AMS-IX website: https://www.ams-ix.net/ams

More episodes of the podcast Threat Talks - Your Gateway to Cybersecurity Insights

WSUS RCE: Update Weaponized 16/12/2025

Bad Successor: The Service Account Flaw to Watch 09/12/2025

From Hacker to Hero 03/12/2025

The Npm Worm Outbreak 25/11/2025

Inside the SalesLoft Breach 18/11/2025

The App Store Nightmare: Why AI MCP Stores Are a Trap 11/11/2025

The Secret Diplomats Fighting Cyber Wars 04/11/2025

Patch Smarter, Not Harder 28/10/2025

Public Key Infrastructure: The Foundation of Digital Trust 21/10/2025

Why Your Cyber Hygiene Matters? 14/10/2025

Ver todos los episodios

ZARZA We are Zarza, the prestigious firm behind major projects in information technology.

Data Bouncing: How HTTP Headers Leak Data | The Cyber Security Podcast

Listen "Data Bouncing: How HTTP Headers Leak Data | The Cyber Security Podcast"

Episode Synopsis

More episodes of the podcast Threat Talks - Your Gateway to Cybersecurity Insights

CAPTCHA for human verification!

Internet as human right and its scope

Bandwidth: Broadband or Narrowband?

Personnel recruitment via Web

Deep web or Invisible Internet

Subdomains, a glance with the experts!

Free Internet, a prediction in Nostradamus style

Educational Technology: From traditional to digital

Localhost, there’s no place like 127.0.0.1

Googling with breathtaking tricks you ignore

Gray Hat Hacking, those with ambiguous ethics…

Internet Predators on the prowl

Dot COM: The Internet’s dominant TLD