Cool. Did it actually help you find any findings in the real-world? I am still having trouble on how I can apply this in real-world is there is not enough specific information. Make no mistake, the speaker is a genius.

@@Bestself2015 nice try nsa

and i dont really understand how to re create this attack 😂

@@yoshi5113 you first need to find a target that's using a load balancer. Then you need to specially craft http requests (like modifying headers, etc..)

Words are, he is now hired by Yahoo

@Houston Nash nope just a scam

@@flawlesscode6471 I like how they think people like us fall for this 😆

@@glowingone1774 yea. they pull it under every hacking video

there were too many grammar mistakes in the comments, so they just disabled them

dmz DONT protect them... it is easily to go more in depth in the network even the org have a web server in their DMZ

Don't try to be clever. If the DMZ is properly isolated, as it damn well should be, it's the same as hacking a completely different company. Leaves you no better off than you were. It's not as if a DMZ requires any access to an internal network unless you're horrible at designing networks. If the DMZ has any better access to the rest of your network than the outside does, you're doing it wrong.

oh you need to keep watching blackhat

What I'm also surprised about: Why do these proxies not have whitelists of what they should be connecting to. Or better use something like haproxy connect to configured backends and nothing else.

If there's a cable, there's probably a way.

4:55

putting your hostname in the request and specifying your DNS server as authoritative so anyone that wants to know the IP of that hostname has to ask your DNS server for the IP. If the DNS lookup doesn't come from the expected destination then you can begin to explore.

sucks if your trying to use the non-http version of the site for whatever reason... (maybe trying to see if theres some weird vulnerability w using HTTP but not HTTPS? or maybe an old device that doesnt support SSL?)