Data Bouncing: How HTTP Headers Leak Data | The Cyber Security Podcast

Your tools say “secure.” Your headers say “leaking.”
In this Threat Talks Deep Dive, ON2IT’s Luca Cipriano (CTI & Red Team Lead) exposes Data Bouncing—a stealthy exfiltration trick that hides inside HTTP headers and abuses DNS lookups through trusted third parties. We show the demo, decode the psychology of the attack, and translate it into Zero Trust moves you can deploy today.

• (00:00) - – Why your defenses aren’t enough
  


• (00:11) - – What is Data Bouncing?
  


• (01:22) - – How attackers exfiltrate data via DNS & headers
  


• (05:20) - – Live demo: DNS lookups & Burp Suite interception
  


• (10:48) - – Reassembling stolen files undetected
  


• (15:24) - – Can you defend against Data Bouncing?
  


• (19:20) - – Testing it in your own environment
  


• (21:00) - – Key takeaways & call to action

Additional Resources
• ON2IT Threat Talks Podcast: https://www.on2it.net/threat-talks
• Zero Trust Resources: https://www.on2it.net/zero-trust/

Guest & Host Links:
• Luca Cipriano, Cyber Threat Intelligence Program Lead, ON2IT: https://www.linkedin.com/in/luca-c-914973124/
• Rob Maas, Field CTO, ON2IT: https://www.linkedin.com/in/robmaas83/ 

Click here to view the episode transcript.


🔔 Follow and Support our channel! 🔔
=== 
► YOUTUBE: https://youtube.com/@ThreatTalks
► SPOTIFY: https://open.spotify.com/show/1SXUyUEndOeKYREvlAeD7E
► APPLE: https://podcasts.apple.com/us/podcast/threat-talks-your-gateway-to-cybersecurity-insights/id1725776520

👕 Receive your Threat Talks T-shirt
https://threat-talks.com/

🗺️ Explore the Hack's Route in Detail 🗺️
https://threat-talks.com

🕵️ Threat Talks is a podcast created in collaboration with ON2IT and AMS-IX. Each episode features leading cybersecurity experts sharing real-world insights on emerging threats, trends, and defense strategies — helping organizations stay secure in today’s rapidly evolving digital world.

ON2IT website: https://on2it.net/
AMS-IX website: https://www.ams-ix.net/ams