How Attackers Use DNS for Exfiltration & Tunneling (Explained Simply) скачать в хорошем качестве

How Attackers Use DNS for Exfiltration & Tunneling (Explained Simply)

In this conversation we dive into the "creative" and dangerous side of DNS. While Domain Name System (DNS) is a fundamental part of the internet, it is also a powerful tool for attackers looking to exfiltrate data and maintain access while flying under the radar. In this video, we break down: DNS Exfiltration: Learn how attackers slice sensitive files into small chunks and sneak them out of a network by querying them as subdomains of a malicious domain (e.g., chunk1.attack.biz). The Power of DNS Tunneling: A deep dive into how attackers encapsulate entire packets (like IPSEC or GRE) within DNS queries and responses, using methods like TXT records to bypass traditional security. Why Firewalls Often Miss It: Discover why traditional "Allow Port 53" rules for recursive resolvers create a perfect blind spot for these types of attacks. Tools vs. Custom Malware: We discuss common tools like Iodine, DNSSteal, and Dnscat2, and why sophisticated attackers often create custom solutions to evade Next-Generation Firewalls (NGFWs). We also share insights from a Digital Forensics and Incident Response (DFIR) perspective on how common these techniques are in modern malware. Key Moments: 0:00 – Intro: The creative ways attackers use DNS. 0:30 – DNS Exfiltration: How to "chunk" a document to bypass OneDrive blocks. 1:15 – The role of the recursive resolver and the authoritative name server. 2:00 – Why Port 53 is a common security hole. 2:35 – DNS Tunneling: Encapsulating packets and using TXT records for replies. 3:45 – Discussion on tools: Iodine, DNSSteal, and custom malware trends. Connect with us: 🔔 Subscribe for more deep dives into network security and threat hunting!