Great tutorial on how cybercriminals can exfiltrate data through DNS queries from SANS ISC:
DNS Query Length... Because Size Does Matter
"In many cases, DNS remains a goldmine to detect potentially malicious
activity. DNS can be used in multiple ways to bypass security controls.
DNS tunnelling is a common way to establish connections with remote
systems. It is often based on "TXT" records used to deliver the encoded
payload. "TXT" records are also used for good reasons, like delivering
SPF records but, too many TXT DNS request could mean that something
weird is happening on your network."
No comments:
Post a Comment