Thursday, April 20, 2017

DNS Query Length... Because Size Does Matter

Great tutorial on how cybercriminals can exfiltrate data through DNS queries from SANS ISC:

DNS Query Length... Because Size Does Matter

"In many cases, DNS remains a goldmine to detect potentially malicious activity. DNS can be used in multiple ways to bypass security controls. DNS tunnelling is a common way to establish connections with remote systems. It is often based on "TXT" records used to deliver the encoded payload. "TXT" records are also used for good reasons, like delivering SPF records but, too many TXT DNS request could mean that something weird is happening on your network."

No comments:

Post a Comment