Building C&Cs with DNS communication in few minutes
In Summary : DNS as a cover-channel is a well-known technique used widely in pentests and Red Team operations to bypass network restrictio...
https://updatesinfosec.blogspot.com/2018/11/building-c-with-dns-communication-in.html
In Summary :
DNS as a cover-channel is a well-known technique used widely in pentests and Red Team operations to bypass network restrictions. For example, in my post Exfiltrating credentials via PAM backdoors & DNS requests an authoritative DNS server owned by us is used as endpoint to catch and store stolen credentials via a PAM backdoor, but… How can we deploy a simple endpoint to handle the incoming DNS requests?
When I had to develop malware for some operation of the Red Team, I relied on DNSlib to manage the DNS component of C&C. But it can be tedious to program everything from scratch, so I found another way to implement these functions in a pain-less way. Indeed an endpoint for exfiltration like Arecibo can be developed in 10 minutes or less. Lets enjoy the magic of PowerDNS and its backend pipes! [...]
kindly refer the following link as follow up :
https://ift.tt/2DhED8Q
DNS as a cover-channel is a well-known technique used widely in pentests and Red Team operations to bypass network restrictions. For example, in my post Exfiltrating credentials via PAM backdoors & DNS requests an authoritative DNS server owned by us is used as endpoint to catch and store stolen credentials via a PAM backdoor, but… How can we deploy a simple endpoint to handle the incoming DNS requests?
When I had to develop malware for some operation of the Red Team, I relied on DNSlib to manage the DNS component of C&C. But it can be tedious to program everything from scratch, so I found another way to implement these functions in a pain-less way. Indeed an endpoint for exfiltration like Arecibo can be developed in 10 minutes or less. Lets enjoy the magic of PowerDNS and its backend pipes! [...]
kindly refer the following link as follow up :
https://ift.tt/2DhED8Q
