DNS Tunneling Identification and Defense
Domain Name Service (DNS) traffic freely travels across network perimeters and internal network segments. Organizations cannot arbitrarily block this UDP port 53 traffic because doing so would break most, if not all, network communication. Malicious actors (MA) know this and have found ways to exploit DNS for their purposes. One example of how MA exploit DNS is tunneling. DNS tunneling enables command and control (C2) and data exfiltration traffic for which most organizations do not look or are unable adequately to detect. This video explains how tunneling works, how to detect it, and how to manage it.
▶︎
Five Steps to Policy Implementation
▶︎
DNS Exfiltration with ChatGPT
▶︎
DNS Tunneling Attack Simulation
▶︎
Practical Malware Analysis Essentials for Incident Responders
▶︎
DNS tunneling down the rabbit hole
▶︎
DNS Cache Poisoning - Computerphile
▶︎
Block DNS exfiltration with dnsmasq proxy - Magnus Longva - NDC Security 2023
▶︎
Investigating WMI Attacks
▶︎
Introduction To DNS and DNSSEC
▶︎
SANS DFIR Webcast - Incident Response Event Log Analysis
▶︎
How Does DNS Tunneling Work?
▶︎
Data Exfiltration Techniques | DNS Exfiltration | TryHackMe
▶︎
How TCP really works: MTU vs MSS
▶︎
Putting MITRE ATT&CK™ into Action with What You Have, Where You Are presented by Katie Nickels
▶︎
Bypassing Firewalls with DNS Tunnelling (Defence Evasion, Exfiltration and Command & Control)
▶︎
DNS Spoofing Attacks
▶︎
Tunneling to Bypass NG Firewalls
▶︎
Using Zeek/Bro To Discover Network TTPs of MITRE ATT&CK™ Part 1
▶︎
Cyber Threat Intelligence Lifecycle
▶︎