Bypassing Firewalls with DNS Tunnelling (Defence Evasion, Exfiltration and Command & Control)
In this video we’ll be exploring how to attack, detect and defend against DNS Tunnelling, a technique that can bypass certain firewall restrictions and provide an attacker with a command & control and data transfer channel. It can also be used to bypass many of the Captive Portals found on public wifi networks.
If you find the video useful please do give it a like, and consider subscribing if you want more of this sort of content. Drop a note in the comments if there’s anything you think I missed, or if you have a good idea of what topic I should cover next.
Further reading/watching:
Mitre ATT&CK on DNS Tunnelling: https://attack.mitre.org/techniques/T1071/004/
Cynet article on DNS Tunnelling: https://www.cynet.com/attack-techniques-hands-on/how-hackers-use-dns-tunneling-to-own-your-network
DNScat2 project page: https://github.com/iagox86/dnscat2
Iodine project page: https://github.com/yarrick/iodine
SANS Paper on Detecting DNS Tunnelling: https://www.giac.org/paper/gcia/1116/detecting-dns-tunneling/108367
SecurityOnion: https://securityonionsolutions.com/
Cisco OpenDNS: https://www.opendns.com
Audio Credits (licensed under CC0):
Intro/Outro Music by Flavio Concini (https://freesound.org/people/Greek555/)
Transition audio: “Ethereal Woosh” by Newagesoup (https://freesound.org/people/newagesoup/)
Graphics credits:
Icons: Sketchy Collection by Ralf Schmitzer, licensed under CCBY (https://thenounproject.com/ralfschmitzer/)
Timestamps:
0:00 Intro
2:08 Attack
5:49 Detect
6:53 Defend
by Attack Detect Defend
linux dns server