Bypassing Firewalls with DNS Tunnelling (Defence Evasion, Exfiltration and Command & Control)
ฝัง
- เผยแพร่เมื่อ 21 ก.ค. 2024
- In this video we'll be exploring how to attack, detect and defend against DNS Tunnelling, a technique that can bypass certain firewall restrictions and provide an attacker with a command & control and data transfer channel. It can also be used to bypass many of the Captive Portals found on public wifi networks.
If you find the video useful please do give it a like, and consider subscribing if you want more of this sort of content. Drop a note in the comments if there’s anything you think I missed, or if you have a good idea of what topic I should cover next.
Further reading/watching:
Mitre ATT&CK on DNS Tunnelling: attack.mitre.org/techniques/T...
Cynet article on DNS Tunnelling: www.cynet.com/attack-techniqu...
DNScat2 project page: github.com/iagox86/dnscat2
Iodine project page: github.com/yarrick/iodine
SANS Paper on Detecting DNS Tunnelling: www.giac.org/paper/gcia/1116/...
SecurityOnion: securityonionsolutions.com/
Cisco OpenDNS: www.opendns.com
Audio Credits (licensed under CC0):
Intro/Outro Music by Flavio Concini (freesound.org/people/Greek555/)
Transition audio: "Ethereal Woosh" by Newagesoup (freesound.org/people/newagesoup/)
Graphics credits:
Icons: Sketchy Collection by Ralf Schmitzer, licensed under CCBY (thenounproject.com/ralfschmit...)
Timestamps:
0:00 Intro
2:08 Attack
5:49 Detect
6:53 Defend - วิทยาศาสตร์และเทคโนโลยี
Straight to the point, short, simple yet informative. Subbed!
People like you makes TH-cam a great learning platform. Please continue with this spirit forever. Thank You 🙂
Andy, your videos are light years ahead of so many the “cyber / IT security”videos that litter TH-cam. Content quality and clarity, production value, etc. is all there in spades; I don’t understand how your sub / view counts aren’t much much higher.
Thank you, that's so very kind of you! I'm clearly not as skilled at building an audience 🤣 Slowly growing though!!
@@rot169 I'm following a lot of cyber security channels for years , and yours is definitely going places. buckle up, lift of in 10..9..
Thank you! I really appreciate the kind words! Please do share with any friends/colleagues who you think might be interested :-)
@@rot169 of course!
I love the flow of your videos. Feel like I actually retain all the information from the video because of the clear and concise structure. Hope you keep making videos
Excellent content, one of the most underrated security channels on youtube! Thank you
A ton of quality info neatly packed in a small video............... Andy's Magic. Thanks
Thanks, it's great to hear you found it useful :-)
This channel is just simply AMAZING
Thank you for the kind words!! Please do share any videos with friends/colleagues who you think might also be interested :-)
Your presentation is clear, concise, and very well laid out. Thanks!
Awesome presentation describing all the different angles in which to view this from.... 🙏🏾🙌🏾🙏🏾
Underrated channel. Require more videos on Attack as well as Defense Side
holy crap this is so good, the way you "embedded" the CLIs popping out from the network diagram, bringing wshark into the mix etc - grande pedagogical display, *tips hat*
also speeding up your browsing, respecting the viewers time, A/D/D format etc. glad i discovered you today.
Wow. So informative! Keep em coming!
Brilliant Video. Logical flow, understandable.
Flawless Explanation, loved it 👌❤️
Great explanation! Thanks for including demos on the Kali Linux side and the client side.
Great video! I have just started working around DNS tunneling and your video was very helpful :)
You're unstoppable! ‼️
Awesome video Andy!
Very informative and quality video, thanks! Subbed :)
Very nice video loved it! the animation !
Thanks! Animation is certainly not my strong point, but making the graphics for these videos has turned me into a PowerPoint master! 😅 I'm trying to avoid having to switch to After Effects for as long as possible!
+10000000 for this video. All cleared
This was cool, thanks!
Great content.
Very good channel thank you
Awesome videos.
Please keep it up sir 🍻
great content
Wow! thanks!
Très bonne vidéo merci beaucoup +1 abonné
Merci Joseph! :)
Man youre amazing
I have a web server running that has a gps server that has a self signed certificate and I use TailScale to bypass where I works firewall that disallowed connections to sites with self signed or invalid certificates. While what I am running is benign, I could in theory and anything running. I also use TailScale to access Files I need from time to time that I don’t want to keep a copy on the laptop (which I own) that I use for work.
I cannot connect to my GPS server at all if I use its full URL but can if I use its local host name of their network. I use my GPS server to calculate mileage on my personal vehicles which I get compensated for use during work hours and I can prove my location and route between sites if that is ever questioned.
I should also add that the portion of the network I have access to at where I work isn’t the main secure backbone only authorised company owned PCs have access that.
Can this effect cellphones like andoird.
Cause I went on a website and accepted the link but soon after my phone ask for private access and should only be accepted by my service provider but I've declined
So would my phone be infected
Good
I will stick around till the attacking path
I'm confused, at 2:40, the attacker seems to already have access to the victim machine in order to run dnscat, so why is DNS tunneling even needed?
Good question. Hope he answers it.
This is sort of post exploitation attack to deploy command and control mechanism and can greatly help hacker in exfiltrating the data.
❤❤
Why would the client go to the hacker's domain in the first place? Before this attack can happen i would imagine some type of web spoofing would need to happen correct? As the hacker's DNS server only accepts queries for that one specific domain?
This technique is specifically around achieving an exfil/C2 channel; a real-world attack would depend on some other technique being used (maybe just a simple phish?) to get the attacker's code running on their victim's machine. I hope this helps! :-)
@@rot169 definitely, thanks!
the speed sucks tho....any idea to increase speed?
DNS Tunnelling is an inefficient means of transferring data, so there's not much you can really do to improve the speed of it. Which is good from a defender's point of view as it means there's more time to detect and respond to large data transfers.
how do i setup dnscat2 on windows?
skills only for windows ? attack| defect| defent ... no web attacks ? no linux attacks skills ...
Haha, yeah just Windows for now... although I have other non-windows topics in the pipeline, so stay tuned... :-)
u r too fast