Finding Evil in DNS Traffic - Keelyn Roberts (BSides Augusta 2016) (Hacking Illustrated Series InfoSec Tutorial Videos)
Finding Evil in DNS Traffic
Keelyn Roberts

This talk is aimed at providing valuable information for hunt and blue team operators during network analysis. It will illuminate several of the current methods used by modern threat actors to exploit DNS. DNS is commonly under analyzed, inappropriately secured, and disregarded by network administrators unless there's an issue. There are also several robust and dynamic features that This leads to several vulnerabilities that are exploited by malicious attackers. Some of these features include: recursion, zone transfers, forward & reverse resolution, DNS Caching, and anycasting. This talk will explain how those features can result in vulnerabilities such as: illegitimate traffic redirection, DNS cache poisoning, Distributed Reflected Denial of Service (DRDoS), and C2 channels to control infected hosts. I will outline methods and tools that can be used to discover and analyze DNS traffic to discover DNS beacons, data ex-filtration, and C2 channels used by advanced threat actors.

My name is Keelyn Roberts. My background consists of 10+ years of IT administration, Network Security, Information Systems Security, and Cyber Security related positions. I currently work as a Cyber Security Analyst for the Department of Defense. I am a programming enthusiast and currently spend much of my free time performing security research, small programs, and writing in my blog CyberSyndicates.com. I am currently a developer on several open source projects including: Mercenary-Linux, Mercenary Hunt Framework (MHF), Simply-Email and multiple other small tools.

@real_slacker007

Back to BSides Augusta 2016 video list



If you would like to republish one of the articles from this site on your webpage or print journal please contact IronGeek.

Copyright 2020, IronGeek