This repository has been archived by the owner on Apr 9, 2024. It is now read-only.
T1071 - DNS Tunneling #27
Labels
Comments
daniel-infosec
added
enhancement
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
Description
Adversaries may communicate using a common, standardized application layer protocol such as HTTP, HTTPS, SMTP, or DNS to avoid detection by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
For connections that occur internally within an enclave (such as those between a proxy or pivot node and other nodes), commonly used protocols are RPC, SSH, or RDP.
Plan
Do research into http://asintsov.blogspot.com/2017/12/data-exfiltration-in-metasploit.html and identify what infrastructure changes we'll need to make to support this.
https://2017.zeronights.org/wp-content/uploads/materials/ZN17_SintsovAndreyanov_MeterpreterReverseDNS.pdf
While we can do this with something like Cobalt Strike, I'd like to have it as a native capability
The text was updated successfully, but these errors were encountered: