No video :(

Bypassing Firewalls with DNS Tunnelling (Defence Evasion, Exfiltration and Command & Control)

Подписаться 9 тыс.

Просмотров 63 тыс.

50% 1

In this video we'll be exploring how to attack, detect and defend against DNS Tunnelling, a technique that can bypass certain firewall restrictions and provide an attacker with a command & control and data transfer channel. It can also be used to bypass many of the Captive Portals found on public wifi networks.
If you find the video useful please do give it a like, and consider subscribing if you want more of this sort of content. Drop a note in the comments if there’s anything you think I missed, or if you have a good idea of what topic I should cover next.
Further reading/watching:
Mitre ATT&CK on DNS Tunnelling: attack.mitre.o...
Cynet article on DNS Tunnelling: www.cynet.com/...
DNScat2 project page: github.com/iag...
Iodine project page: github.com/yar...
SANS Paper on Detecting DNS Tunnelling: www.giac.org/p...
SecurityOnion: securityonions...
Cisco OpenDNS: www.opendns.com
Audio Credits (licensed under CC0):
Intro/Outro Music by Flavio Concini (freesound.org/...)
Transition audio: "Ethereal Woosh" by Newagesoup (freesound.org/...)
Graphics credits:
Icons: Sketchy Collection by Ralf Schmitzer, licensed under CCBY (thenounproject...)
Timestamps:
0:00 Intro
2:08 Attack
5:49 Detect
6:53 Defend

Опубликовано:

16 авг 2024

Ссылка:

Скачать:

Готовим ссылку...

Добавить в:

Мой плейлист

Посмотреть позже

Комментарии : 61

@theburtmacklin9615 3 года назад

Andy, your videos are light years ahead of so many the “cyber / IT security”videos that litter RU-vid. Content quality and clarity, production value, etc. is all there in spades; I don’t understand how your sub / view counts aren’t much much higher.

@rot169 3 года назад

Thank you, that's so very kind of you! I'm clearly not as skilled at building an audience 🤣 Slowly growing though!!

@anonymousgirl5150 3 года назад

@@rot169 I'm following a lot of cyber security channels for years , and yours is definitely going places. buckle up, lift of in 10..9..

@rot169 3 года назад

Thank you! I really appreciate the kind words! Please do share with any friends/colleagues who you think might be interested :-)

@anonymousgirl5150 3 года назад

@@rot169 of course!

@anonymous-ds3mc 3 года назад

Straight to the point, short, simple yet informative. Subbed!

@skm5779 Год назад

People like you makes RU-vid a great learning platform. Please continue with this spirit forever. Thank You 🙂

@bobbyb42 3 года назад

I love the flow of your videos. Feel like I actually retain all the information from the video because of the clear and concise structure. Hope you keep making videos

@faanross Год назад

holy crap this is so good, the way you "embedded" the CLIs popping out from the network diagram, bringing wshark into the mix etc - grande pedagogical display, *tips hat*

@faanross Год назад

also speeding up your browsing, respecting the viewers time, A/D/D format etc. glad i discovered you today.

@aminvogue 3 года назад

A ton of quality info neatly packed in a small video............... Andy's Magic. Thanks

@rot169 3 года назад

Thanks, it's great to hear you found it useful :-)

@septimusseverus252 3 года назад

This channel is just simply AMAZING

@rot169 3 года назад

Thank you for the kind words!! Please do share any videos with friends/colleagues who you think might also be interested :-)

@Heeby-Jeebies 8 месяцев назад

Your presentation is clear, concise, and very well laid out. Thanks!

@darshilmehta9905 Год назад

Underrated channel. Require more videos on Attack as well as Defense Side

@Dips_M 2 года назад

Excellent content, one of the most underrated security channels on youtube! Thank you

@jorgebarroso2496 4 месяца назад

Great video! I have just started working around DNS tunneling and your video was very helpful :)

@CharlesHayden 2 года назад

Awesome presentation describing all the different angles in which to view this from.... 🙏🏾🙌🏾🙏🏾

@the_hypnotoucan Год назад

Great explanation! Thanks for including demos on the Kali Linux side and the client side.

@matthewp7586 3 года назад

Brilliant Video. Logical flow, understandable.

@karim3741 2 года назад

Flawless Explanation, loved it 👌❤️

@AdityaKumar-ei4ch 3 года назад

Very nice video loved it! the animation !

@rot169 3 года назад

Thanks! Animation is certainly not my strong point, but making the graphics for these videos has turned me into a PowerPoint master! 😅 I'm trying to avoid having to switch to After Effects for as long as possible!

@jamel9876 3 года назад

Wow. So informative! Keep em coming!

@ashpakpinjari9214 3 года назад

You're unstoppable! ‼️

@khanstudy3589 2 года назад

+10000000 for this video. All cleared

@j_r0w 3 года назад

Very informative and quality video, thanks! Subbed :)

@PubRunner 8 месяцев назад

I have a web server running that has a gps server that has a self signed certificate and I use TailScale to bypass where I works firewall that disallowed connections to sites with self signed or invalid certificates. While what I am running is benign, I could in theory and anything running. I also use TailScale to access Files I need from time to time that I don’t want to keep a copy on the laptop (which I own) that I use for work. I cannot connect to my GPS server at all if I use its full URL but can if I use its local host name of their network. I use my GPS server to calculate mileage on my personal vehicles which I get compensated for use during work hours and I can prove my location and route between sites if that is ever questioned. I should also add that the portion of the network I have access to at where I work isn’t the main secure backbone only authorised company owned PCs have access that.

@machinelearningdojowithtim2898 3 года назад

Awesome video Andy!

@vibrato17 2 года назад

I'm confused, at 2:40, the attacker seems to already have access to the victim machine in order to run dnscat, so why is DNS tunneling even needed?

@a28bre55 2 года назад

Good question. Hope he answers it.

@pradeepkumarpalanisamy2425 8 месяцев назад

This is sort of post exploitation attack to deploy command and control mechanism and can greatly help hacker in exfiltrating the data.

@michaelwaterman3553 2 года назад

This was cool, thanks!

@sanron4256 Год назад

Awesome videos.

@NOT-A-Monolith 2 года назад

Can this effect cellphones like andoird. Cause I went on a website and accepted the link but soon after my phone ask for private access and should only be accepted by my service provider but I've declined So would my phone be infected

@thewhiterabbit661 3 года назад

Very good channel thank you

@bellamymusicofficial7915 2 года назад

Please keep it up sir 🍻

@nilbatteysannata1982 2 года назад

Great content.

@manqingzhou2925 Год назад

great content

@darkanyons 2 года назад

Wow! thanks!

@RakibHasan-hs1me 2 года назад

I will stick around till the attacking path

@mylife3003 5 месяцев назад

Good

@sul3y 3 года назад

Man youre amazing

@josephlustigiermbong5121 3 года назад

Très bonne vidéo merci beaucoup +1 abonné

@rot169 3 года назад

Merci Joseph! :)

@harshamannewton 2 года назад

the speed sucks tho....any idea to increase speed?

@rot169 2 года назад

DNS Tunnelling is an inefficient means of transferring data, so there's not much you can really do to improve the speed of it. Which is good from a defender's point of view as it means there's more time to detect and respond to large data transfers.

@trebbomb25 2 года назад

Why would the client go to the hacker's domain in the first place? Before this attack can happen i would imagine some type of web spoofing would need to happen correct? As the hacker's DNS server only accepts queries for that one specific domain?

@rot169 2 года назад

This technique is specifically around achieving an exfil/C2 channel; a real-world attack would depend on some other technique being used (maybe just a simple phish?) to get the attacker's code running on their victim's machine. I hope this helps! :-)

@trebbomb25 2 года назад

@@rot169 definitely, thanks!