Hunting in the dark: Detecting and disrupting DNS-based C2 traffic

Wednesday
 
27
 
November
11:20 am
 - 
12:00 pm
Topic
Cloud Security / Network Systems / End-User Devices
Agenda
Sign in to add this session to your agenda
Add to My AgendaAdded to My Agenda
Location
Room 105
Theme
Cyber Security Infrastructure

Speakers

Hubert Lin
Hubert Lin

Hubert Lin

Hubert Lin

Sr. Staff Researcher
Netskope

Synopsis

Apart from the extensively exploited HTTP protocol, the DNS protocol plays a crucial role in network communication, capable of bypassing Layer-4 firewall restrictions commonly employed by many organizations. This presentation will delve into the misuse of DNS for establishing covert tunnels, and circumventing L4 firewalls. We will explore several tunneling tools and Command and Control (C2) frameworks, uncovering how threat actors leverage DNS for unauthorized network access. Our analysis reveals persistent DNS abuse as an effective attack vector employed by malicious entities over an extended period. The session will conclude with practical strategies to fortify DNS security, providing concrete steps to mitigate potential threats.

Back to Program

Acknowledgement of Country

We acknowledge the traditional owners and custodians of country throughout Australia and acknowledge their continuing connection to land, waters and community. We pay our respects to the people, the cultures and the elders past, present and emerging.

Acknowledgement of Country