Dns

Waiting for goDoH

24 October 2018 ~9 min By Leon Jacobs

Bypass Command Execution Dns Experiment Ioc Malware Research Tools Tunnelling

or DNS exfiltration over DNS over HTTPS (DoH) with godoh “Exfiltration Over Alternate Protocol” techniques such as using the Domain Name System as a covert communication channel for data exfiltration is not a new concept. We’ve used the technique for many years at SensePost, including Haroon & Marco’s 2007 BH/DC talk on Squeeza. In the present age this is a well understood topic, at least amongst Infosec folks, with a large number of resources, available, online that aim to enlighten those that may not be familiar with the concept. There are also practical techniques for detecting DNS Tunnelling on your network.

Bypass
Command Execution
Dns
Experiment
Ioc
Malware
Research
Tools
Tunnelling

Page 1 of 1