I recently gave a talk on how DNS can be used for malware command and control and data exfiltration and in particular how DNS creates an exploitable hole in your firewall.

As part of my Ph.D. I’ve been looking at existing DNS-based covert channels in order to profile their behaviours with a view to developing a detector or filter. I have examined a few variations including DNScat and IODINE. Both of these implementations are fairly robust but IODINE is the more complete and reliable of the toolsRead more »

{Will update this as I go…} My recent work has focused on a particular form of DNS-based covert channel that encodes its payload into the slack space in DNS query names. Each ASCII character in a domain name is stored as 8 bits and is referred to as an octet. A fully qualified domain name (FQDN)Read more »

xxd is a very handy command line tool that converts its input (file or standard input) into hexadecimal output. I came across it when I was trying to figure out an easy to way to take some binary input and convert it to ASCII. From the xxd man page…

There is no doubt that Computer Security/Cyber Security or whatever you would like to call it has taken centre stage. If you follow security related social media feeds you will no doubt be familiar with the daily bombardment of breaking cyber security stories. If you read only a fraction of the feeds you will knowRead more »

Netcat is like the Swiss Army Knife of command line network tools. Netcat can read and write data across network connections using TCP or UDP. From a Pentest or security research point of view Netcat can be used to debug or explore networks since it can create almost any kind of connection.