Presented at
Black Hat Asia 2020 Virtual,
Oct. 2, 2020, 1:30 p.m.
(30 minutes).
<div class="">Our precious Internet traffic relies significantly on DNS to work, now that IPv6 traffic starts to grow we will need it even more. Yet still an ancient protocol has been attacked for 4 decades already. There are improvements coming alone like DNSSEC, DoT and DoH but not at fast pace. This session is not about attacking DNS servers or clients, it is about crafting new techniques to “misuse” the DNS protocol to our advantage.</div><div class=""><br class=""></div><div class="">In this talk, I will cover some DNS features and specifications, what is the current landscape of tools to “misuse” DNS and their respective pros & cons. We take a look at “Next Generation” security products (IPS/Firewalls/etc) and what they do to prevent or catch these tools. With this in mind, we craft an algorithm to bypass those and pretend to be normal DNS traffic. To be able to archive this during the talk, I will show you an open source tool called “DFEX” and setup a real portable network infrastructure to test it. At last, I will run through other possible uses of this technique, how to scale them, and some ideas for detection and mitigation.</div><div class=""><br class=""></div><div class="">This talk is oriented to “RGB” (Red-Green-Blue) teams, researchers, infrastructure/system administrators and passionate security people.</div>
Presenters:
-
Emilio Couto
- Security Consultant, Independent
Emilio Couto is a security consultant with more than 20 years of experience in the network and security field. Born and raised in Argentina, he is currently located in Japan where multitasking between language, culture and technologies is a must. Over the last decade focusing mainly on Finance IT and presenting tools in conferences (Black Hat Asia, DEF CON, HITB, Code Blue, AV Tokyo and SECCON). In his spare time, he enjoys 3D printing, tinkering electronics, and home-made IoT devices.
Links:
Similar Presentations: