Blackhats break DNS and so can you.

Presented at BSides Austin 2017, May 4, 2017, 5 p.m. (60 minutes).

In this talk, I will talk about the history of how blackhats have been using DNS hijacking. I will then talk about the underlying technology of these attacks. Most notably how DNS hijacking works and how attackers use CSRF to change a router's DNS server. I then go on to talk about how a pentester can weaponize similar attacks using DHCP. I also will be talking about a tool I have been building that enables pentesters to do DNS hijacking attacks to move laterally within a network or to dynamically execute high quality phishing attacks. Lastly I talk about how to defend against dns hijacking and the attacks I mention as well as the systemic problems that lead to things being vulnerable to these attacks.

Presenters:

• Nick Mckenna
  Nick Mckenna is a student and security researcher who has had an interest in all things red team for the past 5 years.
• Jack McKenna
  Jack McKenna is studying computer science at James Madison University in Virginia.He's been involved with security for the last four years competing in CTF competitions and visiting conferences.Jack competed in the qualification round of MACCDC 2017, NCL 2017 and other various competitions.He's looking forward to working with CoalFire labs this summer.

Links:

• https://bsidesaustin2017.sched.com/event/AP1x/blackhats-break-dns-and-so-can-you

Similar Presentations:

• NolaCon 2016 / Analyzing DNS Traffic for Malicious Activity Using Open Source Logging Tools
• NolaCon 2019 / DNS – Strategies for Reducing Data Leakage & Protecting Online Privacy
• DeepSec 2018 „I like to mov &6974,%bx“ / DNS Exfiltration and Out-of-Band Attacks