Low & Slow - Techniques for DNS Data Exfiltration

Presented at BSidesLV 2019, Aug. 7, 2019, noon (25 minutes)

DNS Tunnels are fun for bypassing Wi-Fi restrictions and breaking out of networks. Today there are many defence options in place to detect or block DNS Tunnels. However, exfiltration of data via DNS is still very possible and continues to plague corporate environments. We will look at some unique and new ways to exfiltrate data via DNS. We're not looking to get free internet here, we're looking at how attackers can send sensitive data out of a company without being detected by the usual DNS tunnel detection mechanisms.

Presenters:

• Dimitri Fousekis
  Dimitri has been in the security industry for over 15 years, and is the CTO of a cyber security company. Having enjoyed many years of Passwords, and password-related talks, he is branching out to cover another one of his passions: Ways to exfiltrate data. Dimitri has spoken at BSides in a few countries as well as PasswordsCon and other conferences.

Similar Presentations:

• DerbyCon 6.0 Recharge (2016) / DNS in Enterprise IR: Collection, Analysis and Response
• DeepSec 2018 „I like to mov &6974,%bx“ / DNS Exfiltration and Out-of-Band Attacks
• NolaCon 2019 / DNS – Strategies for Reducing Data Leakage & Protecting Online Privacy