Back To Schedule
Thursday, April 25 • 15:00 - 15:45
DNS – The Hidden Threat Vector

Sign up or log in to save this to your schedule, view media, leave feedback and see who's attending!

Feedback form is now closed.
The Domain Name System (DNS) is an ubiquitous protocol. People use it every time they type a domain in their browser (whether they know it or not). Most companies however, do not consider the DNS protocol as a potential security risk given it basic functionality of converting a domain name to an IP address. Attackers have started to take advantage of this and Talos has examined several attacks which exploit the NDS protocol to their advantage. During this talk. I will walk through several real world attacks which show how attackers are utilizing the DNS protocol to intentionally avoid detection. These DNS attacks began with multiple versions of the DNSMessenger attack. This attack utilized DNS txt records to actually transfer malware to a targeted system. Recently the DNSpionage attack showed how attackers could use normal DNS requests/replies to replace their traditional command and control communication. In a separate campaign, these same attackers also used DNS redirection attacks which were targeted to domain registrars to attempt to gain man-in-the-middle access to sensitive information by redirecting DNS requests to attacker controlled systems. Understanding these attacks is vital to understanding gaps on your network which may not be currently monitored.

avatar for Earl Carter

Earl Carter

Threat Researcher, Cisco Systems
Earl Carter has always had a passion for solving puzzles and understanding how things operate. Mr Carter quickly learned that identifying security weaknesses is just like solving puzzles. Almost 20 years ago, he was introduced to network security when he accepted a position at the... Read More →

Thursday April 25, 2019 15:00 - 15:45 ADT
Track 5 201