Goods4CyberSec

A collection of cybersecurity content.

Tag: T1071.004 Application Layer Protocol: DNS (TXT Records)

  • Detecting DNS Tunneling

    Detecting DNS Tunneling

    Intro DNS Tunneling represents a threat often operating under the radar of traditional defense measures. By leveraging a fundamental protocol of the internet, Domain Name System (DNS), this technique allows threat actors to exfiltrate data or establish command and control (C2) channels, often leaving IT security teams none the wiser. What is DNS Tunneling? DNS […]

  • Abusing DNS: Hiding Commands in TXT Records

    Abusing DNS: Hiding Commands in TXT Records

    Intro While TXT DNS (text domain name system) records have legitimate purposes, it is important to be aware that adversaries can exploit TXT records to hide content and commands. Adversaries may use DNS to establish communication with systems that are under their control within a victim network, all while appearing as normal, expected traffic. What […]