MDSec produce PowerShell delivery via DNS

MDSec produce PowerShell delivery via DNS

Remember a few months ago, I posted a piece via Engadget about Cisco’s Talos team finding bot control traffic in DNS data. Now MDSec have produced and published a proof of concept code for this. MDSec are security consulting and education company based in the UK. The publish the Web and Mobile Application Hacker’s Handbook series.

DNS is able to carry information through firewalls as it’s a necessary part of the Internet infrastructure. It is also very extensible, allowing different uses of some of the fields. This means that it penetrates the firewalls with little or no checking, and with can carry all sorts of good payloads, such as Application Signalling, as well as in the malicious use that Talos spotted.

It’s now getting important to use tools that can capture and sanitize DNS queries within a network.

John Dixon

John Dixon is the Principal Consultant of thirteen-ten nanometre networks Ltd, based in Wiltshire, United Kingdom. He has a wide range of experience, (including, but not limited to) operating, designing and optimizing systems and networks for customers from global to domestic in scale. He has worked with many international brands to implement both data centres and wide-area networks across a range of industries. He is currently supporting a major SD-WAN vendor on the implementation of an environment supporting a major global fast-food chain.

Comments are closed.