With all the news surrounding the breach of SolarWinds update server, and subsequently a majority of clients downloading and installing a backdoor, there has been a lot of analysis of the malware, and the supposed DGA that is being generated. I’m here to question if the behavior fits more of a DNS tunneling event, instead […]
In a separate post, we talked about the possible different attack vectors of DNS. That post is not entire complete, and there are many more creative ways to use DNS as an attack vector. In this post however, we’re going to be looking at the more technical aspects of DNS, such as the protocols, byte […]
Server Side Request Forgery, or SSRF, is an attack where the attacker is able to make a request to an internal resource by pivoting through the server. By leveraging on the server to make a request to the internal resource, the request become seen as legitimate, because internal systems usually trust each other. SSRF through […]
I’ve been doing this lessons by Pentesterlabs, and i’ve learnt a few new things there, which is always great! To be honestly, i’ve never had any proper training or course in terms of offensive cyber security, especially the web. My experiences have mostly been centered around the Linux kernel, which is pretty niche and narrow. In […]
In the previous post, we talked about some of the attack vectors on the DNS. In this post, we’re going to be talking about DNSSEC, which is an attempt to make the DNS more secure. A point to note, DNSSEC does not provide Confidentiality, but only Integrity. Integrity in this case is ensuring that the […]
Before looking at DNS Attack Vectors, let’s do a quick recap of what a DNS is, and what are it’s functions. What is a DNS? DNS, or Domain Name System, is a server that provides Name to IP Address resolution. When people visit websites, it’s much easier for them to remember words, such as Facebook […]
Domain fronting is a malicious act of appearing to request to visit a legitimate site (the front), while in actual fact, the request is going to another website. Domain fronting relies on the SSL technology to work, where the service provider is unable to see the actual malicious hostname the request is going to, but […]
The Cyber Kill Chain (CKC) is a sequential set of steps that takes place when an attack happens. There are many variations of the CKC by different companies such as , but the “trusted” and most convincing variant is by Lockheed Martin. This CKC is pretty straightforward, and by disrupting any part of the kill […]
A typical data exfiltration attack can be quite easy to spot. By monitoring the usage of common protocols such as HTTP, HTTPS, FTP or even DNS, we can deduce if a data exfiltration is taking place. Most modern DLP (Data Leak Prevention) solutions today that incorporate network analysis can perform such detection across multiple protocols. […]
Types of C2 Communication When a host gets infected with a malware, sometimes it will attempt to call back to it’s Command and Control (C2) to get, or send information. There are 4 types of C2 communication traffic Beacon After a host has been compromised, the malware will send a message heartbeat to the C2 […]
