Hacking Demo #3 Data Exfiltration

As the DNS protocol is authorized to go from the inside of the network to the Internet, some have found a way to use it to silently exfiltrate valuable data. Malware installed on a victim’s computer can use the DNS protocol to send the data using a simple encoding mechanism that requires nothing more than access to a recursive DNS server.
Exfiltrating information via DNS can be very discrete- sending a few packets per day- or extremely intense- sending thousands of stolen credit cards numbers and information per minute. Since the DNS protocol does not trigger alarms on the supervision systems, it can be used to exfiltrate a lot of information before the domain is caught by standard reputation filters (if installed).

See Also

• DNS Guardian
• DNS attack list
• What is Domain Generation Algorithms (DGA)?
• Video: Hacking Demo #1 Mail Infection
• Video: Hacking Demo #2 Command & Control
• Video: Hacking Demo #4 Keylogger
• Video: Hacking Demo #5 Zero-Day Attack
• Video: Hacking Demo #6 Volumetric Attack