Common Information
| Type | Value |
|---|---|
| Value |
DNS - T1071.004 |
| Category | Attack-Pattern |
| Type | Mitre-Attack-Pattern |
| Misp Type | Cluster |
| Description | Adversaries may communicate using the Domain Name System (DNS) application layer protocol to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server. The DNS protocol serves an administrative function in computer networking and thus may be very common in environments. DNS traffic may also be allowed even before network authentication is completed. DNS packets contain many fields and headers in which data can be concealed. Often known as DNS tunneling, adversaries may abuse DNS to communicate with systems under their control within a victim network while also mimicking normal, expected traffic.(Citation: PAN DNS Tunneling)(Citation: Medium DnsTunneling) |
| Details | Published | Attributes | CTI | Title | ||
|---|---|---|---|---|---|---|
| Details | Website | 2009-09-02 | 270 | Bell Canada phish - still about the Cards | ||
| Details | Website | 2009-06-25 | 3 | Fun with Shell Scripts and OS X | ||
| Details | Website | 2009-05-31 | 45 | Phishers Try MSN Worms to steal credentials | ||
| Details | Website | 2009-05-13 | 6 | IP Blacklisting in Snort | ||
| Details | Website | 2009-05-08 | 3 | DoJoSec and dnssnarf | ||
| Details | Website | 2009-04-10 | 3 | Intercepting thick client communications | ||
| Details | Website | 2009-04-03 | 17 | DNS Recon Tool written in Ruby | ||
| Details | Website | 2009-04-01 | 122 | An Analysis of Conficker C | ||
| Details | Website | 2009-03-25 | 3 | Conficker.C Purchase tickets now for the April 1st event | ||
| Details | Website | 2009-03-24 | 0 | Infrastructure Attacks: A Growing Concern | ||
| Details | Website | 2009-03-10 | 3 | Microsoft Tuesday Coverage for March MS09-006, MS09-008 | ||
| Details | Website | 2009-02-21 | 2 | Looking for "Bad Stuff", part I | ||
| Details | Website | 2009-02-19 | 35 | Leetness Not Actually Required For Pwnage | ||
| Details | Website | 2009-02-19 | 1 | Making Conficker Cough Up the Goods | ||
| Details | Website | 2009-01-29 | 0 | What didn't fit into the talk. · The Recurity Lablog | ||
| Details | Website | 2009-01-08 | 2 | Setting up a Logon Script through Active Directory Users and Computers in Windows Server 2008 | Petri IT Knowledgebase | ||
| Details | Website | 2008-12-20 | 10 | dpkt Tutorial #3: DNS Spoofing | Jon Oberheide | ||
| Details | Website | 2008-12-18 | 51 | Rootkit takes advantage of MS08-078 vulnerability | ||
| Details | Website | 2008-12-05 | 0 | Home Content Filtering | ||
| Details | Website | 2008-11-30 | 17 | Agent.btz - A Threat That Hit Pentagon | ||
| Details | Website | 2008-11-14 | 0 | Maltego Download - Data Mining & Information Gathering Tool - Darknet - Hacking Tools, Hacker News & Cyber Security | ||
| Details | Website | 2008-10-16 | 0 | Virus Bulletin :: Researchers urge anti-phishing companies to share data | ||
| Details | Website | 2008-08-29 | 6 | Checking Multiple Bits in a Flag Field | ||
| Details | Website | 2008-08-27 | 10 | The Emergence Of A Theme | ||
| Details | Website | 2008-08-27 | 0 | Perception of Vulnerabilities · The Recurity Lablog |