The DNS vs Privacy Conundrum: Where are we headed?

Wireshark capture of DNS over TLS hand shake
  • Review hosts with a high volume of uncommon record types (TXT, NULL, CNAME, etc.).
  • Explore uncommon TLDs (.xyz, .me, .biz) and TLDs for geographical regions in which your organization does not regularly operate.
  • Look for large volume of NXDOMAIN (domain does not exist) response codes to detect possible DNS C2 through Domain Generation Algorithm (DGA).
  • Look for hosts with high DNS request volume for multiple sub domains of a single parent domain.
  • Identify suspicious requests by reviewing queries of domains that have a high level of entropy. Be careful though, many legitimate cloud URLs also match this pattern.
  • Many more….

--

--

--

An avid learner and passionate cyber defender

Love podcasts or audiobooks? Learn on the go with our new app.

Recommended from Medium

Fight the Phish with Digital Accounts Payable

BrightScan #ThreatIntelThursday | DNS Spoofing

SEC Commissioner Hester Peirce Says Washington Doesn’t Need a New Crypto Regulator — CoinDesk

The curious case of app collusion

{UPDATE} Can You Escape Mysterious House 4? Hack Free Resources Generator

Expanding our bug bounty program

Password 1.0 : A Safe passage to your Privacy

A Simple Way to Vet IT Companies

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
Sanjeev Singh

Sanjeev Singh

An avid learner and passionate cyber defender

More from Medium

Critical Security Areas That Software Engineers Have To Know To Secure Their Solutions

Security Modes/Levels of a BLE Connection

HUB Weekly Digest: Log4j Edition🚨

Hackers Start Pushing Malware In Global Log4Shell Attacks