![]() If you're already sucking DNS data into Splunk, that's awesome! However, if you’re not and you haven't seen Ryan Kovar and Steve Brant's. With the right visualizations and search techniques, you may be able to spot clients behaving abnormally when compared either to themselves or their peers! Where do we find DNS data? Use it as a side channel for communications with malicious infrastructure.Move sensitive files out of your organisation. ![]() You could hypothesize that the adversary might use DNS to either: When we talk about DNS exfiltration, we are talking about an attacker using the DNS protocol to tunnel (exfiltrate) data from the target to their own host. We’ve updated it recently to maximize your value.) Understanding DNS exfiltration (This article is part of our Threat Hunting with Splunk series and was originally written by Derek King. So, let’s create a hypothesis! In this article, we’ll deal with the perennial topic of DNS exfiltration and we’ll show some awesome visualizations,hunting and slaying techniques. Since you've been an avid reader of Threat Hunting with Splunk: The Basics, you all know that good hunting starts with a hypothesis or two. ![]() In fact, people have been using DNS data and Splunk to find bad stuff in networks for nearly two decades! Yes, you did because Splunk can be used to detect and respond to DNS exfiltration. It doesn’t take long before the beardy dude or cyber lady says, “Yeah.they used DNS to control compromised hosts and then exfiltrated your data.”Īs you reflect on this event, you think, “Did I even have a chance against that kind of attack?” Oh no! You’ve been hacked, and you have experts onsite to identify the terrible things done to your organization. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |