ENTERPRISE MALWARE, THERE IS ALWAYS A WAY. DNS/DNSSEC

No ratings

Presented at Blackhat Abu Dhabi 2012 by

Alberto Illera

DNS is an essential protocol used in almost any enterprise network around the world. Many corporate IT environments rely on DNS in order to facilitate the most critical business processes. This is the reason why more often than not, this protocol is simply allowed through every network. Most IDS and IPS deployments do not enforce strict rules against DNS malformed, strange or abnormal packets. These conditions are perfect for those who wish to control botnets, deploy remote access or execute covert under the radar corporate espionage with advanced malware and confidential data exfiltration. In this last case, sensitive networks that would not be targeted using usual methods are critically exposed - if the attacker uses a Remote Administration Tool (RAT) that takes advantage of DNS protocol and some other juicy tricks and if the RAT uses DNSSEC for the data leakage process, the end result is a stealthy & deadly weapon. The talk will encompass a full demonstration of this new attack tool capabilities, including how to build your own expansion modules in python.