DeepSec 2018 Talk: DNS Exfiltration and Out-of-Band Attacks – Nitesh Shilpkar
“The Domain Name System or DNS is one of the most fundamental parts of the Internet”, says Nitesh Shipkar. “It is crucial for a billion of users daily to help us build presence on the internet using names humans can understand rather than IP addresses. However, DNS comes with security issues organizations should be aware of and take into consideration. Attackers are abusing the DNS to redirect traffic to malicious sites, communicate with command and control (C&C) servers, steal data from organizations and conduct massive attacks that cause harm to organizations. Many organizations are not prepared to mitigate, or even detect, the problems DNS might bring.
Due to the criticality of DNS to maintain an Internet presence, access applications, connect to a network or simply send an email, everyone has the potential to be impacted by DNS vulnerabilities. Since DNS is important for routing traffic, it simply cannot be disabled. Organizations should look for ways to protect their DNS data. We should learn about ways to manage the attack surface DNS offers and also to benefit from the capabilities DNS has to offer.
Security companies and vendors are getting more aware of the fact that DNS is the first line of defence and, since all the traffic is routed through the DNS, it acts as a good resource for analysing any form of malicious traffic or attacks. Most vendors now provide IP address management (IPAM) data for diagnosing the network traffic regarding network and security problems. DNS plays an important role for malware detection based on its logical place in the network architecture. Incident Response teams look to DNS, DHCP and IPAM data for carrying out thorough investigations and improving threat hunting capabilities.
DNS traffic should result into being one of the main points for network traffic data analysis, which would serve organizations to improve their detection and analyzing capabilities in order to be ready for what may come.”
We asked Nitesh a few more questions about his topic of expertise.
Please tell us the top 5 facts about your talk.
1. DNS is quite neglected in terms of security monitoring.
2. My talk is quite to the point.
3. It includes case studies with relevant examples.
4. It helps to shed a much needed light on DNS
5. It’s my first conference as a speaker.
How did you come up with it? Was there something like an initial spark that set your mind on creating this talk?
I came up with this topic during a pentest, when I could not find much available material on exploiting “out-of-band” attacks.
Why do you think this is an important topic?
This is an important topic cause it points out the facts about DNS, the risks associated with DNS, and, most of all, how one can exfiltrate data using DNS.
Is there something you want everybody to know – some good advice for our readers maybe?
I’ll just say, this is my first conference as a speaker and I’ve always wanted to share my knowledge related to security, your presence at this talk would be a great encouragement.
A prediction for the future – what do you think will be the next innovations or future downfalls when it comes to your field of expertise / the topic of your talk in particular?
I think the future of pentesting is much more than just red-teaming. In the future companies will be so security aware that they will go for security assessments anytime just to check their resilience.
Nitesh Shilpkar is a security researcher currently working with PwC Singapore. He has received CVE’s for finding bugs in products like Adobe Coldfusion, Adobe Shockwave Player, Apple iCloud and Amazon Kindle. He has been acknowledged by over 40 websites such as Facebook, Google, AT&T etc. He currently holds certifications like OSCE, OSCP, OSWP, CREST-CRT. His interests lie in Exploit Development and Research.