DNS PTR

A DNS PTR record is exactly the opposite of the 'A' record, which provides the IP address associated with a domain name. Ex. if you pull the DNS records of cloudflare.com, the A record currently returns an IP address of: 104.17.210.9.

DNS Exfiltration

Manul Exploit:

  1. often gain unauthorized physical access to the targeted device to extract data from env.

Automated Exploit:

  1. attackers use malware to conduct the data exfiltration while inside the compromiesed network.

Methods:

  1. attackers usually adding strings containing the loot to DNS UDP requests. the String containing the loot would then be sent to a rogue DNS server that is logging these requests.

DNS Infiltration

Exploit various vulnerabilities within an org's DNS, infiltration defines the process where malicious code is run to manipulate NDS servers either using automated systems or manually.

https://s3-us-west-2.amazonaws.com/secure.notion-static.com/27bd4190-00c8-45ea-82c1-c232233fabfe/Untitled.png

Netstat- https://www.geeksforgeeks.org/netstat-command-linux/

DNS Tunneling

Bypass a lot of the 'unwated' protocols by using DNS Tunneling.