2025-10-21 –, Europe
Some DNS servers, like 1.1.1.1, will accept and forward any byte values inside the DNS packet.
This makes it possible to use DNS as a C2 channel with a higher throughput than hexadecimal encoding.
Although the format of the labels in a DNS request are limited to just letters, digits and a hyphen character, there are implementations that allow more than that.
A small overview will be presented.
Scripts will be shared that allow attendees to do their own testing of the DNS servers of their choice.
Didier Stevens (SANS ISC Senior Handler) is a Senior Analyst working at NVISO. Didier has developed and published more than 100 open-source tools mostly for malware analysis, several of them popular in the security community. You can find his open source security tools on his IT security related blog https://blog.DidierStevens.com