DNS Exfiltration

DNS can be used to exfiltrate data, for example to bypass firewalls.

• iodine - GitHub

  Can be identified by the presence of the “Aaahhh-Drink-mal-ein-Jägermeister” or “La flûte naïve française est retirée à Crête”. Can be deciphered with this script Hack.lu CTF WU

  • exploit.py

• DNScat2 - GitHub

  Can be identified when file signatures are present in the DNS queries. Data can be extracted with this script and files can be extracted with binwalk.

  • File Scanning
  • exploit.py
  • File Scanning