CPE Webinar Replay

DNS Attack Demo

On-Demand

Watch our threat researcher, Masha Garmiza, stand up a real production DNS server on the Internet and show how she can use it to control a victim's machine and silently steal data using DNS queries alone.

Replay

Watch Now

About this webinar

DNS is an amazing channel for attackers. Port 53 is almost always wide open and DNS logs are extremely noisy and hard to analyze. APTs like OilRig have had a field day using DNS to silently control victim machines without being detected.

Let's ditch the slides and hop right into a live DNS server. We'll demo a few DNS-based attacks, crack open Wireshark to analyze the traffic, and discuss mitigation techniques and the DNS-based detections in Varonis.

Here's an overview of the attack:

Stand up a plain old DNS server
Register a domain name
Point our domain's DNS records to our (malicious) server
Infect a victim with a tiny piece of malware that connects to our DNS server
Issue commands from our DNS server back to the victim machine via DNS responses alone
Find a document to steal, chop it up, send it out via outbound DNS queries

Masha Garmiza Security Researcher, Varonis

David Gibson CMO, Varonis

Rob Sobers VP Marketing, Varonis

“The level of governance and insight provided by Varonis empowered our team to detect and respond to abnormalities as well as user activity and misconfigurations.”

Al Faella, CTO, Prospect Capital Management

Want to see Varonis in action?