Search icon CANCEL
Arrow left icon
Explore Products
Best Sellers
New Releases
Books
Videos
Audiobooks
Learning Hub
Conferences
Free Learning
Arrow right icon
Arrow up icon
GO TO TOP
Endpoint Detection and Response Essentials

You're reading from   Endpoint Detection and Response Essentials Explore the landscape of hacking, defense, and deployment in EDR

Arrow left icon
Product type Paperback
Published in May 2024
Publisher Packt
ISBN-13 9781835463260
Length 170 pages
Edition 1st Edition
Arrow right icon
Author (1):
Arrow left icon
Guven Boyraz Guven Boyraz
Author Profile Icon Guven Boyraz
Guven Boyraz
Arrow right icon
View More author details
Toc

Table of Contents (14) Chapters Close

Preface 1. Part 1: The Fundamentals of Endpoint Security and EDR FREE CHAPTER
2. Chapter 1: Introduction to Endpoint Security and EDR 3. Chapter 2: EDR Architecture and Its Key Components 4. Chapter 3: EDR Implementation and Deployment Strategies 5. Part 2: Advanced Endpoint Security Techniques and Best Practices
6. Chapter 4: Unlocking Synergy – EDR Use Cases and ChatGPT Integration 7. Chapter 5: Navigating the Digital Shadows – EDR Hacking Techniques 8. Chapter 6: Best Practices and Recommendations for Endpoint Protection 9. Part 3: Future Trends and Strategies in Endpoint Security
10. Chapter 7: Leveraging DNS Logs for Endpoint Defense 11. Chapter 8: The Road Ahead of Endpoint Security 12. Index 13. Other Books You May Enjoy

DNS tunneling

DNS tunneling is a technique that involves encasing non-DNS traffic within DNS packets to bypass network security controls. The DNS protocol is used for legitimate purposes, such as translating domain names to IP addresses, but attackers can abuse this protocol to send unauthorized data or commands.

Here’s a simplified overview of how DNS tunneling works in Figure 7.3:

Figure 7.3 – Real DNS query and answer

Figure 7.3 – Real DNS query and answer

Figure 7.3 suggests that malware residing within the victim’s computer initiates a compromised DNS query devoid of a legitimate DNS answer, including an IP address. This query appears as a random and nonsensical DNS request, concealing encrypted data within its structure. Since there is no registration for such a domain name, only the attacker’s deceptive DNS server can intercept and respond to this query.

By possessing the decryption key, the attacker can extract the concealed data from the DNS query...

lock icon The rest of the chapter is locked
Register for a free Packt account to unlock a world of extra content!
A free Packt account unlocks extra newsletters, articles, discounted offers, and much more. Start advancing your knowledge today.
Unlock this book and the full library FREE for 7 days
Get unlimited access to 7000+ expert-authored eBooks and videos courses covering every tech area you can think of
Renews at €18.99/month. Cancel anytime