PowerShell — Data Ex-filtration over DNS (OOB)

  • The DNS protocol restricts queries (i.e. outbound messages) to 255 bytes of letters, digits, and hyphens
  • DNS protocol is used mostly over the User Datagram Protocol (UDP), there is no guarantee that queries will be replied based on their order of arrival
  • Maximum length of Subdomain label is 63 characters Overcoming previous challenges Generic process for DNS Ex-filtration.
DNS Ex-filtration
output in hex format
encoding PowerShell
Hex-Encoded

--

--

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store