Are You Sinking DNS?

Summary Over the past month I have been incrementally experimenting with C2 and file transfer to a rogue authoritative DNS server. DNSlivery does the job of downloading a stager to grab the larger dnscat2.exe file, but we found that Mcaffee readily detected the dnscat2 executable and MS Defender did not detect the malicious tool. In this writeup I will walk you through setup and operation of DNSlivery, then how to use this tool to stealthily download a simple staging script to download the larger dnscat2.exe executable. DNSlivery To get started, understand the requirements:You need a domain name that you control … Continue reading Are You Sinking DNS?