Blind Data Exfiltration Using DNS and Burp Collaborator



DNS provides one of the best methods for command and control, covert tunneling, and blind data exfiltration. Burp Collaborator provides a great way to both confirm blind injection, and also exfiltrate data. Penetration testers may prepend names to each DNS request, allowing data exfiltration subject to DNS's length limitations (63 characters per label, 255 characters total name) and character limitations. This webcast will describe methods for blind data exfiltration using Burp Collaborator (using both public and private servers), as well as using DNS without Burp.

Speaker and Presenter Information

 Eric Conrad

Relevant Government Agencies

Other Federal Agencies, Federal Government, State & Local Government

Members who viewed this event also viewed:


Event Type
Webcast


When
Thu, Jan 12, 2023, 3:00pm ET


Cost
Complimentary:    $ 0.00


Website
Click here to visit event website


Organizer
SANS Institute


Contact Event Organizer



Return to search results