内核强制执行的 DNS 数据泄露安全：专为云环境构建的框架可大规模阻止通过 DNS 进行的数据泄露.pdf

《内核强制执行的 DNS 数据泄露安全：专为云环境构建的框架可大规模阻止通过 DNS 进行的数据泄露.pdf》由会员分享，可在线阅读，更多相关《内核强制执行的 DNS 数据泄露安全：专为云环境构建的框架可大规模阻止通过 DNS 进行的数据泄露.pdf（30页珍藏版）》请在三个皮匠报告上搜索。

1、#BHUSA BlackHatEventsFrom Packet to Process:Hunting and Disrupting DNS Tunnelling and C2 in Linux Kernel with eBPF and AI at ScaleSpeaker:Vedang Parasnis#BHUSA BlackHatEvents$whoamiVedang ParasnisIndependent Researcher,Former Masters Graduate University Of WashingtonResearch Interests:Linux Kernel s

2、ecurity,kernel hardening,eBPF,AI,cloud security#BHUSA BlackHatEventsAgenda DNS a critical backdoor for enterprise networks DNS Exfiltration Attack Vectors DNS C2 Attack Infrastructure Existing Approaches and Challenges AI-Driven Kernel Enforced Endpoint Security Cloud Deployment Architecture at scal

3、e to combat DNS C2 Infrastructure Demo(Sliver DNS C2)Key Takeaways&Future Directions#BHUSA BlackHatEventsThey Breach and C2 Through DNS They Breach and C2 Through DNS Almost Every TimeAlmost Every TimeCompromise Supply Chain:APT29(Cozy Bear)SolarWindsBreach Cloud&Hyperscalers:UNC2452(APT29)Damage Cr

4、itical Infrastructure:Volt TyphoonHarvest Credentials at Scale:APT28(GRU),Sea TurtleExploit Shared Offensive Tools:APT41,FIN785%+of APTs employ DNS for C2 and data breaches#BHUSA BlackHatEventsDNS a Blind spot to compromise networks Unencrypted by Default Logs Rarely Monitored Firewall Blindspot Sta

5、teless Protocol#BHUSA BlackHatEventsDNS Attack Vectors DNS C2 Uses DNS to embed commands,data in queries andresponses to maintain covert communication with remote C2attacker infrastructure.DNS Tunneling Encapsulates arbitrary data,other protocolswithin DNS packets to bypass network restrictions.DNS

6、Raw Exfiltration Leaks sensitive data files directly in DNSqueries.7Damage#BHUSA BlackHatEventsDNS C2 Adversaries Attack Process8#BHUSA BlackHatEventsDNS:Not Just For Data Breaches Anymore.Next channel deliver zero-day attacks.RCE&Shellcode Exploiting memory bugs,dropping payloadsScript&File Attacks