报告预览

内核强制执行的 DNS 数据泄露安全：专为云环境构建的框架可大规模阻止通过 DNS 进行的数据泄露.pdf

编号：981866

PDF 30页 2.86MB 下载积分：VIP专享

下载报告请您先登录！

内核强制执行的 DNS 数据泄露安全：专为云环境构建的框架可大规模阻止通过 DNS 进行的数据泄露.pdf

1、#BHUSA BlackHatEventsFrom Packet to Process:Hunting and Disrupting DNS Tunnelling and C2 in Linux Kernel with eBPF and AI at ScaleSpeaker:Vedang Parasnis#BHUSA BlackHatEvents$whoamiVedang ParasnisIndependent Researcher,Former Masters Graduate University Of WashingtonResearch Interests:Linux Kernel s

2、ecurity,kernel hardening,eBPF,AI,cloud security#BHUSA BlackHatEventsAgenda DNS a critical backdoor for enterprise networks DNS Exfiltration Attack Vectors DNS C2 Attack Infrastructure Existing Approaches and Challenges AI-Driven Kernel Enforced Endpoint Security Cloud Deployment Architecture at scal

3、e to combat DNS C2 Infrastructure Demo(Sliver DNS C2)Key Takeaways&Future Directions#BHUSA BlackHatEventsThey Breach and C2 Through DNS They Breach and C2 Through DNS Almost Every TimeAlmost Every TimeCompromise Supply Chain:APT29(Cozy Bear)SolarWindsBreach Cloud&Hyperscalers:UNC2452(APT29)Damage Cr

4、itical Infrastructure:Volt TyphoonHarvest Credentials at Scale:APT28(GRU),Sea TurtleExploit Shared Offensive Tools:APT41,FIN785%+of APTs employ DNS for C2 and data breaches#BHUSA BlackHatEventsDNS a Blind spot to compromise networks Unencrypted by Default Logs Rarely Monitored Firewall Blindspot Sta

5、teless Protocol#BHUSA BlackHatEventsDNS Attack Vectors DNS C2 Uses DNS to embed commands,data in queries andresponses to maintain covert communication with remote C2attacker infrastructure.DNS Tunneling Encapsulates arbitrary data,other protocolswithin DNS packets to bypass network restrictions.DNS

6、Raw Exfiltration Leaks sensitive data files directly in DNSqueries.7Damage#BHUSA BlackHatEventsDNS C2 Adversaries Attack Process8#BHUSA BlackHatEventsDNS:Not Just For Data Breaches Anymore.Next channel deliver zero-day attacks.RCE&Shellcode Exploiting memory bugs,dropping payloadsScript&File Attacks

友情提示

1、下载报告失败解决办法
2、PDF文件下载后，可能会被浏览器默认打开，此种情况可以点击浏览器菜单，保存网页到桌面，就可以正常下载了。
3、本站不支持迅雷下载，请使用电脑自带的IE浏览器，或者360浏览器、谷歌浏览器下载即可。
4、本站报告下载后的文档和图纸-无水印,预览文档经过压缩，下载后原文更清晰。

本文（内核强制执行的 DNS 数据泄露安全：专为云环境构建的框架可大规模阻止通过 DNS 进行的数据泄露.pdf）为本站（竿头日上）主动上传，三个皮匠报告文库仅提供信息存储空间，仅对用户上传内容的表现方式做保护处理，对上载内容本身不做任何修改或编辑。若此文所含内容侵犯了您的版权或隐私，请立即通知三个皮匠报告文库（点击联系客服），我们立即给予删除！

温馨提示：如果因为网速或其他原因下载失败请重新下载，重复下载不扣分。