DNS is one of the most ubiquitous and yet least analyzed network protocols. DNS tunnels are frequently employed to sneak traffic in and out of restricted environments, without ever making a direct connection to the attacker's remote endpoint.
This talk discusses a holistic approach to detect DNS tunnels, and provides an open source implementation of these techniques to scan network traffic.
@jack8daniels2 Anjum is a Threat Researcher at Endgame, working on problems related to network security, malware, and behavioral analysis. He has a background in computer networks, routing and IOT security, and holds multiple patents in these fields. Anjum holds a Masters in Computer science from Johns Hopkins University.