DNS is a channel that can usually be utilized to exfiltrate data out over a network. Even in the event that a network you are operating in requires authenticating to a proxy for data to leave a network, users can typically make DNS requests which are forwarded on via the local DNS servers in the user’s network. An attacker can utilize normal DNS functionality to forward data, C2, etc. out of the current network to a destination of their choosing, and Raphael Mudge has already weaponized this for use in Beacon with Cobalt Strike.
A new module has been added in to Egress-Assess that allows you to utilize your system’s DNS server to exfiltrate data. This is different from the existing DNS module within Egress-Assess. The existing module send a DNS packet directly to the DNS server you specify, the “dns_resolved” module utilizes your network’s own DNS server.
more here.......https://www.christophertruncer.com/exfiltrate-data-via-dns-with-egress-assess/
A new module has been added in to Egress-Assess that allows you to utilize your system’s DNS server to exfiltrate data. This is different from the existing DNS module within Egress-Assess. The existing module send a DNS packet directly to the DNS server you specify, the “dns_resolved” module utilizes your network’s own DNS server.
more here.......https://www.christophertruncer.com/exfiltrate-data-via-dns-with-egress-assess/