Exfiltration with Dnscat2

Maintaining access into a targeted network requires multiple C2 channels. In this course, you will learn data exfiltration using dnscat.
Course info
Level
Intermediate
Updated
Sep 10, 2020
Duration
23m
Table of contents
Description
Course info
Level
Intermediate
Updated
Sep 10, 2020
Duration
23m
Description

Tight network restrictions might hinder the ability to establish a C2 communication channel. To overcome these limitations an offensive security analyst will rely on abusing other legitimate protocols. In this course, Exfiltration with Dnscat2, you’ll cover how to utilize Dnscat2 for data exfiltration in a red team environment. First, you’ll set up an alternative C2 channel. Next, you’ll bypass network restrictions. Finally, you’ll simulate a data exfiltration attack. When you’re finished with this course, you’ll have the skills and knowledge to execute these techniques T1048, T1022, and T1071 using Dnscat2.

About the author
About the author

Cristian is a Information Security Professional with experience in supply chain, manufacturing, gaming, and entertainment sectors for Fortune 500 companies. He has provided expertise in incident response cases by performing forensic investigations, malware analysis, and elaborating mitigation plans against complex cyber attacks.

More from the author
Purple Teaming: The Big Picture
Beginner
39m
Jun 16, 2020
More courses by Cristian Pascariu
Section Introduction Transcripts
Section Introduction Transcripts

Course Overview
Welcome to Pluralsight and this Read Team tools course featuring dnscat2, the open‑source DNS tunneling tool developed and maintained by Ron Bowes. As the Red Team operator, you may have come across scenarios in which access from the compromised systems to your C2 infrastructure becomes restricted. This is where dnscat2 comes into play, enabling you to set up a command and control channel over an encrypted DNS tunnel between a compromised machine and an authoritative DNS server that is under your control. Using dnscat2, you will be able to bypass firewalls by traversing the DNS hierarchy. The principle behind dnscat2 is quite simple. It takes advantage of legitimate use of name resolution, which is allowed outbound in order for systems to actually reach the internet. Whether you're looking to enhance your capabilities during Red Team operations or just to test your environment's defenses against complex adversarial techniques, join me as we'll set up dnscat2 on an authoritative domain to exflitrate data from a target system.