2018-023: Cydefe interview-DNS enumeration-CTF setup & prep
Published July 2, 2018
|
55 min
    Download
    Add to queue
    Copy URL
    Show notes

    Raymond Evans - CTF organizer for nolacon and Founder of CyDefe Labs

        @cydefe

    • CTF setup / challenges of setting up a CTF.
    • Beginners & CTFs
    • Types
    • tips/tricks
    • Biggest downfalls of CTF development

     

    https://www.heroku.com/

    www.exploit-db.com

     

    BrakeSec DerbyCon

       

    @dragosinc dragos.com

     

    DNS Enumeration:

    https://github.com/nixawk/pentest-wiki/blob/master/1.Information-Gathering/How-to-gather-dns-information.md

     

    DNS Tools:

    https://dnsdumpster.com/

    https://tools.kali.org/information-gathering/theharvester

     

    DNS Tutorial

    https://www.youtube.com/watch?v=4ZtFk2dtqv0 (A cat explains DNS)

     

    https://pentestlab.blog/tag/dns-enumeration/

     

        DNS

    Logging detailed DNS queries and responses can be beneficial for many reasons. For the first and most obvious reason is to aid in incident response. DNS logs can be largely helpful for tracking down malicious behavior, especially on endpoints in a DHCP pool. If an alert is received with a specific IP address, that IP address may not be on the same endpoint by the time someone ends up investigating. Not only does that waste time, it also gives the malicious program or attacker more time to hide themselves or spread to other machines.

     

    DNS is also useful for tracking down other compromised hosts, downloads from malicious websites, and if malware is using Domain Generating Algorithms (DGAs) to mask malicious behavior and evade detection.

     

    NOTE: However if a Microsoft DNS solution (prior to server 2012) is in use, according to Microsoft, “Debug logging can be resource intensive, affecting overall server performance and consuming disk space. Therefore, it should only be used temporarily when more detailed information about server performance is needed.” From Server 2012 forward DNS analytic logging is much less resource intensive. If the organization is using BIND or some DNS appliance, it should have the capability to log all information about DNS requests and replies.

     

    How difficult has that become with the advent of GDPR and whois record anonymization?

     

     

    Join our #Slack Channel! Email us at bds.podcast@gmail.com

    or DM us on Twitter @brakesec

    #Spotifyhttps://brakesec.com/spotifyBDS

    #RSShttps://brakesec.com/BrakesecRSS

    #Youtube Channel:  http://www.youtube.com/c/BDSPodcast

    #iTunes Store Link: https://brakesec.com/BDSiTunes

    #Google Play Store: https://brakesec.com/BDS-GooglePlay

    Our main site:  https://brakesec.com/bdswebsite

    #iHeartRadio App:  https://brakesec.com/iHeartBrakesec

    #SoundCloudhttps://brakesec.com/SoundcloudBrakesec

    Comments, Questions, Feedback: bds.podcast@gmail.com

    Support Brakeing Down Security Podcast by using our #Paypalhttps://brakesec.com/PaypalBDS OR our #Patreon

    https://brakesec.com/BDSPatreon

    #Twitter@brakesec @boettcherpwned @bryanbrake @infosystir

    #Player.FM : https://brakesec.com/BDS-PlayerFM

    #Stitcher Network: https://brakesec.com/BrakeSecStitcher

    #TuneIn Radio App: https://brakesec.com/TuneInBrakesec

      15
      15
        0:00:00 / 0:00:00