当前位置:首页 > 报告详情

内核强制执行的 DNS 数据泄露安全:专为云环境构建的框架可大规模阻止通过 DNS 进行的数据泄露.pdf

上传人: 竿*** 编号:981866 2025-11-29 30页 2.86MB

1、#BHUSA BlackHatEventsFrom Packet to Process:Hunting and Disrupting DNS Tunnelling and C2 in Linux Kernel with eBPF and AI at ScaleSpeaker:Vedang Parasnis#BHUSA BlackHatEvents$whoamiVedang ParasnisIndependent Researcher,Former Masters Graduate University Of WashingtonResearch Interests:Linux Kernel s

2、ecurity,kernel hardening,eBPF,AI,cloud security#BHUSA BlackHatEventsAgenda DNS a critical backdoor for enterprise networks DNS Exfiltration Attack Vectors DNS C2 Attack Infrastructure Existing Approaches and Challenges AI-Driven Kernel Enforced Endpoint Security Cloud Deployment Architecture at scal

3、e to combat DNS C2 Infrastructure Demo(Sliver DNS C2)Key Takeaways&Future Directions#BHUSA BlackHatEventsThey Breach and C2 Through DNS They Breach and C2 Through DNS Almost Every TimeAlmost Every TimeCompromise Supply Chain:APT29(Cozy Bear)SolarWindsBreach Cloud&Hyperscalers:UNC2452(APT29)Damage Cr

4、itical Infrastructure:Volt TyphoonHarvest Credentials at Scale:APT28(GRU),Sea TurtleExploit Shared Offensive Tools:APT41,FIN785%+of APTs employ DNS for C2 and data breaches#BHUSA BlackHatEventsDNS a Blind spot to compromise networks Unencrypted by Default Logs Rarely Monitored Firewall Blindspot Sta

5、teless Protocol#BHUSA BlackHatEventsDNS Attack Vectors DNS C2 Uses DNS to embed commands,data in queries andresponses to maintain covert communication with remote C2attacker infrastructure.DNS Tunneling Encapsulates arbitrary data,other protocolswithin DNS packets to bypass network restrictions.DNS

6、Raw Exfiltration Leaks sensitive data files directly in DNSqueries.7Damage#BHUSA BlackHatEventsDNS C2 Adversaries Attack Process8#BHUSA BlackHatEventsDNS:Not Just For Data Breaches Anymore.Next channel deliver zero-day attacks.RCE&Shellcode Exploiting memory bugs,dropping payloadsScript&File Attacks

word格式文档无特别注明外均可编辑修改,预览文件经过压缩,下载原文更清晰!
三个皮匠报告文库所有资源均是客户上传分享,仅供网友学习交流,未经上传用户书面授权,请勿作商用。
根据《From Packet to Process: Hunting and Disrupting DNS Tunnelling and C2 in Linux Kernel with eBPF and AI at Scale》的内容,以下是全文关键点的概括: 1. **DNS作为攻击途径**:DNS是网络攻击的关键后门,由于其默认未加密、日志监控少、防火墙盲点以及无状态协议,成为网络攻击的盲点。 2. **DNS攻击向量**:包括DNS C2(利用DNS进行隐蔽通信)、DNS隧道(绕过网络限制)和DNS原始数据泄露。 3. **DNS C2攻击基础设施**:使用DGA(域名生成算法)和IP突变来逃避检测,具有高熵QNAME、长标签、无字典标记和DGA风格模式。 4. **现有方法与挑战**:现有方法包括半被动分析、DNS泄露安全作为中间件、异常检测和威胁签名,但存在检测慢、响应慢、对高级DNS C2基础设施反应不足等问题。 5. **解决方案**:提出基于eBPF和AI的内核强制端点安全,通过eBPF在内核中检测和中断C2植入,实现快速响应和精确打击。 6. **云部署架构**:在云环境中部署,以应对大规模的DNS C2基础设施。 7. **未来方向**:包括TLS指纹识别与隧道检测、进程关联、模型持续进化以及DNS DDoS防护等。
如何用eBPF和AI防御?" 企业网络背后的安全盲点" 对抗DNS C2攻击的新策略"
客服
商务合作
小程序
服务号
折叠