VIDEO
HIGHLIGHT
Log InSign up
It's DNS again 😒 Did you know this Malware Hack?
SummaryTranscriptChat

It's DNS again 😒 Did you know this Malware Hack?

TShark and CyberChef

In this section, the speaker introduces TShark and CyberChef as tools to read PCAP files and decode strings respectively.

Introduction to TShark

  • TShark is a tool used to read PCAP files.
  • It can be used to filter data and extract specific fields from the file.
  • The extracted data can then be used for further analysis.

Introduction to CyberChef

  • CyberChef is a tool that can be used to decode strings.
  • It allows users to input encoded strings and tinker around with them.
  • Users can use different decoding methods such as Base64.

Understanding Malware Scripts

In this section, the speaker discusses how malware scripts work and how they are encoded using different numbering systems.

Reassembling Malware Scripts

  • Malware scripts are sent in pieces to avoid detection by IDS or IPS systems.
  • Once all the pieces of the script have been received, it is reassembled on the victim machine.

Numbering Systems Used in Malware Scripts

  • Different numbering systems such as hexadecimal and binary are used in malware scripts.
  • Understanding these numbering systems is important when analyzing malware scripts.

Conclusion

In this section, the speaker concludes by emphasizing the importance of understanding malware scripts and different numbering systems.

Importance of Understanding Malware Scripts

  • Understanding malware scripts is important for threat hunting and troubleshooting.
  • DNS TXT fields are commonly used to send instructions in malware scripts.
  • Once a script has been executed on a victim machine, it can start sending instructions back to the attacker.

Importance of Understanding Numbering Systems

  • Different numbering systems such as hexadecimal and binary are used in malware scripts.
  • Understanding these numbering systems is important when analyzing malware scripts.

so I did not have to translate anything into English

Introduction to DNSMessenger

In this section, Chris and David discuss how DNSMessenger works and how it can be used to deliver C2 traffic in DNS calls.

How DNSMessenger Works

  • DNSMessenger is a malware that was designed to illustrate how C2 traffic could be buried in DNS calls.
  • The client initially talks to the 8.8.8.8 server, allegedly.
  • The malware is called DNSMessenger, and we're going to call that our client.
  • The malware sends requests for reverse records for IP addresses associated with the C2 server.

Understanding DNS Queries

  • Packets don't lie; they are essential for troubleshooting and understanding cybersecurity issues.
  • Studying packets will make you better at threat hunting or when you have been compromised.
  • A TXT record is a type of request that allows human-readable notes to be in records.
  • DNS has the ability to do different types of requests.

What is a DNS TXT Record?

  • A TXT record was originally intended as a place for human-readable notes to be in records but now can include machine-readable data.

Conclusion

In this section, David thanks Chris for sharing his knowledge about cybersecurity and packet analysis.

Final Thoughts

  • There are many ways that packets can help us understand cybersecurity issues better.
  • Studying packets will make you better at threat hunting or when you have been compromised.

DNS TXT Record in a DNS Reply

In this section, David Bombal and Chris Greer discuss the concept of putting TXT in a DNS reply.

Putting TXT in a DNS Reply

  • It is a way of putting TXT in a DNS reply.
  • More details are provided on the topic.
  • Chris Greer offers to demo it for viewers.
  • Viewers are asked to comment on what they want Chris to talk about in future videos.
  • Viewers are also asked to provide feedback on an interesting-looking site.
  • Chris teaches viewers how to use VirusTotal when unsure about a site.
Playlists: Cybersecurity
Video description

Chris Greer is back to show us Malware that Hackers could use to attack you (in this case using DNS). Chris is the man I talk to about Wireshark! Did you learn something new in this video? Big thanks to Brilliant for sponsoring this video! Get started with a free 30 day trial and 20% discount: https://brilliant.org/DavidBombal // Chris SOCIAL // YouTube: https://www.youtube.com/c/ChrisGreer Wireshark course: https://davidbombal.wiki/chriswireshark Nmap course: https://davidbombal.wiki/chrisnmap LinkedIn: https://www.linkedin.com/in/cgreer/ Twitter: https://twitter.com/packetpioneer // David SOCIAL // Discord: https://discord.com/invite/usKSyzb Twitter: https://www.twitter.com/davidbombal Instagram: https://www.instagram.com/davidbombal LinkedIn: https://www.linkedin.com/in/davidbombal Facebook: https://www.facebook.com/davidbombal.co TikTok: http://tiktok.com/@davidbombal YouTube: https://www.youtube.com/davidbombal Chris Greer Playlist: https://www.youtube.com/playlist?list=PLhfrWIlLOoKO8522T1OAhR5Bb2mD6Qy_l // MENU // 00:00 Coming Up 00:27 Thanks Brilliant! 01:58 Did you know this? 02:41 DNS Misconceptions 03:16 DNS Example 04:38 Cloudflare / What Is DNS? 05:38 Virustotal 07:01 DNS String 08:52 Base-64 Decode 10:24 T Shark 12:25 Cyberchef 14:30 How Does The Hack Start? 14:54 Phishing Attacks 15:59 How DNS Attacks Started 16:57 Packets 17:53 Outro Please note that links listed may be affiliate links and provide me with a small percentage/kickback should you use them to purchase any of the items listed or recommended. Thank you for supporting me and this channel! Disclaimer: This video is for educational purposes only. #malware #hack #wireshark