Notifications

Clear all

DNS Hijacking Forensics

General (Technical, Procedural, Software, Hardware etc.)

Last Post by jaclaz 6 years ago

3 Posts

2 Users

0 Reactions

527 Views

RSS

TinyBrain

(@tinybrain)

Reputable Member

Joined: 9 years ago

Posts: 354

Topic starter 02/03/2019 4:54 pm

Recent developments got us a job of investigating how to detect and forensically evident collect DNS hijacking. To start see here and reference to this doc

https://www.fireeye.com/blog/threat-research/2019/01/global-dns-hijacking-campaign-dns-record-manipulation-at-scale.html

Lets discuss where to get data for court. Who did an investigation like this?

Quote

TinyBrain

(@tinybrain)

Reputable Member

Joined: 9 years ago

Posts: 354

Topic starter 03/03/2019 4:43 am

Technique 1 is based on LE certs to change the A records. TALOS has documented it in detail, see here

https://blog.talosintelligence.com/2018/11/dnspionage-campaign-targets-middle-east.html

Where to collect logs and record data for court?

ReplyQuote

jaclaz

(@jaclaz)

Illustrious Member

Joined: 18 years ago

Posts: 5133

05/03/2019 11:09 am

For no apparent reason

No!
February 2019

Geoff Huston
What part of “No!” doesn’t the DNS understand?

http//www.potaroo.net/ispcol/2019-02/nxd.html

jaclaz

ReplyQuote

8 Forums
15.7 K Topics
92.3 K Posts
234 Online
41.1 K Members

Forum Icons: Forum contains no unread posts Forum contains unread posts

Topic Icons: Not Replied Replied Active Hot Sticky Unapproved Solved Private Closed