PLAY PODCASTS
2018-023: Cydefe interview-DNS enumeration-CTF setup & prep

2018-023: Cydefe interview-DNS enumeration-CTF setup & prep

BrakeSec Education Podcast · Bryan Brake

July 2, 201855m 25sExplicit

Audio is streamed directly from the publisher (traffic.libsyn.com) as published in their RSS feed. Play Podcasts does not host this file. Rights-holders can request removal through the copyright & takedown page.

Original episode page

Show Notes

Raymond Evans - CTF organizer for nolacon and Founder of CyDefe Labs

@cydefe

  • CTF setup / challenges of setting up a CTF.
  • Beginners & CTFs
  • Types
  • tips/tricks
  • Biggest downfalls of CTF development

https://www.heroku.com/

www.exploit-db.com

BrakeSec DerbyCon

@dragosinc dragos.com

DNS Enumeration:

https://github.com/nixawk/pentest-wiki/blob/master/1.Information-Gathering/How-to-gather-dns-information.md

DNS Tools:

https://dnsdumpster.com/

https://tools.kali.org/information-gathering/theharvester

DNS Tutorial

https://www.youtube.com/watch?v=4ZtFk2dtqv0 (A cat explains DNS)

https://pentestlab.blog/tag/dns-enumeration/

DNS

Logging detailed DNS queries and responses can be beneficial for many reasons. For the first and most obvious reason is to aid in incident response. DNS logs can be largely helpful for tracking down malicious behavior, especially on endpoints in a DHCP pool. If an alert is received with a specific IP address, that IP address may not be on the same endpoint by the time someone ends up investigating. Not only does that waste time, it also gives the malicious program or attacker more time to hide themselves or spread to other machines.

DNS is also useful for tracking down other compromised hosts, downloads from malicious websites, and if malware is using Domain Generating Algorithms (DGAs) to mask malicious behavior and evade detection.

NOTE: However if a Microsoft DNS solution (prior to server 2012) is in use, according to Microsoft, "Debug logging can be resource intensive, affecting overall server performance and consuming disk space. Therefore, it should only be used temporarily when more detailed information about server performance is needed." From Server 2012 forward DNS analytic logging is much less resource intensive. If the organization is using BIND or some DNS appliance, it should have the capability to log all information about DNS requests and replies.

How difficult has that become with the advent of GDPR and whois record anonymization?

Join our #Slack Channel! Email us at [email protected]

or DM us on Twitter @brakesec

#Spotify: https://brakesec.com/spotifyBDS

#RSS: https://brakesec.com/BrakesecRSS

#Youtube Channel: http://www.youtube.com/c/BDSPodcast

#iTunes Store Link: https://brakesec.com/BDSiTunes

#Google Play Store: https://brakesec.com/BDS-GooglePlay

Our main site: https://brakesec.com/bdswebsite

#iHeartRadio App: https://brakesec.com/iHeartBrakesec

#SoundCloud: https://brakesec.com/SoundcloudBrakesec

Comments, Questions, Feedback: [email protected]

Support Brakeing Down Security Podcast by using our #Paypal: https://brakesec.com/PaypalBDS OR our #Patreon

https://brakesec.com/BDSPatreon

#Twitter: @brakesec @boettcherpwned @bryanbrake @infosystir

#Player.FM : https://brakesec.com/BDS-PlayerFM

#Stitcher Network: https://brakesec.com/BrakeSecStitcher

#TuneIn Radio App: https://brakesec.com/TuneInBrakesec

← All episodes of BrakeSec Education Podcast