> #cybercriminals found a way to slice up #malware into small encoded fragments, and place them into a #DNS TXT record under different subdomains. It’s essentially a digital jigsaw puzzle scattered across different addresses. On its own, each part is harmless, but when reassembled, it forms a malicious file.
I am feeling very smug about the recent Cloudflare 1.1.1.1 service outage, because I suffered no consequences on my network that resolves through *check cofigs* 8.8.8.8.
DNS: A Small but Effective C2 system
This analysis explores the exploitation of DNS for command-and-control operations and data exfiltration. It details how cybercriminals leverage DNS tunneling to create covert communication channels, bypassing traditional security measures. The article examines various DNS tunneling families, including Cobalt Strike, DNSCat2, and Iodine, discussing their prevalence and unique characteristics. It also highlights Infoblox's Threat Insight machine learning algorithms, which can detect and block tunneling domains within minutes. The study provides insights into the detection rates of different tunneling families and discusses the challenges in differentiating between legitimate and malicious DNS traffic.
Pulse ID: 6878f6e5d14da64ae460ad61
Pulse Link: https://otx.alienvault.com/pulse/6878f6e5d14da64ae460ad61
Pulse Author: AlienVault
Created: 2025-07-17 13:13:08
Be advised, this data is unverified and should be considered preliminary. Always do further verification.
"Die CUII gibt auf." Huh. Krass! Da sieht man mal, wie sehr sich etwas Mut und Courage lohnen können - und auch dass Einzelne etwas bewirken können!
Kontext: 2024 veröffentlichte eine damals 17–Jährige die eigentlich "geheimen" Sperrentscheide von Websites der privat organisierten und nicht demokratisch legitimierten "Clearingstelle Urheberrecht" (CUII),
ein Zusammenschluss von Urheber.innen und Providern. Nun soll es wieder Gerichtsentscheide für Sperren brauchen.
https://netzpolitik.org/2025/die-cuii-gibt-auf-fuer-netzsperren-braucht-es-jetzt-einen-gerichtsentscheid/
New Blog Post: Decoding Google Global Cache Domains Using Substitution Cipher.
Cloudflare’s 1.1.1.1 DNS went dark for 66 min—someone fat-fingered a config, not an attack. Root-cause postmortem: https://www.bleepingcomputer.com/news/security/cloudflare-says-1111-outage-not-caused-by-attack-or-bgp-hijack
Using a CDN like CloudFlare on your website but aren't aware that your credentials being decrypted during MITM when you login to your backend? You Should Be.
But, there's a simple solution
#DNS keeping it real
@saraislet Corey Quinn (of "Last Week in AWS" fame) has been saying for years that Route53 is a distributed database.
https://www.lastweekinaws.com/blog/route-53-amazons-premier-database/
Correct me if i'm wrong but doesn't this require the attacker to own/have access to the domain in the first place?
Cloudflare Confirms BGP Hijack Behind 1.1.1.1 DNS Disruption https://gbhackers.com/cloudflare-confirms-bgp-hijack-behind-1-1-1-1-dns-disruption/ #CyberSecurityNews #cybersecurity #DNS
Our @nlnetlabs #unbound #docker image got updated to v1.23.1-0 yesterday by madnuttah-bot.
https://github.com/madnuttah/unbound-docker
https://hub.docker.com/r/madnuttah/unbound
Since DNS is on today I should note if you're a Splunk shop, the DNS data model in Enterprise Security does not include the field for TXT record values, you need to add that manually.
Then you can do high-fidelity detections such as length and base64 with conversions looking for code.
DNS TXT isn't just for malware, C2s and exfil. It can be fun too!
(Resolve-DnsName -Type TXT run-dns.never.watch).Strings | Sort
(Resolve-DnsName -Type TXT maze.never.watch).Strings | Sort
(Resolve-DnsName -Type TXT qr.never.watch).Strings -replace '#','█' | Sort
··⧸··⧸.never.watch
Ready to experience effortless #DNS management? Elevate your #domain and DNS management with automation! In this video, you'll learn how to leverage Infrastructure as Code (IaC) using #Terraform and #DNSimple to efficiently manage domains, DNS zones, and records at any scale.
https://youtu.be/b9_MnHLJlAs