techhub.social is one of the many independent Mastodon servers you can use to participate in the fediverse.
A hub primarily for passionate technologists, but everyone is welcome

Administered by:

Server stats:

4.6K
active users

#dns

91 posts82 participants1 post today

> #cybercriminals found a way to slice up #malware into small encoded fragments, and place them into a #DNS TXT record under different subdomains. It’s essentially a digital jigsaw puzzle scattered across different addresses. On its own, each part is harmless, but when reassembled, it forms a malicious file.

techradar.com/pro/security/it-

TechRadar · It seems even DNS records can be infected with malware now - here's why that's a major worryBy Sead Fadilpašić

DNS: A Small but Effective C2 system

This analysis explores the exploitation of DNS for command-and-control operations and data exfiltration. It details how cybercriminals leverage DNS tunneling to create covert communication channels, bypassing traditional security measures. The article examines various DNS tunneling families, including Cobalt Strike, DNSCat2, and Iodine, discussing their prevalence and unique characteristics. It also highlights Infoblox's Threat Insight machine learning algorithms, which can detect and block tunneling domains within minutes. The study provides insights into the detection rates of different tunneling families and discusses the challenges in differentiating between legitimate and malicious DNS traffic.

Pulse ID: 6878f6e5d14da64ae460ad61
Pulse Link: otx.alienvault.com/pulse/6878f
Pulse Author: AlienVault
Created: 2025-07-17 13:13:08

Be advised, this data is unverified and should be considered preliminary. Always do further verification.

LevelBlue Open Threat ExchangeLevelBlue - Open Threat ExchangeLearn about the latest cyber threats. Research, collaborate, and share threat intelligence in real time. Protect yourself and the community against today's emerging threats.

"Die CUII gibt auf." Huh. Krass! Da sieht man mal, wie sehr sich etwas Mut und Courage lohnen können - und auch dass Einzelne etwas bewirken können! ✊

Kontext: 2024 veröffentlichte eine damals 17–Jährige die eigentlich "geheimen" Sperrentscheide von Websites der privat organisierten und nicht demokratisch legitimierten "Clearingstelle Urheberrecht" (CUII),
ein Zusammenschluss von Urheber.innen und Providern. Nun soll es wieder Gerichtsentscheide für Sperren brauchen.
netzpolitik.org/2025/die-cuii-

netzpolitik.org · Die CUII gibt auf: Für Netzsperren braucht es jetzt einen GerichtsentscheidDie CUII, ein Zusammenschluss von Internetprovidern und Rechteinhabern, verzichtet nach einem Rüffel der Bundesnetzagentur darauf, nach eigenem Gutdünken Websites zu sperren. Das haben wir vermutlich der 18-jährigen Lina zu verdanken.

Since DNS is on 🔥 today I should note if you're a Splunk shop, the DNS data model in Enterprise Security does not include the field for TXT record values, you need to add that manually.

Then you can do high-fidelity detections such as length and base64 with conversions looking for code.

DNS TXT isn't just for malware, C2s and exfil. It can be fun too!

  • ASCII art (Resolve-DnsName -Type TXT run-dns.never.watch).Strings | Sort
  • Storing encodings 🐱.never.watch
  • Mazes! (Resolve-DnsName -Type TXT maze.never.watch).Strings | Sort
  • QR codes (Resolve-DnsName -Type TXT qr.never.watch).Strings -replace '#','█' | Sort
  • Trolling/activism ··⧸··⧸.never.watch
  • Guitar tabs
  • Playlists/reading lists
  • Geocities-era guest books