Cyber Defense, Cybersecurity Leadership
Explore content featuring this instructor’s insights and expertise.
DNS provides one of the best methods for command and control, covert tunneling, and blind data exfiltration. Burp Collaborator provides a great way to both confirm blind injection, and also exfiltrate data. Penetration testers may prepend names to each DNS request, allowing data exfiltration subject to DNS's length limitations (63 characters per label, 255 characters total name) and character limitations. This webcast will describe methods for blind data exfiltration using Burp Collaborator (using both public and private servers), as well as using DNS without Burp. Content directly from SEC542: Web App Penetration Testing and Ethical Hacking.
Every incident ends with a lessons learned meeting, and most executive summaries include this bullet point: "Leverage the tools you already paid for"Are you leveraging the tools you already paid for? Are you using the host-based firewall to block/alert when applications like PowerShell, PSExec, and WMIC attempt to make outbound connections from non-IT clients? Have you enabled AppLocker?
Step into a world where cutting-edge defense meets practicality in cybersecurity! "SANS Secure Your Fortress" will teach you how to master the latest and most effective defense techniques. Whether you're a seasoned expert or just beginning your cyber journey, this event is for you.
